Hi list
Im trying to run pure-ftpd 1.0.21 on a FreeBSD 7.0-amd64 (still beta yes) host, with LDAP (openldap-2.3.39) as auth backend. However the authing doesnt seem to work at all, as soon as password is sent the client gets disconnected. I've posted this similar message (altough more debugging info now) to their list without a single response. Tracing the problem got me to the following code (pureftpd's log_ldap.c, with a lot of logfile statements inserted by me):
110 static LDAP *pw_ldap_connect(void) 111 { 112 LDAP *ld; 113 # ifdef LDAP_OPT_PROTOCOL_VERSION 114 int version = ldap_version; 115 # endif 116 117 if (ldap_host == NULL || port < 0) { 118 logfile(LOG_DEBUG, "bad host"); 119 return NULL; 120 } 121 logfile(LOG_DEBUG, "initing to host %s port %d", ldap_host, port); 122 if ((ld = ldap_init(ldap_host, port)) == NULL) { 123 logfile(LOG_DEBUG, "init failed"); 124 return NULL; 125 } 126 logfile(LOG_DEBUG, "init ok ld is %p", ld); 127 # ifdef LDAP_OPT_PROTOCOL_VERSION 128 logfile(LOG_DEBUG, "setting version %d", version); 129 if (ldap_set_option(ld, LDAP_OPT_PROTOCOL_VERSION, &version) != 130 LDAP_SUCCESS) { 131 logfile(LOG_DEBUG, "failed versionset"); 132 return NULL; 133 } 134 logfile(LOG_DEBUG, "versionset ok"); 135 # endif 136 logfile(LOG_DEBUG, "binding"); 137 if (ldap_bind_s(ld, root, pwd, LDAP_AUTH_SIMPLE) != LDAP_SUCCESS) { 138 logfile(LOG_DEBUG, "bind failed"); 139 return NULL; 140 } 141 logfile(LOG_DEBUG, "bound ok"); 142 143 return ld; 144 }
When running, I get this debug output
Dec 29 09:31:10 back-1 pure-ftpd: (?@172.28.1.11) [DEBUG] ldap entered Dec 29 09:31:10 back-1 pure-ftpd: (?@172.28.1.11) [DEBUG] connecting Dec 29 09:31:10 back-1 pure-ftpd: (?@172.28.1.11) [DEBUG] initing to host localhost port 389 Dec 29 09:31:10 back-1 pure-ftpd: (?@172.28.1.11) [DEBUG] init ok ld is 0x1297180 Dec 29 09:31:10 back-1 pure-ftpd: (?@172.28.1.11) [DEBUG] setting version 3 Dec 29 09:31:10 back-1 kernel: pid 97603 (pure-ftpd), uid 0: exited on signal 11
After that, nothing.. And the forked process dies. As its a forked one, I havent been able to run gdb on it, so I've done the above log entrys instead.. But it seems pretty clear that it crashes when doign ldap_set_option. If i skip the set option and do bind directly, that crashes too. slapd doesnt even see the connection so I guess its something in the client part
pure-ftpd: libssl.so.5 => /usr/lib/libssl.so.5 (0x800650000) libcrypto.so.5 => /lib/libcrypto.so.5 (0x80079a000) libldap-2.3.so.2 => /usr/local/lib/libldap-2.3.so.2 (0x800a2a000) liblber-2.3.so.2 => /usr/local/lib/liblber-2.3.so.2 (0x800b64000) libcrypt.so.4 => /lib/libcrypt.so.4 (0x800c72000) libpam.so.4 => /usr/lib/libpam.so.4 (0x800d8b000) libc.so.7 => /lib/libc.so.7 (0x800e93000) libsasl2.so.2 => /usr/local/lib/libsasl2.so.2 (0x8010b0000)
Only have one version of the client lib installed so shouldnt be any problems there..
openldap-sasl-client-2.3.39 Open source LDAP client implementation with SASL2 support openldap-server-2.3.39 Open source LDAP server implementation
I do have the same setup but with openldap-2.3.38 running fine on a FreeBSD 6.2-i386 box. Haven't seen any problems with the regular ldap* tools on this box, but havent tested any other software yet.
Soo.. Anyone got any ideas? Hope this is the correct list, if not, sorry. Thanks!
-- Johan Ström Stromnet johan@stromnet.se http://www.stromnet.se/
Johan Ström wrote:
Hi list
Im trying to run pure-ftpd 1.0.21 on a FreeBSD 7.0-amd64
Since your arch is 64 bit, and that piece of code is using a lot of function calls whose declaration in ldap.h is hidden behind LDAP_DEPRECATED (ldap_init(), ldap_bind_s()), you should declare that macro (e.g. manually add -DLDAP_DEPRECATED=1 in the Makefile where LDAP-related code is built) when building the client, so the function declarations become visible.
p.
Ing. Pierangelo Masarati OpenLDAP Core Team
SysNet s.r.l. via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it --------------------------------------- Office: +39 02 23998309 Mobile: +39 333 4963172 Email: pierangelo.masarati@sys-net.it ---------------------------------------
On Dec 29, 2007, at 16:27 , Pierangelo Masarati wrote:
Johan Ström wrote:
Hi list
Im trying to run pure-ftpd 1.0.21 on a FreeBSD 7.0-amd64
Since your arch is 64 bit, and that piece of code is using a lot of function calls whose declaration in ldap.h is hidden behind LDAP_DEPRECATED (ldap_init(), ldap_bind_s()), you should declare that macro (e.g. manually add -DLDAP_DEPRECATED=1 in the Makefile where LDAP-related code is built) when building the client, so the function declarations become visible.
Hi, thanks for your answer!
That would only solve any compile time problems, right? And I got no problems with compiling.. Altough I tried to add
#define LDAP_DEPRICATED 1
right before the ldap.h/lber.h includes just to test, but no difference.. Still segfaults. I could try to change the ldap_bind_s to ldap_sasl_bind, but that wouldnt help since it crashes on the ldap_set_version, and that call isn't depricated, right? I have tried with 3, 2, and 1 as versions just to test, no difference at all.. Always crashes.
Thanks for your help.
-- Johan
On Dec 29, 2007, at 16:27 , Pierangelo Masarati wrote:
Johan Ström wrote:
Hi list
Im trying to run pure-ftpd 1.0.21 on a FreeBSD 7.0-amd64
Since your arch is 64 bit, and that piece of code is using a lot of function calls whose declaration in ldap.h is hidden behind LDAP_DEPRECATED (ldap_init(), ldap_bind_s()), you should declare that macro (e.g. manually add -DLDAP_DEPRECATED=1 in the Makefile where LDAP-related code is built) when building the client, so the function declarations become visible.
Hi, thanks for your answer!
That would only solve any compile time problems, right? And I got no problems with compiling.. Altough I tried to add
You definitely have a compile time problem if you use undefined functions, since in C undefined types default to int (32 bits) while pointers usually have word size (64 bits on 64 bit archs).
#define LDAP_DEPRICATED 1
There's a typo in the above; the correct macro name is LDAP_DEPRECATED
right before the ldap.h/lber.h includes just to test, but no difference.. Still segfaults. I could try to change the ldap_bind_s to ldap_sasl_bind, but that wouldnt help since it crashes on the ldap_set_version, and that call isn't depricated, right?
No, it's not. But ldap_init() is, and your issue could start there.
I have tried with 3, 2, and 1 as versions just to test, no difference at all.. Always crashes.
Please fix the above issues and retry. And pump up the compile-time warnings to get some useful information from the compiler itself (e.g. -Wall with gcc).
p.
Ing. Pierangelo Masarati OpenLDAP Core Team
SysNet s.r.l. via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it --------------------------------------- Office: +39 02 23998309 Mobile: +39 333 4963172 Email: pierangelo.masarati@sys-net.it ---------------------------------------
On Dec 30, 2007, at 19:39 , Pierangelo Masarati wrote:
On Dec 29, 2007, at 16:27 , Pierangelo Masarati wrote:
Johan Ström wrote:
Hi list
Im trying to run pure-ftpd 1.0.21 on a FreeBSD 7.0-amd64
Since your arch is 64 bit, and that piece of code is using a lot of function calls whose declaration in ldap.h is hidden behind LDAP_DEPRECATED (ldap_init(), ldap_bind_s()), you should declare that macro (e.g. manually add -DLDAP_DEPRECATED=1 in the Makefile where LDAP-related code is built) when building the client, so the function declarations become visible.
Hi, thanks for your answer!
That would only solve any compile time problems, right? And I got no problems with compiling.. Altough I tried to add
You definitely have a compile time problem if you use undefined functions, since in C undefined types default to int (32 bits) while pointers usually have word size (64 bits on 64 bit archs).
#define LDAP_DEPRICATED 1
There's a typo in the above; the correct macro name is LDAP_DEPRECATED
right before the ldap.h/lber.h includes just to test, but no difference.. Still segfaults. I could try to change the ldap_bind_s to ldap_sasl_bind, but that wouldnt help since it crashes on the ldap_set_version, and that call isn't depricated, right?
No, it's not. But ldap_init() is, and your issue could start there.
I have tried with 3, 2, and 1 as versions just to test, no difference at all.. Always crashes.
Please fix the above issues and retry. And pump up the compile-time warnings to get some useful information from the compiler itself (e.g. -Wall with gcc).
Thanks! that solved the issue.. I'm used to work on -Werror in Makefiles.. So undefined functions would stop instead of just warn. So with the correct define (without typo.. /me slaps himself) it now compiles without warnings (which I missed before). And now it works fine! Thanks again
Will submit patch to pure-ftpd team..
Thanks! that solved the issue.. I'm used to work on -Werror in Makefiles.. So undefined functions would stop instead of just warn. So with the correct define (without typo.. /me slaps himself) it now compiles without warnings (which I missed before). And now it works fine!
Good.
Will submit patch to pure-ftpd team..
Please note that the right fix consists in avoiding deprecated functions (e.g. use ldap_initialize() instead of ldap_init(), ldap_sasl_bind_s() instead of ldap_bind_s()), not in defining LDAP_DEPRECATED. The latter is a hack, as deprecated calls might be totally undefinable in future releases.
p.
Ing. Pierangelo Masarati OpenLDAP Core Team
SysNet s.r.l. via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it --------------------------------------- Office: +39 02 23998309 Mobile: +39 333 4963172 Email: pierangelo.masarati@sys-net.it ---------------------------------------
openldap-technical@openldap.org
-
Johan Ström -
Pierangelo Masarati