Hi,
I'm still trying to track down the cause of my repeatable freeradius crashes.
I've tested this in versions 0.3, 0.4, and several CVS snapshots, including
last nights.
One other list member has confirmed that he can replicate the problem.
Here is what I've been able to determine:
A CHAP authentication request will cause a SegFault IF it:
1) Matches a UserName in the radcheck table
2) Hits the server while the daemon is waiting in 'cleanup_delay' period
CHAP authentication requests that match an entry in the 'users' file do NOT
cause a segfault.
I've looks through the code but don't have enough familiarity with it to
find the problem. I don't see how anything done (or not done) by the
cleanup process should be affecting the rlm_sql_authenticate function.
Replicating the problem is quite easy. Simply use radclient to send a
couple of CHAP authentication requests (that match a user in your SQL
radcheck table) one right after the other (within the time set by your
cleanup_delay parameter).
For example:
echo "User-Name = \"bob\", CHAP-Password = \"bob\"" | radclient myradserver
auth mysecret
echo "User-Name = \"bob\", CHAP-Password = \"bob\"" | radclient myradserver
auth mysecret
If anyone can verify that they do NOT get this crash under these
conditions, please let me know.
If anyone can suggest places in the code I should focus on to continue
debugging this, please let me know.
Backtrace from gdb on lastnights CVS snapshot:
rlm_sql: Released sql socket id: 4
modcall[authorize]: module "sql1auth" returns ok
modcall: group group returns ok
modcall: group authorize returns ok
rad_check_password: Found Auth-Type Sql
auth: type "SQL"
modcall: entering group authtype
modcall: entering group group
rlm_sql: Reserving sql socket id: 4
radius_xlat: '[EMAIL PROTECTED]'
sql_escape in: '[EMAIL PROTECTED]'
sql_escape out: '[EMAIL PROTECTED]'
sql_set_user: escaped user --> '[EMAIL PROTECTED]'
radius_xlat: 'SELECT Value,Attribute FROM radcheck WHERE UserName =
'[EMAIL PROTECTED]' AND ( Attribute = 'Password' OR Attribute =
'Crypt-Password' ) ORDER BY Attribute DESC'
rlm_sql: Released sql socket id: 4
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 1024 (LWP 23259)]
0x40026fdc in rlm_sql_authenticate (instance=0x80b80d8, request=0x80ea080)
at rlm_sql.c:376
376 memcpy(password_pair->strvalue, row[0],
strlen(row[0]));
(gdb) bt
#0 0x40026fdc in rlm_sql_authenticate (instance=0x80b80d8,
request=0x80ea080) at rlm_sql.c:376
#1 0x08054cd1 in call_modsingle (component=0, sp=0x80b8050,
request=0x80ea080, default_result=0)
at modcall.c:205
#2 0x08054e1a in modcall (component=0, c=0x80b8050, request=0x80ea080) at
modcall.c:288
#3 0x08054d1b in call_modgroup (component=0, g=0x80b8018,
request=0x80ea080, default_result=0)
at modcall.c:227
#4 0x08054de1 in modcall (component=0, c=0x80b8018, request=0x80ea080) at
modcall.c:281
#5 0x08054d1b in call_modgroup (component=0, g=0x80b7fe0,
request=0x80ea080, default_result=0)
at modcall.c:227
#6 0x08054de1 in modcall (component=0, c=0x80b7fe0, request=0x80ea080) at
modcall.c:281
#7 0x0805492f in module_authenticate (auth_type=32767, request=0x80ea080)
at modules.c:639
#8 0x0805175f in rad_check_password (request=0x80ea080) at auth.c:363
#9 0x080519cc in rad_authenticate (request=0x80ea080) at auth.c:559
#10 0x0804d718 in rad_respond (request=0x80ea080, fun=0x8051798
<rad_authenticate>) at radiusd.c:1492
#11 0x0804d394 in rad_process (request=0x80ea080, dospawn=0) at radiusd.c:1252
#12 0x0804d0b1 in main (argc=2, argv=0xbffff9f4) at radiusd.c:1060
#13 0x400b7627 in __libc_start_main (main=0x804c478 <main>, argc=2,
ubp_av=0xbffff9f4,
init=0x804b500 <_init>, fini=0x805d3b0 <_fini>, rtld_fini=0x4000dcc4
<_dl_fini>, stack_end=0xbffff9ec)
at ../sysdeps/generic/libc-start.c:129
Thanks for any suggestions.
Randy Moore
Axion Information Technologies, Inc.
email [EMAIL PROTECTED]
phone 301-408-1200
fax 301-445-3947
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
