Hello,
We use mod_auth_pam 1.1.2 (the logging version Ingo posted to this
list about a week ago) with apache 1.3.26 on a Solaris 8 server.
Everything works fine as long as a user provides a username (a single
character does the job actually). If he does not provide a username
things go horribly wrong, though: the httpd child serving the request
is eating up all the memory within seconds, finally crashing the
server.
The httpd section of my /etc/pam.conf looks like this:
# Apache mod_auth_pam
httpd auth required /usr/lib/security/$ISA/pam_unix.so.1 debug
httpd account required /usr/lib/security/$ISA/pam_unix.so.1
I am not sure if this is a mod_auth_pam or a Solaris pam problem. If
the process goes crazy nothing is logged at all, neither by
mod_auth_pam nor by pam_unix.so.1.
A truss of the httpd child serving a "normal" auth request (i.e. one
where the user enters at least a char as username) looks like this:
---------------------------------------
read(11, 0x000E2A50, 4096) (sleeping...)
signotifywait() (sleeping...)
lwp_sema_wait(0xFDB0DE30) (sleeping...)
read(11, " G E T / ~ t h o m i ".., 4096) = 484
sigaction(SIGUSR1, 0xFFBED0E8, 0xFFBED1E8) = 0
time() = 1031858448
door_info(5, 0xFFBEEB88) = 0
door_call(5, 0xFFBEEB70) = 0
stat("/home/gis/thomi/www", 0x00188D60) = 0
open("/home/gis/thomi/www/.htaccess", O_RDONLY) = 13
fstat(13, 0xFFBEF030) = 0
fstat64(13, 0xFFBECE68) = 0
ioctl(13, TCGETA, 0xFFBECDF4) Err#25 ENOTTY
read(13, " A u t h N a m e " A c".., 8192) = 207
read(13, 0x001F44A4, 8192) = 0
llseek(13, 0, SEEK_CUR) = 207
close(13) = 0
stat64("/etc/pam_debug", 0xFFBEF028) Err#2 ENOENT
stat64("/etc/pam.conf", 0xFFBEEE60) = 0
open("/etc/pam.conf", O_RDONLY) = 13
mmap(0x00000000, 2403, PROT_READ, MAP_PRIVATE, 13, 0) = 0xFF120000
munmap(0xFF120000, 2403) = 0
close(13) = 0
stat64("/usr/lib/security/pam_unix.so.1", 0xFFBEEF68) = 0
open("/usr/lib/security/pam_unix.so.1", O_RDONLY) = 13
fstat(13, 0xFFBEE8AC) = 0
mmap(0x00000000, 8192, PROT_READ|PROT_EXEC, MAP_PRIVATE, 13, 0) = 0xFF120000
mmap(0x00000000, 188416, PROT_READ|PROT_EXEC, MAP_PRIVATE, 13, 0) = 0xFEB80000
mmap(0xFEBA8000, 17213, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED, 13, 98304) = 0xFEBA8000
munmap(0xFEB98000, 65536) = 0
memcntl(0xFEB80000, 19696, MC_ADVISE, MADV_WILLNEED, 0, 0) = 0
close(13) = 0
open("/usr/lib/libcmd.so.1", O_RDONLY) = 13
fstat(13, 0xFFBEE7EC) = 0
mmap(0xFF120000, 8192, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED, 13, 0) = 0xFF120000
mmap(0x00000000, 90112, PROT_READ|PROT_EXEC, MAP_PRIVATE, 13, 0) = 0xFEB60000
mmap(0xFEB74000, 1155, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED, 13, 16384) = 0xFEB74000
munmap(0xFEB64000, 65536) = 0
memcntl(0xFEB60000, 4344, MC_ADVISE, MADV_WILLNEED, 0, 0) = 0
close(13) = 0
munmap(0xFF120000, 8192) = 0
fstat(12, 0xFFBEE450) = 0
time() = 1031858448
getpid() = 403 [389]
putmsg(12, 0xFFBEDB08, 0xFFBEDAFC, 0) = 0
open("/var/run/syslog_door", O_RDONLY) = 13
door_info(13, 0xFFBEDA40) = 0
getpid() = 403 [389]
door_call(13, 0xFFBEDA28) = 0
close(13) = 0
door_info(5, 0xFFBEE1F0) = 0
door_call(5, 0xFFBEE1D8) = 0
fstat(12, 0xFFBEEE08) = 0
time() = 1031858448
getpid() = 403 [389]
putmsg(12, 0xFFBEE4C0, 0xFFBEE4B4, 0) = 0
open("/var/run/syslog_door", O_RDONLY) = 13
door_info(13, 0xFFBEE3F8) = 0
getpid() = 403 [389]
door_call(13, 0xFFBEE3E0) = 0
close(13) = 0
time() = 1031858448
write(15, " [ T h u S e p 1 2 ".., 150) = 150
munmap(0xFEBA8000, 17256) = 0
munmap(0xFEB80000, 92706) = 0
munmap(0xFEB74000, 1184) = 0
munmap(0xFEB60000, 10780) = 0
write(11, " H T T P / 1 . 1 4 0 1".., 821) = 821
time() = 1031858448
write(20, " 1 3 0 . 6 0 . 1 7 6 . 1".., 83) = 83
sigaction(SIGUSR1, 0xFFBEF1F8, 0xFFBEF2F8) = 0
read(11, 0x000E2A50, 4096) (sleeping...)
signotifywait() (sleeping...)
lwp_sema_wait(0xFDB0DE30) (sleeping...)
------------------------------------------
whereas a crashing auth request (where the user does not supply a username)
looks the same in the beginning but ends like this:
------------------------------------------
[snip]
stat64("/etc/pam_debug", 0xFFBEF0D0) Err#2 ENOENT
stat64("/etc/pam.conf", 0xFFBEEF08) = 0
open("/etc/pam.conf", O_RDONLY) = 13
mmap(0x00000000, 2403, PROT_READ, MAP_PRIVATE, 13, 0) = 0xFF130000
munmap(0xFF130000, 2403) = 0
close(13) = 0
stat64("/usr/lib/security/pam_unix.so.1", 0xFFBEF010) = 0
open("/usr/lib/security/pam_unix.so.1", O_RDONLY) = 13
fstat(13, 0xFFBEE954) = 0
mmap(0x00000000, 8192, PROT_READ|PROT_EXEC, MAP_PRIVATE, 13, 0) = 0xFF130000
mmap(0x00000000, 188416, PROT_READ|PROT_EXEC, MAP_PRIVATE, 13, 0) = 0xFEB80000
mmap(0xFEBA8000, 17213, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED, 13, 98304) = 0xFEBA8000
munmap(0xFEB98000, 65536) = 0
memcntl(0xFEB80000, 19696, MC_ADVISE, MADV_WILLNEED, 0, 0) = 0
close(13) = 0
open("/usr/lib/libcmd.so.1", O_RDONLY) = 13
fstat(13, 0xFFBEE894) = 0
mmap(0xFF130000, 8192, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED, 13, 0) = 0xFF130000
mmap(0x00000000, 90112, PROT_READ|PROT_EXEC, MAP_PRIVATE, 13, 0) = 0xFEB60000
mmap(0xFEB74000, 1155, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED, 13, 16384) = 0xFEB74000
munmap(0xFEB64000, 65536) = 0
memcntl(0xFEB60000, 4344, MC_ADVISE, MADV_WILLNEED, 0, 0) = 0
close(13) = 0
munmap(0xFF130000, 8192) = 0
brk(0x00192958) = 0
brk(0x00194958) = 0
brk(0x00194958) = 0
brk(0x00196958) = 0
brk(0x00196958) = 0
brk(0x00198958) = 0
brk(0x00198958) = 0
brk(0x0019A958) = 0
brk(0x0019A958) = 0
[snip -- thousands of brk calls following, till the memory is gone ]
------------------------------------------
Has anyone seen something similar? Can anyone tell if this is a pam
or a mod_auth_pam problem? Any help is greatly appreciated.
Thanks,
Thomas
_______________________________________________
Pam-list@redhat.com
https://listman.redhat.com/mailman/listinfo/pam-list
