[Exim] exim-4.30 segfaults using PAM

Top Page
Delete this message
Reply to this message
Author: Wolfgang Schnerring
Date:  
To: exim-users
Subject: [Exim] exim-4.30 segfaults using PAM
Hello!

I'm running Exim4 on Debian (exim4-daemon-heavy) and am experiencing
problems with PAM-authentication.

Exim is configured like this:

,----------[ exim.conf ]----------
| begin authenticators

|
| plain:
|     driver = plaintext
|     public_name = PLAIN
|     server_prompts = :
|     server_condition = ${if pam{$2:${sg{$3}{:}{::}}}{yes}{no}}
|     server_set_id = $2

|
| login:
|     driver = plaintext
|     public_name = LOGIN
|     server_prompts = "Username:: : Password::"
|     server_condition = ${if pam{$1:${sg{$2}{:}{::}}}{yes}{no}}
|     server_set_id = $1

`----------

And the corresponding PAM-configuration is as follows:

,----------[ /etc/pam.d/exim ]----------
| #%PAM-1.0

|
| # there are 3 ways to authenticate
| # 1) either have the appropriate dotfile-password (for shell-users)
| auth     sufficient     pam_dotfile.so no_warn

|
| # 2) be in the Database
| auth     sufficient     pam_mysql.so host=localhost user=mail passwd=secret db=configuration table=mailboxes \
|                         usercolumn=login passwdcolumn=password crypt=1 sqllog=0

|
| # 3) be in group "mailbox" or "webuser"
| auth     required       pam_listfile.so item=group sense=allow file=/etc/popgroups onerr=fail
| # to access shadow we need a special module here
| auth     required       pam_exim.so use_first_pass
| account  required       pam_permit.so

`----------

This worked beautifully with exim-4.20.
But after trying to upgrade to 4.30 (I believe already with 4.22, but
am not so sure on this), it doesn't work at all anymore.

I'll reproduce a typical login dialog to illustrate.
(Package versions: exim4-daemon-heavy_4.30-5, libpam-dotfile-0.6-4,
libpam-mysql-0.5.0-4, libmysqlclient12-4.0.16-2,
mysql-server-4.0.13-3; hope I didn't forget something relevant)

From the client perspective, it looks like this:

$ telnet ii-tech.biz 25
Trying 217.160.215.165...
Connected to ii-tech.biz.
Escape character is '^]'.
220 ii-tech.biz ESMTP Exim 4.30 Mon, 23 Feb 2004 11:08:32 +0100
ehlo testing
250-ii-tech.biz Hello p3e9e13c0.dip.t-dialin.net [62.158.19.192]
250-SIZE 52428800
250-PIPELINING
250-AUTH PLAIN LOGIN
250-STARTTLS
250 HELP
auth plain AHRlc3RAd29zYy5kZQBjYWJvaGlwNA==
Connection closed by foreign host.

The auth string represents a user from the MySQL-DB with the correct
password. Same results for AUTH LOGIN method.

From the server perspective, the same conversation looks like this:

# sendmail -d -bd
[...]
19509 Running PAM authentication for user "test@???"
19506 child 19509 ended: status=0xb

or like this:

# sendmail -d -bh 1.2.3.4
[...]
Running PAM authentication for user "test@???"
Segmentation fault


Does anybody know what I'm looking at here?

Thanks for your help,
Wolfgang