On Wed, 24 Jun 2015, Osipov, Michael wrote: > Hi folks, > > we are trying to perform some LDAP requests with Perl against Active Directory > with Kerberos auth by MIT Kerberos. > A core file is dumped and following written to stderr: > $ ./ldap.pl > Assertion failed: __thread_init == NULL, file > ../../../../../core/libs/libc/shared_em_32_perf/../core/threads/pthread_stubs1.c, > line 1045 > Abbruchkommando (Speicherabzug geschrieben) > > I first have assumed that the Perl module is broken but I guess it isn't?! > Loading the core file into GDB gives me: > =============================================================================== > (gdb) where > #0 0x60000000c020f6d0:0 in _lwp_kill+0x30 () > from /usr/lib/hpux32/libpthread.so.1 > #1 0x60000000c0174be0:0 in pthread_kill+0x9f0 () > from /usr/lib/hpux32/libpthread.so.1 > #2 0x60000000c0403460:0 in raise+0xe0 () from /usr/lib/hpux32/libc.so.1 > #3 0x60000000c05277b0:0 in abort+0x170 () from /usr/lib/hpux32/libc.so.1 > #4 0x60000000c03ce5f0:0 in _assert+0x260 () from /usr/lib/hpux32/libc.so.1 > #5 0x60000000c0590980:0 in pthread_once+0x80 () from > /usr/lib/hpux32/libc.so.1 > #6 0x60000000c4bab160:0 in pkinit_init_plg_crypto () > at pkinit_crypto_openssl.c:410
This pthread_once() stuff is in the library initializor for pkinit's use of openssl, thought it's not immediately clear what assertion is being made in the innards of libc. The fact that the file named in the assertion failure message is named pthread_stubs1.c makes me wonder if there is an issue with an executable which was not compiled as threaded (i.e., is compiled to use the stub implementation) then loaded an object which uses the pthread interfaces, but that is basically pure speculation. I don't have enough experience with HP-UX to have any sense of how plausible that might be. > What we would like to do: > Use Net::LDAP with uses Authen::SASL which in turn calls Authen::SASL::XS with > a Perl to C binding against Cyrus SASL. The very same happens when > Authen::SASL::Perl > with GSSAPI module is used: failure. This must be some generic incompat. > All calls are performed with an empty ticket cache (non-default location as > once > advised by Greg Hudson) and a client keytab. > Using an interactive ticket cache makes the entire stuff work, so client > ticket > makes it crash. We do not use PKINIT at all. > Interesting to say that the very same LDAP request works with ldapsearch(1) > and a minimal C app with libldap. > > Any ideas? Can this be some interference with Perl and preinit of OpenSSL? Not necessarily perl itself, but this is quite plausible. The motivation for switching to library initializers for the openssl calls is discussed in http://krbdev.mit.edu/rt/Ticket/Display.html?id=6413 , but in general, openssl is not amenable to having multiple library consumers in a given application. I was not directly involved in this work, so it is possible that someone else (Greg?) may have more insights to offer. > As a workaround, I would recompile MIT Kerberos on all servers without pkinit > for now. That workaround seems advisable for now. -Ben Kaduk ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos
