Re: BUG #5121: Segmentation Fault when using pam w/ krb5

Tom/ Heikki ,

This is a custom build. I used "./configure --with-pam --with-perl --with-python --enable-thread-safety --with-openssl --with-krb5".

Gdb output below...

Core was generated by `postgres: rdouglas tacacs 10.0'.
Program terminated with signal 11, Segmentation fault.
#0 0x0000000000559624 in pam_passwd_conv_proc ()
Missing separate debuginfos, use: debuginfo-install audit-libs-1.7.13-1.fc11.x86_64
(gdb) bt
#0 0x0000000000559624 in pam_passwd_conv_proc ()
#1 0x00007f738dfeedd8 in _pam_krb5_conv_call (pamh=<value optimized out>, messages=0xb51780, n_prompts=0, responses=0x7fff2e356668) at conv.c:99
#2 0x00007f738dfefb38 in _pam_krb5_generic_prompter (context=<value optimized out>, data=0x7fff2e357fe0, name=<value optimized out>, banner=<value optimized out>, num_prompts=1,
prompts=<value optimized out>, suppress_password_prompts=1) at prompter.c:330
#3 0x00007f738dfefe10 in _pam_krb5_normal_prompter (context=0x0, data=0xb51890, name=0x7fff2e356668 "", banner=0x79df27 "", num_prompts=0, prompts=0x101010101010101)
at prompter.c:409
#4 0x00000031d3660bce in krb5_get_as_key_password (context=0xb4e710, client=<value optimized out>, etype=23, prompter=<value optimized out>, prompter_data=<value optimized out>,
salt=0x7fff2e356f00, params=0x7fff2e356ef0, as_key=0x7fff2e356ec0, gak_data=0x7fff2e357120) at gic_pwd.c:61
#5 0x00000031d3667713 in pa_enc_timestamp (context=0xb4e710, request=<value optimized out>, in_padata=<value optimized out>, out_padata=0x7fff2e356d30, salt=<value optimized out>,
s2kparams=<value optimized out>, etype=0x7fff2e356f4c, as_key=0x7fff2e356ec0, prompter=0x7f738dfefe00 <_pam_krb5_normal_prompter>, prompter_data=0x7fff2e357fe0,
gak_fct=0x31d36609f0 <krb5_get_as_key_password>, gak_data=0x7fff2e357120) at preauth2.c:635
#6 0x00000031d3667e0c in krb5_do_preauth (context=<value optimized out>, request=0x7fff2e356e40, encoded_request_body=<value optimized out>,
encoded_previous_request=<value optimized out>, in_padata=0xb51060, out_padata=<value optimized out>, salt=0x7fff2e356f00, s2kparams=0x7fff2e356ef0, etype=0x7fff2e356f4c,
as_key=0x7fff2e356ec0, prompter=0x7f738dfefe00 <_pam_krb5_normal_prompter>, prompter_data=0x7fff2e357fe0, gak_fct=0x31d36609f0 <krb5_get_as_key_password>,
gak_data=0x7fff2e357120, get_data_rock=0x7fff2e356ee0, opte=0xb4ec50) at preauth2.c:1586
#7 0x00000031d365f251 in krb5_get_init_creds (context=0xb4e710, creds=<value optimized out>, client=<value optimized out>, prompter=<value optimized out>,
prompter_data=<value optimized out>, start_time=<value optimized out>, in_tkt_service=0x7fff2e358050 "krbtgt/THEXCHANGE(dot)COM(at)THEXCHANGE(dot)COM", options=0xb4ec50,
gak_fct=0x31d36609f0 <krb5_get_as_key_password>, gak_data=0x7fff2e357120, use_master=0x7fff2e35715c, as_reply=0x7fff2e357150) at get_in_tkt.c:1106
#8 0x00000031d3660f18 in krb5_get_init_creds_password (context=0xb4e710, creds=<value optimized out>, client=<value optimized out>, password=<value optimized out>,
prompter=0x7f738dfefe00 <_pam_krb5_normal_prompter>, data=<value optimized out>, start_time=0, in_tkt_service=0x7fff2e358050 "krbtgt/THEXCHANGE(dot)COM(at)THEXCHANGE(dot)COM",
options=0xb4ec50) at gic_pwd.c:139
#9 0x00007f738dff5571 in v5_get_creds (ctx=0xb4e710, pamh=<value optimized out>, creds=<value optimized out>, user=<value optimized out>, userinfo=0xb4efe0, options=0xb4ecb0,
service=0x7f738dff9bf8 "krbtgt", password=0x0, gic_options=0xb4ec50, prompter=0x7f738dfefe00 <_pam_krb5_normal_prompter>, result=0xb505c4) at v5.c:1014
#10 0x00007f738dfeb3cf in pam_sm_authenticate (pamh=0xb5f460, flags=0, argc=<value optimized out>, argv=<value optimized out>) at auth.c:423
#11 0x00000031d0202c1e in _pam_dispatch_aux (use_cached_chain=<value optimized out>, resumed=<value optimized out>, h=<value optimized out>, flags=<value optimized out>,
pamh=<value optimized out>) at pam_dispatch.c:110
#12 _pam_dispatch (use_cached_chain=<value optimized out>, resumed=<value optimized out>, h=<value optimized out>, flags=<value optimized out>, pamh=<value optimized out>)
at pam_dispatch.c:407
#13 0x00000031d0202500 in pam_authenticate (pamh=0xb5f460, flags=0) at pam_auth.c:34
#14 0x00000000005598ed in CheckPAMAuth.clone.0 ()
#15 0x0000000000559b96 in ClientAuthentication ()
#16 0x00000000005b25dc in BackendInitialize ()
#17 0x00000000005b2ebc in ServerLoop ()
#18 0x00000000005b559c in PostmasterMain ()
#19 0x00000000005617d0 in main ()

-----Original Message-----
From: Heikki Linnakangas [mailto:heikki(dot)linnakangas(at)enterprisedb(dot)com]
Sent: Thursday, October 15, 2009 5:23 PM
To: Douglas, Ryan
Cc: pgsql-bugs(at)postgresql(dot)org
Subject: Re: [BUGS] BUG #5121: Segmentation Fault when using pam w/ krb5

Ryan Douglas wrote:
> The following bug has been logged online:
>
> Bug reference: 5121
> Logged by: Ryan Douglas
> Email address: rdouglas(at)arbinet(dot)com
> PostgreSQL version: 8.4.1
> Operating system: Fedora 11
> Description: Segmentation Fault when using pam w/ krb5
> Details:
>
> Whenever I use psql to remotely connect to the database the server crashes
> (see log below). If I use psql with the '-W' option then it's fine.
>
> I also tested with pam_tacplus.so and in both cases the db didn't crash. It
> just complained about not having credentials to authenticate when the -W
> option is not used.
>
> I can reproduce at will so let me know if you need more information.

Can you get a stack trace with gdb? Something along the lines of:

ulimit -c unlimited
(start postmaster)
(reproduce the crash)
gdb /usr/bin/postgres $PGDATA/core
bt

--
Heikki Linnakangas
EnterpriseDB http://www.enterprisedb.com