search

amishmm / php-pam

This extension provides PAM (Pluggable Authentication Modules) integration for PHP
Other
10 stars 5 forks source link

Segmentation Fault #11

Closed gavgavych closed 2 years ago

gavgavych commented 2 years ago

Hello I use apache + php and as an authorisation i use php-pam. Earlier i was building php.so from https://github.com/the-kbA-team/php-pam and everything was great. After upgrade to php8 i build pam.so from https://pecl.php.net/package/PAM, as it was updated for php8. But none of the Pam versions doesn’t work with Apache 2.4.x. and php 7.x-8.x.

After apache startup, i try to log-in in my website, apache goes to segmentation fault

#0  __libc_read (nbytes=1, buf=0x7fffa1bfd11b, fd=5) at ../sysdeps/unix/sysv/linux/read.c:26
#1  __libc_read (fd=5, buf=0x7fffa1bfd11b, nbytes=1) at ../sysdeps/unix/sysv/linux/read.c:24
#2  0x00005639773f0b57 in ap_mpm_podx_check ()
#3  0x000056397740ee20 in child_main ()
#4  0x000056397740f2f8 in make_child ()
#5  0x000056397740f3f4 in startup_children ()
#6  0x000056397741046d in event_run ()
#7  0x00005639773b30ed in ap_run_mpm ()
#8  0x00005639773a95fa in main ()

debian systemd-coredump[4437]: Process 3414 (httpd) of user 998 dumped core.
Stack trace of thread 3414:
#0  0x00007fd28b42f544 __libc_read (libpthread.so.0)
#1  0x00005639773f0b57 ap_mpm_podx_check (httpd)
#2  0x000056397740ee20 child_main (httpd)
#3  0x000056397740f2f8 make_child (httpd)
#4  0x000056397740fee3 perform_idle_server_maintenance (httpd)
#5  0x00005639774102ae server_main_loop (httpd)
#6  0x0000563977410635 event_run (httpd)
#7  0x00005639773b30ed ap_run_mpm (httpd)
#8  0x00005639773a95fa main (httpd)
#9  0x00007fd28b28109b __libc_start_main (libc.so.6)
#10 0x00005639773a772a _start (httpd)

It happens after call pam_auth($login, $password);

amishmm commented 2 years ago

I have no clue about this. I am using Arch Linux and its been working well.

However in your trace, I do not see any PHP function from PAM module being called.

So it could be an issue elsewhere.

gavgavych commented 2 years ago

After php -r 'require_once "/srv/site/vendor/autoload.php"; var_dump(pam_auth("user", "password"));' Apache 2.4.51 + php 7.2 or 8.0 (build with ts mode)

php --version

PHP 7.2.31 (cli) (built: Dec 15 2021 11:35:41) ( ZTS )
Copyright (c) 1997-2018 The PHP Group
Zend Engine v3.2.0, Copyright (c) 1998-2018 Zend Technologies
    with Zend OPcache v7.2.31, Copyright (c) 1999-2018, by Zend Technologies
    with SourceGuardian v12.1.1, Copyright (c) 2000-2021, by SourceGuardian Ltd.

Full dump

debian systemd-coredump[1923]: Process 1670 (httpd) of user 998 dumped core.

Stack trace of thread 1670:
#0  0x00007fd916acb544 __libc_read (libpthread.so.0)
#1  0x000056541e87aa74 ap_mpm_podx_check (httpd)
#2  0x00007fd912fc86bf child_main (mod_mpm_event.so)
#3  0x00007fd912fc8bf6 make_child (mod_mpm_event.so)
#4  0x00007fd912fc8cfe startup_children (mod_mpm_event.so)
#5  0x00007fd912fc9e74 event_run (mod_mpm_event.so)
#6  0x000056541e83cfa0 ap_run_mpm (httpd)
#7  0x000056541e8333ca main (httpd)
#8  0x00007fd91691d09b __libc_start_main (libc.so.6)
#9  0x000056541e8314fa _start (httpd)

Stack trace of thread 1751:
#0  0x00007fd916ac800c futex_wait_cancelable (libpthread.so.0)
#1  0x00007fd913d3d1de get_next (mod_http2.so)
#2  0x00007fd913d3d39f slot_run (mod_http2.so)
#3  0x00007fd916ac1fa3 start_thread (libpthread.so.0)
#4  0x00007fd9169f24cf __clone (libc.so.6)

Stack trace of thread 1752:
#0  0x00007fd916ac800c futex_wait_cancelable (libpthread.so.0)
#1  0x00007fd913d3d1de get_next (mod_http2.so)
#2  0x00007fd913d3d39f slot_run (mod_http2.so)
#3  0x00007fd916ac1fa3 start_thread (libpthread.so.0)
#4  0x00007fd9169f24cf __clone (libc.so.6)

Stack trace of thread 1753:
#0  0x00007fd916ac800c futex_wait_cancelable (libpthread.so.0)
#1  0x00007fd913d3d1de get_next (mod_http2.so)
#2  0x00007fd913d3d39f slot_run (mod_http2.so)
#3  0x00007fd916ac1fa3 start_thread (libpthread.so.0)
#4  0x00007fd9169f24cf __clone (libc.so.6)

Stack trace of thread 1754:
#0  0x00007fd916ac800c futex_wait_cancelable (libpthread.so.0)
#1  0x00007fd913d3d1de get_next (mod_http2.so)
#2  0x00007fd913d3d39f slot_run (mod_http2.so)
#3  0x00007fd916ac1fa3 start_thread (libpthread.so.0)
#4  0x00007fd9169f24cf __clone (libc.so.6)

Stack trace of thread 1755:
#0  0x00007fd916ac800c futex_wait_cancelable (libpthread.so.0)
#1  0x00007fd913d3d1de get_next (mod_http2.so)
#2  0x00007fd913d3d39f slot_run (mod_http2.so)
#3  0x00007fd916ac1fa3 start_thread (libpthread.so.0)
#4  0x00007fd9169f24cf __clone (libc.so.6)

Stack trace of thread 1756:
#0  0x00007fd916ac800c futex_wait_cancelable (libpthread.so.0)
#1  0x00007fd913d3d1de get_next (mod_http2.so)
#2  0x00007fd913d3d39f slot_run (mod_http2.so)
#3  0x00007fd916ac1fa3 start_thread (libpthread.so.0)
#4  0x00007fd9169f24cf __clone (libc.so.6)

Stack trace of thread 1757:
#0  0x00007fd916ac800c futex_wait_cancelable (libpthread.so.0)
#1  0x00007fd913d3d1de get_next (mod_http2.so)
#2  0x00007fd913d3d39f slot_run (mod_http2.so)
#3  0x00007fd916ac1fa3 start_thread (libpthread.so.0)
#4  0x00007fd9169f24cf __clone (libc.so.6)

Stack trace of thread 1758:
#0  0x00007fd916ac800c futex_wait_cancelable (libpthread.so.0)
#1  0x00007fd913d3d1de get_next (mod_http2.so)
#2  0x00007fd913d3d39f slot_run (mod_http2.so)
#3  0x00007fd916ac1fa3 start_thread (libpthread.so.0)
#4  0x00007fd9169f24cf __clone (libc.so.6)

Stack trace of thread 1759:
#0  0x00007fd916ac800c futex_wait_cancelable (libpthread.so.0)
#1  0x00007fd913d3d1de get_next (mod_http2.so)
#2  0x00007fd913d3d39f slot_run (mod_http2.so)
#3  0x00007fd916ac1fa3 start_thread (libpthread.so.0)
#4  0x00007fd9169f24cf __clone (libc.so.6)

Stack trace of thread 1760:
#0  0x00007fd916ac800c futex_wait_cancelable (libpthread.so.0)
#1  0x00007fd913d3d1de get_next (mod_http2.so)
#2  0x00007fd913d3d39f slot_run (mod_http2.so)
#3  0x00007fd916ac1fa3 start_thread (libpthread.so.0)
#4  0x00007fd9169f24cf __clone (libc.so.6)

Stack trace of thread 1761:
#0  0x00007fd916ac800c futex_wait_cancelable (libpthread.so.0)
#1  0x00007fd913d3d1de get_next (mod_http2.so)
#2  0x00007fd913d3d39f slot_run (mod_http2.so)
#3  0x00007fd916ac1fa3 start_thread (libpthread.so.0)
#4  0x00007fd9169f24cf __clone (libc.so.6)

Stack trace of thread 1762:
#0  0x00007fd916ac800c futex_wait_cancelable (libpthread.so.0)
#1  0x00007fd913d3d1de get_next (mod_http2.so)
#2  0x00007fd913d3d39f slot_run (mod_http2.so)
#3  0x00007fd916ac1fa3 start_thread (libpthread.so.0)
#4  0x00007fd9169f24cf __clone (libc.so.6)

Stack trace of thread 1763:
#0  0x00007fd916ac800c futex_wait_cancelable (libpthread.so.0)
#1  0x00007fd913d3d1de get_next (mod_http2.so)
#2  0x00007fd913d3d39f slot_run (mod_http2.so)
#3  0x00007fd916ac1fa3 start_thread (libpthread.so.0)
#4  0x00007fd9169f24cf __clone (libc.so.6)

Stack trace of thread 1764:
#0  0x00007fd916ac800c futex_wait_cancelable (libpthread.so.0)
#1  0x00007fd913d3d1de get_next (mod_http2.so)
#2  0x00007fd913d3d39f slot_run (mod_http2.so)
#3  0x00007fd916ac1fa3 start_thread (libpthread.so.0)
#4  0x00007fd9169f24cf __clone (libc.so.6)

Stack trace of thread 1765:
#0  0x00007fd916ac800c futex_wait_cancelable (libpthread.so.0)
#1  0x00007fd913d3d1de get_next (mod_http2.so)
#2  0x00007fd913d3d39f slot_run (mod_http2.so)
#3  0x00007fd916ac1fa3 start_thread (libpthread.so.0)
#4  0x00007fd9169f24cf __clone (libc.so.6)

Stack trace of thread 1766:
#0  0x00007fd916ac800c futex_wait_cancelable (libpthread.so.0)
#1  0x00007fd913d3d1de get_next (mod_http2.so)
#2  0x00007fd913d3d39f slot_run (mod_http2.so)
#3  0x00007fd916ac1fa3 start_thread (libpthread.so.0)
#4  0x00007fd9169f24cf __clone (libc.so.6)

Stack trace of thread 1767:
#0  0x00007fd916ac800c futex_wait_cancelable (libpthread.so.0)
#1  0x00007fd913d3d1de get_next (mod_http2.so)
#2  0x00007fd913d3d39f slot_run (mod_http2.so)
#3  0x00007fd916ac1fa3 start_thread (libpthread.so.0)
#4  0x00007fd9169f24cf __clone (libc.so.6)

Stack trace of thread 1768:
#0  0x00007fd916ac800c futex_wait_cancelable (libpthread.so.0)
#1  0x00007fd913d3d1de get_next (mod_http2.so)
#2  0x00007fd913d3d39f slot_run (mod_http2.so)
#3  0x00007fd916ac1fa3 start_thread (libpthread.so.0)
#4  0x00007fd9169f24cf __clone (libc.so.6)

Stack trace of thread 1769:
#0  0x00007fd916ac800c futex_wait_cancelable (libpthread.so.0)
#1  0x00007fd913d3d1de get_next (mod_http2.so)
#2  0x00007fd913d3d39f slot_run (mod_http2.so)
#3  0x00007fd916ac1fa3 start_thread (libpthread.so.0)
#4  0x00007fd9169f24cf __clone (libc.so.6)

Stack trace of thread 1770:
#0  0x00007fd916ac800c futex_wait_cancelable (libpthread.so.0)
#1  0x00007fd913d3d1de get_next (mod_http2.so)
#2  0x00007fd913d3d39f slot_run (mod_http2.so)
#3  0x00007fd916ac1fa3 start_thread (libpthread.so.0)
#4  0x00007fd9169f24cf __clone (libc.so.6)

Stack trace of thread 1771:
#0  0x00007fd916ac800c futex_wait_cancelable (libpthread.so.0)
#1  0x00007fd913d3d1de get_next (mod_http2.so)
#2  0x00007fd913d3d39f slot_run (mod_http2.so)
#3  0x00007fd916ac1fa3 start_thread (libpthread.so.0)
#4  0x00007fd9169f24cf __clone (libc.so.6)

Stack trace of thread 1772:
#0  0x00007fd916ac800c futex_wait_cancelable (libpthread.so.0)
#1  0x00007fd913d3d1de get_next (mod_http2.so)
#2  0x00007fd913d3d39f slot_run (mod_http2.so)
#3  0x00007fd916ac1fa3 start_thread (libpthread.so.0)
#4  0x00007fd9169f24cf __clone (libc.so.6)

Stack trace of thread 1773:
#0  0x00007fd916ac800c futex_wait_cancelable (libpthread.so.0)
#1  0x00007fd913d3d1de get_next (mod_http2.so)
#2  0x00007fd913d3d39f slot_run (mod_http2.so)
#3  0x00007fd916ac1fa3 start_thread (libpthread.so.0)
#4  0x00007fd9169f24cf __clone (libc.so.6)

Stack trace of thread 1774:
#0  0x00007fd916ac800c futex_wait_cancelable (libpthread.so.0)
#1  0x00007fd913d3d1de get_next (mod_http2.so)
#2  0x00007fd913d3d39f slot_run (mod_http2.so)
#3  0x00007fd916ac1fa3 start_thread (libpthread.so.0)
#4  0x00007fd9169f24cf __clone (libc.so.6)

Stack trace of thread 1775:
#0  0x00007fd916ac800c futex_wait_cancelable (libpthread.so.0)
#1  0x00007fd913d3d1de get_next (mod_http2.so)
#2  0x00007fd913d3d39f slot_run (mod_http2.so)
#3  0x00007fd916ac1fa3 start_thread (libpthread.so.0)
#4  0x00007fd9169f24cf __clone (libc.so.6)

Stack trace of thread 1803:
#0  0x00007fd916ac800c futex_wait_cancelable (libpthread.so.0)
#1  0x000056541e87c2c1 ap_queue_pop_something (httpd)
#2  0x00007fd912fc6eae worker_thread (mod_mpm_event.so)
#3  0x00007fd916ac1fa3 start_thread (libpthread.so.0)
#4  0x00007fd9169f24cf __clone (libc.so.6)

Stack trace of thread 1804:
#0  0x00007fd916ac800c futex_wait_cancelable (libpthread.so.0)
#1  0x000056541e87c2c1 ap_queue_pop_something (httpd)
#2  0x00007fd912fc6eae worker_thread (mod_mpm_event.so)
#3  0x00007fd916ac1fa3 start_thread (libpthread.so.0)
#4  0x00007fd9169f24cf __clone (libc.so.6)

Stack trace of thread 1805:
#0  0x00007fd916ac800c futex_wait_cancelable (libpthread.so.0)
#1  0x000056541e87c2c1 ap_queue_pop_something (httpd)
#2  0x00007fd912fc6eae worker_thread (mod_mpm_event.so)
#3  0x00007fd916ac1fa3 start_thread (libpthread.so.0)
#4  0x00007fd9169f24cf __clone (libc.so.6)

Stack trace of thread 1806:
#0  0x00007fd916ac800c futex_wait_cancelable (libpthread.so.0)
#1  0x000056541e87c2c1 ap_queue_pop_something (httpd)
#2  0x00007fd912fc6eae worker_thread (mod_mpm_event.so)
#3  0x00007fd916ac1fa3 start_thread (libpthread.so.0)
#4  0x00007fd9169f24cf __clone (libc.so.6)

Stack trace of thread 1807:
#0  0x00007fd916ac800c futex_wait_cancelable (libpthread.so.0)
#1  0x000056541e87c2c1 ap_queue_pop_something (httpd)
#2  0x00007fd912fc6eae worker_thread (mod_mpm_event.so)
#3  0x00007fd916ac1fa3 start_thread (libpthread.so.0)
#4  0x00007fd9169f24cf __clone (libc.so.6)

Stack trace of thread 1808:
#0  0x00007fd916ac800c futex_wait_cancelable (libpthread.so.0)
#1  0x000056541e87c2c1 ap_queue_pop_something (httpd)
#2  0x00007fd912fc6eae worker_thread (mod_mpm_event.so)
#3  0x00007fd916ac1fa3 start_thread (libpthread.so.0)
#4  0x00007fd9169f24cf __clone (libc.so.6)

Stack trace of thread 1809:
#0  0x00007fd916ac800c futex_wait_cancelable (libpthread.so.0)
#1  0x000056541e87c2c1 ap_queue_pop_something (httpd)
#2  0x00007fd912fc6eae worker_thread (mod_mpm_event.so)
#3  0x00007fd916ac1fa3 start_thread (libpthread.so.0)
#4  0x00007fd9169f24cf __clone (libc.so.6)

Stack trace of thread 1810:
#0  0x00007fd916ac800c futex_wait_cancelable (libpthread.so.0)
#1  0x000056541e87c2c1 ap_queue_pop_something (httpd)
#2  0x00007fd912fc6eae worker_thread (mod_mpm_event.so)
#3  0x00007fd916ac1fa3 start_thread (libpthread.so.0)
#4  0x00007fd9169f24cf __clone (libc.so.6)

Stack trace of thread 1811:
#0  0x00007fd916ac800c futex_wait_cancelable (libpthread.so.0)
#1  0x000056541e87c2c1 ap_queue_pop_something (httpd)
#2  0x00007fd912fc6eae worker_thread (mod_mpm_event.so)
#3  0x00007fd916ac1fa3 start_thread (libpthread.so.0)
#4  0x00007fd9169f24cf __clone (libc.so.6)

Stack trace of thread 1812:
#0  0x00007fd916ac800c futex_wait_cancelable (libpthread.so.0)
#1  0x000056541e87c2c1 ap_queue_pop_something (httpd)
#2  0x00007fd912fc6eae worker_thread (mod_mpm_event.so)
#3  0x00007fd916ac1fa3 start_thread (libpthread.so.0)
#4  0x00007fd9169f24cf __clone (libc.so.6)

Stack trace of thread 1813:
#0  0x00007fd916ac800c futex_wait_cancelable (libpthread.so.0)
#1  0x000056541e87c2c1 ap_queue_pop_something (httpd)
#2  0x00007fd912fc6eae worker_thread (mod_mpm_event.so)
#3  0x00007fd916ac1fa3 start_thread (libpthread.so.0)
#4  0x00007fd9169f24cf __clone (libc.so.6)

Stack trace of thread 1814:
#0  0x00007fd916ac800c futex_wait_cancelable (libpthread.so.0)
#1  0x000056541e87c2c1 ap_queue_pop_something (httpd)
#2  0x00007fd912fc6eae worker_thread (mod_mpm_event.so)
#3  0x00007fd916ac1fa3 start_thread (libpthread.so.0)
#4  0x00007fd9169f24cf __clone (libc.so.6)

Stack trace of thread 1815:
#0  0x00007fd916ac800c futex_wait_cancelable (libpthread.so.0)
#1  0x000056541e87c2c1 ap_queue_pop_something (httpd)
#2  0x00007fd912fc6eae worker_thread (mod_mpm_event.so)
#3  0x00007fd916ac1fa3 start_thread (libpthread.so.0)
#4  0x00007fd9169f24cf __clone (libc.so.6)

Stack trace of thread 1816:
#0  0x00007fd916ac800c futex_wait_cancelable (libpthread.so.0)
#1  0x000056541e87c2c1 ap_queue_pop_something (httpd)
#2  0x00007fd912fc6eae worker_thread (mod_mpm_event.so)
#3  0x00007fd916ac1fa3 start_thread (libpthread.so.0)
#4  0x00007fd9169f24cf __clone (libc.so.6)

Stack trace of thread 1817:
#0  0x00007fd916ac800c futex_wait_cancelable (libpthread.so.0)
#1  0x000056541e87c2c1 ap_queue_pop_something (httpd)
#2  0x00007fd912fc6eae worker_thread (mod_mpm_event.so)
#3  0x00007fd916ac1fa3 start_thread (libpthread.so.0)
#4  0x00007fd9169f24cf __clone (libc.so.6)

Stack trace of thread 1818:
#0  0x00007fd916ac800c futex_wait_cancelable (libpthread.so.0)
#1  0x000056541e87c2c1 ap_queue_pop_something (httpd)
#2  0x00007fd912fc6eae worker_thread (mod_mpm_event.so)
#3  0x00007fd916ac1fa3 start_thread (libpthread.so.0)
#4  0x00007fd9169f24cf __clone (libc.so.6)

Stack trace of thread 1819:
#0  0x00007fd916ac800c futex_wait_cancelable (libpthread.so.0)
#1  0x000056541e87c2c1 ap_queue_pop_something (httpd)
#2  0x00007fd912fc6eae worker_thread (mod_mpm_event.so)
#3  0x00007fd916ac1fa3 start_thread (libpthread.so.0)
#4  0x00007fd9169f24cf __clone (libc.so.6)

Stack trace of thread 1820:
#0  0x00007fd916ac800c futex_wait_cancelable (libpthread.so.0)
#1  0x000056541e87c2c1 ap_queue_pop_something (httpd)
#2  0x00007fd912fc6eae worker_thread (mod_mpm_event.so)
#3  0x00007fd916ac1fa3 start_thread (libpthread.so.0)
#4  0x00007fd9169f24cf __clone (libc.so.6)

Stack trace of thread 1821:
#0  0x00007fd916ac800c futex_wait_cancelable (libpthread.so.0)
#1  0x000056541e87c2c1 ap_queue_pop_something (httpd)
#2  0x00007fd912fc6eae worker_thread (mod_mpm_event.so)
#3  0x00007fd916ac1fa3 start_thread (libpthread.so.0)
#4  0x00007fd9169f24cf __clone (libc.so.6)

Stack trace of thread 1822:
#0  0x00007fd916ac800c futex_wait_cancelable (libpthread.so.0)
#1  0x000056541e87c2c1 ap_queue_pop_something (httpd)
#2  0x00007fd912fc6eae worker_thread (mod_mpm_event.so)
#3  0x00007fd916ac1fa3 start_thread (libpthread.so.0)
#4  0x00007fd9169f24cf __clone (libc.so.6)

Stack trace of thread 1823:
#0  0x00007fd916ac800c futex_wait_cancelable (libpthread.so.0)
#1  0x000056541e87c2c1 ap_queue_pop_something (httpd)
#2  0x00007fd912fc6eae worker_thread (mod_mpm_event.so)
#3  0x00007fd916ac1fa3 start_thread (libpthread.so.0)
#4  0x00007fd9169f24cf __clone (libc.so.6)

Stack trace of thread 1824:
#0  0x00007fd916ac800c futex_wait_cancelable (libpthread.so.0)
#1  0x000056541e87c2c1 ap_queue_pop_something (httpd)
#2  0x00007fd912fc6eae worker_thread (mod_mpm_event.so)
#3  0x00007fd916ac1fa3 start_thread (libpthread.so.0)
#4  0x00007fd9169f24cf __clone (libc.so.6)

Stack trace of thread 1825:
#0  0x00007fd916ac800c futex_wait_cancelable (libpthread.so.0)
#1  0x000056541e87c2c1 ap_queue_pop_something (httpd)
#2  0x00007fd912fc6eae worker_thread (mod_mpm_event.so)
#3  0x00007fd916ac1fa3 start_thread (libpthread.so.0)
#4  0x00007fd9169f24cf __clone (libc.so.6)

Stack trace of thread 1826:
#0  0x00007fd916ac800c futex_wait_cancelable (libpthread.so.0)
#1  0x000056541e87c2c1 ap_queue_pop_something (httpd)
#2  0x00007fd912fc6eae worker_thread (mod_mpm_event.so)
#3  0x00007fd916ac1fa3 start_thread (libpthread.so.0)
#4  0x00007fd9169f24cf __clone (libc.so.6)

Stack trace of thread 1828:
#0  0x00007fd9169f27ef epoll_wait (libc.so.6)
#1  0x00007fd916b01506 n/a (libapr-1.so.0)
#2  0x00007fd912fc59a4 listener_thread (mod_mpm_event.so)
#3  0x00007fd916ac1fa3 start_thread (libpthread.so.0)
#4  0x00007fd9169f24cf __clone (libc.so.6)

Stack trace of thread 1863:
#0  0x00007fd9169e7819 __GI___poll (libc.so.6)
#1  0x00007fd9102455e5 n/a (php_trueconf.so)
#2  0x00007fd9142dbb2f n/a (libstdc++.so.6)
#3  0x00007fd916ac1fa3 start_thread (libpthread.so.0)
#4  0x00007fd9169f24cf __clone (libc.so.6)

Stack trace of thread 1827:
#0  0x00007fd916930a97 kill (libc.so.6)
#1  0x000056541e87b693 sig_coredump (httpd)
#2  0x00007fd916acc730 __restore_rt (libpthread.so.0)
#3  0x00007fd913d5439b zif_pam_auth (pam.so)
#4  0x00007fd913550b8b ZEND_DO_FCALL_BY_NAME_SPEC_RETVAL_USED_HANDLER (libphp7.so)
#5  0x00007fd91355351f zend_execute (libphp7.so)
#6  0x00007fd9116671ca n/a (ixed.7.2ts.lin)
#7  0x00007fd91354f16c ZEND_DO_ICALL_SPEC_RETVAL_USED_HANDLER (libphp7.so)
#8  0x00007fd91355351f zend_execute (libphp7.so)
#9  0x00007fd9134aa527 zend_execute_scripts (libphp7.so)
#10 0x00007fd91343cc3e php_execute_script (libphp7.so)
#11 0x00007fd913555c52 php_handler (libphp7.so)
#12 0x000056541e867d16 ap_run_handler (httpd)
#13 0x000056541e868848 ap_invoke_handler (httpd)
#14 0x000056541e88939f ap_internal_redirect (httpd)
#15 0x00007fd913cb333e handler_redirect (mod_rewrite.so)
#16 0x000056541e867d16 ap_run_handler (httpd)
#17 0x000056541e868848 ap_invoke_handler (httpd)
#18 0x000056541e888189 ap_process_async_request (httpd)
#19 0x000056541e883982 ap_process_http_async_connection (httpd)
#20 0x000056541e883b7f ap_process_http_connection (httpd)
#21 0x000056541e876f81 ap_run_process_connection (httpd)
#22 0x00007fd912fc37cf process_socket (mod_mpm_event.so)
#23 0x00007fd912fc7026 worker_thread (mod_mpm_event.so)
#24 0x00007fd916ac1fa3 start_thread (libpthread.so.0)
#25 0x00007fd9169f24cf __clone (libc.so.6)
amishmm commented 2 years ago

Sorry but I have no clue. You possibly need to debug using the source.

Have you tried specifying all 5 parameters.

Something like: pam_auth("username", "password" , $error, true, "servicename");

Replace service name with right service name, like "login" or "php".

Also pam.so user (i.e. httpd) must have rights to verify the credentials.

gavgavych commented 2 years ago

Tried this from root: php -r 'require_once "/srv/site/vendor/autoload.php"; $error = ""; pam_auth("user", "123456" , $error, true); var_dump($error);'

Systemd dump:

debian kernel: php[2348]: segfault at 0 ip 00007f79fff553d3 sp 00007ffdb7c53a70 error 4 in pam.so[7f79fff55000+1000]
Dec 17 15:02:15 debian kernel: Code: 00 48 8b 44 24 10 48 8b 74 24 08 48 8b 1d 15 2c 00 00 48 8b 15 f6 2b 00 00 48 89 74 24 50 48 89 44 24 58 64 48 8b 03 48 63 12 <48> 8b 00 48 8b 44 d0 f8 80 78 08 00 0f 84 eb 00 00 00 48 8b 38 48
Dec 17 15:02:15 debian systemd[1]: Started Process Core Dump (PID 2351/UID 0).
systemd-coredump[2363]: Process 2359 (php) of user 0 dumped core.
Stack trace of thread 2359:
#0  0x00007f5f97b5c3d3 zif_pam_auth (pam.so)
 #1  0x0000560e976041bc execute_ex (php)
#2  0x0000560e976096a4 zend_execute (php)
 #3  0x0000560e975930a2 zend_eval_stringl (php)
#4  0x0000560e97593269 zend_eval_stringl_ex (php)
 #5  0x0000560e9762efe2 do_cli (php)
 #6  0x0000560e9736337a main (php)
#7  0x00007f5f9735b09b __libc_start_main (libc.so.6)
#8  0x0000560e97363aea _start (php)                                               
Stack trace of thread 2361:
#0  0x00007f5f97425819 __GI___poll (libc.so.6)
#1  0x00007f5f92c66085 n/a (php_trueconf.so)
#2  0x00007f5f97a30b2f n/a (libstdc++.so.6)
#3  0x00007f5f977ccfa3 start_thread (libpthread.so.0)
#4  0x00007f5f974304cf __clone (libc.so.6)

GDB:

(gdb) where
#0  0x00007f1de40813d3 in zif_pam_auth (execute_data=<optimized out>, return_value=0x7ffcb0fac270) at /php-pam/pam-2.2.2/pam.c:175
#1  0x000055b19e6491bc in execute_ex ()
#2  0x000055b19e64e6a4 in zend_execute ()
#3  0x000055b19e5d80a2 in zend_eval_stringl ()
#4  0x000055b19e5d8269 in zend_eval_stringl_ex ()
#5  0x000055b19e673fe2 in do_cli ()
#6  0x000055b19e3a837a in main ()
(gdb) bt full
#0  0x00007f1de40813d3 in zif_pam_auth (execute_data=<optimized out>, return_value=0x7ffcb0fac270) at /php-pam/pam-2.2.2/pam.c:175
username = 0x7f1de1401358 "user"
password = 0x7f1de1401378 "123456"
srvname = 0x0
username_len = 4
password_len = 6
srvname_len = 0
status = 0x7f1ddce24528
server = <optimized out>
remote_addr = <optimized out>
checkacctmgmt = true
userinfo = {name = 0x7f1de1401358 "user", pw = 0x7f1de1401378 "123456"}
conv_info = {conv = 0x7f1de4081aa0 <auth_pam_talker>, appdata_ptr = 0x7ffcb0fac1f0}
pamh = 0x0
result = <optimized out>
error_msg = 0xbffffffe0 <error: Cannot access memory at address 0xbffffffe0>
_s = <optimized out>
 __z = <optimized out>
 __s = <optimized out>
amishmm commented 2 years ago

Apache 2.4.51 + php 7.2 or 8.0 (build with **ts mode**)

Sorry I have no clue.. could be related to ts mode?

adb014 commented 2 years ago

Here is another data point. I too had this segfault with php 8.0.1 in the pam_start call. The logic that finds the servicename seems to return an invalid address of a string. I'm not a expert in ZEND and so my solution was just to change the pam_start call like

-   if ((result = pam_start((PAM_G(force_servicename) || !srvname || srvname_len < 1 || !srvname[0]) ? PAM_G(servicename) : srvname, userinfo.name, &conv_info, &pamh)) != PAM_SUCCESS) {
+   if ((result = pam_start("php", userinfo.name, &conv_info, &pamh)) != PAM_SUCCESS) {

It seems that PAM_G(servicename) and PAM_G(force_servicename) don't return valid values. After there was also a segfault in the call to zend_hash_str_find. I don't have a remote server, so I just commented out this section of code. After that I got the call to pam_auth to run correctly.

As I say I not an expert in zend, my kludge works, so I'm not going to waste any more time (2 days already) trying to fix this properly. But hope this help debug the problem

dummyunit commented 2 years ago

This crash is caused by the fact that thread local global variable _tsrm_ls_cache is initialized in the php executable but used in the extension .so (inside PAM_G macro). Also for some reason both the php executable and the extension have their own copy of that variable, so they need to be kept in sync, otherwise the extension will use its own copy that is only initialized to NULL. Currently extension doesn't do this synchronization, this is being fixed in #12.

amishmm commented 2 years ago

@gavgavych can you try to apply #12 at your end? If it works for you then I will apply the PR.

adb014 commented 2 years ago

Yes #12 fixed the segfault

adb014 commented 2 years ago

Will there be a new PECL release for this patch ?

amishmm commented 2 years ago

Yes I will do it either today or tomorrow.

Edit: Done!

adb014 commented 2 years ago

Thank you