Description of problem: I have the following simple configuration of LDAP authentication: ------SNIP------- <Location /burza> AuthType Basic AuthName "Employees only" AuthBasicProvider ldap AuthLDAPURL "ldap://localhost/o=Altkom?uid?sub AuthzLDAPAuthoritative on require valid-user </Location> ------SNIP------- When I connecto through HTTP and supply Basic authentication credentials, httpd segfaults with the following message in httpd/error_log: [Wed Apr 05 20:59:57 2006] [notice] child pid 2774 exit signal Segmentation fault (11) Version-Release number of selected component (if applicable): httpd-2.2.0-5.1.2 openldap-2.3.19-4 How reproducible: Steps to Reproduce: 1. Install and configure apache as above on a x86_64 machine 2. Connect using a browser and authenticate Actual results: Apache segfaults. Expected results: Authentication proceeds normally. Additional info: I've installed httpd-debuginfo RPM and configured apache according to http://kbase.redhat.com/faq/FAQ_49_3652.shtm to dump core into /var/apache-dump/. Then I've extracted a backtrace using gdb: # gdb /usr/sbin/httpd core.929 GNU gdb Red Hat Linux (6.3.0.0-1.122rh) Copyright 2004 Free Software Foundation, Inc. GDB is free software, covered by the GNU General Public License, and you are welcome to change it and/or distribute copies of it under certain conditions. Type "show copying" to see the conditions. There is absolutely no warranty for GDB. Type "show warranty" for details. This GDB was configured as "x86_64-redhat-linux-gnu"...Using host libthread_db library "/lib64/libthread_db.so.1". Core was generated by `/usr/sbin/httpd -X'. Program terminated with signal 11, Segmentation fault. Loaded symbols for /usr/sbin/httpd Reading symbols from /lib64/libm.so.6...done. Loaded symbols for /lib64/libm.so.6 <...........> Reading symbols from /usr/lib64/libnal.so.1...done. Loaded symbols for /usr/lib64/libnal.so.1 #0 0x00002aaaab200826 in ldap_set_option () from /usr/lib64/libldap-2.3.so.0 (gdb) info threads * 1 process 1096 0x00002aaaab200826 in ldap_set_option () from /usr/lib64/libldap-2.3.so.0 (gdb) bt #0 0x00002aaaab200826 in ldap_set_option () from /usr/lib64/libldap-2.3.so.0 #1 0x00002aaaadd5d1f4 in uldap_connection_open (r=0x5555557f13f8, ldc=0x555555797160) at /usr/src/debug/httpd-2.2.0/modules/ldap/util_ldap.c:293 #2 0x00002aaaadd5e20b in uldap_cache_checkuserid (r=0x5555557f13f8, ldc=0x555555797160, url=0x0, basedn=0x555555748488 "o=Altkom", scope=2, attrs=0x555555748498, filter=0x7fffffb92990 "(&(objectclass=*)(uid=olo))", bindpw=0x5555557f604c "ANONYMIZED", binddn=0x7fffffb92980, retvals=0x7fffffb92988) at /usr/src/debug/httpd-2.2.0/modules/ldap/util_ldap.c:920 #3 0x00002aaaade67a6d in authn_ldap_check_password (r=0x5555557f13f8, user=0x5555557f6060 "olo", password=0x5555557f604c "ANONYMIZED") at /usr/src/debug/httpd-2.2.0/modules/aaa/mod_authnz_ldap.c:395 #4 0x00002aaaad03c160 in authenticate_basic_user (r=0x5555557f13f8) at /usr/src/debug/httpd-2.2.0/modules/aaa/mod_auth_basic.c:230 #5 0x0000555555579312 in ap_run_check_user_id (r=0x5555557f13f8) at /usr/src/debug/httpd-2.2.0/server/request.c:70 #6 0x000055555557a517 in ap_process_request_internal (r=0x5555557f13f8) at /usr/src/debug/httpd-2.2.0/server/request.c:218 #7 0x000055555558bc18 in ap_process_request (r=0x5555557f13f8) at /usr/src/debug/httpd-2.2.0/modules/http/http_request.c:256 #8 0x0000555555588ec0 in ap_process_http_connection (c=0x5555557e93c8) at /usr/src/debug/httpd-2.2.0/modules/http/http_core.c:171 #9 0x0000555555585192 in ap_run_process_connection (c=0x5555557e93c8) at /usr/src/debug/httpd-2.2.0/server/connection.c:43 #10 0x000055555558f5fb in child_main (child_num_arg=Variable "child_num_arg" is not available. ) at /usr/src/debug/httpd-2.2.0/server/mpm/prefork/prefork.c:640 #11 0x000055555558f88a in make_child (s=0x5555556b3138, slot=1) at /usr/src/debug/httpd-2.2.0/server/mpm/prefork/prefork.c:736 #12 0x000055555558f940 in startup_children (number_to_start=7) at /usr/src/debug/httpd-2.2.0/server/mpm/prefork/prefork.c:754 #13 0x0000555555590636 in ap_mpm_run (_pconf=Variable "_pconf" is not available. ) at /usr/src/debug/httpd-2.2.0/server/mpm/prefork/prefork.c:975 #14 0x000055555556b59c in main (argc=1, argv=0x7fffffb94f78) at /usr/src/debug/httpd-2.2.0/server/main.c:712 (gdb) quit
The previous backtrace lacked OpenLDAP libraries debugging information. I've installed openldap-debug and here it is again: Reading symbols from /usr/lib64/libnal.so.1...done. Loaded symbols for /usr/lib64/libnal.so.1 #0 ldap_set_option (ld=0x557f7820, option=2, invalue=0x55555579718c) at ../../../libraries/libldap/options.c:358 358 assert( LDAP_VALID( ld ) ); (gdb) bt #0 ldap_set_option (ld=0x557f7820, option=2, invalue=0x55555579718c) at ../../../libraries/libldap/options.c:358 #1 0x00002aaaadd5d1f4 in uldap_connection_open (r=0x5555557f13f8, ldc=0x555555797160) at /usr/src/debug/httpd-2.2.0/modules/ldap/util_ldap.c:293 #2 0x00002aaaadd5e20b in uldap_cache_checkuserid (r=0x5555557f13f8, ldc=0x555555797160, url=0x0, basedn=0x555555748488 "o=Altkom", scope=2, attrs=0x555555748498, filter=0x7fffffb9ffb0 "(&(objectclass=*)(uid=olo))", bindpw=0x5555557f604c "ANONYMIZED", binddn=0x7fffffb9ffa0, retvals=0x7fffffb9ffa8) at /usr/src/debug/httpd-2.2.0/modules/ldap/util_ldap.c:920 #3 0x00002aaaade67a6d in authn_ldap_check_password (r=0x5555557f13f8, user=0x5555557f6060 "olo", password=0x5555557f604c "ANONYMIZED") at /usr/src/debug/httpd-2.2.0/modules/aaa/mod_authnz_ldap.c:395 #4 0x00002aaaad03c160 in authenticate_basic_user (r=0x5555557f13f8) at /usr/src/debug/httpd-2.2.0/modules/aaa/mod_auth_basic.c:230 #5 0x0000555555579312 in ap_run_check_user_id (r=0x5555557f13f8) at /usr/src/debug/httpd-2.2.0/server/request.c:70 #6 0x000055555557a517 in ap_process_request_internal (r=0x5555557f13f8) at /usr/src/debug/httpd-2.2.0/server/request.c:218 #7 0x000055555558bc18 in ap_process_request (r=0x5555557f13f8) at /usr/src/debug/httpd-2.2.0/modules/http/http_request.c:256 #8 0x0000555555588ec0 in ap_process_http_connection (c=0x5555557e93f8) at /usr/src/debug/httpd-2.2.0/modules/http/http_core.c:171 #9 0x0000555555585192 in ap_run_process_connection (c=0x5555557e93f8) at /usr/src/debug/httpd-2.2.0/server/connection.c:43 #10 0x000055555558f5fb in child_main (child_num_arg=Variable "child_num_arg" is not available. ) at /usr/src/debug/httpd-2.2.0/server/mpm/prefork/prefork.c:640 #11 0x000055555558f88a in make_child (s=0x5555556b3138, slot=1) at /usr/src/debug/httpd-2.2.0/server/mpm/prefork/prefork.c:736 #12 0x000055555558f940 in startup_children (number_to_start=7) at /usr/src/debug/httpd-2.2.0/server/mpm/prefork/prefork.c:754 #13 0x0000555555590636 in ap_mpm_run (_pconf=Variable "_pconf" is not available. ) at /usr/src/debug/httpd-2.2.0/server/mpm/prefork/prefork.c:975 #14 0x000055555556b59c in main (argc=1, argv=0x7fffffba2598) at /usr/src/debug/httpd-2.2.0/server/main.c:712
Thanks for the report, I can reproduce this here; there is stack corruption happening somewhere, not sure where yet.
OK, this is mostly an apr-util issue.
*** Bug 188353 has been marked as a duplicate of this bug. ***
I've installed apr-util 1.2.6-1 from updates-testing. Apache still segaults, but the backtrace is different this time: Reading symbols from /usr/lib64/httpd/modules/mod_authz_svn.so...done. Loaded symbols for /etc/httpd/modules/mod_authz_svn.so #0 0x00002aaaadd5e447 in uldap_cache_checkuserid (r=0x555555803ef8, ldc=0x5555556b4020, url=Variable "url" is not available. ) at /usr/src/debug/httpd-2.2.0/modules/ldap/util_ldap.c:1025 1025 while (values && values[j]) { (gdb) bt #0 0x00002aaaadd5e447 in uldap_cache_checkuserid (r=0x555555803ef8, ldc=0x5555556b4020, url=Variable "url" is not available. ) at /usr/src/debug/httpd-2.2.0/modules/ldap/util_ldap.c:1025 #1 0x00002aaaade67a6d in authn_ldap_check_password (r=0x555555803ef8, user=0x555555819480 "olo", password=0x55555581946c "ANONYMIZED") at /usr/src/debug/httpd-2.2.0/modules/aaa/mod_authnz_ldap.c:395 #2 0x00002aaaad03c160 in authenticate_basic_user (r=0x555555803ef8) at /usr/src/debug/httpd-2.2.0/modules/aaa/mod_auth_basic.c:230 #3 0x0000555555579312 in ap_run_check_user_id (r=0x555555803ef8) at /usr/src/debug/httpd-2.2.0/server/request.c:70 #4 0x000055555557a517 in ap_process_request_internal (r=0x555555803ef8) at /usr/src/debug/httpd-2.2.0/server/request.c:218 #5 0x000055555558bc18 in ap_process_request (r=0x555555803ef8) at /usr/src/debug/httpd-2.2.0/modules/http/http_request.c:256 #6 0x0000555555588ec0 in ap_process_http_connection (c=0x5555557f5778) at /usr/src/debug/httpd-2.2.0/modules/http/http_core.c:171 #7 0x0000555555585192 in ap_run_process_connection (c=0x5555557f5778) at /usr/src/debug/httpd-2.2.0/server/connection.c:43 #8 0x000055555558f5fb in child_main (child_num_arg=Variable "child_num_arg" is not available. ) at /usr/src/debug/httpd-2.2.0/server/mpm/prefork/prefork.c:640 #9 0x000055555558f88a in make_child (s=0x5555556b3138, slot=3) at /usr/src/debug/httpd-2.2.0/server/mpm/prefork/prefork.c:736 #10 0x000055555558f940 in startup_children (number_to_start=3) at /usr/src/debug/httpd-2.2.0/server/mpm/prefork/prefork.c:754 #11 0x0000555555590636 in ap_mpm_run (_pconf=Variable "_pconf" is not available. ) at /usr/src/debug/httpd-2.2.0/server/mpm/prefork/prefork.c:975 #12 0x000055555556b59c in main (argc=1, argv=0x7fffff88b228) at /usr/src/debug/httpd-2.2.0/server/main.c:712
Yes, it needs an httpd rebuild as well as an apr-util rebuild - it's in progress!
This should be fixed by the packages in testing: # yum --enablerepo=updates-testing update apr-util httpd
installed packages from updates testing, and woo-hoo, its all good now! well, at my site at least. cheers, j
I've just tested (the httpd packages have finally arrived at my mirror...) and it works good! The bug can be closed, packages can go to updates IMHO.
I can confirm that packages from updates/test works OK. We had problem with php-ldap with squirrelmail, now is OK.
*** Bug 197333 has been marked as a duplicate of this bug. ***
apr-util-1.2.7-1.1 packages pushed to updates which fix the apr-util side of this.
*** Bug 212473 has been marked as a duplicate of this bug. ***