[Dovecot] dovecotpw/sql crypt scheme core dump with rc17-19
Platform is Solaris 8 on a 280R.
I'm setting up a new installation of Dovecot, and I ran into some troubles that I've partly tracked down.
I setup auth/user dbs with LDAP initially, and things worked well.
Passwords are stored as "{crypt}zxcv..." in LDAP.
I setup SQL, and began getting this:
dovecot: Jan 23 16:37:47 Error: child 8718 (auth-worker) killed with signal 11
Passwords are stored as "zxcv..." in SQL.
I changed default_pass_scheme from CRYPT to PLAIN, and no troubles.
I then tried dovecotpw:
dovecotpw -p 123 -s PLAIN-MD5
{PLAIN-MD5}202cb962ac59075b964b07152d234b70
dovecotpw -p 123 -s CRYPT
Segmentation Fault (core dumped)
So I then tried this: truss dovecotpw -p 123 -s crypt
open64("/dev/urandom", O_RDONLY) = 3 read(3, "F80E82 c", 4) = 4 fcntl(3, F_GETFD, 0x00000000) = 0 fcntl(3, F_SETFD, 0x00000001) = 0 open64("/usr/local/lib/dovecot/auth/password", O_RDONLY|O_NDELAY) Err#2 ENOENT read(3, "8382", 2) = 2 Incurred fault #6, FLTBOUNDS %pc = 0xFF0E3304 siginfo: SIGSEGV SEGV_MAPERR addr=0x00000005 Received signal #11, SIGSEGV [default] siginfo: SIGSEGV SEGV_MAPERR addr=0x00000005 *** process killed ***
Suffice to say, there is no "/usr/local/lib/dovecot/auth/password".
I'm guessing that the dovecot auth-worker process is failing for the same reason but I don't know how to debug that one.
I have core files for the dovecotpw process.
-- André Dalle Systems Administrator NCF Internet
I'm using bind auth for LDAP - this is probably why I don't run into the problem there.
I checked the core file - the program was ending on DES_set_key_unchecked - an OpenSSL function.
I changed auth/mycrypt.c to use the OpenSSL crypt function:
char *mycrypt(const char *key, const char *salt) { return DES_crypt(key, salt); }
After rebuilding the binaries, they work with the OpenSSL function: dovecotpw -p123 -scrypt {CRYPT}VZtB3DdcYpi0E
I now have the passdb running against SQL and all is well.
I don't know which is faster... Solaris crypt() or OpenSSL DES_crypt(); but CPU is not an issue on my server so I'll take the tradeoff.
On Tue, Jan 23, 2007 at 05:06:24PM -0500, Andre Dalle wrote:
Platform is Solaris 8 on a 280R.
I'm setting up a new installation of Dovecot, and I ran into some troubles that I've partly tracked down.
I setup auth/user dbs with LDAP initially, and things worked well.
Passwords are stored as "{crypt}zxcv..." in LDAP.
I setup SQL, and began getting this:
dovecot: Jan 23 16:37:47 Error: child 8718 (auth-worker) killed with signal 11
Passwords are stored as "zxcv..." in SQL.
I changed default_pass_scheme from CRYPT to PLAIN, and no troubles.
I then tried dovecotpw:
dovecotpw -p 123 -s PLAIN-MD5 {PLAIN-MD5}202cb962ac59075b964b07152d234b70 dovecotpw -p 123 -s CRYPT
Segmentation Fault (core dumped)So I then tried this: truss dovecotpw -p 123 -s crypt
open64("/dev/urandom", O_RDONLY) = 3 read(3, "F80E82 c", 4) = 4 fcntl(3, F_GETFD, 0x00000000) = 0 fcntl(3, F_SETFD, 0x00000001) = 0 open64("/usr/local/lib/dovecot/auth/password", O_RDONLY|O_NDELAY) Err#2 ENOENT read(3, "8382", 2) = 2 Incurred fault #6, FLTBOUNDS %pc = 0xFF0E3304 siginfo: SIGSEGV SEGV_MAPERR addr=0x00000005 Received signal #11, SIGSEGV [default] siginfo: SIGSEGV SEGV_MAPERR addr=0x00000005 *** process killed ***
Suffice to say, there is no "/usr/local/lib/dovecot/auth/password".
I'm guessing that the dovecot auth-worker process is failing for the same reason but I don't know how to debug that one.
I have core files for the dovecotpw process.
-- André Dalle Systems Administrator NCF Internet
-- André Dalle Systems Administrator NCF Internet
On 24.1.2007, at 4.08, Andre Dalle wrote:
I'm using bind auth for LDAP - this is probably why I don't run
into the problem there.I checked the core file - the program was ending on
DES_set_key_unchecked - an OpenSSL function.I changed auth/mycrypt.c to use the OpenSSL crypt function:
char *mycrypt(const char *key, const char *salt) { return DES_crypt(key, salt); }
I guess the OpenSSL library somehow conflicted with libc's crypt().
Dovecot doesn't directly link OpenSSL to dovecot-auth, but LDAP and
SQL libraries could make it included. I'm not sure if I can do
anything to fix this properly.
participants (2)
-
Andre Dalle
-
Timo Sirainen