Bug#578566: Apache process hangs when trying to authenticate against Fedora Directory Server LDAP using mod_authnz_ldap

To: submit@bugs.debian.org
Subject: Bug#578566: Apache process hangs when trying to authenticate against Fedora Directory Server LDAP using mod_authnz_ldap
From: Kevin Göser <kevin@kevin-online.com>
Date: Tue, 20 Apr 2010 22:23:50 +0200
Message-id: <[🔎] 201004202223.50103.kevin@kevin-online.com>
Reply-to: Kevin Göser <kevin@kevin-online.com>, 578566@bugs.debian.org

Package: apache2.2-common
Version: 2.2.9-10+lenny7
Severity: important

We are using Apache and basic auth against a Fedora Directory Server (v1.1.3, 
running on a different machine). The setup worked fine on etch. After upgrading 
to lenny today, the LDAP authentication seems to be broken:
Directly after reloading / restarting Apache, one or two browser requests are 
handled successfully (ie. the authentication against LDAP is done, and the 
page is displayed in the browser). All succeeding processes however hang.

On the browser side, there is just no answer coming from the server.

On the server side, no entries in the logs were visible. Switching logging to 
debug, this is the last line for a single request appearing in the log:

[debug] mod_authnz_ldap.c(377): [client X.X.X.X] [2977] auth_ldap 
authenticate: using URL 
ldaps://dc.myserver.local/ou=People,dc=mycompany,dc=com

Also, Apache seems to spawn a new child process for each new request to the 
page, the processes seem to hang.

Attaching GDB to the hanging processes, shows the attached stack trace.

I put the severity to important, since the bug renders the package unusable to 
us, but it doesn't seem to affect many users. If you need further info, I will 
be glad to provide it.

Kevin

#0  0xb7ee6424 in __kernel_vsyscall ()                                                                                                                           
#1  0xb7e5f083 in __read_nocancel () from /lib/i686/cmov/libpthread.so.0
#2  0xb7cb150b in sb_stream_read (sbiod=0x84d1950, buf=0x8516508, len=5) at /tmp/buildd/openldap-2.4.11/libraries/liblber/sockbuf.c:493
#3  0xb7cb064a in sb_debug_read (sbiod=0x85170d0, buf=0x8516508, len=5) at /tmp/buildd/openldap-2.4.11/libraries/liblber/sockbuf.c:827
#4  0xb7ce6f35 in sb_gtls_recv (ptr=0x84e1390, buf=0x8516508, len=139552008) at tls.c:1025
#5  0xb77e3886 in ?? () from /usr/lib/libgnutls.so.26
#6  0x084e1390 in ?? ()
#7  0x08516508 in ?? ()
#8  0x00000005 in ?? ()
#9  0x08516518 in ?? ()
#10 0xb7e4f160 in ?? () from /lib/i686/cmov/libc.so.6
#11 0x00000004 in ?? ()
#12 0xbfffc118 in ?? ()
#13 0xb77e43f2 in _gnutls_io_write_buffered () from /usr/lib/libgnutls.so.26
#14 0xb77e3d82 in _gnutls_io_read_buffered () from /usr/lib/libgnutls.so.26
#15 0xb77dfd5f in _gnutls_recv_int () from /usr/lib/libgnutls.so.26
#16 0xb77e1410 in gnutls_bye () from /usr/lib/libgnutls.so.26
#17 0xb7ce7be5 in sb_tls_close (sbiod=0x8514f08) at tls.c:1091
#18 0xb7cb0b51 in ber_int_sb_close (sb=0x84d1ff8) at /tmp/buildd/openldap-2.4.11/libraries/liblber/sockbuf.c:383
#19 0xb7cb114c in ber_sockbuf_free (sb=0x84d1ff8) at /tmp/buildd/openldap-2.4.11/libraries/liblber/sockbuf.c:74
#20 0xb7ccd803 in ldap_ld_free (ld=0x84d20a8, close=1, sctrls=0x0, cctrls=0x0) at unbind.c:183
#21 0xb7ccd8a6 in ldap_unbind_ext (ld=0x84d20a8, sctrls=0x0, cctrls=0x0) at unbind.c:52
#22 0xb7ccd93d in ldap_unbind_s (ld=0x84d20a8) at unbind.c:201
#23 0xb743bbdc in uldap_connection_unbind (param=0x81398b0) at /tmp/buildd/apache2-2.2.9/modules/ldap/util_ldap.c:169
#24 0xb743bf92 in uldap_connection_open (r=0x84da488, ldc=0x81398b0) at /tmp/buildd/apache2-2.2.9/modules/ldap/util_ldap.c:378
#25 0xb743c7b9 in uldap_cache_checkuserid (r=0x84da488, ldc=0x81398b0, url=0x84deba0 "ldap://dc.mycompany.local/ou=People,dc=mycompany,dc=com";, basedn=0x84debf8 "ou=People,dc=mycompany,dc=com", scope=2,
    attrs=0x0, filter=0xbfffc434 "(&(objectclass=*)(uid=MyLogin))", bindpw=0x84df284 "MyPassword", binddn=0xbfffe434, retvals=0xbfffe438) at /tmp/buildd/apache2-2.2.9/modules/ldap/util_ldap.c:954
#26 0xb7460f9b in authn_ldap_check_password (r=0x84da488, user=0x84df290 "MyLogin", password=0x84df284 "MyPassword") at /tmp/buildd/apache2-2.2.9/modules/aaa/mod_authnz_ldap.c:399
#27 0xb7eded1f in authenticate_basic_user (r=0x84da488) at /tmp/buildd/apache2-2.2.9/modules/aaa/mod_auth_basic.c:230
#28 0x08075519 in ap_run_check_user_id (r=0x84da488) at /tmp/buildd/apache2-2.2.9/server/request.c:71
#29 0x08077680 in ap_process_request_internal (r=0x84da488) at /tmp/buildd/apache2-2.2.9/server/request.c:214
#30 0x0808b090 in ap_process_request (r=0x84da488) at /tmp/buildd/apache2-2.2.9/modules/http/http_request.c:256
#31 0x080881d8 in ap_process_http_connection (c=0x849bec8) at /tmp/buildd/apache2-2.2.9/modules/http/http_core.c:190
#32 0x080815f9 in ap_run_process_connection (c=0x849bec8) at /tmp/buildd/apache2-2.2.9/server/connection.c:43
#33 0x0808fcd4 in child_main (child_num_arg=<value optimized out>) at /tmp/buildd/apache2-2.2.9/server/mpm/prefork/prefork.c:680
#34 0x080900b3 in make_child (s=0x80ac908, slot=0) at /tmp/buildd/apache2-2.2.9/server/mpm/prefork/prefork.c:777
#35 0x0809073a in ap_mpm_run (_pconf=0x80a80c8, plog=0x80da190, s=0x80ac908) at /tmp/buildd/apache2-2.2.9/server/mpm/prefork/prefork.c:795
#36 0x08066f10 in main (argc=Cannot access memory at address 0x0
) at /tmp/buildd/apache2-2.2.9/server/main.c:732

Reply to:

Follow-Ups:
- Bug#578566: Apache process hangs when trying to authenticate against Fedora Directory Server LDAP using mod_authnz_ldap
  - From: Stefan Fritsch <sf@sfritsch.de>

Prev by Date: Bug#568542: marked as done (apache2.2-common: missing psmisc dependency)
Next by Date: Processing of apache2_2.2.15-4_i386.changes
Previous by thread: Bug#568542: marked as done (apache2.2-common: missing psmisc dependency)
Next by thread: Bug#578566: Apache process hangs when trying to authenticate against Fedora Directory Server LDAP using mod_authnz_ldap
Index(es):
- Date
- Thread