I can reproduce the problem when I run saslauthd with authmech shadow:
saslauthd -a shadow
and then try to authenticate users that have a crippled /etc/shadow entry. By crippled I mean ! or * as password entry, as for root, mail, nobody.
When I run the 2.1.25 stock source with debugging symbols in gdb with "-a shadow -n 1 -d -m /var/run/saslauthd/mux" as param, I get:
Program received signal SIGSEGV, Segmentation fault.
0xb7e6e6f1 in ?? () from /lib/i386-linux-gnu/libc.so.6
(gdb) where
#0 0xb7e6e6f1 in ?? () from /lib/i386-linux-gnu/libc.so.6
#1 0xb7e6e326 in strdup () from /lib/i386-linux-gnu/libc.so.6
#2 0x0804b910 in auth_shadow (login=0xbffff098 "root",
password=0xbffff199 "dfsdf", service=0xbffff29a "ldap",
realm=0xbffff39b "") at auth_shadow.c:188
#3 0x0804ed3f in do_auth (_login=_login@entry=0xbffff098 "root",
password=password@entry=0xbffff199 "dfsdf",
service=service@entry=0xbffff29a "ldap", realm=realm@entry=0xbffff39b "")
at saslauthd-main.c:410
#4 0x0804dd17 in do_request (conn_fd=conn_fd@entry=9) at ipc_unix.c:426
#5 0x0804e547 in ipc_loop () at ipc_unix.c:277
#6 0x080499c1 in main (argc=8, argv=0xbffff5e4) at saslauthd-main.c:369
Hi all
I can reproduce the problem when I run saslauthd with authmech shadow:
saslauthd -a shadow
and then try to authenticate users that have a crippled /etc/shadow entry. By crippled I mean ! or * as password entry, as for root, mail, nobody.
When I run the 2.1.25 stock source with debugging symbols in gdb with "-a shadow -n 1 -d -m /var/run/ saslauthd/ mux" as param, I get:
Program received signal SIGSEGV, Segmentation fault. linux-gnu/ libc.so. 6 linux-gnu/ libc.so. 6 linux-gnu/ libc.so. 6 0xbffff199 "dfsdf", service=0xbffff29a "ldap", 0xbffff39b "") at auth_shadow.c:188 _login@ entry=0xbffff09 8 "root", password@ entry=0xbffff19 9 "dfsdf", service@ entry=0xbffff29 a "ldap", realm=realm@ entry=0xbffff39 b "") main.c: 410 conn_fd@ entry=9) at ipc_unix.c:426 main.c: 369
0xb7e6e6f1 in ?? () from /lib/i386-
(gdb) where
#0 0xb7e6e6f1 in ?? () from /lib/i386-
#1 0xb7e6e326 in strdup () from /lib/i386-
#2 0x0804b910 in auth_shadow (login=0xbffff098 "root",
password=
realm=
#3 0x0804ed3f in do_auth (_login=
password=
service=
at saslauthd-
#4 0x0804dd17 in do_request (conn_fd=
#5 0x0804e547 in ipc_loop () at ipc_unix.c:277
#6 0x080499c1 in main (argc=8, argv=0xbffff5e4) at saslauthd-
Offending line is:
cpw = strdup((const char *)crypt(password, sp->sp_pwdp));
where crypt() returns NULL for the crippled shadow entries. Proposed patch:
char *encpwd = crypt(password, sp->sp_pwdp);
syslog( LOG_DEBUG, "DEBUG: auth_shadow: crypt returned NULL");
RETURN( "NO");
if (encpwd == NULL) {
if (flags & VERBOSE) {
}
}
cpw = strdup((const char *)encpwd);