Authenticate to LDAP with GSSAPI
Isaac Boukris
iboukris at gmail.com
Mon Jun 22 03:48:00 CEST 2015
On Mon, Jun 22, 2015 at 4:37 AM, Isaac Boukris <iboukris at gmail.com> wrote:
> On Mon, Jun 22, 2015 at 4:26 AM, Arran Cudbard-Bell
> <a.cudbardb at freeradius.org> wrote:
>>>>
>>>> Result can be null now *sigh*.
>>>
>>> And one more assertion:
>>>
>>> rlm_ldap (ldap): Opening additional connection (0), 1 of 1 pending slots used
>>> rlm_ldap (ldap): Connecting to ldap://ms.frenche.cp:389
>>> rlm_ldap (ldap): Starting SASL mech(s): GSSAPI
>>> SASL/GSSAPI authentication started
>>> SASL username: anna at FRENCHE.CP
>>> SASL SSF: 56
>>> SASL data security layer installed.
>>> radiusd: io.c:186: ber_free_buf: Assertion
>>> `((ber)->ber_opts.lbo_valid==0x2)' failed.
>>> Aborted (core dumped)
>>
>> and on to the next one...
>
>
> Still (I'm testing with v3.0 btw).
>
> rlm_ldap (ldap): Opening additional connection (0), 1 of 1 pending slots used
> rlm_ldap (ldap): Connecting to ldap://ms.frenche.cp:389
> rlm_ldap (ldap): Starting SASL mech(s): GSSAPI
> SASL/GSSAPI authentication started
> SASL username: anna at FRENCHE.CP
> SASL SSF: 56
> SASL data security layer installed.
> radiusd: io.c:186: ber_free_buf: Assertion
> `((ber)->ber_opts.lbo_valid==0x2)' failed.
>
> Program received signal SIGABRT, Aborted.
> 0xb7fdbbe0 in __kernel_vsyscall ()
> (gdb) bt
> #0 0xb7fdbbe0 in __kernel_vsyscall ()
> #1 0xb7a54297 in __GI_raise (sig=6) at ../sysdeps/unix/sysv/linux/raise.c:55
> #2 0xb7a55b69 in __GI_abort () at abort.c:89
> #3 0xb7a4d297 in __assert_fail_base (fmt=0xb7b9e554 "%s%s%s:%u:
> %s%sAssertion `%s' failed.\n%n",
> assertion=0xb7703468 "((ber)->ber_opts.lbo_valid==0x2)",
> file=0xb7703a21 "io.c", line=186,
> function=0xb7703be9 <__PRETTY_FUNCTION__.6470> "ber_free_buf") at
> assert.c:92
> #4 0xb7a4d31b in __GI___assert_fail
> (assertion=assertion at entry=0xb7703468
> "((ber)->ber_opts.lbo_valid==0x2)",
> file=file at entry=0xb7703a21 "io.c", line=line at entry=186,
> function=function at entry=0xb7703be9 <__PRETTY_FUNCTION__.6470>
> "ber_free_buf") at assert.c:101
> #5 0xb76fe8c5 in ber_free_buf (ber=0x82ae380) at io.c:186
> #6 0xb76fe910 in ber_free (ber=0x82ae380, freebuf=freebuf at entry=1) at io.c:203
> #7 0xb7715d09 in ldap_msgfree (lm=0x82ae868) at result.c:1279
> #8 0xb7778bb0 in rlm_ldap_sasl_interactive (inst=0x8277490,
> request=0x0, conn=0x82a23b0, identity=0xb777b564 "",
> password=0x0, sasl=0x82774ac, error=0xbffff2fc, extra=0xbffff2f8)
> at src/modules/rlm_ldap/sasl.c:183
> #9 0xb77736ad in rlm_ldap_bind (inst=0x8277490, request=0x0,
> pconn=0xbffff350, dn=0xb777b564 "", password=0x0,
> sasl=0x82774ac, retry=false) at src/modules/rlm_ldap/ldap.c:717
I should put some work as well.
I think it's the double free (had it at some stage).
The following fixes it for me, see if ok (perhaps we can revert one of
last changes as well).
diff --git a/src/modules/rlm_ldap/sasl.c b/src/modules/rlm_ldap/sasl.c
index c20b5af..a1df2bb 100644
--- a/src/modules/rlm_ldap/sasl.c
+++ b/src/modules/rlm_ldap/sasl.c
@@ -128,7 +128,6 @@ ldap_rcode_t rlm_ldap_sasl_interactive(rlm_ldap_t
const *inst, REQUEST *request,
NULL, NULL,
LDAP_SASL_AUTOMATIC,
_sasl_interact,
&sasl_ctx, result,
&mech, &msgid);
- ldap_msgfree(result); /* We always need to free the
old message */
/*
* If ldap_sasl_interactive_bind indicates it didn't want
@@ -147,6 +146,7 @@ ldap_rcode_t rlm_ldap_sasl_interactive(rlm_ldap_t
const *inst, REQUEST *request,
* If LDAP parse result indicates there was an error
* then we're done.
*/
+ ldap_msgfree(result); /* We always need to free the
old message */
status = rlm_ldap_result(inst, conn, msgid, identity,
&result, error, extra);
switch (status) {
case LDAP_PROC_SUCCESS: /*
ldap_sasl_interactive_bind should have indicated success */
More information about the Freeradius-Users
mailing list