enterprise-support team mailing list archive

Thread
Date

[Bug 1698758] [NEW] Encrypted password causes segmentation fault

To: enterprise-support@xxxxxxxxxxxxxxxxxxx
From: John Bester <1698758@xxxxxxxxxxxxxxxxxx>
Date: Mon, 19 Jun 2017 08:26:42 -0000
Reply-to: Bug 1698758 <1698758@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Public bug reported:

I have configured a .htaccess to use libapache2-mod-auth-pgsql to
authenticate a user against a postgres database. The settings are as
follows:

AuthType basic
AuthName "My Auth"
Require valid-user
AuthBasicProvider pgsql
Auth_PG_authoritative On
Auth_PG_host 127.0.0.1
Auth_PG_port 5432
Auth_PG_user www
Auth_PG_pwd password
Auth_PG_database userdb
Auth_PG_encrypted off
Auth_PG_pwd_table UserLogin
Auth_PG_uid_field Username
Auth_PG_pwd_field ApachePassword

If I set Auth_PG_encrypted to off, then authentication works but the
downside is that I have to save plain unencrypted password on the
database. If I set Auth_PG_encrypted to on, a segmentation fault occurs.
A typical password to be contained in ApachePassword field is the
following (for password "password"): "{SHA}W6ph5Mm5Pz8GgiULbPgzG37mj9g="
- This matches exactly to what would be generated by htpasswd -s.

Here is the error log entry I get:
[pid 9662] AH00052: child pid 9670 exit signal Segmentation fault (11)

ProblemType: Bug
DistroRelease: Ubuntu 16.04
Package: apache2 2.4.18-2ubuntu3.2
ProcVersionSignature: Ubuntu 4.4.0-79.100-generic 4.4.67
Uname: Linux 4.4.0-79-generic x86_64
Apache2ConfdDirListing: False
Apache2Modules:
 Error: command ['/usr/sbin/apachectl', '-D DUMP_MODULES'] failed with exit code 1: [Mon Jun 19 09:48:04.146971 2017] [so:warn] [pid 8403] AH01574: module dav_module is already loaded, skipping
 apache2: Syntax error on line 140 of /etc/apache2/apache2.conf: Syntax error on line 2 of /etc/apache2/mods-enabled/session_dbd.load: Cannot load /usr/lib/apache2/modules/mod_session_dbd.so into server: /usr/lib/apache2/modules/mod_session_dbd.so: undefined symbol: ap_hook_session_save
 Action '-D DUMP_MODULES' failed.
 The Apache error log may have more information.
ApportVersion: 2.20.1-0ubuntu2.6
Architecture: amd64
Date: Mon Jun 19 09:47:34 2017
SourcePackage: apache2
UpgradeStatus: No upgrade log present (probably fresh install)
modified.conffile..etc.apache2.apache2.conf: [modified]
modified.conffile..etc.apache2.mods-available.dav.load: [modified]
modified.conffile..etc.apache2.sites-available.000-default.conf: [modified]
mtime.conffile..etc.apache2.apache2.conf: 2017-06-03T16:27:12.439856
mtime.conffile..etc.apache2.mods-available.dav.load: 2017-06-03T16:31:51.028040
mtime.conffile..etc.apache2.sites-available.000-default.conf: 2016-11-11T14:57:50

** Affects: apache2 (Ubuntu)
     Importance: Undecided
         Status: New


** Tags: amd64 xenial

-- 
You received this bug notification because you are a member of Ubuntu
Server/Client Support Team, which is subscribed to apache2 in Ubuntu.
Matching subscriptions: Ubuntu Server/Client Support Team
https://bugs.launchpad.net/bugs/1698758

Title:
  Encrypted password causes segmentation fault

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1698758/+subscriptions

Follow ups

[Bug 1698758] Re: Encrypted password causes segmentation fault
From: Andreas Hasenack, 2017-06-22