From owner-freebsd-stable@FreeBSD.ORG Sat Jul 17 06:56:12 2010 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id C4ADD106564A for ; Sat, 17 Jul 2010 06:56:12 +0000 (UTC) (envelope-from Joerg.Pulz@frm2.tum.de) Received: from mailhost.frm2.tum.de (mailhost.frm2.tum.de [129.187.179.12]) by mx1.freebsd.org (Postfix) with ESMTP id 2CAF48FC1E for ; Sat, 17 Jul 2010 06:56:11 +0000 (UTC) Received: from mailhost.frm2.tum.de (localhost [127.0.0.1]) by mailhost.frm2.tum.de (8.14.3/8.14.3) with ESMTP id o6H6u35H094854; Sat, 17 Jul 2010 08:56:03 +0200 (CEST) (envelope-from jpulz@frm2.tum.de) X-Virus-Scanned: at mailhost.frm2.tum.de Received: from hades.admin.frm2 (hades.admin.frm2 [172.25.1.10]) by mailhost.frm2.tum.de (8.14.3/8.14.3) with ESMTP id o6H6twlV094850 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Sat, 17 Jul 2010 08:55:58 +0200 (CEST) (envelope-from jpulz@frm2.tum.de) Received: from hades.admin.frm2 (localhost [127.0.0.1]) by hades.admin.frm2 (8.14.3/8.14.3) with ESMTP id o6H6twZf033061; Sat, 17 Jul 2010 08:55:58 +0200 (CEST) (envelope-from jpulz@frm2.tum.de) Received: (from jpulz@localhost) by hades.admin.frm2 (8.14.3/8.14.3/Submit) id o6H6tvnw033060; Sat, 17 Jul 2010 08:55:57 +0200 (CEST) (envelope-from jpulz) Date: Sat, 17 Jul 2010 08:55:54 +0200 (CEST) From: Joerg Pulz To: Jeremy Chadwick In-Reply-To: <20100716135102.GA5625@icarus.home.lan> Message-ID: References: <20100715162251.GA73929@icarus.home.lan> <20100716083617.GA97981@icarus.home.lan> <3FE6787E5CAC4C108C031CA6C8044FE4@rivendell> <20100716092512.GA99365@icarus.home.lan> <20100716110427.GA1939@icarus.home.lan> <20100716111000.GA2501@icarus.home.lan> <7AD0E8F6044245DEA6C218A28F08FB99@rivendell> <20100716122446.GA3241@icarus.home.lan> <20100716135102.GA5625@icarus.home.lan> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.2.3 (mailhost.frm2.tum.de [129.187.179.12]); Sat, 17 Jul 2010 08:55:58 +0200 (CEST) Cc: Reko Turja , "Mikhail T." , freebsd-stable@freebsd.org, Henrik /KaarPoSoft Subject: Re: openldap client GSSAPI authentication segfaults in fbsd8stablei386 X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 17 Jul 2010 06:56:12 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Fri, 16 Jul 2010, Jeremy Chadwick wrote: > On Fri, Jul 16, 2010 at 03:58:04PM +0300, Reko Turja wrote: >>> I think we need the OP of the PR[1], Mikhail T., to chime in here >>> with his >>> setup. >> >> While waiting, can you test the following: In the >> /usr/local/etc/imapd.conf file comment out >> >> #sasl_pwcheck_method: saslauthd >> >> and add below it: >> >> sasl_mech_list: gssapi pam plain > > Thanks -- I did so + restarted imapd, and now we have: > > testbox# cyradm localhost > Login disabled. > cyradm: cannot authenticate to server with as root > > Jul 16 06:46:02 testbox master[11087]: about to exec /usr/local/cyrus/bin/imapd > Jul 16 06:46:02 testbox imap[11087]: executed > Jul 16 06:46:02 testbox imap[11087]: accepted connection > Jul 16 06:46:02 testbox perl: GSSAPI Error: Miscellaneous failure (see text) (unknown mech-code 2 for mech unknown) > Jul 16 06:46:02 testbox kernel: Jul 16 06:46:02 testbox perl: GSSAPI Error: Miscellaneous failure (see text) (unknown mech-code 2 for mech unknown) > Jul 16 06:46:02 testbox perl: No worthy mechs found > Jul 16 06:46:02 testbox kernel: Jul 16 06:46:02 testbox perl: No worthy mechs found Jeremy, i followed this thread so far and searched a little bit about the issue. I also tested on my machines and came to an interesting point. First my setup is pretty straight forward. Set HEIMDAL_HOME=/usr . Build security/cyrus-sasl2 (OPTIONS don't matter i think). Build net/openldap24-sasl-client (select SASL OPTION) If you don't have any accessible LDAP server on your net (OpenLDAP or Windows AD doesn't matter) you have to build and just start one for yourself. Afterwards just try the following command: ldapsearch -Ygssapi -h Now the interesting point. On my amd64 system i get this after executing the above command: SASL/GSSAPI authentication started ldap_sasl_interactive_bind_s: Local error (-2) additional info: SASL(-1): generic failure: GSSAPI Error: Miscellaneous failure (see text) (unknown mech-code 2 for mech unknown) While on my i386 system i get this: SASL/GSSAPI authentication started Segmentation fault (core dumped) A quick look at the gdb bt of the core file looks like this: #0 0x28310ef5 in free () from /lib/libc.so.7 #1 0x283fc972 in gss_release_buffer () from /usr/lib/libgssapi.so.10 #2 0x283fc37e in gss_release_name () from /usr/lib/libgssapi.so.10 #3 0x283f8da9 in gss_init_sec_context () from /usr/lib/libgssapi.so.10 #4 0x283f1a0b in gssapi_client_mech_step () from /usr/local/lib/sasl2/libgssapiv2.so.2 #5 0x280ed4f4 in sasl_client_step () from /usr/local/lib/libsasl2.so.2 So i think i've hit the same bug all others are experiencing. It looks like it is a i386 speciality but it can also be pure luck an amd64. I found at least one other report on the net which looks very similar to what i see. i386 == Segmentation fault, amd64 == Error message. Jeremy, is your test system running on amd64 or i386? Kind regards Joerg - -- The beginning is the most important part of the work. -Plato -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.15 (FreeBSD) iD8DBQFMQVP9SPOsGF+KA+MRAn3OAJ4r5fqAoOjpMWBvEdHKAE9h8cROFgCfU/DI Hm8AsO4vdgGCdWUgdJ6mRTs= =nTdu -----END PGP SIGNATURE-----