cyrus-sasl-saslauthd-2.1.21 - broken port, authentication failed. Fix: Unknown, although cyrus-sasl-saslauthd-2.1.20 works fine. How-To-Repeat: While trying to authenticate my postfix users using SASLAUTHD I get: Jul 7 11:02:58 zorn postfix/smtpd[88688]: warning: SASL authentication failure: size read failed Jul 7 11:02:58 zorn postfix/smtpd[88688]: warning: SASL authentication failure: Password verification failed Jul 7 11:02:58 zorn postfix/smtpd[88688]: warning: host[ip]: SASL PLAIN authentication failed Jul 7 17:09:11 zorn kernel: pid 35037 (saslauthd), uid 0: exited on signal 11 (core dumped) Running saslauthd in debug mode: zorn# /usr/local/sbin/saslauthd -a pam -d saslauthd[35144] :main : num_procs : 5 saslauthd[35144] :main : mech_option: NULL saslauthd[35144] :main : run_path : /var/state/saslauthd saslauthd[35144] :main : auth_mech : pam saslauthd[35144] :ipc_init : using accept lock file: /var/state/saslauthd/mux.accept saslauthd[35144] :detach_tty : master pid is: 0 saslauthd[35144] :ipc_init : listening on socket: /var/state/saslauthd/mux saslauthd[35144] :main : using process model saslauthd[35144] :have_baby : forked child: 35145 saslauthd[35144] :have_baby : forked child: 35146 saslauthd[35144] :have_baby : forked child: 35147 saslauthd[35144] :have_baby : forked child: 35148 saslauthd[35145] :get_accept_lock : acquired accept lock saslauthd[35146] :get_accept_lock : acquired accept lock saslauthd[35145] :rel_accept_lock : released accept lock saslauthd[35144] :handle_sigchld : child exited: 35145 saslauthd[35144] :get_accept_lock : acquired accept lock saslauthd[35144] :rel_accept_lock : released accept lock Segmentation fault (core dumped) Testing with testsaslauthd: zorn# /usr/local/sbin/testsaslauthd -u gregtest -p gregpass size read failed
Looks like cyrus-sasl-saslauthd-2.1.20_1 is not working on System: FreeBSD zorn 5.4-STABLE FreeBSD 5.4-STABLE #1: Thu Jul 7 11:52:53 CEST 2005 root@zorn:/usr/obj/usr/src/sys/ZORN i386 I have just cvsuped an old ports collection and the problem persists. cyrus-sasl-saslauthd-2.1.20_1 works OKay on FreeBSD spear.mpumalanga.net 5.4-PRERELEASE FreeBSD 5.4-PRERELEASE #1: Mon Apr 11 21:38:59 CEST 2005 root@spear.mpumalanga.net:/usr/obj/usr/src/sys/SPEAR i386 -greg
Further investigation has shown, that on a system: FreeBSD spear.mpumalanga.net 5.4-PRERELEASE FreeBSD 5.4-PRERELEASE #1: Mon Apr 11 21:38:59 CEST 2005 root@spear.mpumalanga.net:/usr/obj/usr/src/sys/SPEAR i386 cyrus-sasl-saslauthd-2.1.21 (today's cvsup) works without any problem. Any recent system change would cause my trouble? -g.
Responsible Changed From-To: freebsd-ports-bugs->des Dag-Erling, could you look at it? I diagnozed the problem. The core-dump happens in pam_login_access, because items 'rhost' and 'tty' are not set and pam_login_access(4) assumes, that when rhost != NULL, tty have to be valid (and in this case it is also NULL). I'm not sure what to do when both are NULL (should we allow or deny access)?
Created attachment 143425 [details] Proposed fix The current logic is a) use tty if rhost is not set, b) otherwise, use rhost, c) if neither is available, dump core. This patch changes the logic to a) use rhost if available, b) otherwise, use tty if available, c) otherwise, return PAM_AUTHINFO_UNAVAIL.
A commit references this bug: Author: des Date: Mon Sep 8 09:19:01 UTC 2014 New revision: 271256 URL: http://svnweb.freebsd.org/changeset/base/271256 Log: Fail rather than segfault if neither PAM_TTY nor PAM_RHOST is set. PR: 83099 MFC after: 3 days Changes: head/lib/libpam/modules/pam_login_access/pam_login_access.c
A commit references this bug: Author: des Date: Thu Sep 18 14:27:38 UTC 2014 New revision: 271766 URL: http://svnweb.freebsd.org/changeset/base/271766 Log: MFH (r271256, r271617): avoid segfault if PAM_RHOST nor PAM_TTY are unset. Approved by: re (gjb) PR: 83099 Changes: _U stable/10/ stable/10/lib/libpam/modules/pam_login_access/pam_login_access.c
A commit references this bug: Author: des Date: Thu Sep 18 14:31:18 UTC 2014 New revision: 271767 URL: http://svnweb.freebsd.org/changeset/base/271767 Log: MFH (r271256, r271617): avoid segfault if PAM_RHOST nor PAM_TTY are unset. PR: 83099 Changes: _U stable/9/lib/libpam/ stable/9/lib/libpam/modules/pam_login_access/pam_login_access.c
A commit references this bug: Author: des Date: Thu Sep 18 14:31:28 UTC 2014 New revision: 271768 URL: http://svnweb.freebsd.org/changeset/base/271768 Log: MFH (r271256, r271617): avoid segfault if PAM_RHOST nor PAM_TTY are unset. PR: 83099 Changes: _U stable/8/lib/libpam/ stable/8/lib/libpam/modules/pam_login_access/pam_login_access.c
A commit references this bug: Author: des Date: Mon Sep 29 08:57:36 UTC 2014 New revision: 272280 URL: https://svnweb.freebsd.org/changeset/base/272280 Log: Instead of failing when neither PAM_TTY nor PAM_RHOST are available, call login_access() with "**unknown**" as the second argument. This will allow "ALL" rules to match. Reported by: Tim Daneliuk <tundra@tundraware.com> Tested by: dim@ PR: 83099 193927 MFC after: 3 days Changes: head/lib/libpam/modules/pam_login_access/pam_login_access.c
A commit references this bug: Author: bz Date: Mon Sep 29 10:36:15 UTC 2014 New revision: 272281 URL: https://svnweb.freebsd.org/changeset/base/272281 Log: Hopefully fix build breakage with gcc passing void * instead of char * to "%s" format string after r272280. PR: 83099 193927 MFC after: 3 days X-MFC with: r272280 Changes: head/lib/libpam/modules/pam_login_access/pam_login_access.c
A commit references this bug: Author: des Date: Wed Oct 1 10:26:44 UTC 2014 New revision: 272351 URL: https://svnweb.freebsd.org/changeset/base/272351 Log: MFH (r272280, r272281, r272348): allow use with null user and rhost PR: 83099 193927 Approved by: re (kib) Changes: _U stable/10/ stable/10/lib/libpam/modules/pam_login_access/pam_login_access.c
A commit references this bug: Author: des Date: Wed Oct 1 10:29:14 UTC 2014 New revision: 272352 URL: https://svnweb.freebsd.org/changeset/base/272352 Log: MFH (r272280, r272281, r272348): allow use with null user and rhost PR: 83099 193927 Changes: _U stable/9/lib/libpam/ stable/9/lib/libpam/modules/pam_login_access/pam_login_access.c
A commit references this bug: Author: des Date: Wed Oct 1 10:35:52 UTC 2014 New revision: 272353 URL: https://svnweb.freebsd.org/changeset/base/272353 Log: MFH (r272280, r272281, r272348): allow use with null user and rhost PR: 83099 193927 Changes: _U stable/8/lib/libpam/ stable/8/lib/libpam/modules/pam_login_access/pam_login_access.c