Hi all,
I'm getting totally repeatable segfaults in freeradius v0.4 when using
SQL authentication (specifically MySQL). I've included a back trace below.
For the record, I'm using RedHat Linux 7.0:
Kernel: 2.2.17-14smp
Mysql: 3.23.46
I've tried this on both a total clean installation of freeradius 0.4 and my
slightly
patched version. Both show the same symptoms.
The problem occurs at line 374 of rlm_sql.c (backtrace shows line 376 because
I added a couple of lines of debugging code).
The segfault is triggered by having two successful authentications using CHAP
passwords within the time specified by cleanup_delay (in radiusd.conf).
It is easiest to see this by setting your cleanup_delay to 20 seconds or
more. And
then use radclient to send a couple of 'correct' authentication requests
one right
after the other.
For example:
echo "User-Name = \"bob\", CHAP-Password = \"bob\"" | radclient myradserver
auth mysecret
echo "User-Name = \"bob\", CHAP-Password = \"bob\"" | radclient myradserver
auth mysecret
First, can anyone else using SQL authentication replicate this?
Second, any suggestions on how to continue tracing this? I've added a couple
of lines of code to verify that the paircreate function did not return NULL and
that the row[0] really contains a good password value. All OK.
But that is about the limit of my understanding right now. I can't see how
the cleanup_delay
could relate here.
Thanks for any suggestions.
modcall: group authorize returns ok
rad_check_password: Found Auth-Type Sql
auth: type "SQL"
modcall: entering group authtype
modcall: entering group group
rlm_sql: Reserving sql socket id: 4
radius_xlat: '[EMAIL PROTECTED]'
sql_escape in: '[EMAIL PROTECTED]'
sql_escape out: '[EMAIL PROTECTED]'
sql_set_user: escaped user --> '[EMAIL PROTECTED]'
radius_xlat: 'SELECT Value,Attribute FROM radcheck WHERE UserName =
'[EMAIL PROTECTED]' AND ( Attribute = 'Password' OR Attribute =
'Crypt-Password' ) ORDER BY Attribute DESC'
rlm_sql: Released sql socket id: 4
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 1024 (LWP 4905)]
0x4001a0c5 in rlm_sql_authenticate (instance=0x80b7c58, request=0x80f3050)
at rlm_sql.c:376
376 memcpy(password_pair->strvalue, row[0],
strlen(row[0]));
(gdb)
(gdb)
(gdb)
(gdb)
(gdb)
(gdb) bt
#0 0x4001a0c5 in rlm_sql_authenticate (instance=0x80b7c58,
request=0x80f3050) at rlm_sql.c:376
#1 0x8054d25 in call_modsingle (component=0, sp=0x80b7c00,
request=0x80f3050, default_result=0) at modcall.c:205
#2 0x8054e6e in modcall (component=0, c=0x80b7c00, request=0x80f3050) at
modcall.c:288
#3 0x8054d6f in call_modgroup (component=0, g=0x80b7bc8,
request=0x80f3050, default_result=0) at modcall.c:227
#4 0x8054e35 in modcall (component=0, c=0x80b7bc8, request=0x80f3050) at
modcall.c:281
#5 0x8054d6f in call_modgroup (component=0, g=0x80b7b90,
request=0x80f3050, default_result=0) at modcall.c:227
#6 0x8054e35 in modcall (component=0, c=0x80b7b90, request=0x80f3050) at
modcall.c:281
#7 0x805497f in module_authenticate (auth_type=32767, request=0x80f3050)
at modules.c:639
#8 0x80517bf in rad_check_password (request=0x80f3050) at auth.c:376
#9 0x8051a2c in rad_authenticate (request=0x80f3050) at auth.c:572
#10 0x804d728 in rad_respond (request=0x80f3050, fun=0x80517f8
<rad_authenticate>) at radiusd.c:1492
#11 0x804d3a4 in rad_process (request=0x80f3050, dospawn=0) at radiusd.c:1252
#12 0x804d0c5 in main (argc=2, argv=0xbffffb54) at radiusd.c:1060
#13 0x400adb5c in __libc_start_main (main=0x804c474 <main>, argc=2,
ubp_av=0xbffffb54, init=0x804b500 <_init>,
fini=0x805d45c <_fini>, rtld_fini=0x4000d634 <_dl_fini>,
stack_end=0xbffffb4c) at ../sysdeps/generic/libc-start.c:129
(gdb)
Randy Moore
Axion Information Technologies, Inc.
email [EMAIL PROTECTED]
phone 301-408-1200
fax 301-445-3947
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
