v3.0.x : ABORT in radius_map2request #652

Closed
olivierbeytrison opened this Issue May 22, 2014 · 1 comment

Projects

None yet

2 participants

@olivierbeytrison
Contributor

happen in rlm_ldap when mapping ldap attributes to radius

Happen only when it has to create two or more of the same attributes.

User with a single ldap attribute :

 Debug: rlm_ldap (ldap): Reserved connection (29)
 Debug: (6)   ldap : Performing search in 'ou=people,o=hefr' with filter '(uid=xx.xx)', scope 'sub'
 Debug: (6)   ldap : Waiting for search result...
 Debug: (6)   ldap : User object found at DN "cn=xx.xx,ou=courant,ou=people,o=hefr"
 Debug: (6)   ldap : Added eDirectory password.  control:Cleartext-Password += 'xxxxxxxxxx'
 Debug: (6)   ldap : Binding as user for eDirectory authorization checks
 Debug: (6)   ldap : Waiting for bind result...
 Debug: (6)   ldap : Bind successful
 Debug: (6)   ldap : Bind as user 'cn=xx.xx,ou=courant,ou=people,o=hefr' was successful
 Debug: (6)   ldap : Processing user attributes
 Debug: (6)   ldap :  &control:HESSO-Role += '31935762-440774439#RORG-HEFR-EIFR-INTR-INFO#EMP#COL'
 Debug: rlm_ldap (ldap): Released connection (29)

user with two attributes :

Debug: rlm_ldap (ldap): Reserved connection (29)
Debug: (169)   ldap : Performing search in 'ou=people,o=hefr' with filter '(uid=yyy.yyy)', scope 'sub'
Debug: (169)   ldap : Waiting for search result...
Debug: (169)   ldap : User object found at DN "cn=yyy.yyy,ou=courant,ou=people,o=hefr"
Debug: (169)   ldap : Added eDirectory password.  control:Cleartext-Password += 'xxxxxxxxx'
Debug: (169)   ldap : Binding as user for eDirectory authorization checks
Debug: (169)   ldap : Waiting for bind result...
Debug: (169)   ldap : Bind successful
Debug: (169)   ldap : Bind as user 'cn=yyy.yyy,ou=courant,ou=people,o=hefr' was successful
Debug: (169)   ldap : Processing user attributes
Debug: (15)   ldap :         &control:HESSO-Role += '940133873-3017514227#RORG-HEFR-TSFR#STD#'
Debug: (15)   ldap :         &control:HESSO-Role += '940133873-3017514227#RACA-TRSO-TSOC#STD#'    
Error: ASSERT FAILED src/main/valuepair.c[1046]: !head || head->next == NULL

BT

#0  0x00007ffff653c425 in __GI_raise (sig=<optimized out>) at ../nptl/sysdeps/unix/sysv/linux/raise.c:64
        resultvar = 0
        pid = <optimized out>
        selftid = 16517
#1  0x00007ffff653fb8b in __GI_abort () at abort.c:91
        save_stage = 2
        act = {__sigaction_handler = {sa_handler = 0x50, sa_sigaction = 0x50}, sa_mask = {__val = {160, 140737325878344, 140737354073312, 0, 9138112, 140737488333168, 140737349724399, 4294967295, 21340595528, 206158430248, 9138112, 
              2277528, 0, 0, 0, 140737349603328}}, sa_flags = -136411276, sa_restorer = 0x7fff00000001}
        sigs = {__val = {32, 0 <repeats 15 times>}}
#2  0x00007ffff7bcc585 in rad_assert_fail (file=0x7ffff7bd1437 "src/main/valuepair.c", line=1046, expr=0x7ffff7bd1718 "!head || head->next == NULL") at src/main/util.c:334
No locals.
#3  0x00007ffff7bbf118 in radius_map2request (request=0x93cee0, map=0x9209d0, src=0x920be0 "hessoRole", func=0x7ffff21d3530 <rlm_ldap_map_getvalue>, ctx=0x7fffffffaaa0) at src/main/valuepair.c:1046
        rcode = 0
        num = 11604928
        list = 0x93cf08
        vp = 0x0
        head = 0x9420c0
        context = 0x93cee0
        parent = 0x93cee0
        cursor = {first = 0x7fffffffaa10, found = 0x0, last = 0x0, current = 0x0, next = 0x0}
#4  0x00007ffff21d41cc in rlm_ldap_map_do (inst=0x91e500, request=0x93cee0, handle=0xadfc70, expanded=0x7fffffffab10, entry=0xb29500) at src/modules/rlm_ldap/attrmap.c:369
        map = 0x9209d0
        total = 1
        result = {values = 0xb113c0, count = 2}
        name = 0x920be0 "hessoRole"
#5  0x00007ffff21d2bc8 in mod_authorize (instance=0x91e500, request=0x93cee0) at src/modules/rlm_ldap/rlm_ldap.c:997
        rcode = RLM_MODULE_OK
        status = LDAP_PROC_SUCCESS
        ldap_errno = 4
        i = 0
        inst = 0x91e500
        vals = 0x7fffffffb1f0
        vp = 0xb63e60
        conn = 0xae01d0
        result = 0xb29500
        entry = 0xb29500
        dn = 0xb53720 "cn=myrtha.fischer,ou=courant,ou=people,o=hefr"
        expanded = {maps = 0x9209d0, attrs = {0x920be0 "hessoRole", 0x0, 0xffffabf0 <Address 0xffffabf0 out of bounds>, 0x7fffffffab70 "\240\253\377\377\377\177", 0x7ffff797b283 "\211E\374\203", <incomplete sequence \374>, 
            0x7fffffffabf0 "\350\003", 0x7023c63ff7973f6a <Address 0x7023c63ff7973f6a out of bounds>, 0x805130 "\270Oi", 0x694f90 "K\034", 0x805130 "\270Oi", 0xf7bcb138 <Address 0xf7bcb138 out of bounds>, 
            0x7fffffffaba0 "Ы\377\377\377\177", 0x7ffff797b9d5 "\311\303UH\211\345H\203\354 H\211}\350H\211u\340H\203", <incomplete sequence \350>, 0x7fffffffabf0 "\350\003", 0x694f90 "K\034", 
            0xfc63c40e00b53720 <Address 0xfc63c40e00b53720 out of bounds>, 0x7023c63f0000040e <Address 0x7023c63f0000040e out of bounds>, 0x7fffffffabd0 "\220\254\377\377\377\177", 
            0x7ffff797ba8f "H\211E\370H\203", <incomplete sequence \370>, 0x7fffffffabf0 "\350\003", 0x694f90 "K\034", 0x7fa5c8 "\350\003", 0x805130 "\270Oi", 0x7fffffffac90 "б\377\377\377\177", 
            0x7ffff79797b4 "\311\303UH\211\345H\201\354\300", 0x7ffff5a71241 "EAP", 0x3e800000000 <Address 0x3e800000000 out of bounds>, 0x3e8 <Address 0x3e8 out of bounds>, 
            0x504145f7126cb0 <Address 0x504145f7126cb0 out of bounds>, 0x7fffffffac40 "\260\254\377\377\377\177", 0x93cee0  <incomplete sequence \336>, 0x7fffffffac40 "\260\254\377\377\377\177", 
            0x7ffff79739e4 "H\203\350\001H\211E\370H\213E\350H\213@(H;E\370vaH\213E\350H\213@(H\213U\350H\213\022H\215r\020H\213U\370H\211\321H\211\302H\215=ڄ\002", 0x7fffffffac40 "\260\254\377\377\377\177", 0xb53670 "\260o\177", 
            0xffffffffffffffff <Address 0xffffffffffffffff out of bounds>, 0x5 <Address 0x5 out of bounds>, 0x7fffffffacb0 "\020\255\377\377\377\177", 0x8b6fc0 "(User-Name =~ /SOFR.(.*)$/) ", 0x7fffffffac90 "б\377\377\377\177", 
            0x457eda "noop", 0x7fffffffe6c0 "\002", 0x0, 0x0, 0x7ffff797e174 "H\213\020H\213E\370\017\266", 0x7fffffffabf0 "\350\003", 0x0, 0x7fffffffb1d0 "p\263\377\377\377\177", 
            0x7ffff799432f "H\211\205H\373\377\377H\203\275H\373\377\377", 0x7fffffffacd8 "C\202E", 0x2754c1a668c58200 <Address 0x2754c1a668c58200 out of bounds>, 0x7fffffffad10 "\300\255\377\377\377\177", 0x8b7990 "request", 
            0x7ffff5a71241 "EAP", 0x941f10 "\220j\177", 0x7ffff5a71241 "EAP", 0x458243 "%.*s} # %s %s = %s", 0x93cee0  <incomplete sequence \336>, 0x1000000002 <Address 0x1000000002 out of bounds>, 0x0, 
            0x3000000020 <Address 0x3000000020 out of bounds>, 0x7fffffffadd0 "0y\213", 0x7fffffffad10 "\300\255\377\377\377\177", 0x7fffffffadc0 "\260\263\377\377\377\177", 0x7fa5c8 "\350\003", 0x0, 0x0, 
            0x3 <Address 0x3 out of bounds>, 0x4580b0 ' ' <repeats 64 times>, 0xb0fc10 "\220", <incomplete sequence \374\260>, 0x93cee0  <incomplete sequence \336>, 0x93d0e0 "Pғ", 0x0, 0xb53350 "8\274\200", 0xb53670 "\260o\177", 
            0x0, 0x0, 0xb53670 "\260o\177", 0x93cee0  <incomplete sequence \336>, 0x93d0e0 "Pғ", 0x45821f "<invalid>", 0x700b53670 <Address 0x700b53670 out of bounds>, 0x66ad20 "\251~E", 0x7fffffffd6b8 "\v\334\377\377\377\177", 
            0x8b7840 "", 0x7fffffffb3b0 "", 0x425812 "\351d\024", 0x8b7930 "update", 0x8b7990 "request", 0x457eda "noop", 0x8b6070 "authorize", 0x7fffffffaef0 "", 0x7fffffffc090 "\a", 
            0x100000002 <Address 0x100000002 out of bounds>, 0x93cee0  <incomplete sequence \336>, 0x93cee0  <incomplete sequence \336>, 0x1000000001 <Address 0x1000000001 out of bounds>, 0x457eda "noop", 
            0x3000000020 <Address 0x3000000020 out of bounds>, 0x7fffffffaf00 "", 0x7fffffffae40 "\337G\275\367\377\177", 0x7ffff7bd47df "", 0x0, 0x1 <Address 0x1 out of bounds>, 
            0x2754c1a668c58200 <Address 0x2754c1a668c58200 out of bounds>, 0xb0f810 "Proxy-To-Realm", 0xb53484 "", 0xb53470 "SOFR\\\\myrtha.fischer", 0xb53484 "", 0xb29020 "ERCPK", 0x0, 0x53 <Address 0x53 out of bounds>, 
            0x7ffff5ea0051 "H\203|$P", 0x0, 0x0, 0x7fff00000000 <Address 0x7fff00000000 out of bounds>, 0x7fff00000000 <Address 0x7fff00000000 out of bounds>, 0x0, 0x7ffff7bd14c7 "<INVALID>", 
            0xbffffaf30 <Address 0xbffffaf30 out of bounds>, 0x7ffff7ba9ba0 "\320%\232\367\377\177", 0xb53470 "SOFR\\\\myrtha.fischer", 0x0, 0x0, 0xb0fdd0 "\260", <incomplete sequence \372\260>, 0x0, 
            0xb0fdd0 "\260", <incomplete sequence \372\260>, 0x7fffffffafbc "\001", 0x52 <Address 0x52 out of bounds>, 0x10 <Address 0x10 out of bounds>, 0x0, 0x0, 0x7fff00000072 <Address 0x7fff00000072 out of bounds>}, count = 1}
#6  0x0000000000424dd7 in call_modsingle (component=RLM_COMPONENT_AUTZ, sp=0xb0fec0, request=0x93cee0) at src/main/modcall.c:309
        blocked = 0
#7  0x00000000004254e0 in modcall_recurse (request=0x93cee0, component=RLM_COMPONENT_AUTZ, depth=1, entry=0x7fffffffc078) at src/main/modcall.c:577
        sp = 0xb0fec0
        if_taken = false
        was_if = false
        c = 0xb0fec0
        priority = -1
        result = RLM_MODULE_UPDATED
#8  0x0000000000424f9b in modcall_child (request=0x93cee0, component=RLM_COMPONENT_AUTZ, depth=1, entry=0x7fffffffc060, c=0xb0f5f0, result=0x7fffffffbbe8) at src/main/modcall.c:411
        next = 0x7fffffffc078
#9  0x0000000000426135 in modcall_recurse (request=0x93cee0, component=RLM_COMPONENT_AUTZ, depth=0, entry=0x7fffffffc060) at src/main/modcall.c:783
        g = 0xb0f560
        if_taken = false
        was_if = false
        c = 0xb0f560
        priority = -1
        result = RLM_MODULE_UNKNOWN
#10 0x0000000000426ef0 in modcall (component=RLM_COMPONENT_AUTZ, c=0xb0f560, request=0x93cee0) at src/main/modcall.c:1093
        stack = {{result = RLM_MODULE_NOTFOUND, priority = 0, unwind = 0, c = 0xb0f560}, {result = RLM_MODULE_UPDATED, priority = 4, unwind = 0, c = 0xb0fec0}, {result = RLM_MODULE_NOOP, priority = 2, unwind = 0, c = 0x0}, {
            result = RLM_MODULE_REJECT, priority = 0, unwind = 0, c = 0x0} <repeats 29 times>}
#11 0x000000000042272b in indexed_modcall (comp=RLM_COMPONENT_AUTZ, idx=0, request=0x93cee0) at src/main/modules.c:818
        rcode = RLM_MODULE_REJECT
        list = 0xb0f560
        server = 0xb0efd0
#12 0x00000000004246c7 in process_authorize (autz_type=0, request=0x93cee0) at src/main/modules.c:1784
No locals.
#13 0x000000000040d8bb in rad_authenticate (request=0x93cee0) at src/main/auth.c:420
        check_item = 0x14
        module_msg = 0x1600000001
        tmp = 0x0
        result = 32767
        autz_retry = 0 '\000'
        autz_type = 0
#14 0x000000000040e196 in rad_virtual_server (request=0x93cee0) at src/main/auth.c:659
        vp = 0x0
        result = 0
#15 0x00007ffff524f51c in eappeap_process (handler=0xb69250, tls_session=0xb425a0) at src/modules/rlm_eap/types/rlm_eap_peap/peap.c:1026
        t = 0xb64ef0
        fake = 0x93cee0
        vp = 0x0
        rcode = RLM_MODULE_REJECT
        data = 0xb466dc "\032\002\006"
        data_len = 74
        p = 0x7fffffffe6c0 "\002"
        request = 0xb41690
        eap_ds = 0xb693c0
#16 0x00007ffff524cea3 in mod_authenticate (arg=0x8e3f50, handler=0xb69250) at src/modules/rlm_eap/types/rlm_eap_peap/rlm_eap_peap.c:361
        rcode = 32512
        status = FR_TLS_OK
        inst = 0x8e3f50
        tls_session = 0xb425a0
        peap = 0xb64ef0
        request = 0xb41690
#17 0x00007ffff5a6dd07 in eap_module_call (module=0x8e2e90, handler=0xb69250) at src/modules/rlm_eap/eap.c:217
        rcode = 1
        request = 0xb41690
        caller = 0x8de170 "eap"
#18 0x00007ffff5a6e57d in eap_method_select (inst=0x8df020, handler=0xb69250) at src/modules/rlm_eap/eap.c:473
        type = 0xb68990
        request = 0xb41690
        next = PW_EAP_PEAP
        vp = 0x93cc30
#19 0x00007ffff5a6cbe3 in mod_authenticate (instance=0x8df020, request=0xb41690) at src/modules/rlm_eap/rlm_eap.c:309
        inst = 0x8df020
        handler = 0xb69250
        eap_packet = 0x0
        status = 9298288
        rcode = RLM_MODULE_REJECT
#20 0x0000000000424dd7 in call_modsingle (component=RLM_COMPONENT_AUTH, sp=0xb142b0, request=0xb41690) at src/main/modcall.c:309
        blocked = 0
#21 0x00000000004254e0 in modcall_recurse (request=0xb41690, component=RLM_COMPONENT_AUTH, depth=1, entry=0x7fffffffd828) at src/main/modcall.c:577
        sp = 0xb142b0
        if_taken = false
        was_if = false
        c = 0xb142b0
        priority = -1
@arr2036
Member
arr2036 commented May 22, 2014

@alandekok leave this one, i've got a proper fix which deals with multiple attributes correctly

@arr2036 arr2036 closed this in baa4d98 May 23, 2014
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment