[Bug 225818] mail/dovecot: Option GSSAPI_MIT - core dump when using PAM authentication with Kerberos credentials

bugzilla-noreply at freebsd.org bugzilla-noreply at freebsd.org
Sun Feb 11 10:11:43 UTC 2018 

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=225818

            Bug ID: 225818
           Summary: mail/dovecot: Option GSSAPI_MIT - core dump when using
                    PAM authentication with Kerberos credentials
           Product: Ports & Packages
           Version: Latest
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Only Me
          Priority: ---
         Component: Individual Port(s)
          Assignee: adamw at FreeBSD.org
          Reporter: woodsb02 at freebsd.org
             Flags: maintainer-feedback?(adamw at FreeBSD.org)
          Assignee: adamw at FreeBSD.org

SCENARIO:
- Build mail/dovecot with option GSSAPI_MIT
- Configure dovecot for PAM authentication, using PAM service "imap":
  $ cat /usr/local/etc/dovecot/conf.d/10-auth.conf
  auth_mechanisms = plain
  passdb {
    driver = pam
    args = %s
  }
  userdb {
    driver = passwd
  }
- Configure imap pam to authenticate against kerberos (and enable debugging):
  $ cat /etc/pam.d/imap
  auth            sufficient      pam_krb5.so             debug
  account         required        pam_krb5.so             debug


RESULT:
This results in a crash of the dovecot authentication worker before any
kerberos messages are even exchanged.


GDB BACKTRACE OF COREDUMP:
$ gdb /usr/local/libexec/dovecot/auth
GNU gdb (GDB) 8.0.1 [GDB v8.0.1 for FreeBSD]
Copyright (C) 2017 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-portbld-freebsd12.0".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
<http://www.gnu.org/software/gdb/documentation/>.
For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from /usr/local/libexec/dovecot/auth...done.
(gdb) core /tmp/auth.core
[New LWP 102627]
warning: Can't read pathname for load map: Unknown error: -1.
warning: Can't read pathname for load map: Unknown error: -1.
warning: Can't read pathname for load map: Unknown error: -1.
warning: Can't read pathname for load map: Unknown error: -1.
Core was generated by `dovecot/auth -w'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0  strlen (str=0x0) at /usr/src/lib/libc/string/strlen.c:100
warning: Source file is more recent than executable.
100              */
(gdb) bt
#0  strlen (str=0x0) at /usr/src/lib/libc/string/strlen.c:100
#1  0x0000000012130022 in strdup (str=0x0) at
/usr/src/lib/libc/string/strdup.c:46
#2  0x0000000011b65e9d in krb5_appdefault_string (context=0x10777000,
appname=0x106f0018 "imap", realm=0x0, option=0x13b1f403 "ticket_lifetime",
default_value=0x0, ret_value=0x7fffffffe088)
    at appdefault.c:165
#3  0x0000000013af4a80 in krb5_appdefault_time (context=0x0,
appname=0xffffffffaaca6003 <error: Cannot access memory at address
0xffffffffaaca6003>, 
    realm=0x50 <error: Cannot access memory at address 0x50>, option=0x0,
def_val=0, ret_val=0x7fffffffe0e0) at
/usr/src/crypto/heimdal/lib/krb5/appdefault.c:130
#4  0x0000000013ae3e79 in krb5_get_init_creds_opt_set_default_flags
(context=0x10777000, appname=0x106f0018 "imap", realm=0x0, opt=0x1070f3c0)
    at /usr/src/crypto/heimdal/lib/krb5/init_creds.c:171
#5  0x00000000138b738f in ?? ()
#6  0x0000000000000000 in ?? ()


LOG OUTPUT:
$ cat /var/log/maillog:
Feb 11 09:20:40 mail dovecot: auth: Error: auth worker: Aborted PASSV request
for woodsb02: Worker process died unexpectedly
Feb 11 09:20:40 mail dovecot: auth-worker(34874): Fatal: master:
service(auth-worker): child 34874 killed with signal 11 (core dumped)
Feb 11 09:20:47 mail dovecot: imap-login: Disconnected (auth failed, 1 attempts
in 7 secs): user=<woodsb02>, method=PLAIN, rip=192.168.1.13, lip=192.168.1.13,
TLS, session=<GRJsRuxkf17AqAEN>

$ cat /var/log/debug.log:
Feb 11 09:20:35 mail dovecot: auth: Debug: auth client connected (pid=34853)   
                                                                               
                     [34/1991]
Feb 11 09:20:40 mail dovecot: auth: Debug: client in: AUTH      1       PLAIN  
service=imap    secured session=GRJsRuxkf17AqAEN        lip=192.168.1.13       
rip=192.168.1.13        lport=
993     rport=24191     resp=AHdvb2RzYjAyAHRlc3Q= (previous base64 data may
contain sensitive data)
Feb 11 09:20:40 mail dovecot: auth-worker(34874): Debug: Loading modules from
directory: /usr/local/lib/dovecot/auth
Feb 11 09:20:40 mail dovecot: auth-worker(34874): Debug: Module loaded:
/usr/local/lib/dovecot/auth/lib20_auth_var_expand_crypt.so
Feb 11 09:20:40 mail dovecot: auth-worker(34874): Debug:
pam(woodsb02,192.168.1.13,<GRJsRuxkf17AqAEN>): lookup service=imap
Feb 11 09:20:40 mail auth: in openpam_dispatch(): calling pam_sm_authenticate()
in /usr/lib/pam_krb5.so.6
Feb 11 09:20:40 mail auth: in pam_get_user(): entering             
Feb 11 09:20:40 mail auth: in pam_get_item(): entering: PAM_USER   
Feb 11 09:20:40 mail auth: in pam_get_item(): returning PAM_SUCCESS   
Feb 11 09:20:40 mail auth: in pam_get_user(): returning PAM_SUCCESS
Feb 11 09:20:40 mail auth: in pam_sm_authenticate(): Got user: woodsb02      
Feb 11 09:20:40 mail auth: in pam_get_item(): entering: PAM_RUSER 
Feb 11 09:20:40 mail auth: in pam_get_item(): returning PAM_SUCCESS          
Feb 11 09:20:40 mail auth: in pam_sm_authenticate(): Got ruser: woodsb02
Feb 11 09:20:40 mail auth: in pam_get_item(): entering: PAM_SERVICE 
Feb 11 09:20:40 mail auth: in pam_get_item(): returning PAM_SUCCESS             
Feb 11 09:20:40 mail auth: in pam_sm_authenticate(): Got service: imap          
Feb 11 09:20:40 mail auth: in pam_sm_authenticate(): Context initialised        
Feb 11 09:20:40 mail auth: in pam_sm_authenticate(): Done krb5_cc_register()
Feb 11 09:20:40 mail auth: in openpam_get_option(): entering: 'auth_as_self'    
Feb 11 09:20:40 mail auth: in openpam_get_option(): returning NULL              
Feb 11 09:20:40 mail auth: in pam_sm_authenticate(): Created principal:
woodsb02                             
Feb 11 09:20:40 mail auth: in pam_sm_authenticate(): Done krb5_parse_name() 
Feb 11 09:20:40 mail auth: in pam_sm_authenticate(): Got principal:
woodsb02 at WOODS.AM
Feb 11 09:20:40 mail auth: in pam_get_authtok(): entering                       
Feb 11 09:20:40 mail auth: in pam_get_item(): entering: PAM_RHOST               
Feb 11 09:20:40 mail auth: in pam_get_item(): returning PAM_SUCCESS             
Feb 11 09:20:40 mail auth: in pam_get_item(): entering: PAM_HOST            
Feb 11 09:20:40 mail auth: in pam_get_item(): returning PAM_SUCCESS         
Feb 11 09:20:40 mail auth: in pam_get_item(): entering: PAM_OLDAUTHTOK          
Feb 11 09:20:40 mail auth: in pam_get_item(): returning PAM_SUCCESS
Feb 11 09:20:40 mail auth: in openpam_get_option(): entering: 'try_first_pass'
Feb 11 09:20:40 mail auth: in openpam_get_option(): returning NULL
Feb 11 09:20:40 mail auth: in openpam_get_option(): entering: 'use_first_pass'
Feb 11 09:20:40 mail auth: in openpam_get_option(): returning NULL
Feb 11 09:20:40 mail auth: in openpam_get_option(): entering: 'authtok_prompt'
Feb 11 09:20:40 mail auth: in openpam_get_option(): returning NULL
Feb 11 09:20:40 mail auth: in openpam_subst(): entering: 'Password:'
Feb 11 09:20:40 mail auth: in openpam_subst(): returning PAM_SUCCESS
Feb 11 09:20:40 mail auth: in openpam_get_option(): entering: 'echo_pass'
Feb 11 09:20:40 mail auth: in openpam_get_option(): returning NULL
Feb 11 09:20:40 mail auth: in pam_vprompt(): entering
Feb 11 09:20:40 mail auth: in pam_get_item(): entering: PAM_CONV
Feb 11 09:20:40 mail auth: in pam_get_item(): returning PAM_SUCCESS
Feb 11 09:20:40 mail auth: in pam_vprompt(): returning PAM_SUCCESS
Feb 11 09:20:40 mail auth: in pam_set_item(): entering: PAM_AUTHTOK
Feb 11 09:20:40 mail dovecot: auth-worker(34874): Debug:
pam(woodsb02,192.168.1.13,<GRJsRuxkf17AqAEN>): #1/1 style=1 msg=Password:
Feb 11 09:20:40 mail auth: in pam_set_item(): returning PAM_SUCCESS
Feb 11 09:20:40 mail auth: in pam_get_item(): entering: PAM_AUTHTOK
Feb 11 09:20:40 mail auth: in pam_get_item(): returning PAM_SUCCESS
Feb 11 09:20:40 mail auth: in pam_get_authtok(): returning PAM_SUCCESS
Feb 11 09:20:40 mail auth: in pam_sm_authenticate(): Got password
Feb 11 09:20:40 mail auth: in openpam_get_option(): entering: 'no_user_check'
Feb 11 09:20:40 mail auth: in openpam_get_option(): returning NULL
Feb 11 09:20:40 mail auth: in openpam_get_option(): entering: 'no_user_check'
Feb 11 09:20:40 mail auth: in openpam_get_option(): returning NULL
Feb 11 09:20:40 mail auth: in pam_sm_authenticate(): Done getpwnam()
Feb 11 09:20:40 mail dovecot: auth-worker(34875): Debug: Loading modules from
directory: /usr/local/lib/dovecot/auth
Feb 11 09:20:40 mail dovecot: auth-worker(34875): Debug: Module loaded:
/usr/local/lib/dovecot/auth/lib20_auth_var_expand_crypt.so

-- 
You are receiving this mail because:
You are the assignee for the bug.

More information about the freebsd-ports-bugs mailing list