Re: glibc double free or corruption still happening
der = yes
Module: Instantiated pap (pap)
Module: Loaded CHAP
Module: Instantiated chap (chap)
Module: Loaded MS-CHAP
mschap: use_mppe = yes
mschap: require_encryption = no
mschap: require_strong = no
mschap: with_ntdomain_hack = no
mschap: passwd = "(null)"
mschap: ntlm_auth = "(null)"
Module: Instantiated mschap (mschap)
Module: Loaded System
unix: cache = no
unix: passwd = "(null)"
unix: shadow = "(null)"
unix: group = "(null)"
unix: radwtmp = "/usr/local/var/log/radius/radwtmp"
unix: usegroup = no
unix: cache_reload = 600
Module: Instantiated unix (unix)
Module: Loaded eap
eap: default_eap_type = "md5"
eap: timer_expire = 60
eap: ignore_unknown_eap_types = no
eap: cisco_accounting_username_bug = no
==504==
==504== Invalid free() / delete / delete[]
==504==at 0x4805289: free (vg_replace_malloc.c:233)
==504==by 0x482BC7B: try_dlopen (ltdl.c:3429)
==504==by 0x482C59D: lt_dlopenext (ltdl.c:3504)
==504==by 0x4B4F061: eaptype_load (eap.c:85)
==504==by 0x4B4E730: eap_instantiate (rlm_eap.c:145)
==504==by 0xC5DE: find_module_instance (modules.c:358)
==504==by 0xDD9C: do_compile_modsingle (modcall.c:1005)
==504==by 0xCD6E: setup_modules (modules.c:580)
==504==by 0x103E1: main (radiusd.c:965)
==504== Address 0x4A43908 is 0 bytes inside a block of size 15 free'd
==504==at 0x4805289: free (vg_replace_malloc.c:233)
==504==by 0x482BA9A: try_dlopen (ltdl.c:3428)
==504==by 0x482C59D: lt_dlopenext (ltdl.c:3504)
==504==by 0x4B4F061: eaptype_load (eap.c:85)
==504==by 0x4B4E730: eap_instantiate (rlm_eap.c:145)
==504==by 0xC5DE: find_module_instance (modules.c:358)
==504==by 0xDD9C: do_compile_modsingle (modcall.c:1005)
==504==by 0xCD6E: setup_modules (modules.c:580)
==504==by 0x103E1: main (radiusd.c:965)
rlm_eap: Loaded and initialized type md5
rlm_eap: Loaded and initialized type leap
gtc: challenge = "Password: "
gtc: auth_type = "PAP"
rlm_eap: Loaded and initialized type gtc
mschapv2: with_ntdomain_hack = no
rlm_eap: Loaded and initialized type mschapv2
Module: Instantiated eap (eap)
Module: Loaded preprocess
preprocess: huntgroups = "/usr/local/etc/raddb/huntgroups"
preprocess: hints = "/usr/local/etc/raddb/hints"
preprocess: with_ascend_hack = no
preprocess: ascend_channels_per_line = 23
preprocess: with_ntdomain_hack = no
preprocess: with_specialix_jetstream_hack = no
preprocess: with_cisco_vsa_hack = no
preprocess: with_alvarion_vsa_hack = no
Module: Instantiated preprocess (preprocess)
Module: Loaded realm
realm: format = "suffix"
realm: delimiter = "@"
realm: ignore_default = no
realm: ignore_null = no
Module: Instantiated realm (suffix)
Module: Loaded files
files: usersfile = "/usr/local/etc/raddb/users"
files: acctusersfile = "/usr/local/etc/raddb/acct_users"
files: preproxy_usersfile = "/usr/local/etc/raddb/preproxy_users"
files: compat = "no"
Module: Instantiated files (files)
Module: Loaded Acct-Unique-Session-Id
acct_unique: key = "User-Name, Acct-Session-Id, NAS-IP-Address,
Client-IP-Address, NAS-Port"
Module: Instantiated acct_unique (acct_unique)
Module: Loaded detail
detail: detailfile =
"/usr/local/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d"
detail: detailperm = 384
detail: dirperm = 493
detail: locking = no
Module: Instantiated detail (detail)
Module: Loaded radutmp
radutmp: filename = "/usr/local/var/log/radius/radutmp"
radutmp: username = "%{User-Name}"
radutmp: case_sensitive = yes
radutmp: check_with_nas = yes
radutmp: perm = 384
radutmp: callerid = yes
Module: Instantiated radutmp (radutmp)
Listening on authentication *:1812
Listening on accounting *:1813
Ready to process requests.
==504==
==504== ERROR SUMMARY: 104 errors from 5 contexts (suppressed: 66 from 2)
==504== malloc/free: in use at exit: 732,409 bytes in 27,346 blocks.
==504== malloc/free: 27,957 allocs, 628 frees, 860,379 bytes allocated.
==504== For counts of detected errors, rerun with: -v
==504== searching for pointers to 27,346 not-freed blocks.
==504== checked 1,097,916 bytes.
==504==
==504== LEAK SUMMARY:
==504==definitely lost: 0 bytes in 0 blocks.
==504== possibly lost: 0 bytes in 0 blocks.
==504==still reachable: 732,409 bytes in 27,346 blocks.
==504== suppressed: 0 bytes in 0 blocks.
==504== Reachable blocks (those to which a pointer was found) are not shown.
==504== To see them, rerun with: --leak-check=full --show-reachable=yes
Alan DeKok-4 wrote:
>
> ChristosH wrote:
>> I've installed FR 1.1.6 onto a clean CentOS 4.4 box and got this error,
>> double free or corruption + some hex value.
>
> $ valgrind --tool=memcheck --leakcheck=full radiusd -X
>
> It should print out more information, especially if you build the
>
Re: glibc double free or corruption still happening
I've installed FR 1.1.6 onto a clean CentOS 4.4 box and got this error, double free or corruption + some hex value. My CentOS /usr/src directory is empty, so I can't build an RPM as suggested in that link. Can I get yum to fill that up? Any ideas as to how to get this working? I've also tried ./configure --with-system-libtool but that lead to installation errors. Could I copy a 1.1.6 precompiled binary to this computer? I'm not having this problem on my intel machine, just on my opteron. Would there be any hidden beef with doing this or conflict with freeradius somewhere? Thanks. Roberto Greiner wrote: > > Nicolas Baradakis wrote: >> Roberto Greiner wrote: >> >> >>> I've installed FreeRadius 1.1.6 to my Debian Etch box, trying to solve >>> the 'glibc double free or corruption', but the error is still happening. >>> >>> To make sure that no old library was causing the problem, I searched for >>> any file and folder which could be from the old freeradius (using locate >>> *radiu* and updatedb, it until no file was to be found). Then I >>> recompiled everything and reinstalled. The problem persisted. Could I >>> have missed some library with the locate I used? Is there a better way >>> to uninstall everything for the upgrade? Any other Ideas? >>> >> >> http://wiki.freeradius.org/Build#Building_Debian_packages >> >> > That did the trick. Everything is working well. > > But before putting it into production I will try again the previous > building and see if I can get the data Alan requested with valgrind. > > Roberto > > -- > - > Marcos Roberto Greiner > >Os otimistas acham que estamos no melhor dos mundos > Os pessimistas tem medo de que isto seja verdade >Murphy > - > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > > -- View this message in context: http://www.nabble.com/glibc-double-free-or-corruption-still-happening-tf3571832.html#a9995204 Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: 1.1.5 double free or corruption
Roberto Greiner wrote: > > > MALLOC_CHECK_=0 > > Now, is that done in the configure (./configure --MALLOC_CHECK_=0), at the make (MALLOC_CHECK_=0) or at the runtime? -- View this message in context: http://www.nabble.com/1.1.5-double-free-or-corruption-tf3378130.html#a9925976 Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: double free or corruption errors with 2.0.0-pre0
I think you need to step back and relax, Mat. If a developer can't get the situation reproduced or even debug info on it, they'll be helpless. Do also realize this is an open source free utility that doesn't come with any guaranteed support. Was this a problem for you in 1.1.4? I know for me it wasn't (and because of that I've rolled back), but I also know that it started popping up when I decided to compile on new AMD Opteron based systems (1.1.5 worked on my Intel servers just fine, oddly enough, with the EXACT same OS setup and config of 1.1.5 copied over through VMWare!) Alan, you said 1.1.6 will be addressing this specific issue, or is it something I should continue looking into? Do you have a schedule posted for 2.0.0. -- View this message in context: http://www.nabble.com/double-free-or-corruption-errors-with-2.0.0-pre0-tf3538902.html#a9924881 Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: 1.1.5 double free or corruption
I'm getting a similar error, except mine's 0x09fc4f10. Apparently this has to do with the Perl library (and means we'll have to recompile) but I have no idea how to upgrade that. I'm on CentOS 4.4 and have run the auto-updater, am on the CentOS Plus repository and have MySQL installed. Thor Spruyt wrote: > > > *** glibc detected *** double free or corruption (fasttop): 0x098a55d8 *** > Aborted > -- View this message in context: http://www.nabble.com/1.1.5-double-free-or-corruption-tf3378130.html#a9924121 Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: [SOLVED] CHAP Modification
Thanks, problem resovled. Alan DeKok-4 wrote: > > ChristosH wrote: >> Now, how do I make sure that my new module is included? Is everything in >> the >> modules folder complied in with FreeRadius every time you make it? > > No, but the top-level Make.inc contains the list of modules to build. > >> Finally, how would I also set the module to intercept any CHAP requests? >> I >> was thinking to set the Auth-Type := altCHAP. > > Yes. See the code in rlm_chap: it sets "Auth-Type = CHAP" for CHAP > requests. You can do the same thing. > > Alan DeKok. > -- > http://deployingradius.com - The web site of the book > http://deployingradius.com/blog/ - The blog > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > > -- View this message in context: http://www.nabble.com/CHAP-Modification-tf3284565.html#a9360755 Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
NAS Table in SQL
Does subnetting in the NAS table work when using SQL? If I wanted to allow any address from my internal network, 111.111.%.% for example, can I store the nasname as 111.111.0.0/16 like I do in the users table? Or does it have to be in the form 255.255.0.0? -- View this message in context: http://www.nabble.com/NAS-Table-in-SQL-tf3364456.html#a9360616 Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: [SOLVED] CHAP Modification
Alan DeKok-4 wrote: > > Um... rlm_example? Or the files in doc/? > > It's not like the module system is that complicated. A C file, a tiny > Makefile, and you're pretty much done. > >> Or would I just include the chappatch.c file in the same directory, >> include the header file chappatch.h into the rlm_chap.c file (where do >> you >> stick the header files?) and recompile the whole thing? > > You can do that if you want. But rlm_chap may change, and your patch > may not work any more. > > Alan DeKok. > I can't seem to find where in rlm_example it tells me how to create all the stuff to integrate my own module. I get that I'm going to have to create a slightly modified 'clone' of rlm_chap, and it's going to have to have it's own header file and makefile (for right now I'll refer to my module as rlm_altchap). The makefile looks relatively easy to do, the header looks simple enough also (just has to list functions contained in my module). Now, how do I make sure that my new module is included? Is everything in the modules folder complied in with FreeRadius every time you make it? Finally, how would I also set the module to intercept any CHAP requests? I was thinking to set the Auth-Type := altCHAP. -- View this message in context: http://www.nabble.com/CHAP-Modification-tf3284565.html#a9273523 Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: [SOLVED] CHAP Modification
Alan DeKok-4 wrote: > > My point was that it may be possible in rlm_pap to normalize the > password... just like it does for other types of passwords. > > If rlm_pap won't help, then I *strongly* suggest you write your own > module. It's easier to integrate a module into a new release of > FreeRADIUS than it is to apply a patch to the server core. > > Alan DeKok. > Okay, I see what you mean now. Is there a tutorial on adding my own module to it? Or would I just include the chappatch.c file in the same directory, include the header file chappatch.h into the rlm_chap.c file (where do you stick the header files?) and recompile the whole thing? -- View this message in context: http://www.nabble.com/CHAP-Modification-tf3284565.html#a9253679 Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: [SOLVED] CHAP Modification
Alan DeKok-4 wrote: > >> Also, is there a C function included in the libraries that will allow me >> to >> convert a hex string to binary? I'm worried I might get stuck in ASCII -> >> HEX -> BINARY conversions. > > Yes. see "bin2hex" and "hex2bin". See also rlm_pap in 1.1.4, which > does a lot of this kind of normalization already. > I don't see anything usefull in rlm_pap that could help me because it's CHAP authentication I'm working on. -- View this message in context: http://www.nabble.com/CHAP-Modification-tf3284565.html#a9230976 Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: [SOLVED] CHAP Modification
Alan DeKok-4 wrote:
>
> ChristosH wrote:
>> It's a VALUE_PAIR type, so could I check and modify the password->length
>> and
>> password->strvalue in that function?
>
> Huh? Why? Do it elsewhere.
>
Well, that's part of my issue; where's the best place to check the password
and convert it to binary when needed.
In the rlm_chap.C file I also notice that there's the code:
DEBUG(" rlm_chap: Using clear text password \"%s\" for user %s
authentication.",
passwd_item->strvalue, request->username->strvalue);
rad_chap_encode(request->packet,pass_str,request->password->strvalue[0],passwd_item);
if (memcmp(pass_str+1,request->password->strvalue+1,CHAP_VALUE_LENGTH)
!=
0){
DEBUG(" rlm_chap: Password check failed");
snprintf(module_fmsg,sizeof(module_fmsg),"rlm_chap: Wrong user
password");
module_fmsg_vp = pairmake("Module-Failure-Message",
module_fmsg, T_OP_EQ);
pairadd(&request->packet->vps, module_fmsg_vp);
return RLM_MODULE_REJECT;
}
Could I also modify the password there? I'm just trying to find the easiest
way to check if the password should be read as a string or binary and then
parse it properly BEFORE it is CHAP encoded because I can't change the
hardware.
> Also, is there a C function included in the libraries that will allow me
> to
> convert a hex string to binary? I'm worried I might get stuck in ASCII ->
> HEX -> BINARY conversions.
Yes. see "bin2hex" and "hex2bin". See also rlm_pap in 1.1.4, which
does a lot of this kind of normalization already.
Alan DeKok.
--
http://deployingradius.com - The web site of the book
http://deployingradius.com/blog/ - The blog
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
--
View this message in context:
http://www.nabble.com/CHAP-Modification-tf3284565.html#a9207275
Sent from the FreeRadius - User mailing list archive at Nabble.com.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: [SOLVED] CHAP Modification
Okay, in the radius.c file they call a function rad_chap_encode() that uses the password attribute. Is that what I'm looking for? It's a VALUE_PAIR type, so could I check and modify the password->length and password->strvalue in that function? Or should I back out and modify it in the auth.c rad_check_password () where it's called? I won't run into any issues if I modify the VALUE_PAIR values, will I? Also, is there a C function included in the libraries that will allow me to convert a hex string to binary? I'm worried I might get stuck in ASCII -> HEX -> BINARY conversions. Alan DeKok-4 wrote: > > radius.c, rad_chap_encode(). > > Alan DeKok. > -- View this message in context: http://www.nabble.com/CHAP-Modification-tf3284565.html#a9186780 Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
CHAP Modification
I'm trying to edit the way the CHAP module fetches passwords before hasing them due to a limitation in 2 different types of hardware we have. One set of devices takes a HEX password stored on the device, converts it to binary, and then calculates the MD5 CHAP challenge to send to the server. The other set of devices just takes the HEX password and calculates the MD5 as if it were a string. I can distinguish which device is which when I'm adding passwords to my database (by adding a prefix 0x to let me know it's going from HEX -> BIN or whatnot) because the password is fixed at 32 characters, but definately not which device is which at run time. I guess what I'm trying to do is find where in the CHAP encoding module is the password attribute accessed/read and then passed (I'm guessing as an arguement) to be hashed. I think I could possibly do my funky math in mind there by checking the length of the password or the first two letters, and then converting to binary as needed or just passing it through. My problem is where exactly is this password CHAP challege code? I'm sifting through the radius.c file but can't seem to find anything. I'm comfortable writing some stuff with C and reading more complex things, so I don't think that will be a barrier. When I change it, will it require me to recompile everything every time I want to check? I'm using Fedora Core 6, Freerad 1.1.4, and MySql 5.0. -- View this message in context: http://www.nabble.com/CHAP-Modification-tf3284565.html#a9136389 Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Re: Re: nas table in rlm_sql module - usage
SQL refuses to start when I comment out the INCLUDE line with clients.conf. Is there anything else I have to change so that it knows to look to SQL for a table of acceptable NAS's and to get it to run other than commenting out this INCLUDE statement? tzieleniewski wrote: > > Yes I checked it. > You may comment it out from the radiusd.conf file. > >> Is there anything I have to config so it doesn't touch the config files? >> How >> do I move the server onto pure SQL for the NAS list? Can the clients.conf >> file be totally empty? >> >> >> tzieleniewski wrote: >> > >> > What I managed to figure out is that nasname is a source for a name to >> ip >> > resolving. >> > So probably the nasname has to be different (its ip resolution) from >> the >> > one specified in the clients.conf file. >> > Well those of course are only my suggestions:) >> > >> > Cheers >> > -tomasz >> >> >> -- >> View this message in context: >> http://www.nabble.com/nas-table-in-rlm_sql-module---usage-tf3201294.html#a8894555 >> Sent from the FreeRadius - User mailing list archive at Nabble.com. >> >> - >> List info/subscribe/unsubscribe? See >> http://www.freeradius.org/list/users.html > > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > > -- View this message in context: http://www.nabble.com/nas-table-in-rlm_sql-module---usage-tf3201294.html#a8949012 Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Re: nas table in rlm_sql module - usage
Is there anything I have to config so it doesn't touch the config files? How do I move the server onto pure SQL for the NAS list? Can the clients.conf file be totally empty? tzieleniewski wrote: > > What I managed to figure out is that nasname is a source for a name to ip > resolving. > So probably the nasname has to be different (its ip resolution) from the > one specified in the clients.conf file. > Well those of course are only my suggestions:) > > Cheers > -tomasz >> -- View this message in context: http://www.nabble.com/nas-table-in-rlm_sql-module---usage-tf3201294.html#a8894555 Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: nas table in rlm_sql module - usage
Gaddis, Jeremy L.-2 wrote: > > On Fri, 9 Feb 2007, TZieleniewski wrote: >> so clients.conf can be empty and all settings can be contained in nas >> table? > Is there some spot where we can get definitions for each column (like where each definition maps to in the clients.conf file)? Does it work out like (naming from clients.conf -> nas.sql) client -> each row in the table hostname|ipaddress -> nasname shortname -> shortname nastype -> type ??-> ports secret-> secret ??-> communities ??-> description (this just a string we put in for us?) -- View this message in context: http://www.nabble.com/nas-table-in-rlm_sql-module---usage-tf3201294.html#a8892904 Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: SQL help from someone who groks c, please?
Phil Mayers wrote: > > A stored procedure is one solution to a particular set of problems. > Whether it's appropriate depends on what you're trying to do. > > What do you want to achieve? You can certainly vary the reply info based > on NAS without a stored procedure. > Well, what I want to do is return a different vendor specific response based on the NAS IP. The user data doesn't change depending on the NAS IP, but depending on where the user tries to authenticate from they'll have a different source NAS IP in the authenticate request packet and my response has to return a different response depending on where they are. Right now I have only 2 different responses that they could be, so I don't think it should be too difficult. Is there a quick workaround? -- View this message in context: http://www.nabble.com/SQL-help-from-someone-who-groks-c%2C-please--tf3172009.html#a8874556 Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: SQL help from someone who groks c, please?
Phil Mayers wrote: > > Dan Mahoney, System Admin wrote: > > My suggestion is that you use a custom schema and queries for your > database - probably a stored procedure. Pass the NAS-IP-Address into > these queries, and return different values based on the nas. Effectively > you move the code that walks over the request and chooses the right > values into the SQL server. > So if I was looking to select a different response based on NAS what I should be doing is creating a stored procedure that ends up authenticating for me? I don't quite see where this would fit in with the rlm_sql logic. Would that go in the sql.conf file? For using a new schema, would that mean instead adding an extra column in the radcheck table and the response table to associate with the NAS IP? Would it be easier to create a function that inserts a prefex to the user name then processes the SQL as normal? The only issue I see with this is doubling the amount of users and user responses in the database . Either way, I think i'm going to have to modify the rlm_sql.c file and then having to recompile FreeRadius after I'm done editing it? -- View this message in context: http://www.nabble.com/SQL-help-from-someone-who-groks-c%2C-please--tf3172009.html#a8870617 Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
