Hi Randall,
The memory dump issue is solved by changing the qpopper source
code.Invalid pointer manipulation is done the conversation function
PAM_qpopper_conv
Changing this sigle line is solving the issues
In qpopper-4.0.13/popper/pop_pass.c
line 442:
Before:switch (msg[replies]->msg_style)
After :switch ((*msg)[replies].msg_style)
Thanks & Regards,
Ravindranath
________________________________
From: Randall Gellens [mailto:[EMAIL PROTECTED]
Sent: Wednesday, April 09, 2008 6:54 AM
To: Ravindranath, Chavalam
Cc: qpopper@lists.pensive.org
Subject: Re: Qpopper failure while using with pam option enabled
At 9:21 AM +0000 4/8/08, Chavalam Ravindranath wrote:
Hi,
I have built qpopper(4.0.9) on hpux 11.11 using --with-pam option.
But when I try to test this I am getting the following o/p.
# telnet localhost 110
Trying...
Connected to localhost.
Escape character is '^]'.
+OK Qpopper (version 4.0.9) at skoda.ind.hp.com starting.
user test
+OK Password required for test.
pass test
Connection closed by foreign host.
when I debugged with gdb backtrace looks like this
#0 0x1bf50 in PAM_qpopper_conv (num_msg=3, msg=0x7f7f6598, resp=0x7f7f6520,
appdata_ptr=0x7f7f0bb8) at pop_pass.c:442
#1 0x7aeb5f10 in __pam_input_output+0x128 () from /usr/lib/libpam.1
#2 0x7aeb5d90 in __pam_display_msg+0x24 () from /usr/lib/libpam.1
#3 0x7ad89fb8 in pam_sm_setcred+0x2e8 () from /usr/lib/security/libpam_unix.1
#4 0x7aeb3a90 in pam_setcred+0xec () from /usr/lib/libpam.1
#5 0x1c754 in auth_user (p=0x7f7f0bb8, pw=0x7f7f1d24) at pop_pass.c:564
#6 0x1ca68 in pop_pass (p=0x7f7f0bb8) at pop_pass.c:1261
#7 0x237f0 in qpopper (argc=1, argv=0x7f7f09ec) at popper.c:349
#8 0x30d1c in main (argc=1, argv=0x7f7f09ec) at main.c:168
the msg structure(second argument for PAM_qpopper_conv) is generated within
__pam_input_output with num_msg=3 .msg[1] is showing bad address
(gdb) p (char *) msg[0]->msg
$26 = 0x7f7f2498 "Removing root credentials would break the rpc services that"
(gdb) p (char *) msg[1]->msg
Error accessing memory address 0x4: Bad address.
In libpam library,msg structure is created properly but PAM_qpopper_conv is
unable to access the msg memory structure
When I gave wrong password I am getting this error
# telnet localhost 110
Trying...
Connected to localhost.
Escape character is '^]'.
+OK Qpopper (version 4.0.9) at skoda.ind.hp.com starting.
user test
+OK Password required for test.
pass test1
-ERR [AUTH] PAM authentication failed for user "test": Authentication failed (9)
+OK Pop server at skoda.ind.hp.com signing off.
Connection closed by foreign host.
Seems it is authenticating but not able to read the msg structure
Hope you can help me to fix this issue or do I need to send any additional
information regard this issue.
Thanks & Regards,
Ravindranath
I'm puzzled. Did you build from the original 4.0.9 sources or from a package?
I'm wondering if perhaps there is a problem with a library mismatch from a
precompiled or intermediate file?
You could try building 4.0.11 to see if it is better.
I'd also suggest getting a Qpopper trace just to see what it shows.
To enable tracing in Qpopper:
1. Do a 'make clean'
2. Re-run ./configure, adding '--enable-debugging'.
3. Edit the inetd.conf line for Qpopper, adding '-d' or '-t <tracefile-path>'.
4. Send inetd (or xinetd) a HUP signal.
(Steps 3 and 4 are only needed if you use inetd (or xinetd). In standalone
mode, you can add '-d' or '-t <tracefile-path>' to the command line directly.)
(In either standalone or inetd mode, if you use a configuration file you can
add 'set debug' or 'set tracefile = <tracefile>' to either a global or
user-specific configuration file instead of steps 3 and 4.)
This causes detailed tracing to be written to the syslog or to the file
specified as 'tracefile'.
If you're still getting a crash, I'd suggest a kernel trace using ktrace(1) or
whatever is the HPUX tool. Normally, the way to do this is to modify the inetd
or xinetd line to run qpopper via ktrace, usually on a different port so as to
not affect production users (unless this is on a test system). For standalone
on a test system, also run qpopper from ktrace.
