Hi, after upgrading my FreeRADIUS installation to 2.1.6, I tried SIGHUP and got a SIGSEGV back :-/ It didn't happen immediately, but only after the next auth attempt was processed. I have attached my virtual server "Monitoring" - this is the spot in the server where I changed something; the password for this User-Name was changed. Before changing that password and HUPing, auth worked consistently. I attached with gdb to find out what's wrong, the bt is at the end: it failed while xlat'ing User-Name for an sql relay. That's really surprising because I didn't change the User-Name, only the control item Cleartext-Password. Greetings, Stefan Winter ######### virtual server config server Monitoring { authorize { update request { RESTENA-Service-Type := "Nagios-Monitoring" } if ( User-Name == "testuser.monitor@testrealm.lu" ) { update control { Cleartext-Password := "obfuscated" <------------ this is what I changed } } auth_log # users.Nagios pap } authenticate { pap } preacct { } accounting { } session { } post-auth { reply_log sql_relay_main Post-Auth-Type REJECT { reply_log sql_relay_main } } pre-proxy { } post-proxy { } } ########### gdb session with bt Program received signal SIGHUP, Hangup. 0xb7f9a424 in __kernel_vsyscall () (gdb) c Continuing. Program received signal SIGSEGV, Segmentation fault. [Switching to Thread 0xb79d4b90 (LWP 7097)] 0xb7c48073 in strchr () from /lib/libc.so.6 (gdb) bt #0 0xb7c48073 in strchr () from /lib/libc.so.6 #1 0xb71bae13 in sql_escape_func (out=0xb79d27d0 "", outlen=3964, in=0xb79d1d34 "testuser.monitor@testrealm.lu") at rlm_sql_log.c:160 #2 0x08067a42 in valuepair2str (out=0xb79d27d0 "", outlen=3964, pair=0x8d0c3b8, type=0, func=0xb71bad80 <sql_escape_func>) at xlat.c:72 #3 0x08069532 in xlat_packet (instance=0x807d9a4, request=0x8d0bcb0, fmt=0xb79d2414 "User-Name", out=0xb79d27d0 "", outlen=3964, func=0xb71bad80 <sql_escape_func>) at xlat.c:383 #4 0x08068887 in radius_xlat (out=0xb79d274c "INSERT INTO radpostauth", ' ' <repeats 37 times>, "(id, user, pass, reply, date)", ' ' <repeats 30 times>, "VALUES ('', '", outlen=4096, fmt=0x8d0d568 "INSERT INTO radpostauth", ' ' <repeats 37 times>, "(id, user, pass, reply, date)", ' ' <repeats 30 times>, "VALUES ('', '%{User-Name}', '%{RESTENA-Service-Type}', '%{reply:Packet-Type}', '%"..., request=0x8d0bcb0, func=0xb71bad80 <sql_escape_func>) at xlat.c:911 #5 0xb71bac38 in sql_xlat_query (inst=0xb79d261e, request=0x8d0bcb0, query=0x8d0d568 "INSERT INTO radpostauth", ' ' <repeats 37 times>, "(id, user, pass, reply, date)", ' ' <repeats 30 times>, "VALUES ('', '%{User-Name}', '%{RESTENA-Service-Type}', '%{reply:Packet-Type}', '%"..., xlat_query=0xb79d274c "INSERT INTO radpostauth", ' ' <repeats 37 times>, "(id, user, pass, reply, date)", ' ' <repeats 30 times>, "VALUES ('', '", len=4096) at rlm_sql_log.c:258 #6 0xb71bb187 in sql_log_postauth (instance=0x8c53a40, request=0x8d0bcb0) at rlm_sql_log.c:398 #7 0x08062bd8 in modcall (component=7, c=0x8d2af90, request=0x8d0bcb0) at modcall.c:286 #8 0x0805f782 in indexed_modcall (comp=7, idx=13835320, request=0x8d0bcb0) at modules.c:631 #9 0x0805f89c in module_post_auth (postauth_type=13835320, request=0x8d0bcb0) at modules.c:1452 #10 0x0804ee17 in rad_postauth (request=0x8d0bcb0) at auth.c:410 #11 0x0806d14d in request_post_handler (request=0x8d0bcb0) at event.c:2333 #12 0x0806d5b3 in radius_handle_request (request=0x8d0bcb0, fun=0x804ee60 <rad_authenticate>) at event.c:3652 #13 0x08065760 in request_handler_thread (arg=0x8ce21d8) at threads.c:492 #14 0xb7f2f1b5 in start_thread () from /lib/libpthread.so.0 #15 0xb7ca638e in clone () from /lib/libc.so.6 (gdb) -- Stefan WINTER Ingenieur de Recherche Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de la Recherche 6, rue Richard Coudenhove-Kalergi L-1359 Luxembourg Tel: +352 424409 1 Fax: +352 422473
Hi again, ah, the source seems to reveal where the problem is: if ((in[0] < 32) || strchr(allowed_chars, *in) == NULL) { Since "in" is correct, it looks like allowed_chars is invalid - maybe the HUP makes the server forget about that variable? Stefan -- Stefan WINTER Ingenieur de Recherche Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de la Recherche 6, rue Richard Coudenhove-Kalergi L-1359 Luxembourg Tel: +352 424409 1 Fax: +352 422473
Stefan Winter wrote:
Hi again,
ah, the source seems to reveal where the problem is:
if ((in[0] < 32) || strchr(allowed_chars, *in) == NULL) {
Since "in" is correct, it looks like allowed_chars is invalid - maybe the HUP makes the server forget about that variable?
Ah, yes. The "allowed_chars" array is being marked NULL, because it's not checking for multiple instances of the module. I'll commit a fix for 2.1.7. Alan DeKok.
participants (2)
-
Alan DeKok -
Stefan Winter