Re: saslauthd segfault using kerberos5


Subject: Re: saslauthd segfault using kerberos5
From: Etienne Goyer (etienne dot goyer at linuxquebec dot com)
Date: Thu Apr 24 2003 - 15:35:59 EDT


Hi again,

The MIT Kerberos team bounce me back to the SASL maintainer. If somebody
from the dev team is interested in investigating this bug, I will do
what I can to help. I could supply trusted developper with KDC address
and keytab so they can see the bug in action themself.

Any taker ?

On Wed, Apr 23, 2003 at 04:06:34PM -0400, Etienne Goyer wrote:
> I just found my problem. My KDC is a MS Active Directory. The account
> used to create the principal where disabled. Enabling the account make
> saslauthd behave. However, since kinit work wih the account disabled or
> not and krb5_free_data_contents() seem to segfault (to be verified), I
> think I put the finger on a genuine bug. I will carry this to the the
> MIT Kerberos folk to see if they are aware of it.
>
>
> On Wed, Apr 23, 2003 at 02:59:57PM -0400, Etienne Goyer wrote:
> > Hi there,
> >
> > I have been banging my head on SASL 2.1.13 for a few hour now and I am
> > quite desesperate. Any help would be very appreciated.
> >
> > We are setting up a Cyrus imapd farm. We had been doing test for a few
> > day and everything used to work correctly. imapd is configured to to
> > authenticate user against saslauthd. saslauthd is started with
> > "-a kerberos5". Last week, it was working (people where getting
> > authenticated). Now it does not work anymore and we can't fugure out
> > what we did that might have broke saslauthd.
> >
> > Testing saslauthd with "testsaslauthd -u user -p passw" give the
> > following :
> >
> > ---
> > [root@www2 root]# testsaslauthd -u <user> -p <pass>
> > size read failed
> > 0: [root@www2 root]#
> > ---
> >
> > However, it work no problem if I use "saslauthd -a getpwent" so the
> > problem must lie in the kerberos5 mechanism.
> >
> > Here are the last few line of output from
> > "strace saslauthd -d -n0 -a kerberos5" :
> >
> > ---
> > socket(PF_INET, SOCK_DGRAM, IPPROTO_IP) = 9
> > connect(9, {sin_family=AF_INET, sin_port=htons(88),
> > sin_addr=inet_addr("132.203.123.55")}}, 16) = 0
> > send(9, "l\202\4\3250\202\4\321\241\3\2\1\5\242\3\2\1\f\243\202"...,
> > 1241, 0) = 1241
> > select(10, [9], NULL, NULL, {1, 0}) = 1 (in [9], left {0, 980000})
> > recv(9, "~Z0X\240\3\2\1\5\241\3\2\1\36\244\21\30\01720030423183"...,
> > 4096, 0) = 92
> > close(9) = 0
> > --- SIGSEGV (Segmentation fault) ---
> > +++ killed by SIGSEGV +++
> > ---
> >
> > I am not a C programmer, but I can do a little syslog() debugging so I
> > narrowed the problem to saslauthd/auth_krb5.c around line 264 :
> >
> > ---
> > fini:
> > #ifndef KRB5_HEIMDAL
> > krb5_free_data_contents(context, &packet);
> > #endif
> > krb5_free_principal(context, server);
> >
> > return result;
> > ---
> >
> > If I comment the krb5_free_data_contents() function, it does not
> > segfault anymore, but I get "NO "authentication failed"" for answer from
> > testsaslauthd. A little more syslog() debugging tell me that
> > krb5_mk_req() at line 238 does not return 0. Somehow, what make
> > krb5_mk_req() may be giving segfault in krb5_free_data_contents().
> >
> > I am 90% sure that this problem is somehow related to my setup or
> > config, but the fact that it trigger a segfault might make it worthwhile
> > of an investigation. In the meantime, I will gladly accept any
> > suggestion as what to check to solve my problem.
> >
> > Thanks very much !
> >
> >
> > --
> > Etienne Goyer Linux Québec Technologies Inc.
> > http://www.LinuxQuebec.com etienne dot goyer at linuxquebec dot com
> > PGP Pub Key: http://www.LinuxQuebec.com/pubkeys/eg.key
> > Fingerprint: F569 0394 098A FC70 B572 5D20 3129 3D86 8FD5 C853
>
> --
> Etienne Goyer Linux Québec Technologies Inc.
> http://www.LinuxQuebec.com etienne dot goyer at linuxquebec dot com
> PGP Pub Key: http://www.LinuxQuebec.com/pubkeys/eg.key
> Fingerprint: F569 0394 098A FC70 B572 5D20 3129 3D86 8FD5 C853

-- 
Etienne Goyer                    Linux Québec Technologies Inc.
http://www.LinuxQuebec.com       etienne dot goyer at linuxquebec dot com
PGP Pub Key: http://www.LinuxQuebec.com/pubkeys/eg.key 
Fingerprint: F569 0394 098A FC70 B572  5D20 3129 3D86 8FD5 C853 







Hosted Email Solutions

Invaluement Anti-Spam DNSBLs



Powered By FreeBSD   Powered By FreeBSD