Hi Lars! > @ Torsten Schlabach: >> One comment suggested that the problem might be one of the Debian >> specific patches! Did you try to build a package without them? > Not yet, but I'm determined to get that issue resolved. One of the > larger problems could be that Debian uses GnuTLS instead of OpenSSL. I > had some severe issues with that kind of porting some years back with > OpenLDAP. It would be nice if you could give it a try. Actually, I would need 1-2 days to get myself a fresh server to replicate the setup and join the effort. What I do remember is: I had build the respective parts from source tarballs once and it did *not* segfault. But it's too long ago to tell if I had been using GnuTLS or OpenSSL. > @ Dan White: > I produced debugging versions of cyrus-imap , cyrus-sasl, and openldap If you have all the infrastructure set up to create your own version of the packages, it should be a five minute exercise to empty the debian/patches directory, re-build, re-install and see if the issue goes away. In case it does, we're on the wrong mailist list and should continue the discussion in a Debian developer forum IMO. Regards, Torsten Lars Hanke schrieb: > Hi all! > > Sorry for cross-posting, but since this appears to be SASL related, I > switch to the SASL list and leave this message in the cyrus-imap list > for others to follow. So when answering to this, please check that > you're not crossposting the answer. > > Summary for the SASL list subscribers, who have missed the start of this > thread: > > I'm running cyrus-imap to authenticate users using the ldapdb auxprop > against a remote ldaps: host. During the DIGEST-MD5 or CRAM-MD5 > authentication of the user using imtest imapd SEGFAULTs. The ltrace > suggests that it happens somewhere in the SASL layer. The setup is > Debian Lenny kept current daily on an Intel Core2-Quad, i.e. amd64 build. > > @ Torsten Schlabach: >> One comment suggested that the problem might be one of the Debian >> specific patches! Did you try to build a package without them? > Not yet, but I'm determined to get that issue resolved. One of the > larger problems could be that Debian uses GnuTLS instead of OpenSSL. I > had some severe issues with that kind of porting some years back with > OpenLDAP. > > @ Dan White: > I produced debugging versions of cyrus-imap , cyrus-sasl, and openldap > and created a backtrace of the crash. See the end of this message. > > @ cyrus-imap list > For some reason the method using the "debug_command" in /etc/imapd.conf > and the "-D" option for imapd in "/etc/cyrus.conf" as described in > https://langhorst.com/cgi-bin/dwww//usr/share/doc/cyrus21-common/README.Debian.debug.gz > does not work, i.e. it does not produce any logs in /tmp. Am I missing > something? > > So what I did was to use CYRUS_VERBOSE=100 in /etc/default/cyrus2.2 and > used the 15 second delay to attach a gdb. The following happened and > produced the backtrace of the SEGFAULT: > > hermod:/# imtest -u cyrus -a cyrus -v -p imap -m DIGEST-MD5 hermod.mgr > S: * OK hermod.mgr Cyrus IMAP4 v2.2.13-Debian-2.2.13-14 server ready > C: C01 CAPABILITY > S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ NAMESPACE UIDPLUS ID > NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND BINARY SORT > THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE IDLE STARTTLS > AUTH=NTLM AUTH=DIGEST-MD5 AUTH=CRAM-MD5 SASL-IR > S: C01 OK Completed > C: A01 AUTHENTICATE DIGEST-MD5 > S: + > bm9uY2U9IjNFZzIrY2xsci84dmREdXprTkd3a1VmL25XYTRBVnRXQmMxSGpndFBiVEk9IixyZWFsbT0iaGVybW9kLm1nciIscW9wPSJhdXRoLGF1dGgtaW50LGF1dGgtY29uZiIsY2lwaGVyPSJyYzQtNDAscmM0LTU2LHJjNCxkZXMsM2RlcyIsbWF4YnVmPTQwOTYsY2hhcnNldD11dGYtOCxhbGdvcml0aG09bWQ1LXNlc3M= > > Please enter your password: > C: > dXNlcm5hbWU9ImN5cnVzIixyZWFsbT0iaGVybW9kLm1nciIsbm9uY2U9IjNFZzIrY2xsci84dmREdXprTkd3a1VmL25XYTRBVnRXQmMxSGpndFBiVEk9Iixjbm9uY2U9IjluczF0dmwwMUhWU095dzlNZXRXK0ltRnVyWHRINDd4TFhyUjEvcXpNZHM9IixuYz0wMDAwMDAwMSxxb3A9YXV0aC1jb25mLGNpcGhlcj1yYzQsbWF4YnVmPTEwMjQsZGlnZXN0LXVyaT0iaW1hcC9oZXJtb2QubWdyIixyZXNwb25zZT1lZmYxZjk2MjUyNzlmY2UyMDY3MmIxOTg1NjIzZmIwYw== > > failure: prot layer failure > > Program received signal SIGSEGV, Segmentation fault. > [Switching to Thread 0x7fa6ca1e3700 (LWP 5409)] > 0x00007fa6c72ed4aa in pthread_mutex_lock () from /lib/libpthread.so.0 > (gdb) bt > #0 0x00007fa6c72ed4aa in pthread_mutex_lock () from /lib/libpthread.so.0 > #1 0x00007fa6c32b75a9 in ldap_pvt_thread_mutex_lock (mutex=0x1) > at > /home/admin/packages/openldap/openldap-2.4.11/libraries/libldap_r/thr_posix.c:296 > > #2 0x00007fa6c32c112b in ldap_pvt_sasl_mutex_lock (mutex=0x1) at > cyrus.c:1294 > #3 0x00007fa6c4b69828 in digestmd5_client_mech_step > (conn_context=0x2094440, params=0x20960b0, > serverin=0x0, serverinlen=0, prompt_need=0x7fffd21e8760, > clientout=0x7fffd21e8748, > clientoutlen=0x7fffd21e875c, oparams=0x209a510) at digestmd5.c:3955 > #4 0x00007fa6c9dc25e6 in sasl_client_step (conn=0x2099ca0, serverin=0x0, > serverinlen=0, > prompt_need=0x7fffd21e8760, clientout=0x7fffd21e8748, > clientoutlen=0x7fffd21e875c) at client.c:658 > #5 0x00007fa6c9dc2445 in sasl_client_start (conn=0x2099ca0, > mechlist=0x2041d40 "DIGEST-MD5", > prompt_need=0x7fffd21e8760, clientout=0x7fffd21e8748, > clientoutlen=0x7fffd21e875c, > mech=0x7fffd21e8778) at client.c:606 > #6 0x00007fa6c32bfc79 in ldap_int_sasl_bind (ld=0x2053880, dn=0x0, > mechs=0x2041d40 "DIGEST-MD5", > sctrls=0x0, cctrls=0x0, flags=2, interact=0x7fa6c34fd704 > <ldapdb_interact>, defaults=0x204dce0) > at cyrus.c:689 > #7 0x00007fa6c32c3b7f in ldap_sasl_interactive_bind_s (ld=0x2053880, > dn=0x0, > mechs=0x2041d40 "DIGEST-MD5", serverControls=0x0, clientControls=0x0, > flags=2, > interact=0x7fa6c34fd704 <ldapdb_interact>, defaults=0x204dce0) at > sasl.c:464 > #8 0x00007fa6c34fd96c in ldapdb_connect (ctx=0x204dce0, > sparams=0x20516c0, user=0x2052f71 "cyrus", > ulen=5, cp=0x7fffd21e8910) at ldapdb.c:106 > #9 0x00007fa6c34fdd45 in ldapdb_auxprop_lookup (glob_context=0x204dce0, > sparams=0x20516c0, flags=0, > user=0x2052f71 "cyrus", ulen=5) at ldapdb.c:178 > #10 0x00007fa6c9dbe881 in _sasl_auxprop_lookup (sparams=0x20516c0, > flags=0, user=0x2052f71 "cyrus", > ulen=5) at auxprop.c:898 > #11 0x00007fa6c9dbf309 in _sasl_canon_user (conn=0x20521d0, > user=0x2052f71 "cyrus", ulen=5, flags=1, > oparams=0x2052a40) at canonusr.c:190 > #12 0x00007fa6c4b6556b in digestmd5_server_mech_step2 (stext=0x2054080, > sparams=0x20516c0, > clientin=0x7fffd21e8e10 > "username=\"cyrus\",realm=\"hermod.mgr\",nonce=\"3Eg2+cllr/8vdDuzkNGwkUf/nWa4AVtWBc1HjgtPbTI=\",cnonce=\"9ns1tvl01HVSOyw9MetW+ImFurXtH47xLXrR1/qzMds=\",nc=00000001,qop=auth-conf,cipher=rc4,maxbuf=1024,digest-u"..., > clientinlen=262, serverout=0x7fffd21e8e00, > serveroutlen=0x7fffd21e8dfc, oparams=0x2052a40) at digestmd5.c:2301 > #13 0x00007fa6c4b666cc in digestmd5_server_mech_step > (conn_context=0x2054080, sparams=0x20516c0, > clientin=0x7fffd21e8e10 > "username=\"cyrus\",realm=\"hermod.mgr\",nonce=\"3Eg2+cllr/8vdDuzkNGwkUf/nWa4AVtWBc1HjgtPbTI=\",cnonce=\"9ns1tvl01HVSOyw9MetW+ImFurXtH47xLXrR1/qzMds=\",nc=00000001,qop=auth-conf,cipher=rc4,maxbuf=1024,digest-u"..., > clientinlen=262, serverout=0x7fffd21e8e00, > serveroutlen=0x7fffd21e8dfc, oparams=0x2052a40) at digestmd5.c:2689 > #14 0x00007fa6c9dcd696 in sasl_server_step (conn=0x20521d0, > clientin=0x7fffd21e8e10 > "username=\"cyrus\",realm=\"hermod.mgr\",nonce=\"3Eg2+cllr/8vdDuzkNGwkUf/nWa4AVtWBc1HjgtPbTI=\",cnonce=\"9ns1tvl01HVSOyw9MetW+ImFurXtH47xLXrR1/qzMds=\",nc=00000001,qop=auth-conf,cipher=rc4,maxbuf=1024,digest-u"..., > clientinlen=262, serverout=0x7fffd21e8e00, serveroutlen=0x7fffd21e8dfc) > at server.c:1433 > #15 0x000000000044ae85 in saslserver (conn=0x20521d0, mech=0x2054010 > "DIGEST-MD5", init_resp=0x0, > resp_prefix=0x473e03 "", continuation=0x473e27 "+ ", empty_chal=0x473e03 > "", pin=0x2045a20, > pout=0x2045ad0, sasl_result=0x7fffd21ee614, success_data=0x0) at > saslserver.c:134 > #16 0x000000000040e617 in cmd_authenticate (tag=0x2053eb0 "A01", > authtype=0x2054010 "DIGEST-MD5", > resp=0x0) at imapd.c:1888 > #17 0x000000000040ae83 in cmdloop () at imapd.c:921 > #18 0x000000000040a59e in service_main (argc=1, argv=0x2041010, > envp=0x7fffd21f0f48) at imapd.c:691 > #19 0x00000000004083a1 in main (argc=3, argv=0x7fffd21f0f28, > envp=0x7fffd21f0f48) at service.c:533 > > Versions: > hermod:~/imap# dpkg -l '*cyrus*' | grep '^ii' > ii cyrus-admin-2.2 2.2.13-14 Cyrus mail system (administration tools) > ii cyrus-clients-2.2 2.2.13-14+b3 Cyrus mail system (test clients) > ii cyrus-common-2.2 2.2.13-14 Cyrus mail system (common files) > ii cyrus-imapd-2.2 2.2.13-14 Cyrus mail system (IMAP support) > ii libcyrus-imap-perl22 2.2.13-14+b3 Interface to Cyrus imap client > imclient libr > hermod:~/imap# dpkg -l '*sasl*' | grep '^ii' > ii libsasl2-2 2.1.22.dfsg1-23 Cyrus SASL - authentication abstraction libr > ii libsasl2-modules 2.1.22.dfsg1-23 Cyrus SASL - pluggable > authentication module > ii libsasl2-modules-gssapi-mit 2.1.22.dfsg1-23 Cyrus SASL - pluggable > authentication module > ii libsasl2-modules-ldap 2.1.22.dfsg1-23 Cyrus SASL - pluggable > authentication module > ii sasl2-bin 2.1.22.dfsg1-23 Cyrus SASL - administration programs for SAS > hermod:~# dpkg -l '*ldap*' | grep '^ii' > ii ldap-utils 2.4.11-1 OpenLDAP utilities > ii libldap-2.4-2 2.4.11-1 OpenLDAP libraries ---- Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
