dewayne_freebsd@yahoo.com wrote:
Full_Name: Dewayne Geraghty Version: 2.4.16 OS: FreeBSD-7.2R URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (58.172.112.108)
Fresh build of OS, ports from heimdal, openldap-2.4.16, cyrus-sasl-2.1.22_2, ltdl-1.5.26.
What does "ports from heimdal" mean? What version of Heimdal are you using?
I've built Heimdal 1.2.1 and it works fine.
During kadmin -l init --realm-max-ticket-life=unlimited --realm-max-renewable-life=unlimited HS2 a segmentation fault is raised.
gdb /usr/local/sbin/kadmin run -l init --realm-max-ticket-life=unlimited --realm-max-renewable-life=unlimited HS2 #0 0x285693c6 in memmove () from /lib/libc.so.7 #1 0x28235c0d in ber_write (ber=0x2860b340, buf=0x51<Error reading address 0x51: Bad address>, len=81, nosos=0) at io.c:116 #2 0x28234525 in ber_put_ostring (ber=0x2860b340, str=0x51<Error reading address 0x51: Bad address>, len=81, tag=4) at encode.c:357
This trace indicates that incorrect parameters were provided to the ldap_add function(s). In particular, the attrs passed in are using char * values, but the flags were set to indicate that struct bervals were being passed.
As such, this is a bug in whatever version of Heimdal you used. There is no OpenLDAP issue here, this ITS will be closed. Furthermore, it appears that there is no bug in current Heimdal versions either.
#3 0x28234625 in ber_put_berval (ber=0x2860b340, bv=0x2860711c, tag=4294967295) at encode.c:382 #4 0x28235729 in ber_printf (ber=0x2860b340, fmt=0x281c99de "V]N}") at encode.c:838 #5 0x2819a074 in ldap_add_ext (ld=0x2863d100, dn=0x28618180 "krb5PrincipalName=krbtgt/HS2@HS2,ou=Users,dc=heuristicsystems,dc=com,dc=au", attrs=0x2860c420, sctrls=0x0, cctrls=0x0, msgidp=0xbfbfe6bc) at add.c:170 #6 0x2819a2b0 in ldap_add_ext_s (ld=0x2863d100, dn=0x28618180 "krb5PrincipalName=krbtgt/HS2@HS2,ou=Users,dc=heuristicsystems,dc=com,dc=au", attrs=0x2860c420, sctrls=0x0, cctrls=0x0) at add.c:229 #7 0x2819a36b in ldap_add_s (ld=0x2863d100, dn=0x28618180 "krb5PrincipalName=krbtgt/HS2@HS2,ou=Users,dc=heuristicsystems,dc=com,dc=au", attrs=0x2860c420) at add.c:243 #8 0x280b028f in LDAP_store (context=0x286010b0, db=0x2860a040, flags=0, entry=0xbfbfe770) at hdb-ldap.c:1580 #9 0x2809a8f0 in kadm5_s_create_principal (server_handle=0x2861a0c0, princ=0xbfbfea1c, mask=17, password=0xbfbfe810 "Vbc2zAiigq") at create_s.c:182 #10 0x2808eac9 in kadm5_create_principal (server_handle=0x2861a0c0, princ=0xbfbfea1c, mask=17, password=0xbfbfe810 "Vbc2zAiigq") at common_glue.c:64 and (gdb) x 0x2860711c 0x2860711c: 0x00000051
This is reproducable with/without overlays (except for smbk5pwd overlay); built and tested afresh on two machines, using make -pipe -O0 -g3
Note to build smbk5passwd on FreeBSD, needed to change smbk5pwd Makefile: #HEIMDAL_INC=-I/usr/heimdal/include HEIMDAL_INC=-I/usr/local/include #HEIMDAL_LIB=-L/usr/heimdal/lib -lkrb5 -lkadm5srv HEIMDAL_LIB=-L/usr/local/lib -lkrb5 -lkadm5srv
The ldap database is built using one group entry (ou=Users,dc=..). Have used ldap for 3 years, kerberos for 4 months.