Update:
I have downgraded my version of ldap to 1.2.11 and everything is working
fine. I guess it is SASL link references to imap and ldap and their own
memory management seems to be the reason for the problem.
How do I resolve such that SASL goes with either imapd or ldap memroy
functions but not both?
Thanks
__
Seva
Seva Adari wrote:
> Hi,
> The memory over run I am going to describe may or may not be an imap
> issue. The debugging points to imap in an indirect manner and hence this
>
> posting.
>
> The culprit chain:
> imapd -> sasl -> pam -> pam_ldap -> libldap & liblber
>
> Using Netscape mail client when I try to read mail of imap server
> by supplying the userid and password the following happens:
>
> In imapd, in function sasl_checkpass(), the call to _sasl_checkpass()
> loads pam_ldap.so which in turn loads libldap & liblber. On coming
> out of _sasl_checkpass() into sasl_checkpass() I get successful
> verification of the password. Look at the following code snippet from
> sasl (lib/server.c lines 1243-1250):
>
> result = _sasl_checkpass(conn, mech, conn->service, user, pass,
> errstr);
>
> if (result == SASL_OK) {
> result = _sasl_strdup(user, &(conn->oparams.authid), NULL);
> if (result != SASL_OK) return result;
>
> _sasl_transition(conn, pass, passlen);
> }
>
> _sasl_strdup uses imap's own memory allocation functions from
> lib/xmalloc.c. What is interesting is if I enable ldap option via
> pam.d/imap
> file then instead of accessing xmalloc functions of imapd, _sasl_strdup
> gets into ber_memalloc and I get segmentation fault, debugger shows line
>
> 190 of memory.c file of openldap distribution. This is consistent across
>
> both redhat 6.2 & 7.0. However if I input wrong password, _sasl_strdup
> doesn't get accessed and hence imapd does not break, but my Netscape
> client freezes on me.
>
> However imapd works thru' the above code if I disable ldap option
> in pam.d/imap and access the shadow password system
>
> Interestingly the following chain works fine for the same user id and
> password:
> wu-ftpd -> pam -> pam_ldap -> libldap & liblber
>
> My guess is some where some pointers are over run. It has been very
> difficult to get a handle on this in the debugger. Every thing looks to
> work
> fine until I get to "_sasl_strdup" and from there it is straight into
> "ber_malloc" of openldap and segmentation fault with no meaningful
> stack trace.
>
> Or does this behavior has anything to do with the fact that ldap 2.0
> also
> uses sasl and there may have been name mangling issues!
>
> This is behavior is present in 2.0.7 and the code in cvs.
>
> Has anybody successfully implemented the latest imapd on redhat with
> pam_ldap and openldap 2.x.x?
>
> Any pointers or help is appreciated.
>
> Thanks
> __
> Seva
