Bug#781162: marked as done (slapd: crash with SASL auxprop pwcheck_method and empty suffix)

Debian Bug Tracking System Thu, 23 Jul 2015 08:14:24 -0700

Your message dated Thu, 23 Jul 2015 08:09:54 -0700
with message-id <20150723150954.GA21173@comet>
and subject line fixed in 2.4.41
has caused the Debian Bug report #781162,
regarding slapd: crash with SASL auxprop pwcheck_method and empty suffix
to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
781162: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=781162
Debian Bug Tracking System
Contact [email protected] with problems

--- Begin Message ---

Package: slapd
Version: 2.4.31-1+nmu2
Severity: grave
Justification: renders package unusable

Dear Maintainer,

I'm trying to set up pass-through authentication against Kerberos
Realm for our LDAP Directory. For that I installed saslauthd and
confirmed the operation with sasl-sample-client/server and
testsaslauthd.

   * What led up to the situation?

To pass off authentication, set the userPassword attribute to

   {SASL}Username@KRBREALM

in the LDAP directory, as explained on
http://www.openldap.org/doc/admin24/security.html

   * What exactly did you do (or not do) that was effective (or
     ineffective)?

After doing so, slapd crashes on log-in.

   * What was the outcome of this action?

I'm attaching a gdb trace as good as I was able to create

   * What outcome did you expect instead?

Functioning log-in operation.

-- Syslog message

Mar 25 12:47:34 server slapd[16578]: >>> slap_listener(ldap:///)
Mar 25 12:47:34 server slapd[16578]: conn=1004 fd=21 ACCEPT from 
IP=139.*.*.*:51272 (IP=0.0.0.0:389)
Mar 25 12:47:34 server slapd[16578]: connection_get(21): got connid=1004
Mar 25 12:47:34 server slapd[16578]: connection_read(21): checking for input on 
id=1004
Mar 25 12:47:34 server slapd[16578]: op tag 0x60, time 1427284054
Mar 25 12:47:34 server slapd[16578]: conn=1004 op=0 do_bind
Mar 25 12:47:34 server slapd[16578]: >>> dnPrettyNormal: 
<cn=*********,ou=People,dc=****,dc=org>
Mar 25 12:47:34 server slapd[16578]: <<< dnPrettyNormal: 
<cn=*********,ou=People,dc=****,dc=org>, <cn=*********,ou=people,dc=****,dc=org>
Mar 25 12:47:34 server slapd[16578]: conn=1004 op=0 BIND 
dn="*********,ou=People,dc=****,dc=org" method=128
Mar 25 12:47:34 server slapd[16578]: do_bind: version=3 
dn="cn=*********,ou=People,dc=****,dc=org" method=128
Mar 25 12:47:34 server slapd[16578]: 
bdb_dn2entry("cn=*********,ou=people,dc=****,dc=org")
Mar 25 12:47:34 server slapd[16578]: => hdb_dn2id("ou=people,dc=****,dc=org")
Mar 25 12:47:34 server slapd[16578]: <= hdb_dn2id: got id=0x4
Mar 25 12:47:34 server slapd[16578]: => 
hdb_dn2id("cn=*********,ou=people,dc=****,dc=org")
Mar 25 12:47:34 server slapd[16578]: <= hdb_dn2id: got id=0x237
Mar 25 12:47:34 server slapd[16578]: entry_decode: ""
Mar 25 12:47:34 server slapd[16578]: <= entry_decode()
Mar 25 12:47:34 server kernel: [571560.569822] slapd[16598]: segfault at 0 ip 
00007f83289a735a sp 00007f8323a47db8 error 4 in 
libc-2.13.so[7f8328929000+181000]


-- Stack trace

#0  __strcmp_sse2 () at ../sysdeps/x86_64/multiarch/../strcmp.S:214
No locals.
#1  0x00007effc77d14ec in select_backend (dn=dn@entry=0x7effc0aa4f28, 
noSubs=noSubs@entry=1) at ../../../../servers/slapd/backend.c:697
        j = <optimized out>
        len = <optimized out>
        dnlen = 0
        be = 0x7effc8a79c30
#2  0x00007effc78168a3 in slap_auxprop_lookup (glob_context=<optimized out>, 
sparams=<optimized out>, flags=0, user=<optimized out>, ulen=<optimized out>) 
at ../../../../servers/slapd/sasl.c:345
        cb = {sc_next = 0x0, sc_response = 0x7effc7815fb0 <sasl_ap_lookup>, 
sc_cleanup = 0, sc_private = 0x7effc0aa4e40}
        opbuf = {ob_op = {o_hdr = 0x0, o_tag = 0, o_time = 0, o_tincr = 0, o_bd 
= 0x0, o_req_dn = {bv_len = 0, bv_val = 0x0}, o_req_ndn = {bv_len = 0, bv_val = 
0x0}, o_request = {oq_add = {rs_modlist = 0x0, rs_e = 0x0}, oq_bind = {
                rb_method = 0, rb_cred = {bv_len = 0, bv_val = 0x0}, rb_edn = 
{bv_len = 0, bv_val = 0x0}, rb_ssf = 0, rb_mech = {bv_len = 0, bv_val = 0x0}}, 
oq_compare = {rs_ava = 0x0}, oq_modify = {rs_mods = {rs_modlist = 0x0, 
                  rs_no_opattrs = 0 '\000'}, rs_increment = 0}, oq_modrdn = 
{rs_mods = {rs_modlist = 0x0, rs_no_opattrs = 0 '\000'}, rs_deleteoldrdn = 0, 
rs_newrdn = {bv_len = 0, bv_val = 0x0}, rs_nnewrdn = {bv_len = 0, bv_val = 
0x0}, 
                rs_newSup = 0x0, rs_nnewSup = 0x0}, oq_search = {rs_scope = 0, 
rs_deref = 0, rs_slimit = 0, rs_tlimit = 0, rs_limit = 0x0, rs_attrsonly = 0, 
rs_attrs = 0x0, rs_filter = 0x0, rs_filterstr = {bv_len = 0, bv_val = 0x0}}, 
              oq_abandon = {rs_msgid = 0}, oq_cancel = {rs_msgid = 0}, 
oq_extended = {rs_reqoid = {bv_len = 0, bv_val = 0x0}, rs_flags = 0, rs_reqdata 
= 0x0}, oq_pwdexop = {rs_extended = {rs_reqoid = {bv_len = 0, bv_val = 0x0}, 
                  rs_flags = 0, rs_reqdata = 0x0}, rs_old = {bv_len = 0, bv_val 
= 0x0}, rs_new = {bv_len = 0, bv_val = 0x0}, rs_mods = 0x0, rs_modtail = 0x0}}, 
o_abandon = 0, o_cancel = 0, o_groups = 0x0, o_do_not_cache = 0 '\000', 
            o_is_auth_check = 0 '\000', o_dont_replicate = 0 '\000', o_acl_priv 
= ACL_NONE, o_nocaching = 0 '\000', o_delete_glue_parent = 0 '\000', 
o_no_schema_check = 0 '\000', o_no_subordinate_glue = 0 '\000', 
            o_ctrlflag = '\000' <repeats 31 times>, o_controls = 0x0, o_authz = 
{sai_method = 0, sai_mech = {bv_len = 0, bv_val = 0x0}, sai_dn = {bv_len = 0, 
bv_val = 0x0}, sai_ndn = {bv_len = 0, bv_val = 0x0}, sai_ssf = 0, 
              sai_transport_ssf = 0, sai_tls_ssf = 0, sai_sasl_ssf = 0}, o_ber 
= 0x0, o_res_ber = 0x0, o_callback = 0x0, o_ctrls = 0x0, o_csn = {bv_len = 0, 
bv_val = 0x0}, o_private = 0x0, o_extra = {slh_first = 0x0}, o_next = {
              stqe_next = 0x0}}, ob_hdr = {oh_opid = 0, oh_connid = 0, oh_conn 
= 0x0, oh_msgid = 0, oh_protocol = 0, oh_tid = 0, oh_threadctx = 0x0, 
oh_tmpmemctx = 0x0, oh_tmpmfuncs = 0x0, oh_counters = 0x0, 
            oh_log_prefix = '\000' <repeats 255 times>, oh_extensions = 0x0}, 
ob_controls = {0x0 <repeats 32 times>}}
        op = 0x7effc0aa4ef0
        i = <optimized out>
        doit = 1
        conn = <optimized out>
        sl = {flags = 0, list = 0x7effc8f73bc8, sparams = 0x7effc8e63e70}
        rc = 0
#3  0x00007effc66f0b49 in _sasl_auxprop_lookup (sparams=0x7effc8e63e70, 
flags=flags@entry=0, user=0x7effc8e63a01 "********@KDC.****.ORG", ulen=21) at 
../../lib/auxprop.c:959
        p = 0x7effc8f72ab5 ""
        last = 1
        pluginlist = 0x7effc8f72ab0 "slapd"
        freeptr = 0x7effc8f72ab0 "slapd"
        thisplugin = 0x7effc8f72ab0 "slapd"
        getopt = 0x7effc66f5240 <_sasl_conn_getopt>
        ret = <optimized out>
        found = 1
        context = 0x7effc8e62c60
        plist = 0x7effc7851fe1 "slapd"
        ptr = 0x7effc89e1b00
        result = -4
#4  0x00007effc66f1905 in _sasl_auxprop_lookup_user_props 
(oparams=0x7effc8e634d0, flags=3, conn=0x7effc8e62c60) at 
../../lib/canonusr.c:220
        authz_result = <optimized out>
        auxprop_lookup_flags = 0
        sconn = 0x7effc8e62c60
        result = 0
#5  _sasl_canon_user_lookup (conn=conn@entry=0x7effc8e62c60, 
user=user@entry=0x7effc8e63600 "********@KDC.****.ORG", ulen=ulen@entry=0, 
flags=flags@entry=3, oparams=oparams@entry=0x7effc8e634d0) at 
../../lib/canonusr.c:279
        result = 0
#6  0x00007effc66f21f1 in auxprop_verify_password (conn=0x7effc8e62c60, 
userstr=0x7effc8e63600 "********@KDC.****.ORG", passwd=0xdeadbeef1234 
"*********", service=<optimized out>, user_realm=<optimized out>) at 
../../lib/checkpw.c:159
        ret = -1
        result = 0
        sconn = <optimized out>
        password_request = {0x7effc6700a92 "*userPassword", 0x7effc6700aa0 
"*cmusaslsecretPLAIN", 0x0}
        auxprop_values = {{name = 0x0, values = 0x7effc8e635c8, nvalues = 
3370530264, valsize = 32511}, {name = 0x7eff00000020 <Address 0x7eff00000020 
out of bounds>, values = 0x7effc0aa54c0, nvalues = 3232388176, valsize = 
32511}, {
            name = 0x6425 <Address 0x6425 out of bounds>, values = 
0x7effc66f12d2, nvalues = 926364211, valsize = 51}}
#7  0x00007effc66fb348 in _sasl_checkpass (conn=conn@entry=0x7effc8e62c60, 
user=0x7effc8e63600 "********@KDC.****.ORG", userlen=userlen@entry=21, 
pass=pass@entry=0xdeadbeef1234 "*********", passlen=passlen@entry=9)
    at ../../lib/server.c:1918
        s_conn = 0x7effc8e62c60
        result = -4
        getopt = 0x7effc66f5240 <_sasl_conn_getopt>
        checkpass_cb = 0
        context = 0x7effc8e62c60
        mlist = 0x7effc6700bd7 "auxprop"
        mech = 0x7effc6700bd7 "auxprop"
        v = <optimized out>
        service = 0x7effc8e62190 "ldap"
#8  0x00007effc66fe2e0 in sasl_checkpass (conn=0x7effc8e62c60, user=<optimized 
out>, userlen=21, pass=0xdeadbeef1234 "*********", passlen=9) at 
../../lib/server.c:1985
        result = <optimized out>
#9  0x00007effc7815f99 in chk_sasl (sc=sc@entry=0x7effc89e30f8, 
passwd=passwd@entry=0x7effc0aa55e0, cred=cred@entry=0x7effc8e64a30, 
text=text@entry=0x7effc0aa5a70) at ../../../../servers/slapd/sasl.c:870
        sc = <optimized out>
        i = <optimized out>
        rtn = -1
        ctx = <optimized out>
        sconn = 0x7effc8e62c60
#10 0x00007effc784b372 in lutil_passwd (passwd=passwd@entry=0x7effc8f65800, 
cred=cred@entry=0x7effc8e64a30, schemes=schemes@entry=0x0, 
text=text@entry=0x7effc0aa5a70) at ../../../../libraries/liblutil/passwd.c:327
        x = {bv_len = 21, bv_val = 0x7effc8f660f9 "********@KDC.****.ORG"}
        pws = 0x7effc89e30f0
#11 0x00007effc77f774e in slap_passwd_check (op=op@entry=0x7effc8e649e0, 
e=e@entry=0x7effc8c7dc68, a=0x7effc8c91bb0, cred=cred@entry=0x7effc8e64a30, 
text=text@entry=0x7effc0aa5a70) at ../../../../servers/slapd/passwd.c:529
        result = 1
        bv = 0x7effc8f65800
        acl_state = {as_desc = 0x7effc89df490, as_access = ACL_AUTH, as_vd_acl 
= 0x0, as_vd_acl_present = 0, as_vd_acl_count = 0, as_vd_mask = 1, as_result = 
1, as_fe_done = 0}
        credNul = 0 '\000'
        old_authctx = 0x0
#12 0x00007effc1741efb in hdb_bind (op=0x7effc8e649e0, rs=0x7effc0aa5a50) at 
bind.c:134
        bdb = 0x7effc8a79dd0
        e = 0x7effc8c7dc68
        a = <optimized out>
        ei = 0x7effc8f650a0
        password = 0x7effc89df490
        rtxn = 0x7effc8f64dc0
        lock = {off = 526912, ndx = 818, gen = 1, mode = DB_LOCK_READ}
        __PRETTY_FUNCTION__ = "hdb_bind"
#13 0x00007effc78311c6 in overlay_op_walk (op=op@entry=0x7effc8e649e0, 
rs=0x7effc0aa5a50, which=op_bind, oi=0x7effc8a88ae0, on=0x0) at 
../../../../servers/slapd/backover.c:671
        func = <optimized out>
        rc = 32768
#14 0x00007effc783131b in over_op_func (op=0x7effc8e649e0, rs=<optimized out>, 
which=<optimized out>) at ../../../../servers/slapd/backover.c:723
        oi = <optimized out>
        on = <optimized out>
        be = 0x7effc8a79c30
        db = {bd_info = 0x7effc1961760, bd_self = 0x7effc8a79c30, be_ctrls = 
"\000\001\001\001\000\001\000\000\001\000\000\001\001\000\001", '\000' <repeats 
17 times>, "\001", be_flags = 264, be_restrictops = 0, be_requires = 0, 
          be_ssf_set = {sss_ssf = 0, sss_transport = 0, sss_tls = 0, sss_sasl = 
0, sss_update_ssf = 0, sss_update_transport = 0, sss_update_tls = 0, 
sss_update_sasl = 0, sss_simple_bind = 0}, be_suffix = 0x7effc8a7bf70, 
          be_nsuffix = 0x7effc8a7bfa0, be_schemadn = {bv_len = 0, bv_val = 
0x0}, be_schemandn = {bv_len = 0, bv_val = 0x0}, be_rootdn = {bv_len = 23, 
bv_val = 0x7effc8a98a40 "cn=admin,dc=****,dc=org"}, be_rootndn = {bv_len = 23, 
            bv_val = 0x7effc8a982a0 "cn=admin,dc=****,dc=org"}, be_rootpw = 
{bv_len = 38, bv_val = 0x7effc8a98ab0 
"{SSHA}********************************"}, be_max_deref_depth = 15, 
be_def_limit = {lms_t_soft = 3600, lms_t_hard = 0, 
            lms_s_soft = 500, lms_s_hard = 0, lms_s_unchecked = -1, lms_s_pr = 
0, lms_s_pr_hide = 0, lms_s_pr_total = 0}, be_limits = 0x0, be_acl = 
0x7effc8a7a160, be_dfltaccess = ACL_READ, be_extra_anlist = 0x0, be_update_ndn 
= {
            bv_len = 0, bv_val = 0x0}, be_update_refs = 0x0, 
be_pending_csn_list = 0x7effc8a37220, be_pcl_mutex = {__data = {__lock = 0, 
__count = 0, __owner = 0, __nusers = 0, __kind = 0, __spins = 0, __list = 
{__prev = 0x0, 
                __next = 0x0}}, __size = '\000' <repeats 39 times>, __align = 
0}, be_syncinfo = 0x0, be_pb = 0x0, be_cf_ocs = 0x7effc1961080, be_private = 
0x7effc8a79dd0, be_next = {stqe_next = 0x0}}
        cb = {sc_next = 0x7effc8e63f80, sc_response = 0x7effc7830520 
<over_back_response>, sc_cleanup = 0, sc_private = 0x7effc8a88ae0}
        sc = <optimized out>
        rc = 32768
        __PRETTY_FUNCTION__ = "over_op_func"
#15 0x00007effc77e2482 in fe_op_bind (op=0x7effc8e649e0, rs=0x7effc0aa5a50) at 
../../../../servers/slapd/bind.c:383
        bd = 0x7effc7abbbc0
#16 0x00007effc77e1de7 in do_bind (op=0x7effc8e649e0, rs=0x7effc0aa5a50) at 
../../../../servers/slapd/bind.c:205
        ber = 0x7effc8e64710
        version = 3
        method = 128
        mech = {bv_len = 0, bv_val = 0x0}
        dn = {bv_len = 37, bv_val = 0x7effc8e6477a 
"cn=*********,ou=People,dc=****,dc=org"}
        tag = <optimized out>
        be = 0x0
#17 0x00007effc77c3961 in connection_operation (ctx=ctx@entry=0x7effc0aa5ba0, 
arg_v=arg_v@entry=0x7effc8e649e0) at ../../../../servers/slapd/connection.c:1150
        rc = 80
        cancel = <optimized out>
        op = 0x7effc8e649e0
        rs = {sr_type = REP_RESULT, sr_tag = 0, sr_msgid = 0, sr_err = 0, 
sr_matched = 0x0, sr_text = 0x0, sr_ref = 0x0, sr_ctrls = 0x0, sr_un = 
{sru_search = {r_entry = 0x0, r_attr_flags = 0, r_operational_attrs = 0x0, 
r_attrs = 0x0, 
              r_nentries = 0, r_v2ref = 0x0}, sru_sasl = {r_sasldata = 0x0}, 
sru_extended = {r_rspoid = 0x0, r_rspdata = 0x0}}, sr_flags = 0}
        tag = 96
        opidx = SLAP_OP_BIND
        conn = 0x7effc8ac71f0
        memctx = 0x7effc8e62c20
        memctx_null = 0x0
        memsiz = 1048576
        __PRETTY_FUNCTION__ = "connection_operation"
#18 0x00007effc77c3c84 in connection_read_thread (ctx=0x7effc0aa5ba0, 
argv=<optimized out>) at ../../../../servers/slapd/connection.c:1286
        rc = <optimized out>
        cri = {op = 0x7effc8e649e0, func = 0, arg = 0x0, ctx = <optimized out>, 
nullop = <optimized out>}
        s = <optimized out>
#19 0x00007effc7324ff3 in ?? () from 
/usr/lib/x86_64-linux-gnu/libldap_r-2.4.so.2
No symbol table info available.
#20 0x00007effc5516b50 in start_thread (arg=<optimized out>) at 
pthread_create.c:304
        __res = <optimized out>
        pd = 0x7effc0aa6700
        unwind_buf = {cancel_jmp_buf = {{jmp_buf = {139636914153216, 
-6953941169514691965, 139636922535296, 139636914153920, 139637028307008, 3, 
7097991927747625603, 7098000646870188675}, mask_was_saved = 0}}, priv = {pad = 
{0x0, 0x0, 
              0x0, 0x0}, data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}}
        not_first_call = <optimized out>
        freesize = <optimized out>
        __PRETTY_FUNCTION__ = "start_thread"
#21 0x00007effc526095d in clone () at 
../sysdeps/unix/sysv/linux/x86_64/clone.S:112
No locals.
#22 0x0000000000000000 in ?? ()



-- System Information:
Debian Release: 7.8
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.2.0-4-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages slapd depends on:
ii  adduser                     3.113+nmu3
ii  coreutils                   8.13-3.5
ii  debconf [debconf-2.0]       1.5.49
ii  libc6                       2.13-38+deb7u8
ii  libdb5.1                    5.1.29-5
ii  libgcrypt11                 1.5.0-5+deb7u3
ii  libgnutls26                 2.12.20-8+deb7u3
ii  libldap-2.4-2               2.4.31-1+nmu2
ii  libltdl7                    2.4.2-1.1
ii  libodbc1                    2.2.14p2-5
ii  libperl5.14                 5.14.2-21+deb7u2
ii  libsasl2-2                  2.1.25.dfsg1-6+deb7u1
ii  libslp1                     1.2.1-9
ii  libwrap0                    7.6.q-24
ii  lsb-base                    4.1+Debian8+deb7u1
ii  multiarch-support           2.13-38+deb7u8
ii  perl [libmime-base64-perl]  5.14.2-21+deb7u2
ii  psmisc                      22.19-1+deb7u1

Versions of packages slapd recommends:
ii  libsasl2-modules  2.1.25.dfsg1-6+deb7u1

Versions of packages slapd suggests:
ii  ldap-utils  2.4.31-1+nmu2

-- Configuration Files:
/etc/default/slapd changed:
SLAPD_CONF=
SLAPD_USER="openldap"
SLAPD_GROUP="openldap"
SLAPD_PIDFILE=
SLAPD_SERVICES="ldaps:/// ldap:/// ldapi:///"
SLAPD_SENTINEL_FILE=/etc/ldap/noslapd
SLAPD_OPTIONS=""


-- debconf information excluded

--- End Message ---

--- Begin Message ---

Version: 2.4.41+dfsg-1

Forgot to changelog this, but it's fixed in 2.4.41:

Fixed slapd sasl auxprop crash with invalid config (ITS#8092)

--- End Message ---

Bug#781162: marked as done (slapd: crash with SASL auxprop pwcheck_method and empty suffix)

Reply via email to