Bug 471898
| Summary: | httpd segmentation fault during ldap authentication (uldap_connection_init) | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Jean-Philippe Dionne <jp> |
| Component: | httpd | Assignee: | Joe Orton <jorton> |
| Status: | CLOSED NEXTRELEASE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | high | Docs Contact: | |
| Priority: | urgent | ||
| Version: | 10 | CC: | amcnabb, awilliam, bernie+fedora, bojan, jgarrison, jorton, pahan, rasky, scott.fagg, sergio.pasra, uckelman, wart |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | x86_64 | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | 2.2.11-2.fc10 | Doc Type: | Bug Fix |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2009-03-25 16:09:06 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
This is most probably: https://issues.apache.org/bugzilla/show_bug.cgi?id=45994 which is two separate issues in Fedora context: 1) packaging issue, httpd should Require: apr-ldap 2) code issue, httpd should not segfault on this error path I mean apr-util-ldap; and to fix the problem, you can install apr-util-ldap, in any case. Thank you, installing apr-util-ldap indeed fix the problem. This bug appears to have been reported against 'rawhide' during the Fedora 10 development cycle. Changing version to '10'. More information and reason for this action is here: http://fedoraproject.org/wiki/BugZappers/HouseKeeping We should add apr-util-ldap as a dependency to httpd. Confirmed problem and solution here: F10 with httpd-2.2.10-2.i386 They also seem to be having the same problem on Solaris - see here: http://opensolaris.org/jive/thread.jspa?threadID=84321&tstart=0 *** Bug 474748 has been marked as a duplicate of this bug. *** We have just wasted 3 hours on this bug. It's OUTRAGEOUS that a bug like this which can be fixed in 5 minutes by any packager by just adding a dependency to the RPM is sitting unattended for *3* months since it's been first reported. Please have this fixed before it "hit the news". Uh, it was fixed in rawhide over one month ago: * Thu Jan 22 2009 Joe Orton <jorton> 2.2.11-6 - Require: apr-util-ldap (#471898) - init script changes: pass pidfile to status(), use status() in condrestart (#480602), support try-restart as alias for condrestart - change /etc/httpd/run symlink to have destination /var/run/httpd, and restore "run/httpd.conf" as default PidFile (#478688) Joe, could you please backport this to F-10? In the future, it would be nice if we could split out the mod_authnz_ldap module to a separate package, so we can make that one only depend on ldap. For the impatient, I built binary packages with this bugfix applied: http://koji.fedoraproject.org/koji/taskinfo?taskID=1211563 I did not commit the patch to CVS yet to let Joe comment on it first: RCS file: /cvs/pkgs/rpms/httpd/F-10/httpd.spec,v retrieving revision 1.127 diff -u -p -r1.127 httpd.spec --- httpd.spec 21 Oct 2008 11:47:47 -0000 1.127 +++ httpd.spec 1 Mar 2009 20:11:43 -0000 @@ -9,7 +9,7 @@ Summary: Apache HTTP Server Name: httpd Version: 2.2.10 -Release: 2 +Release: 3 URL: http://httpd.apache.org/ Source0: http://www.apache.org/dist/httpd/httpd-%{version}.tar.gz Source1: index.html @@ -104,6 +104,7 @@ Epoch: 1 BuildRequires: openssl-devel, distcache-devel Requires(post): openssl >= 0.9.7f-4, /bin/cat Requires: httpd = 0:%{version}-%{release}, httpd-mmn = %{mmn} +Requires: apr-util-ldap Obsoletes: stronghold-mod_ssl %description -n mod_ssl @@ -482,6 +483,9 @@ rm -rf $RPM_BUILD_ROOT %{_libdir}/httpd/build/*.sh %changelog +* Sun Mar 1 2009 Bernie Innocenti <bernie> 2.2.10-3 +- Require apr-util-ldap (#471898) + * Tue Oct 21 2008 Joe Orton <jorton> 2.2.10-2 - update to 2.2.10 Joe, please push an F10 update to fix this. This bug has been triaged -- Fedora Bugzappers volunteer triage team https://fedoraproject.org/wiki/BugZappers Thanks a lot Joe. Reporters, you can speed the release of the package as an official update by getting it from updates-testing, checking that it works, and then voting for it at the page Joe linked to (you have to log in with your FAS account before voting, the log-in link's on the left hand side of the page). https://fedoraproject.org/wiki/QA/Updates_Testing has info on setting up updates-testing. -- Fedora Bugzappers volunteer triage team https://fedoraproject.org/wiki/BugZappers ...or if it's not in updates-testing yet you can grab the packages direct from koji - http://koji.fedoraproject.org/koji/buildinfo?buildID=93073 -- Fedora Bugzappers volunteer triage team https://fedoraproject.org/wiki/BugZappers httpd-2.2.11-2.fc10 has been pushed to the Fedora 10 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update httpd'. You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F10/FEDORA-2009-2487 httpd-2.2.11-2.fc10 has been pushed to the Fedora 10 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update httpd'. You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F10/FEDORA-2009-2487 Please, folks, especially those who rant about updates not getting shipped, test the packages now in updates-testing, and submit feedback either here on via the update system. Again: httpd-2.2.11-2.fc10 has been pushed to the Fedora 10 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update httpd'. You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F10/FEDORA-2009-2487 It works for me. The dependency with apr-util-ldap is there. ps: I'd like to post a comment on the url above but I get an "Internal server error". I have submitted a bug about this on the Bohdi trac. httpd-2.2.11-2.fc10 has been pushed to the Fedora 10 stable repository. If problems still persist, please make note of it in this bug report. |
Description of problem: httpd has a segmentation fault during ldap authentication. Version-Release number of selected component (if applicable): httpd-2.2.10-2.x86_64 How reproducible: Always Steps to Reproduce: 1. From the original httpd.conf, add: <Directory /var/www/html> Options Indexes FollowSymLinks MultiViews IndexOptions +FancyIndexing +FoldersFirst +HTMLTable +NameWidth=* AuthLDAPURL ldap://192.168.1.1/ou=xxx,dc=xxx,dc=xxx,dc=xxx?cn?one AuthBasicProvider ldap AuthzLDAPAuthoritative off AuthLDAPGroupAttribute memberUid AuthLDAPGroupAttributeIsDN off AuthType Basic Dav on Require ldap-group cn=groupname,ou=xxx,dc=xxx,dc=xxx,dc=xx </Directory> 2. Load the DocumentRoot in a browser. Actual results: # tail /var/log/httpd/error_log [Mon Nov 17 09:38:17 2008] [notice] child pid 29510 exit signal Segmentation fault (11), possible coredump in /tmp Additional info: Core was generated by `/usr/sbin/httpd'. Program terminated with signal 11, Segmentation fault. [New process 29510] #0 uldap_connection_init (r=0x7f785ff1cb58, ldc=0x7f785fac1bc0) at /usr/src/debug/httpd-2.2.10/modules/ldap/util_ldap.c:261 261 return(result->rc); Missing separate debuginfos, use: debuginfo-install glibc-2.8.90-16.x86_64 (gdb) bt #0 uldap_connection_init (r=0x7f785ff1cb58, ldc=0x7f785fac1bc0) at /usr/src/debug/httpd-2.2.10/modules/ldap/util_ldap.c:261 #1 0x00000000031b38ed in uldap_connection_open (r=0x7f785ff1cb58, ldc=0x0) at /usr/src/debug/httpd-2.2.10/modules/ldap/util_ldap.c:353 #2 0x00000000031b40b5 in uldap_cache_checkuserid (r=0x7f785ff1cb58, ldc=0x7f785fac1bc0, url=0x0, basedn=0x7f785fb92050 "ou=xxx,dc=xxx,dc=xxx,dc=xx", scope=1, attrs=0x7f785fb92078, filter=0x7fff670c5160 "(&(objectclass=*)(cn=username))", bindpw=0x7f785ff22911 "password", binddn=0x7fff670c5150, retvals=0x7fff670c5158) at /usr/src/debug/httpd-2.2.10/modules/ldap/util_ldap.c:954 #3 0x0000000071a0e5b7 in authn_ldap_check_password (r=0x7f785ff1cb58, user=0x7f785ff22920 "username", password=0x7f785ff22911 "password") at /usr/src/debug/httpd-2.2.10/modules/aaa/mod_authnz_ldap.c:399 #4 0x00000000d065a028 in authenticate_basic_user (r=0x7f785ff1cb58) at /usr/src/debug/httpd-2.2.10/modules/aaa/mod_auth_basic.c:230 #5 0x00007f785f09f133 in ap_run_check_user_id (r=0x7f785ff1cb58) at /usr/src/debug/httpd-2.2.10/server/request.c:71 #6 0x00007f785f0a1418 in ap_process_request_internal (r=0x7f785ff1cb58) at /usr/src/debug/httpd-2.2.10/server/request.c:214 #7 0x00007f785f0b2e78 in ap_process_request (r=0x7f785ff1cb58) at /usr/src/debug/httpd-2.2.10/modules/http/http_request.c:256 #8 0x00007f785f0afdc8 in ap_process_http_connection (c=0x7f785ff10ce8) at /usr/src/debug/httpd-2.2.10/modules/http/http_core.c:190 #9 0x00007f785f0abb73 in ap_run_process_connection (c=0x7f785ff10ce8) at /usr/src/debug/httpd-2.2.10/server/connection.c:43 #10 0x00007f785f0b77ce in child_main (child_num_arg=<value optimized out>) at /usr/src/debug/httpd-2.2.10/server/mpm/prefork/prefork.c:650 #11 0x00007f785f0b7a7a in make_child (s=0x7f785fa76e30, slot=0) at /usr/src/debug/httpd-2.2.10/server/mpm/prefork/prefork.c:746 #12 0x00007f785f0b8228 in startup_children () at /usr/src/debug/httpd-2.2.10/server/mpm/prefork/prefork.c:764 #13 ap_mpm_run (_pconf=<value optimized out>, plog=<value optimized out>, s=<value optimized out>) at /usr/src/debug/httpd-2.2.10/server/mpm/prefork/prefork.c:985 #14 0x00007f785f09058d in main (argc=1, argv=0x7fff670c7788) at /usr/src/debug/httpd-2.2.10/server/main.c:740