LDAP module crashes

Stefan Radovanovici Tue, 03 Sep 2002 06:16:04 -0700

Greetings everybody,

I am using Freeradius 0.7 and OpenLDAP 2.1.4 (had also 2.0.25). My users
are defined in the LDAP and I have several reply items that have to get
back to the NAS once the user is authenticated. Today while doing some
tests I added some more reply items but this makes the LDAP module to
crash. If I keep the number of reply items low, it works fine. Here is a
working log request. Next will follow the log when I have added one more
reply items.


Normal request:


rad_recv: Access-Request packet from host 127.0.0.1:1215, id=25, length=62
        User-Name = "isdn_SEYFR"
        User-Password = "\305{\300\2660\263\327@\327\202\230\345:\232G\336"
        NAS-IP-Address = 255.255.255.255
        NAS-Port-Id = "ISDN"
modcall: entering group authorize
  modcall[authorize]: module "preprocess" returns ok
rlm_ldap: - authorize
rlm_ldap: performing user authorization for isdn_SEYFR
radius_xlat:  '(dc=isdn_SEYFR)'
radius_xlat:  'o=rts'
ldap_get_conn: Got Id: 0
rlm_ldap: attempting LDAP reconnection
rlm_ldap: (re)connect to 172.16.5.70:389, authentication 0
rlm_ldap: setting TLS mode to 4
rlm_ldap: could not set LDAP_OPT_X_TLS option Success
rlm_ldap: bind as cn=root,o=rts/test to 172.16.5.70:389
rlm_ldap: waiting for bind result ...
rlm_ldap: performing search in o=rts, with filter (dc=isdn_SEYFR)
rlm_ldap: Added password seydler in check items
rlm_ldap: looking for check items in directory...
rlm_ldap: Adding userPassword as CHAP-Password, value seydler & op=11
rlm_ldap: looking for reply items in directory...
rlm_ldap: Adding bintecipExtIfTable as BinTec-ipExtIfTable, value Nat=on & op=11
rlm_ldap: Adding bintecbiboDialTable as BinTec-biboDialTable, value
direction=outgoing number=1111111 & op=11
rlm_ldap: Adding bintecbiboPPPTable as BinTec-biboPPPTable, value
biboPPPAuthentication=chap & op=11
rlm_ldap: Adding bintecbiboPPPTable as BinTec-biboPPPTable, value
biboPPPLocalIdent=rts & op=11
rlm_ldap: Adding radiusIdleTimeout as Idle-Timeout, value 60 & op=11
rlm_ldap: Adding radiusFramedIPNetmask as Framed-IP-Netmask, value
255.255.255.255 & op=11
rlm_ldap: Adding radiusFramedIPAddress as Framed-IP-Address, value 192.168.19.14
& op=11
rlm_ldap: user isdn_SEYFR authorized to use remote access
ldap_release_conn: Release Id: 0
  modcall[authorize]: module "ldap" returns ok
  modcall[authorize]: module "files" returns notfound
modcall: group authorize returns ok
  rad_check_password:  Found Auth-Type LDAP
auth: type "Ldap"
modcall: entering group authtype
rlm_ldap: - authenticate
rlm_ldap: login attempt by "isdn_SEYFR" with password "seydler"
rlm_ldap: user DN: dc=isdn_SEYFR,dc=tstfr,dc=cus,ou=resources,o=rts
rlm_ldap: (re)connect to 172.16.5.70:389, authentication 1
rlm_ldap: setting TLS mode to 4
rlm_ldap: could not set LDAP_OPT_X_TLS option Success
rlm_ldap: bind as dc=isdn_SEYFR,dc=tstfr,dc=cus,ou=resources,o=rts/seydler to
172.16.5.70:389
rlm_ldap: waiting for bind result ...
rlm_ldap: user isdn_SEYFR authenticated succesfully
  modcall[authenticate]: module "ldap" returns ok
modcall: group authtype returns ok
Login OK: [isdn_SEYFR/seydler] (from client localhost port 0)
Sending Access-Accept of id 25 to 127.0.0.1:1215
        BinTec-ipExtIfTable = "Nat=on"
        BinTec-biboDialTable = "direction=outgoing number=11111111"
        BinTec-biboPPPTable = "biboPPPAuthentication=chap"
        BinTec-biboPPPTable = "biboPPPLocalIdent=rts"
        Idle-Timeout = 60
        Framed-IP-Netmask = 255.255.255.255
        Framed-IP-Address = 192.168.19.14
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...


I added another attribute and I get segmentation fault:

rad_recv: Access-Request packet from host 127.0.0.1:1215, id=84, length=62
        User-Name = "isdn_SEYFR"
        User-Password = "\273\2773\326m6\004Zl/\214I\276h\013\366"
        NAS-IP-Address = 255.255.255.255
        NAS-Port-Id = "ISDN"
modcall: entering group authorize
  modcall[authorize]: module "preprocess" returns ok
rlm_ldap: - authorize
rlm_ldap: performing user authorization for isdn_SEYFR
radius_xlat:  '(dc=isdn_SEYFR)'
radius_xlat:  'o=rts'
ldap_get_conn: Got Id: 0
rlm_ldap: attempting LDAP reconnection
rlm_ldap: (re)connect to 172.16.5.70:389, authentication 0
rlm_ldap: setting TLS mode to 4
rlm_ldap: could not set LDAP_OPT_X_TLS option Success
rlm_ldap: bind as cn=root,o=rts/test to 172.16.5.70:389
rlm_ldap: waiting for bind result ...
rlm_ldap: performing search in o=rts, with filter (dc=isdn_SEYFR)
rlm_ldap: Added password seydler in check items
rlm_ldap: looking for check items in directory...
rlm_ldap: Adding userPassword as CHAP-Password, value seydler & op=11
rlm_ldap: looking for reply items in directory...
rlm_ldap: Adding bintecipNatPresetTable as BinTec-ipNatPresetTable, value
IfIndex=1000 IntAddr=192.168.150.0 IntMask=255.255.255.0 ExtAddr & op=11
rlm_ldap: Adding bintecipExtIfTable as BinTec-ipExtIfTable, value Nat=on & op=11
rlm_ldap: Adding bintecbiboDialTable as BinTec-biboDialTable, value
direction=outgoing number=11111111 & op=11
rlm_ldap: Adding bintecbiboPPPTable as BinTec-biboPPPTable, value
biboPPPAuthentication=chap & op=11
rlm_ldap: Adding bintecbiboPPPTable as BinTec-biboPPPTable, value
biboPPPLocalIdent=rts & op=11
rlm_ldap: Adding radiusIdleTimeout as Idle-Timeout, value 60 & op=11
rlm_ldap: Adding radiusFramedIPNetmask as Framed-IP-Netmask, value
255.255.255.255 & op=11
rlm_ldap: Adding radiusFramedIPAddress as Framed-IP-Address, value 192.168.19.14
& op=11
Segmentation fault


Any idea what is happening ? A buffer overflow or something ? What can I do to
prevent this ? Any information is greately appreciated.

Thank you,
Stefan Radovanovici






- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

LDAP module crashes

Reply via email to