[EMAIL PROTECTED] wrote: > Full_Name: Dan White > Version: 2.3.39 > OS: Linux > URL: http://support.olp.net/ldap/log.txt > Submission from: (NULL) (65.161.252.42)
Nice bit of debugging there. This could be a bit tricky because the slapd auxprop code assumes it's always executing on behalf of an LDAP operation (usually a Bind request). In this case, there is no active request; it's the cleanup action on a closed connection, and most of the state that slapd needed has already been torn down. It may take some restructuring to allow this to work, we never expected sasl_dispose() to be anything other than a pure destructor. > I'm experiencing crashes in slapd when attempting to bind via SASL using the > OTP > mech. > > I'm using openldap version 2.3.39 for both slapd and my ldap utils > (ldapsearch). > I'm using the bdb backend. > > I'm also using Debian Etch with the following versions of software: > > Cyrus SASL 2.1.22(.dfsg1-8) > libdb 4.2.52(+dfsg-2) > libc6 2.3.6(.ds1-13etch2) > > I've compiled cyrus sasl to use it's internal implementation of OTP, rather > than > OPIE: > > --enable-otp > (--with-opie is not enabled) > > The problem I'm experiencing isn't when I successfully authenticate; that > seems > to work fine. It's when I run an ldapsearch, but instead of entering an OTP > password, I press ctrl-c to cancel the search. > >>From the shell, when I perform an LDAP search, all appears normal: > > hiro:~# ldapsearch -Y OTP -U [EMAIL PROTECTED] > SASL/OTP authentication started > Challenge: otp-md5 497 hi3182 ext > Please enter your one-time password:<ctrl-c> > hiro:~# > > However my slapd process dies. > > Here's a gdb backtrace of the server process: > > ... > Core was generated by `/usr/sbin/slapd'. > Program terminated with signal 11, Segmentation fault. > #0 0x080b448e in slap_auxprop_store (glob_context=0x0, sparams=0x820b2a0, > prctx=0x82351c0, user=0x820a148 "[EMAIL PROTECTED]", ulen=14) > at > /usr/src/build/openldap/openldap2.3-2.3.39/servers/slapd/sasl.c:478 > 478 op.o_hdr = > conn->c_sasl_bindop->o_hdr; > (gdb) bt > #0 0x080b448e in slap_auxprop_store (glob_context=0x0, sparams=0x820b2a0, > prctx=0x82351c0, user=0x820a148 "[EMAIL PROTECTED]", ulen=14) > at > /usr/src/build/openldap/openldap2.3-2.3.39/servers/slapd/sasl.c:478 > #1 0xb7eb17d7 in sasl_auxprop_store () from /usr/lib/libsasl2.so.2 > #2 0xb7973c89 in otp_server_plug_init () from /usr/lib/sasl2/libotp.so.2 > #3 0xb7ebde36 in sasl_server_new () from /usr/lib/libsasl2.so.2 > #4 0xb7eb6194 in sasl_dispose () from /usr/lib/libsasl2.so.2 > #5 0x080b2992 in slap_sasl_close (conn=0xb7ec3618) at > /usr/src/build/openldap/openldap2.3-2.3.39/servers/slapd/sasl.c:1331 > #6 0x0806cf27 in connection_close (c=0xb75b1148) at > /usr/src/build/openldap/openldap2.3-2.3.39/servers/slapd/connection.c:715 > #7 0x0806e116 in connection_read (s=12) at > /usr/src/build/openldap/openldap2.3-2.3.39/servers/slapd/connection.c:1458 > #8 0x0806a49f in slapd_daemon_task (ptr=0x0) at > /usr/src/build/openldap/openldap2.3-2.3.39/servers/slapd/daemon.c:2468 > #9 0xb7cd3240 in start_thread () from /lib/tls/i686/cmov/libpthread.so.0 > #10 0xb7c674ae in clone () from /lib/tls/i686/cmov/libc.so.6 > (gdb) quit > > I've added a debug statement within slap_auxprop_store, so the openldap debug > information below will include some additional information about what's being > modified. > > The output can be obtained from: > > http://support.olp.net/ldap/log.txt > > Notice the two lines: > > Dec 3 13:39:06 hiro slapd[11134]: slap_auxprop_store [conn=3]: Getting ready > to > set cmusaslsecretOTP to > md5^I0499^Ihi5935^I0e81b33e30182715^I00000000001196711046. > Dec 3 13:39:07 hiro slapd[11134]: slap_auxprop_store [conn=-1]: Getting ready > to set cmusaslsecretOTP to > md5^I0499^Ihi5935^I0e81b33e30182715^I00000000000000000000. > > If I enter a good OTP password, I get this in my logs: > > Dec 3 13:43:26 hiro slapd[11159]: slap_auxprop_store [conn=3]: Getting ready > to > set cmusaslsecretOTP to > md5^I0499^Ihi5865^Iec8123986aec6550^I00000000001196711306. > Dec 3 13:44:26 hiro slapd[11159]: slap_auxprop_store [conn=3]: Getting ready > to > set cmusaslsecretOTP to > md5^I0498^Ihi5865^Ic3570f027cf46ed0^I00000000000000000000. > > If I enter an incorrect password, I get this: > > Dec 3 13:45:21 hiro slapd[11159]: slap_auxprop_store [conn=4]: Getting ready > to > set cmusaslsecretOTP to > md5^I0498^Ihi5865^Ic3570f027cf46ed0^I00000000001196711421. > Dec 3 13:45:22 hiro slapd[11159]: slap_auxprop_store [conn=4]: Getting ready > to > set cmusaslsecretOTP to > md5^I0498^Ihi5865^Ic3570f027cf46ed0^I00000000000000000000. > > So in the case where it's crashing, it appears the Cyrus SASL is attempting to > revert the OTP entry back to the previous version to "unlock" it. I assume > that > the connection id of '-1' is relevant to the crash. -- -- Howard Chu Chief Architect, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/
