Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Bug#784112: /usr/sbin/saslauthd: saslauthd segfaults
104 views
Skip to first unread message
Thomas Kupka
May 3, 2015, 4:40:02 AM5/3/15
to
Package: sasl2-bin
Version: 2.1.26.dfsg1-13
Severity: important
File: /usr/sbin/saslauthd
Dear Maintainer,
since upgrading to Jessie, all saslauthd processes segfault on a multiple daily basis:
May 3 06:26:12 mail kernel: [22739.740552] saslauthd[763]: segfault at 0 ip 00007faffd5d8c8a sp 00007ffda85ebe48 error 4 in libc-2.19.so[7faffd557000+19f000]
May 3 06:26:12 mail kernel: [22739.928344] saslauthd[739]: segfault at 0 ip 00007faffd5d8c8a sp 00007ffda85ebe48 error 4 in libc-2.19.so[7faffd557000+19f000]
May 3 06:26:12 mail kernel: [22740.127304] saslauthd[760]: segfault at 0 ip 00007faffd5d8c8a sp 00007ffda85ebe48 error 4 in libc-2.19.so[7faffd557000+19f000]
May 3 10:04:24 mail kernel: [35831.420577] saslauthd[761]: segfault at 0 ip 00007faffd5d8c8a sp 00007ffda85ebe48 error 4 in libc-2.19.so[7faffd557000+19f000]
May 3 10:04:24 mail kernel: [35831.607218] saslauthd[762]: segfault at 0 ip 00007faffd5d8c8a sp 00007ffda85ebe48 error 4 in libc-2.19.so[7faffd557000+19f000]
May 3 10:04:24 mail postfix/smtpd[17269]: warning: SASL authentication failure: cannot connect to saslauthd server: Connection refused
I have not changed any configuration related to postfix, cyrus or saslauthd during the upgrade. Prior to the upgrade, no issues have been experienced with saslauthd ever.
- Thomas
-- System Information:
Debian Release: 8.0
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 3.16.0-4-amd64 (SMP w/1 CPU core)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages sasl2-bin depends on:
ii db-util 5.3.0
ii debconf [debconf-2.0] 1.5.56
ii libc6 2.19-18
ii libcomerr2 1.42.12-1.1
ii libdb5.3 5.3.28-9
ii libgssapi-krb5-2 1.12.1+dfsg-19
ii libk5crypto3 1.12.1+dfsg-19
ii libkrb5-3 1.12.1+dfsg-19
ii libldap-2.4-2 2.4.40+dfsg-1
ii libpam0g 1.1.8-3.1
ii libsasl2-2 2.1.26.dfsg1-13
ii libssl1.0.0 1.0.1k-3
sasl2-bin recommends no packages.
sasl2-bin suggests no packages.
-- Configuration Files:
/etc/default/saslauthd changed:
START=yes
DESC="SASL Authentication Daemon"
NAME="saslauthd"
MECHANISMS="shadow"
MECH_OPTIONS=""
THREADS=5
OPTIONS="-c -m /var/spool/postfix/var/run/saslauthd"
/etc/init.d/saslauthd changed:
PATH=/sbin:/usr/sbin:/bin:/usr/bin
DAEMON=/usr/sbin/saslauthd
DEFAULT_FILES=`find /etc/default -regex '/etc/default/saslauthd[_a-zA-Z0-9\-]*$' -print | sort`
[ -x "$DAEMON" ] || exit 0
. /lib/init/vars.sh
[ -e /var/run/saslauthd ] || ln -s /var/spool/postfix/var/run/saslauthd /var/run/saslauthd
. /lib/lsb/init-functions
do_startall()
{
for instance in $DEFAULT_FILES
do
start_instance $instance
done
}
do_stopall()
{
for instance in $DEFAULT_FILES
do
stop_instance $instance
done
}
do_reloadall()
{
for instance in $DEFAULT_FILES
do
reload_instance $instance
done
}
do_checkall()
{
for instance in $DEFAULT_FILES
do
check_instance $instance
done
}
start_instance()
{
# Load defaults file for this instance.
. $1
# If the daemon is not enabled, give the user a warning and stop.
if [ "$START" != "yes" ]; then
log_warning_msg "To enable $NAME, edit $1 and set START=yes"
return 0
fi
# If the short name of this instance is undefined, warn the user
# but choose a default name.
if [ -z "$NAME" ]; then
log_warning_msg "Short name (NAME) undefined in $1, using default"
NAME=default
fi
log_daemon_msg "Starting $DESC" "$NAME"
# Set OPTIONS to a default value, as noted in the defaults file
if [ -z "$OPTIONS" ]; then
log_warning_msg "Options (OPTIONS) undefined in $1, using default (-c -m /var/run/saslauthd)"
OPTIONS="-c -m /var/run/saslauthd"
fi
# Determine run directory and pid file location by looking
# for an -m option.
RUN_DIR=`echo "$OPTIONS" | xargs -n 1 echo | sed -n '/^-m$/{n;p}'`
if [ -z "$RUN_DIR" ]; then
# No run directory defined in defaults file, fail.
log_failure_msg "No run directory defined for $NAME (did you forget to set OPTIONS=\"-c -m /var/run/saslauthd\" in the defaults file?), not starting"
return 1
fi
PIDFILE=$RUN_DIR/saslauthd.pid
# If no mechanisms are defined, fail.
if [ -z "$MECHANISMS" ]; then
log_failure_msg "No mechanisms defined in $1, not starting $NAME"
return 1
fi
# If there are mechanism options defined, prepare them for use with
# the -O flag.
if [ -n "$MECH_OPTIONS" ]; then
MECH_OPTIONS="-O $MECH_OPTIONS"
fi
# If there is a threads option defined, prepare it for use with
# the -n flag.
if [ -n "$THREADS" ]; then
THREAD_OPTIONS="-n $THREADS"
fi
# Construct argument string.
DAEMON_ARGS="-a $MECHANISMS $MECH_OPTIONS $OPTIONS $THREAD_OPTIONS"
# If there is a statoverride for the run directory, then pull
# permission and ownership information from it and create the directory.
# Otherwise, we create the directory with default permissions and
# ownership (root:sasl, 710).
if dpkg-statoverride --list $RUN_DIR > /dev/null; then
createdir `dpkg-statoverride --list $RUN_DIR`
else
createdir root sasl 710 $RUN_DIR
fi
# Start the daemon, phase 1: see if it is already running.
start-stop-daemon --start --quiet --pidfile $PIDFILE --name $NAME \
--exec $DAEMON --test > /dev/null
if [ "$?" != "0" ]; then
log_progress_msg "(already running)"
log_end_msg 0
return 0
fi
# Start the daemon, phase 2: it was not running, so actually start it now.
start-stop-daemon --start --quiet --pidfile $PIDFILE --name $NAME \
--exec $DAEMON -- $DAEMON_ARGS
if [ "$?" -ne "0" ]; then
log_end_msg 1
return 1
fi
# Started successfully.
log_end_msg 0
return 0
}
stop_instance()
{
# Load defaults file for this instance.
. $1
# If the short name of this instance is undefined, warn the user
# but choose a default name.
if [ -z "$NAME" ]; then
log_warning_msg "Short name (NAME) undefined in $1, using default"
NAME=default
fi
# Set OPTIONS to a default value, as noted in the defaults file
if [ -z "$OPTIONS" ]; then
log_warning_msg "Options (OPTIONS) undefined in $1, using default (-c -m /var/run/saslauthd)"
OPTIONS="-c -m /var/run/saslauthd"
fi
# Determine run directory and pid file location by looking
# for an -m option.
RUN_DIR=`echo "$OPTIONS" | xargs -n 1 echo | sed -n '/^-m$/{n;p}'`
if [ -z "$RUN_DIR" ]; then
# No run directory defined in defaults file, fail.
log_failure_msg "No run directory defined for $NAME (did you forget to set OPTIONS=\"-c -m /var/run/saslauthd\" in the defaults file?), not starting"
return 2
fi
PIDFILE=$RUN_DIR/saslauthd.pid
log_daemon_msg "Stopping $DESC" "$NAME"
start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 \
--pidfile $PIDFILE --exec $DAEMON
if [ "$?" -eq "2" ]; then
# Failed to stop.
log_end_msg 1
return 2
fi
if [ "$?" -eq "1" ]; then
# Already stopped.
log_progress_msg "(not running)"
fi
# Many daemons don't delete their pidfiles when they exit.
rm -f $PIDFILE
# Stopped successfully.
log_end_msg 0
return $RETVAL
}
reload_instance()
{
# Load defaults file for this instance.
. $1
# If the short name of this instance is undefined, warn the user
# but choose a default name.
if [ -z "$NAME" ]; then
log_warning_msg "Short name (NAME) undefined in $1, using default"
NAME=default
fi
# Set OPTIONS to a default value, as noted in the defaults file
if [ -z "$OPTIONS" ]; then
log_warning_msg "Options (OPTIONS) undefined in $1, using default (-c -m /var/run/saslauthd)"
OPTIONS="-c -m /var/run/saslauthd"
fi
# Determine run directory and pid file location by looking
# for an -m option.
RUN_DIR=`echo "$OPTIONS" | xargs -n 1 echo | sed -n '/^-m$/{n;p}'`
if [ -z "$RUN_DIR" ]; then
# No run directory defined in defaults file, fail.
log_failure_msg "No run directory defined for $NAME (did you forget to set OPTIONS=\"-c -m /var/run/saslauthd\" in the defaults file?), not starting"
return 2
fi
PIDFILE=$RUN_DIR/saslauthd.pid
log_daemon_msg "Reloading $DESC" "$NAME"
# Reload the daemon. First, see if it is already running.
start-stop-daemon --start --quiet --pidfile $PIDFILE \
--exec $DAEMON --test > /dev/null
if [ "$?" -eq "0" ]; then
# Not running, signal this and stop.
log_progress_msg "(not running)"
log_end_msg 0
return 0
fi
start-stop-daemon --stop --signal 1 \
--pidfile $PIDFILE --exec $DAEMON
log_end_msg $?
}
check_instance()
{
# Load defaults file for this instance.
. $1
# If the short name of this instance is undefined, warn the user
# but choose a default name.
if [ -z "$NAME" ]; then
log_warning_msg "Short name (NAME) undefined in $1, using default"
NAME=default
fi
# Determine run directory and pid file location by looking
# for an -m option.
RUN_DIR=`echo "$OPTIONS" | xargs -n 1 echo | sed -n '/^-m$/{n;p}'`
if [ -z "$RUN_DIR" ]; then
# No run directory defined in defaults file, fail.
log_failure_msg "No run directory defined for $NAME, cannot check"
return 2
fi
PIDFILE=$RUN_DIR/saslauthd.pid
log_daemon_msg "Checking $DESC" "$NAME"
# Reload the daemon. First, see if it is already running.
start-stop-daemon --start --quiet --pidfile $PIDFILE \
--exec $DAEMON --test > /dev/null
if [ "$?" -eq "0" ]; then
# Not running, signal this and stop.
log_progress_msg "(not running)"
log_end_msg 3
return 3
fi
log_progress_msg "(running)"
log_end_msg $?
return 0
}
createdir()
{
# In the future, use -P/-Z to have SE Linux enhancement
install -d --group="$2" --mode="$3" --owner="$1" "$4"
[ -x /sbin/restorecon ] && /sbin/restorecon "$4"
}
case "$1" in
start)
do_startall
;;
stop)
do_stopall
;;
reload|force-reload)
do_reloadall
;;
restart)
do_stopall
do_startall
;;
status)
do_checkall
exit $?
;;
start-instance)
if [ -f /etc/default/$2 ]; then
start_instance /etc/default/$2
else
log_failure_msg "Instance $2 does not exist."
fi
;;
stop-instance)
if [ -f /etc/default/$2 ]; then
stop_instance /etc/default/$2
else
log_failure_msg "Instance $2 does not exist."
fi
;;
reload-instance|force-reload-instance)
if [ -f /etc/default/$2 ]; then
reload_instance /etc/default/$2
else
log_failure_msg "Instance $2 does not exist."
fi
;;
restart-instance)
if [ -f /etc/default/$2 ]; then
stop_instance /etc/default/$2
start_instance /etc/default/$2
else
log_failure_msg "Instance $2 does not exist."
fi
;;
*)
SCRIPTNAME=$0
echo "Usage: $SCRIPTNAME {start|stop|restart|reload|force-reload}" >&2
echo " or {start-instance|stop-instance|restart-instance|" >&2
echo " reload-instance|force-reload-instance} " \
"<instance name>" >&2
exit 3
;;
esac
:
-- debconf information excluded
--
To UNSUBSCRIBE, email to debian-bugs-...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listm...@lists.debian.org
Version: 2.1.26.dfsg1-13
Severity: important
File: /usr/sbin/saslauthd
Dear Maintainer,
since upgrading to Jessie, all saslauthd processes segfault on a multiple daily basis:
May 3 06:26:12 mail kernel: [22739.740552] saslauthd[763]: segfault at 0 ip 00007faffd5d8c8a sp 00007ffda85ebe48 error 4 in libc-2.19.so[7faffd557000+19f000]
May 3 06:26:12 mail kernel: [22739.928344] saslauthd[739]: segfault at 0 ip 00007faffd5d8c8a sp 00007ffda85ebe48 error 4 in libc-2.19.so[7faffd557000+19f000]
May 3 06:26:12 mail kernel: [22740.127304] saslauthd[760]: segfault at 0 ip 00007faffd5d8c8a sp 00007ffda85ebe48 error 4 in libc-2.19.so[7faffd557000+19f000]
May 3 10:04:24 mail kernel: [35831.420577] saslauthd[761]: segfault at 0 ip 00007faffd5d8c8a sp 00007ffda85ebe48 error 4 in libc-2.19.so[7faffd557000+19f000]
May 3 10:04:24 mail kernel: [35831.607218] saslauthd[762]: segfault at 0 ip 00007faffd5d8c8a sp 00007ffda85ebe48 error 4 in libc-2.19.so[7faffd557000+19f000]
May 3 10:04:24 mail postfix/smtpd[17269]: warning: SASL authentication failure: cannot connect to saslauthd server: Connection refused
I have not changed any configuration related to postfix, cyrus or saslauthd during the upgrade. Prior to the upgrade, no issues have been experienced with saslauthd ever.
- Thomas
-- System Information:
Debian Release: 8.0
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 3.16.0-4-amd64 (SMP w/1 CPU core)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages sasl2-bin depends on:
ii db-util 5.3.0
ii debconf [debconf-2.0] 1.5.56
ii libc6 2.19-18
ii libcomerr2 1.42.12-1.1
ii libdb5.3 5.3.28-9
ii libgssapi-krb5-2 1.12.1+dfsg-19
ii libk5crypto3 1.12.1+dfsg-19
ii libkrb5-3 1.12.1+dfsg-19
ii libldap-2.4-2 2.4.40+dfsg-1
ii libpam0g 1.1.8-3.1
ii libsasl2-2 2.1.26.dfsg1-13
ii libssl1.0.0 1.0.1k-3
sasl2-bin recommends no packages.
sasl2-bin suggests no packages.
-- Configuration Files:
/etc/default/saslauthd changed:
START=yes
DESC="SASL Authentication Daemon"
NAME="saslauthd"
MECHANISMS="shadow"
MECH_OPTIONS=""
THREADS=5
OPTIONS="-c -m /var/spool/postfix/var/run/saslauthd"
/etc/init.d/saslauthd changed:
PATH=/sbin:/usr/sbin:/bin:/usr/bin
DAEMON=/usr/sbin/saslauthd
DEFAULT_FILES=`find /etc/default -regex '/etc/default/saslauthd[_a-zA-Z0-9\-]*$' -print | sort`
[ -x "$DAEMON" ] || exit 0
. /lib/init/vars.sh
[ -e /var/run/saslauthd ] || ln -s /var/spool/postfix/var/run/saslauthd /var/run/saslauthd
. /lib/lsb/init-functions
do_startall()
{
for instance in $DEFAULT_FILES
do
start_instance $instance
done
}
do_stopall()
{
for instance in $DEFAULT_FILES
do
stop_instance $instance
done
}
do_reloadall()
{
for instance in $DEFAULT_FILES
do
reload_instance $instance
done
}
do_checkall()
{
for instance in $DEFAULT_FILES
do
check_instance $instance
done
}
start_instance()
{
# Load defaults file for this instance.
. $1
# If the daemon is not enabled, give the user a warning and stop.
if [ "$START" != "yes" ]; then
log_warning_msg "To enable $NAME, edit $1 and set START=yes"
return 0
fi
# If the short name of this instance is undefined, warn the user
# but choose a default name.
if [ -z "$NAME" ]; then
log_warning_msg "Short name (NAME) undefined in $1, using default"
NAME=default
fi
log_daemon_msg "Starting $DESC" "$NAME"
# Set OPTIONS to a default value, as noted in the defaults file
if [ -z "$OPTIONS" ]; then
log_warning_msg "Options (OPTIONS) undefined in $1, using default (-c -m /var/run/saslauthd)"
OPTIONS="-c -m /var/run/saslauthd"
fi
# Determine run directory and pid file location by looking
# for an -m option.
RUN_DIR=`echo "$OPTIONS" | xargs -n 1 echo | sed -n '/^-m$/{n;p}'`
if [ -z "$RUN_DIR" ]; then
# No run directory defined in defaults file, fail.
log_failure_msg "No run directory defined for $NAME (did you forget to set OPTIONS=\"-c -m /var/run/saslauthd\" in the defaults file?), not starting"
return 1
fi
PIDFILE=$RUN_DIR/saslauthd.pid
# If no mechanisms are defined, fail.
if [ -z "$MECHANISMS" ]; then
log_failure_msg "No mechanisms defined in $1, not starting $NAME"
return 1
fi
# If there are mechanism options defined, prepare them for use with
# the -O flag.
if [ -n "$MECH_OPTIONS" ]; then
MECH_OPTIONS="-O $MECH_OPTIONS"
fi
# If there is a threads option defined, prepare it for use with
# the -n flag.
if [ -n "$THREADS" ]; then
THREAD_OPTIONS="-n $THREADS"
fi
# Construct argument string.
DAEMON_ARGS="-a $MECHANISMS $MECH_OPTIONS $OPTIONS $THREAD_OPTIONS"
# If there is a statoverride for the run directory, then pull
# permission and ownership information from it and create the directory.
# Otherwise, we create the directory with default permissions and
# ownership (root:sasl, 710).
if dpkg-statoverride --list $RUN_DIR > /dev/null; then
createdir `dpkg-statoverride --list $RUN_DIR`
else
createdir root sasl 710 $RUN_DIR
fi
# Start the daemon, phase 1: see if it is already running.
start-stop-daemon --start --quiet --pidfile $PIDFILE --name $NAME \
--exec $DAEMON --test > /dev/null
if [ "$?" != "0" ]; then
log_progress_msg "(already running)"
log_end_msg 0
return 0
fi
# Start the daemon, phase 2: it was not running, so actually start it now.
start-stop-daemon --start --quiet --pidfile $PIDFILE --name $NAME \
--exec $DAEMON -- $DAEMON_ARGS
if [ "$?" -ne "0" ]; then
log_end_msg 1
return 1
fi
# Started successfully.
log_end_msg 0
return 0
}
stop_instance()
{
# Load defaults file for this instance.
. $1
# If the short name of this instance is undefined, warn the user
# but choose a default name.
if [ -z "$NAME" ]; then
log_warning_msg "Short name (NAME) undefined in $1, using default"
NAME=default
fi
# Set OPTIONS to a default value, as noted in the defaults file
if [ -z "$OPTIONS" ]; then
log_warning_msg "Options (OPTIONS) undefined in $1, using default (-c -m /var/run/saslauthd)"
OPTIONS="-c -m /var/run/saslauthd"
fi
# Determine run directory and pid file location by looking
# for an -m option.
RUN_DIR=`echo "$OPTIONS" | xargs -n 1 echo | sed -n '/^-m$/{n;p}'`
if [ -z "$RUN_DIR" ]; then
# No run directory defined in defaults file, fail.
log_failure_msg "No run directory defined for $NAME (did you forget to set OPTIONS=\"-c -m /var/run/saslauthd\" in the defaults file?), not starting"
return 2
fi
PIDFILE=$RUN_DIR/saslauthd.pid
log_daemon_msg "Stopping $DESC" "$NAME"
start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 \
--pidfile $PIDFILE --exec $DAEMON
if [ "$?" -eq "2" ]; then
# Failed to stop.
log_end_msg 1
return 2
fi
if [ "$?" -eq "1" ]; then
# Already stopped.
log_progress_msg "(not running)"
fi
# Many daemons don't delete their pidfiles when they exit.
rm -f $PIDFILE
# Stopped successfully.
log_end_msg 0
return $RETVAL
}
reload_instance()
{
# Load defaults file for this instance.
. $1
# If the short name of this instance is undefined, warn the user
# but choose a default name.
if [ -z "$NAME" ]; then
log_warning_msg "Short name (NAME) undefined in $1, using default"
NAME=default
fi
# Set OPTIONS to a default value, as noted in the defaults file
if [ -z "$OPTIONS" ]; then
log_warning_msg "Options (OPTIONS) undefined in $1, using default (-c -m /var/run/saslauthd)"
OPTIONS="-c -m /var/run/saslauthd"
fi
# Determine run directory and pid file location by looking
# for an -m option.
RUN_DIR=`echo "$OPTIONS" | xargs -n 1 echo | sed -n '/^-m$/{n;p}'`
if [ -z "$RUN_DIR" ]; then
# No run directory defined in defaults file, fail.
log_failure_msg "No run directory defined for $NAME (did you forget to set OPTIONS=\"-c -m /var/run/saslauthd\" in the defaults file?), not starting"
return 2
fi
PIDFILE=$RUN_DIR/saslauthd.pid
log_daemon_msg "Reloading $DESC" "$NAME"
# Reload the daemon. First, see if it is already running.
start-stop-daemon --start --quiet --pidfile $PIDFILE \
--exec $DAEMON --test > /dev/null
if [ "$?" -eq "0" ]; then
# Not running, signal this and stop.
log_progress_msg "(not running)"
log_end_msg 0
return 0
fi
start-stop-daemon --stop --signal 1 \
--pidfile $PIDFILE --exec $DAEMON
log_end_msg $?
}
check_instance()
{
# Load defaults file for this instance.
. $1
# If the short name of this instance is undefined, warn the user
# but choose a default name.
if [ -z "$NAME" ]; then
log_warning_msg "Short name (NAME) undefined in $1, using default"
NAME=default
fi
# Determine run directory and pid file location by looking
# for an -m option.
RUN_DIR=`echo "$OPTIONS" | xargs -n 1 echo | sed -n '/^-m$/{n;p}'`
if [ -z "$RUN_DIR" ]; then
# No run directory defined in defaults file, fail.
log_failure_msg "No run directory defined for $NAME, cannot check"
return 2
fi
PIDFILE=$RUN_DIR/saslauthd.pid
log_daemon_msg "Checking $DESC" "$NAME"
# Reload the daemon. First, see if it is already running.
start-stop-daemon --start --quiet --pidfile $PIDFILE \
--exec $DAEMON --test > /dev/null
if [ "$?" -eq "0" ]; then
# Not running, signal this and stop.
log_progress_msg "(not running)"
log_end_msg 3
return 3
fi
log_progress_msg "(running)"
log_end_msg $?
return 0
}
createdir()
{
# In the future, use -P/-Z to have SE Linux enhancement
install -d --group="$2" --mode="$3" --owner="$1" "$4"
[ -x /sbin/restorecon ] && /sbin/restorecon "$4"
}
case "$1" in
start)
do_startall
;;
stop)
do_stopall
;;
reload|force-reload)
do_reloadall
;;
restart)
do_stopall
do_startall
;;
status)
do_checkall
exit $?
;;
start-instance)
if [ -f /etc/default/$2 ]; then
start_instance /etc/default/$2
else
log_failure_msg "Instance $2 does not exist."
fi
;;
stop-instance)
if [ -f /etc/default/$2 ]; then
stop_instance /etc/default/$2
else
log_failure_msg "Instance $2 does not exist."
fi
;;
reload-instance|force-reload-instance)
if [ -f /etc/default/$2 ]; then
reload_instance /etc/default/$2
else
log_failure_msg "Instance $2 does not exist."
fi
;;
restart-instance)
if [ -f /etc/default/$2 ]; then
stop_instance /etc/default/$2
start_instance /etc/default/$2
else
log_failure_msg "Instance $2 does not exist."
fi
;;
*)
SCRIPTNAME=$0
echo "Usage: $SCRIPTNAME {start|stop|restart|reload|force-reload}" >&2
echo " or {start-instance|stop-instance|restart-instance|" >&2
echo " reload-instance|force-reload-instance} " \
"<instance name>" >&2
exit 3
;;
esac
:
-- debconf information excluded
--
To UNSUBSCRIBE, email to debian-bugs-...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listm...@lists.debian.org
Dan White
May 6, 2015, 10:20:04 AM5/6/15
to
On 05/03/15 10:24 +0200, Thomas Kupka wrote:
>Package: sasl2-bin
>Version: 2.1.26.dfsg1-13
>Severity: important
>File: /usr/sbin/saslauthd
>
>Dear Maintainer,
>
>since upgrading to Jessie, all saslauthd processes segfault on a multiple daily basis:
>
>May 3 06:26:12 mail kernel: [22739.740552] saslauthd[763]: segfault at 0 ip 00007faffd5d8c8a sp 00007ffda85ebe48 error 4 in libc-2.19.so[7faffd557000+19f000]
>May 3 06:26:12 mail kernel: [22739.928344] saslauthd[739]: segfault at 0 ip 00007faffd5d8c8a sp 00007ffda85ebe48 error 4 in libc-2.19.so[7faffd557000+19f000]
>May 3 06:26:12 mail kernel: [22740.127304] saslauthd[760]: segfault at 0 ip 00007faffd5d8c8a sp 00007ffda85ebe48 error 4 in libc-2.19.so[7faffd557000+19f000]
>May 3 10:04:24 mail kernel: [35831.420577] saslauthd[761]: segfault at 0 ip 00007faffd5d8c8a sp 00007ffda85ebe48 error 4 in libc-2.19.so[7faffd557000+19f000]
>May 3 10:04:24 mail kernel: [35831.607218] saslauthd[762]: segfault at 0 ip 00007faffd5d8c8a sp 00007ffda85ebe48 error 4 in libc-2.19.so[7faffd557000+19f000]
>May 3 10:04:24 mail postfix/smtpd[17269]: warning: SASL authentication failure: cannot connect to saslauthd server: Connection refused
Can you get a backtrace from the core dump, and debug output, e.g.:
>Package: sasl2-bin
>Version: 2.1.26.dfsg1-13
>Severity: important
>File: /usr/sbin/saslauthd
>
>Dear Maintainer,
>
>since upgrading to Jessie, all saslauthd processes segfault on a multiple daily basis:
>
>May 3 06:26:12 mail kernel: [22739.740552] saslauthd[763]: segfault at 0 ip 00007faffd5d8c8a sp 00007ffda85ebe48 error 4 in libc-2.19.so[7faffd557000+19f000]
>May 3 06:26:12 mail kernel: [22739.928344] saslauthd[739]: segfault at 0 ip 00007faffd5d8c8a sp 00007ffda85ebe48 error 4 in libc-2.19.so[7faffd557000+19f000]
>May 3 06:26:12 mail kernel: [22740.127304] saslauthd[760]: segfault at 0 ip 00007faffd5d8c8a sp 00007ffda85ebe48 error 4 in libc-2.19.so[7faffd557000+19f000]
>May 3 10:04:24 mail kernel: [35831.420577] saslauthd[761]: segfault at 0 ip 00007faffd5d8c8a sp 00007ffda85ebe48 error 4 in libc-2.19.so[7faffd557000+19f000]
>May 3 10:04:24 mail kernel: [35831.607218] saslauthd[762]: segfault at 0 ip 00007faffd5d8c8a sp 00007ffda85ebe48 error 4 in libc-2.19.so[7faffd557000+19f000]
>May 3 10:04:24 mail postfix/smtpd[17269]: warning: SASL authentication failure: cannot connect to saslauthd server: Connection refused
saslauthd -d -c -m /var/spool/postfix/var/run/saslauthd -a shadow
I can't reproduce your segfault on my unstable system running
2.1.26.dfsg1-13. However, I'm several version behind on some of the linked
libraries.
>-- Configuration Files:
>/etc/default/saslauthd changed:
>START=yes
>DESC="SASL Authentication Daemon"
>NAME="saslauthd"
>MECHANISMS="shadow"
replace it. Does it also produce a segfault?
--
Dan White
Thomas Kupka
May 8, 2015, 3:40:04 AM5/8/15
to
On Wed, 6 May 2015 09:10:15 -0500 Dan White <dwh...@olp.net> wrote:
> Can you get a backtrace from the core dump, and debug output, e.g.:
>
> saslauthd -d -c -m /var/spool/postfix/
> Can you get a backtrace from the core dump, and debug output, e.g.:
>
> saslauthd -d -c -m /var/spool/postfix/
It does not seem that debug gives out any interesting information. Here are the last lines from when the child processes died:
saslauthd[19194] :do_auth : auth success: [user=thomas] [service=imap] [realm=] [mech=shadow]
saslauthd[19194] :do_request : response: OK
saslauthd[19195] :rel_accept_lock : released accept lock
saslauthd[19193] :get_accept_lock : acquired accept lock
saslauthd[19193] :rel_accept_lock : released accept lock
saslauthd[19194] :get_accept_lock : acquired accept lock
saslauthd[19193] :do_auth : auth failure: [user=noauth] [service=smtp] [realm=] [mech=shadow] [reason=Invalid username]
saslauthd[19194] :rel_accept_lock : released accept lock
saslauthd[19193] :get_accept_lock : acquired accept lock
saslauthd[19194] :do_auth : auth failure: [user=spam] [service=smtp] [realm=] [mech=shadow] [reason=Invalid username]
saslauthd[19193] :rel_accept_lock : released accept lock
saslauthd[19193] :do_auth : auth failure: [user=test] [service=smtp] [realm=] [mech=shadow] [reason=Invalid username]
saslauthd[19194] :get_accept_lock : acquired accept lock
saslauthd[19194] :rel_accept_lock : released accept lock
saslauthd[19194] :do_auth : auth failure: [user=info] [service=smtp] [realm=] [mech=shadow] [reason=Invalid username]
saslauthd[19193] :get_accept_lock : acquired accept lock
saslauthd[19193] :rel_accept_lock : released accept lock
saslauthd[19193] :do_auth : auth failure: [user=admin] [service=smtp] [realm=] [mech=shadow] [reason=Invalid username]
saslauthd[19194] :get_accept_lock : acquired accept lock
saslauthd[19194] :rel_accept_lock : released accept lock
saslauthd[19194] :do_auth : auth failure: [user=administrator] [service=smtp] [realm=] [mech=shadow] [reason=Invalid username]
saslauthd[19193] :get_accept_lock : acquired accept lock
saslauthd[19193] :rel_accept_lock : released accept lock
saslauthd[19194] :get_accept_lock : acquired accept lock
saslauthd[19194] :rel_accept_lock : released accept lock
saslauthd[19194] :do_auth : auth failure: [user=postmaster] [service=smtp] [realm=] [mech=shadow] [reason=Invalid username]
saslauthd[19194] :get_accept_lock : acquired accept lock
saslauthd[19194] :rel_accept_lock : released accept lock
saslauthd[19194] :do_auth : auth failure: [user=sales] [service=smtp] [realm=] [mech=shadow] [reason=Invalid username]
saslauthd[19194] :get_accept_lock : acquired accept lock
saslauthd[19194] :rel_accept_lock : released accept lock
saslauthd[19194] :do_auth : auth failure: [user=support] [service=smtp] [realm=] [mech=shadow] [reason=Invalid username]
saslauthd[19194] :get_accept_lock : acquired accept lock
saslauthd[19194] :rel_accept_lock : released accept lock
saslauthd[19194] :do_auth : auth failure: [user=webmaster] [service=smtp] [realm=] [mech=shadow] [reason=Incorrect password]
saslauthd[19194] :get_accept_lock : acquired accept lock
saslauthd[19194] :rel_accept_lock : released accept lock
saslauthd[19194] :do_auth : auth failure: [user=help] [service=smtp] [realm=] [mech=shadow] [reason=Invalid username]
saslauthd[19194] :get_accept_lock : acquired accept lock
saslauthd[19194] :rel_accept_lock : released accept lock
saslauthd[19194] :do_auth : auth failure: [user=contact] [service=smtp] [realm=] [mech=shadow] [reason=Invalid username]
saslauthd[19194] :get_accept_lock : acquired accept lock
saslauthd[19194] :rel_accept_lock : released accept lock
saslauthd[19194] :do_auth : auth failure: [user=office] [service=smtp] [realm=] [mech=shadow] [reason=Invalid username]
saslauthd[19194] :get_accept_lock : acquired accept lock
saslauthd[19194] :rel_accept_lock : released accept lock
saslauthd[19194] :do_auth : auth failure: [user=staff] [service=smtp] [realm=] [mech=shadow] [reason=Invalid username]
saslauthd[19194] :get_accept_lock : acquired accept lock
saslauthd[19194] :rel_accept_lock : released accept lock
The failed authentication attempts are certainly malicious software trying out default credentials but they seem to be handled normally.saslauthd[19194] :do_auth : auth success: [user=thomas] [service=imap] [realm=] [mech=shadow]
saslauthd[19194] :do_request : response: OK
saslauthd[19195] :rel_accept_lock : released accept lock
saslauthd[19193] :get_accept_lock : acquired accept lock
saslauthd[19193] :rel_accept_lock : released accept lock
saslauthd[19194] :get_accept_lock : acquired accept lock
saslauthd[19193] :do_auth : auth failure: [user=noauth] [service=smtp] [realm=] [mech=shadow] [reason=Invalid username]
saslauthd[19194] :rel_accept_lock : released accept lock
saslauthd[19193] :get_accept_lock : acquired accept lock
saslauthd[19194] :do_auth : auth failure: [user=spam] [service=smtp] [realm=] [mech=shadow] [reason=Invalid username]
saslauthd[19193] :rel_accept_lock : released accept lock
saslauthd[19193] :do_auth : auth failure: [user=test] [service=smtp] [realm=] [mech=shadow] [reason=Invalid username]
saslauthd[19194] :get_accept_lock : acquired accept lock
saslauthd[19194] :rel_accept_lock : released accept lock
saslauthd[19194] :do_auth : auth failure: [user=info] [service=smtp] [realm=] [mech=shadow] [reason=Invalid username]
saslauthd[19193] :get_accept_lock : acquired accept lock
saslauthd[19193] :rel_accept_lock : released accept lock
saslauthd[19193] :do_auth : auth failure: [user=admin] [service=smtp] [realm=] [mech=shadow] [reason=Invalid username]
saslauthd[19194] :get_accept_lock : acquired accept lock
saslauthd[19194] :rel_accept_lock : released accept lock
saslauthd[19194] :do_auth : auth failure: [user=administrator] [service=smtp] [realm=] [mech=shadow] [reason=Invalid username]
saslauthd[19193] :get_accept_lock : acquired accept lock
saslauthd[19193] :rel_accept_lock : released accept lock
saslauthd[19194] :get_accept_lock : acquired accept lock
saslauthd[19194] :rel_accept_lock : released accept lock
saslauthd[19194] :do_auth : auth failure: [user=postmaster] [service=smtp] [realm=] [mech=shadow] [reason=Invalid username]
saslauthd[19194] :get_accept_lock : acquired accept lock
saslauthd[19194] :rel_accept_lock : released accept lock
saslauthd[19194] :do_auth : auth failure: [user=sales] [service=smtp] [realm=] [mech=shadow] [reason=Invalid username]
saslauthd[19194] :get_accept_lock : acquired accept lock
saslauthd[19194] :rel_accept_lock : released accept lock
saslauthd[19194] :do_auth : auth failure: [user=support] [service=smtp] [realm=] [mech=shadow] [reason=Invalid username]
saslauthd[19194] :get_accept_lock : acquired accept lock
saslauthd[19194] :rel_accept_lock : released accept lock
saslauthd[19194] :do_auth : auth failure: [user=webmaster] [service=smtp] [realm=] [mech=shadow] [reason=Incorrect password]
saslauthd[19194] :get_accept_lock : acquired accept lock
saslauthd[19194] :rel_accept_lock : released accept lock
saslauthd[19194] :do_auth : auth failure: [user=help] [service=smtp] [realm=] [mech=shadow] [reason=Invalid username]
saslauthd[19194] :get_accept_lock : acquired accept lock
saslauthd[19194] :rel_accept_lock : released accept lock
saslauthd[19194] :do_auth : auth failure: [user=contact] [service=smtp] [realm=] [mech=shadow] [reason=Invalid username]
saslauthd[19194] :get_accept_lock : acquired accept lock
saslauthd[19194] :rel_accept_lock : released accept lock
saslauthd[19194] :do_auth : auth failure: [user=office] [service=smtp] [realm=] [mech=shadow] [reason=Invalid username]
saslauthd[19194] :get_accept_lock : acquired accept lock
saslauthd[19194] :rel_accept_lock : released accept lock
saslauthd[19194] :do_auth : auth failure: [user=staff] [service=smtp] [realm=] [mech=shadow] [reason=Invalid username]
saslauthd[19194] :get_accept_lock : acquired accept lock
saslauthd[19194] :rel_accept_lock : released accept lock
> This backend doesn't get used much these days. pam should functionally
> replace it. Does it also produce a segfault?
I will try this. I have shadow backend running for about 10 years now and never had this urge to change it.
Thomas
Thomas
Thomas Kupka
May 12, 2015, 5:10:03 AM5/12/15
to
I have changed the backend to pam and had no segfaults for the last 3 days. Seem like only the shadow backend has this issue.
Dan White
May 12, 2015, 9:50:03 AM5/12/15
to
Thomas,
Can you provide a reproducible case? e.g., does this happen on the first
authentication attempt after starting saslauthd (with the shadow backend),
or are there other factors at play that you can identify?
>_______________________________________________
>Pkg-cyrus-sasl2-debian-devel mailing list
>Pkg-cyrus-sasl...@lists.alioth.debian.org
>http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-cyrus-sasl2-debian-devel
--
Dan White
BTC Broadband
Network Admin Lead
Ph 918.366.0248 (direct) main: (918)366-8000
Fax 918.366.6610 email: dwh...@olp.net
http://www.btcbroadband.com
Can you provide a reproducible case? e.g., does this happen on the first
authentication attempt after starting saslauthd (with the shadow backend),
or are there other factors at play that you can identify?
>Pkg-cyrus-sasl2-debian-devel mailing list
>Pkg-cyrus-sasl...@lists.alioth.debian.org
>http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-cyrus-sasl2-debian-devel
--
Dan White
BTC Broadband
Network Admin Lead
Ph 918.366.0248 (direct) main: (918)366-8000
Fax 918.366.6610 email: dwh...@olp.net
http://www.btcbroadband.com
Thomas Kupka
May 12, 2015, 10:20:02 AM5/12/15
to
Dan,
the only lead I could have is a correlation between peaks of failed login attempts (from malicious sources most likely, at a rate of precisely one attempt every 5 seconds) and the segfaults. Does this help?extract from mail.log:
May 10 10:17:50 mail cyrus/pop3[23539]: badlogin: no-data [60.29.221.174] plaintext test SASL(-13): authentication failure: checkpass failed
May 10 10:17:55 mail cyrus/pop3[23540]: badlogin: no-data [60.29.221.174] plaintext test SASL(-13): authentication failure: checkpass failed
May 10 10:18:00 mail cyrus/pop3[23541]: badlogin: no-data [60.29.221.174] plaintext test SASL(-13): authentication failure: checkpass failed
May 10 10:18:09 mail kernel: [641457.138137] saslauthd[18768]: segfault at 0 ip 00007fdf751b8c8a sp 00007ffd3cf92e58 error 4 in libc-2.19.so[7fdf75137000+19f000]
May 10 10:18:14 mail kernel: [641461.917719] saslauthd[18773]: segfault at 0 ip 00007fdf751b8c8a sp 00007ffd3cf92e58 error 4 in libc-2.19.so[7fdf75137000+19f000]
May 10 10:18:19 mail kernel: [641466.650182] saslauthd[18764]: segfault at 0 ip 00007fdf751b8c8a sp 00007ffd3cf92e58 error 4 in libc-2.19.so[7fdf75137000+19f000]
After this peak was over, there have been no more segfaults for the next 8 hours.
Dan White
May 13, 2015, 10:10:03 AM5/13/15
to
Thomas,
I've installed a standard jessie/amd64 installation running the same
versions you are and I cannot reproduce. I've tried testsaslauthd, pop3d,
and smtptest using both a known good username and a bad username
(webmaster), using a for loop to simulate rapid connections.
If you can enable core dumps for saslauthd, and install libc6-dbg and
cyrus-sasl2-dbg, in your production environment, please obtain a gdb
backtrace.
I've installed a standard jessie/amd64 installation running the same
versions you are and I cannot reproduce. I've tried testsaslauthd, pop3d,
and smtptest using both a known good username and a bad username
(webmaster), using a for loop to simulate rapid connections.
If you can enable core dumps for saslauthd, and install libc6-dbg and
cyrus-sasl2-dbg, in your production environment, please obtain a gdb
backtrace.
0 new messages