Hi Lars!
> @ Torsten Schlabach:
>> One comment suggested that the problem might be one of the Debian
>> specific patches! Did you try to build a package without them?
> Not yet, but I'm determined to get that issue resolved. One of the
> larger problems could be that Debian uses GnuTLS instead of OpenSSL. I
> had some severe issues with that kind of porting some years back with
> OpenLDAP.
It would be nice if you could give it a try. Actually, I would need 1-2
days to get myself a fresh server to replicate the setup and join the
effort.
What I do remember is:
I had build the respective parts from source tarballs once and it did
*not* segfault. But it's too long ago to tell if I had been using GnuTLS
or OpenSSL.
> @ Dan White:
> I produced debugging versions of cyrus-imap , cyrus-sasl, and openldap
If you have all the infrastructure set up to create your own version of
the packages, it should be a five minute exercise to empty the
debian/patches directory, re-build, re-install and see if the issue goes
away.
In case it does, we're on the wrong mailist list and should continue the
discussion in a Debian developer forum IMO.
Regards,
Torsten
Lars Hanke schrieb:
Hi all!
Sorry for cross-posting, but since this appears to be SASL related, I
switch to the SASL list and leave this message in the cyrus-imap list
for others to follow. So when answering to this, please check that
you're not crossposting the answer.
Summary for the SASL list subscribers, who have missed the start of this
thread:
I'm running cyrus-imap to authenticate users using the ldapdb auxprop
against a remote ldaps: host. During the DIGEST-MD5 or CRAM-MD5
authentication of the user using imtest imapd SEGFAULTs. The ltrace
suggests that it happens somewhere in the SASL layer. The setup is
Debian Lenny kept current daily on an Intel Core2-Quad, i.e. amd64 build.
@ Torsten Schlabach:
One comment suggested that the problem might be one of the Debian
specific patches! Did you try to build a package without them?
Not yet, but I'm determined to get that issue resolved. One of the
larger problems could be that Debian uses GnuTLS instead of OpenSSL. I
had some severe issues with that kind of porting some years back with
OpenLDAP.
@ Dan White:
I produced debugging versions of cyrus-imap , cyrus-sasl, and openldap
and created a backtrace of the crash. See the end of this message.
@ cyrus-imap list
For some reason the method using the "debug_command" in /etc/imapd.conf
and the "-D" option for imapd in "/etc/cyrus.conf" as described in
https://langhorst.com/cgi-bin/dwww//usr/share/doc/cyrus21-common/README.Debian.debug.gz
does not work, i.e. it does not produce any logs in /tmp. Am I missing
something?
So what I did was to use CYRUS_VERBOSE=100 in /etc/default/cyrus2.2 and
used the 15 second delay to attach a gdb. The following happened and
produced the backtrace of the SEGFAULT:
hermod:/# imtest -u cyrus -a cyrus -v -p imap -m DIGEST-MD5 hermod.mgr
S: * OK hermod.mgr Cyrus IMAP4 v2.2.13-Debian-2.2.13-14 server ready
C: C01 CAPABILITY
S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ NAMESPACE UIDPLUS ID
NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND BINARY SORT
THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE IDLE STARTTLS
AUTH=NTLM AUTH=DIGEST-MD5 AUTH=CRAM-MD5 SASL-IR
S: C01 OK Completed
C: A01 AUTHENTICATE DIGEST-MD5
S: +
bm9uY2U9IjNFZzIrY2xsci84dmREdXprTkd3a1VmL25XYTRBVnRXQmMxSGpndFBiVEk9IixyZWFsbT0iaGVybW9kLm1nciIscW9wPSJhdXRoLGF1dGgtaW50LGF1dGgtY29uZiIsY2lwaGVyPSJyYzQtNDAscmM0LTU2LHJjNCxkZXMsM2RlcyIsbWF4YnVmPTQwOTYsY2hhcnNldD11dGYtOCxhbGdvcml0aG09bWQ1LXNlc3M=
Please enter your password:
C:
dXNlcm5hbWU9ImN5cnVzIixyZWFsbT0iaGVybW9kLm1nciIsbm9uY2U9IjNFZzIrY2xsci84dmREdXprTkd3a1VmL25XYTRBVnRXQmMxSGpndFBiVEk9Iixjbm9uY2U9IjluczF0dmwwMUhWU095dzlNZXRXK0ltRnVyWHRINDd4TFhyUjEvcXpNZHM9IixuYz0wMDAwMDAwMSxxb3A9YXV0aC1jb25mLGNpcGhlcj1yYzQsbWF4YnVmPTEwMjQsZGlnZXN0LXVyaT0iaW1hcC9oZXJtb2QubWdyIixyZXNwb25zZT1lZmYxZjk2MjUyNzlmY2UyMDY3MmIxOTg1NjIzZmIwYw==
failure: prot layer failure
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7fa6ca1e3700 (LWP 5409)]
0x00007fa6c72ed4aa in pthread_mutex_lock () from /lib/libpthread.so.0
(gdb) bt
#0 0x00007fa6c72ed4aa in pthread_mutex_lock () from /lib/libpthread.so.0
#1 0x00007fa6c32b75a9 in ldap_pvt_thread_mutex_lock (mutex=0x1)
at
/home/admin/packages/openldap/openldap-2.4.11/libraries/libldap_r/thr_posix.c:296
#2 0x00007fa6c32c112b in ldap_pvt_sasl_mutex_lock (mutex=0x1) at
cyrus.c:1294
#3 0x00007fa6c4b69828 in digestmd5_client_mech_step
(conn_context=0x2094440, params=0x20960b0,
serverin=0x0, serverinlen=0, prompt_need=0x7fffd21e8760,
clientout=0x7fffd21e8748,
clientoutlen=0x7fffd21e875c, oparams=0x209a510) at digestmd5.c:3955
#4 0x00007fa6c9dc25e6 in sasl_client_step (conn=0x2099ca0, serverin=0x0,
serverinlen=0,
prompt_need=0x7fffd21e8760, clientout=0x7fffd21e8748,
clientoutlen=0x7fffd21e875c) at client.c:658
#5 0x00007fa6c9dc2445 in sasl_client_start (conn=0x2099ca0,
mechlist=0x2041d40 "DIGEST-MD5",
prompt_need=0x7fffd21e8760, clientout=0x7fffd21e8748,
clientoutlen=0x7fffd21e875c,
mech=0x7fffd21e8778) at client.c:606
#6 0x00007fa6c32bfc79 in ldap_int_sasl_bind (ld=0x2053880, dn=0x0,
mechs=0x2041d40 "DIGEST-MD5",
sctrls=0x0, cctrls=0x0, flags=2, interact=0x7fa6c34fd704
<ldapdb_interact>, defaults=0x204dce0)
at cyrus.c:689
#7 0x00007fa6c32c3b7f in ldap_sasl_interactive_bind_s (ld=0x2053880,
dn=0x0,
mechs=0x2041d40 "DIGEST-MD5", serverControls=0x0, clientControls=0x0,
flags=2,
interact=0x7fa6c34fd704 <ldapdb_interact>, defaults=0x204dce0) at
sasl.c:464
#8 0x00007fa6c34fd96c in ldapdb_connect (ctx=0x204dce0,
sparams=0x20516c0, user=0x2052f71 "cyrus",
ulen=5, cp=0x7fffd21e8910) at ldapdb.c:106
#9 0x00007fa6c34fdd45 in ldapdb_auxprop_lookup (glob_context=0x204dce0,
sparams=0x20516c0, flags=0,
user=0x2052f71 "cyrus", ulen=5) at ldapdb.c:178
#10 0x00007fa6c9dbe881 in _sasl_auxprop_lookup (sparams=0x20516c0,
flags=0, user=0x2052f71 "cyrus",
ulen=5) at auxprop.c:898
#11 0x00007fa6c9dbf309 in _sasl_canon_user (conn=0x20521d0,
user=0x2052f71 "cyrus", ulen=5, flags=1,
oparams=0x2052a40) at canonusr.c:190
#12 0x00007fa6c4b6556b in digestmd5_server_mech_step2 (stext=0x2054080,
sparams=0x20516c0,
clientin=0x7fffd21e8e10
"username=\"cyrus\",realm=\"hermod.mgr\",nonce=\"3Eg2+cllr/8vdDuzkNGwkUf/nWa4AVtWBc1HjgtPbTI=\",cnonce=\"9ns1tvl01HVSOyw9MetW+ImFurXtH47xLXrR1/qzMds=\",nc=00000001,qop=auth-conf,cipher=rc4,maxbuf=1024,digest-u"...,
clientinlen=262, serverout=0x7fffd21e8e00,
serveroutlen=0x7fffd21e8dfc, oparams=0x2052a40) at digestmd5.c:2301
#13 0x00007fa6c4b666cc in digestmd5_server_mech_step
(conn_context=0x2054080, sparams=0x20516c0,
clientin=0x7fffd21e8e10
"username=\"cyrus\",realm=\"hermod.mgr\",nonce=\"3Eg2+cllr/8vdDuzkNGwkUf/nWa4AVtWBc1HjgtPbTI=\",cnonce=\"9ns1tvl01HVSOyw9MetW+ImFurXtH47xLXrR1/qzMds=\",nc=00000001,qop=auth-conf,cipher=rc4,maxbuf=1024,digest-u"...,
clientinlen=262, serverout=0x7fffd21e8e00,
serveroutlen=0x7fffd21e8dfc, oparams=0x2052a40) at digestmd5.c:2689
#14 0x00007fa6c9dcd696 in sasl_server_step (conn=0x20521d0,
clientin=0x7fffd21e8e10
"username=\"cyrus\",realm=\"hermod.mgr\",nonce=\"3Eg2+cllr/8vdDuzkNGwkUf/nWa4AVtWBc1HjgtPbTI=\",cnonce=\"9ns1tvl01HVSOyw9MetW+ImFurXtH47xLXrR1/qzMds=\",nc=00000001,qop=auth-conf,cipher=rc4,maxbuf=1024,digest-u"...,
clientinlen=262, serverout=0x7fffd21e8e00, serveroutlen=0x7fffd21e8dfc)
at server.c:1433
#15 0x000000000044ae85 in saslserver (conn=0x20521d0, mech=0x2054010
"DIGEST-MD5", init_resp=0x0,
resp_prefix=0x473e03 "", continuation=0x473e27 "+ ", empty_chal=0x473e03
"", pin=0x2045a20,
pout=0x2045ad0, sasl_result=0x7fffd21ee614, success_data=0x0) at
saslserver.c:134
#16 0x000000000040e617 in cmd_authenticate (tag=0x2053eb0 "A01",
authtype=0x2054010 "DIGEST-MD5",
resp=0x0) at imapd.c:1888
#17 0x000000000040ae83 in cmdloop () at imapd.c:921
#18 0x000000000040a59e in service_main (argc=1, argv=0x2041010,
envp=0x7fffd21f0f48) at imapd.c:691
#19 0x00000000004083a1 in main (argc=3, argv=0x7fffd21f0f28,
envp=0x7fffd21f0f48) at service.c:533
Versions:
hermod:~/imap# dpkg -l '*cyrus*' | grep '^ii'
ii cyrus-admin-2.2 2.2.13-14 Cyrus mail system (administration tools)
ii cyrus-clients-2.2 2.2.13-14+b3 Cyrus mail system (test clients)
ii cyrus-common-2.2 2.2.13-14 Cyrus mail system (common files)
ii cyrus-imapd-2.2 2.2.13-14 Cyrus mail system (IMAP support)
ii libcyrus-imap-perl22 2.2.13-14+b3 Interface to Cyrus imap client
imclient libr
hermod:~/imap# dpkg -l '*sasl*' | grep '^ii'
ii libsasl2-2 2.1.22.dfsg1-23 Cyrus SASL - authentication abstraction libr
ii libsasl2-modules 2.1.22.dfsg1-23 Cyrus SASL - pluggable
authentication module
ii libsasl2-modules-gssapi-mit 2.1.22.dfsg1-23 Cyrus SASL - pluggable
authentication module
ii libsasl2-modules-ldap 2.1.22.dfsg1-23 Cyrus SASL - pluggable
authentication module
ii sasl2-bin 2.1.22.dfsg1-23 Cyrus SASL - administration programs for SAS
hermod:~# dpkg -l '*ldap*' | grep '^ii'
ii ldap-utils 2.4.11-1 OpenLDAP utilities
ii libldap-2.4-2 2.4.11-1 OpenLDAP libraries
