Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Vault 1.2.1 is crashing when trying to authenticate with radius auth method #7286

Closed
2easy opened this issue Aug 9, 2019 · 1 comment · Fixed by #7290
Closed

Vault 1.2.1 is crashing when trying to authenticate with radius auth method #7286

2easy opened this issue Aug 9, 2019 · 1 comment · Fixed by #7290
Assignees
@ncabatoff
Labels
bug Used to indicate a potential bug
Milestone
1.2.2

Comments

@2easy
Copy link

2easy commented Aug 9, 2019

Describe the bug
After upgrade to 1.2.1 Vault is crashing when trying to authenticate with Radius server.

To Reproduce
Steps to reproduce the behavior:

  1. Run vault auth enable radius
  2. Run vault write auth/radius/config host=radius.internal dial_timeout=10 nas_port=10 port=1812 read_timeout=10 unregistered_user_policies="" secret=supersecret
  3. Run echo -n "$PASSWORD-$TOKEN" | vault login -method=userpass -path=radius username=$VUSER password=-

Expected behavior
I should be able to log in via this enpoint as in previous version 1.0.3

Environment:

  • Vault Server Version (retrieve with vault status): 1.2.1
  • Vault CLI Version (retrieve with vault version): 1.2.1
  • Server Operating System/Architecture: Debian Stretch amd64

Vault server configuration file(s):

None

Additional context

2019-08-09T08:25:45.988+0200 [INFO]  http: panic serving 127.0.0.1:40002: runtime error: invalid memory address or nil pointer dereference
goroutine 714 [running]:
net/http.(*conn).serve.func1(0xc0000cc820)
	/goroot/src/net/http/server.go:1769 +0x139
panic(0x2c13560, 0x5b6b250)
	/goroot/src/runtime/panic.go:522 +0x1b5
github.com/hashicorp/vault/builtin/credential/radius.(*backend).pathLogin(0xc000aaa018, 0x37b8580, 0xc0008d9980, 0xc00004e8c0, 0xc0001d5890, 0x10, 0xc0001d5890, 0xc0009d0b20)
	/gopath/src/github.com/hashicorp/vault/builtin/credential/radius/path_login.go:127 +0x74a
github.com/hashicorp/vault/helper/mfa.(*backend).wrapLoginHandler.func1(0x37b8580, 0xc0008d9980, 0xc00004e8c0, 0xc0001d5890, 0xc0002450c8, 0x5b7b67, 0xc0009d0d10)
	/gopath/src/github.com/hashicorp/vault/helper/mfa/mfa.go:69 +0x61
github.com/hashicorp/vault/vendor/github.com/hashicorp/vault/sdk/framework.(*Backend).HandleRequest(0xc0002455f0, 0x37b8580, 0xc0008d9980, 0xc00004e8c0, 0x0, 0x0, 0x0)
	/gopath/src/github.com/hashicorp/vault/vendor/github.com/hashicorp/vault/sdk/framework/backend.go:253 +0x492
github.com/hashicorp/vault/builtin/plugin.(*PluginBackend).HandleRequest.func1(0x0, 0x28)
	/gopath/src/github.com/hashicorp/vault/builtin/plugin/backend.go:198 +0x5a
github.com/hashicorp/vault/builtin/plugin.(*PluginBackend).lazyLoadBackend(0xc000b1b9a0, 0x37b8580, 0xc0008d9980, 0x37b9000, 0xc0008cce80, 0xc0009d0e20, 0x0, 0x0)
	/gopath/src/github.com/hashicorp/vault/builtin/plugin/backend.go:160 +0x8c
github.com/hashicorp/vault/builtin/plugin.(*PluginBackend).HandleRequest(0xc000b1b9a0, 0x37b8580, 0xc0008d9980, 0xc00004e8c0, 0x0, 0xc0008baec0, 0xc)
	/gopath/src/github.com/hashicorp/vault/builtin/plugin/backend.go:196 +0xbb
github.com/hashicorp/vault/vault.(*Router).routeCommon(0xc0003db040, 0x37b8580, 0xc0008d9980, 0xc00004e8c0, 0x0, 0x0, 0x0, 0x0, 0x0)
	/gopath/src/github.com/hashicorp/vault/vault/router.go:676 +0x919
github.com/hashicorp/vault/vault.(*Router).Route(...)
	/gopath/src/github.com/hashicorp/vault/vault/router.go:476
github.com/hashicorp/vault/vault.(*Core).doRouting(0xc00010bb80, 0x37b8580, 0xc0008d9980, 0xc00004e8c0, 0xc000a4a0f0, 0x0, 0x0)
	/gopath/src/github.com/hashicorp/vault/vault/request_handling.go:558 +0x5a
github.com/hashicorp/vault/vault.(*Core).handleLoginRequest(0xc00010bb80, 0x37b8580, 0xc0008d9980, 0xc00004e8c0, 0x0, 0x0, 0x0, 0x0)
	/gopath/src/github.com/hashicorp/vault/vault/request_handling.go:977 +0xacc
github.com/hashicorp/vault/vault.(*Core).handleCancelableRequest(0xc00010bb80, 0x37b8580, 0xc0008d9980, 0x5b70a40, 0xc00004e8c0, 0x5b70a40, 0x37b8580, 0xc0008d9980)
	/gopath/src/github.com/hashicorp/vault/vault/request_handling.go:448 +0x1ed
github.com/hashicorp/vault/vault.(*Core).switchedLockHandleRequest(0xc00010bb80, 0x37b8580, 0xc0008d97a0, 0xc00004e8c0, 0x1, 0x0, 0x0, 0x0)
	/gopath/src/github.com/hashicorp/vault/vault/request_handling.go:417 +0x288
github.com/hashicorp/vault/vault.(*Core).HandleRequest(...)
	/gopath/src/github.com/hashicorp/vault/vault/request_handling.go:382
github.com/hashicorp/vault/http.request(0xc00010bb80, 0x37992c0, 0xc00012c000, 0xc0001db600, 0xc00004e8c0, 0x0, 0x0)
	/gopath/src/github.com/hashicorp/vault/http/handler.go:620 +0x80
github.com/hashicorp/vault/http.handleLogicalInternal.func1(0x37992c0, 0xc00012c000, 0xc0001db600)
	/gopath/src/github.com/hashicorp/vault/http/logical.go:278 +0x32d
net/http.HandlerFunc.ServeHTTP(0xc000a71580, 0x37992c0, 0xc00012c000, 0xc0001db600)
	/goroot/src/net/http/server.go:1995 +0x44
github.com/hashicorp/vault/http.handleRequestForwarding.func1(0x37992c0, 0xc00012c000, 0xc0001db600)
	/gopath/src/github.com/hashicorp/vault/http/handler.go:545 +0x2b7
net/http.HandlerFunc.ServeHTTP(0xc000a715a0, 0x37992c0, 0xc00012c000, 0xc0001db600)
	/goroot/src/net/http/server.go:1995 +0x44
net/http.(*ServeMux).ServeHTTP(0xc0007375c0, 0x37992c0, 0xc00012c000, 0xc0001db600)
	/goroot/src/net/http/server.go:2375 +0x1d6
github.com/hashicorp/vault/http.wrapHelpHandler.func1(0x37992c0, 0xc00012c000, 0xc0001db600)
	/gopath/src/github.com/hashicorp/vault/http/help.go:24 +0x156
net/http.HandlerFunc.ServeHTTP(0xc000a71640, 0x37992c0, 0xc00012c000, 0xc0001db600)
	/goroot/src/net/http/server.go:1995 +0x44
github.com/hashicorp/vault/http.wrapCORSHandler.func1(0x37992c0, 0xc00012c000, 0xc0001db600)
	/gopath/src/github.com/hashicorp/vault/http/cors.go:29 +0x9e1
net/http.HandlerFunc.ServeHTTP(0xc000a71660, 0x37992c0, 0xc00012c000, 0xc0001db600)
	/goroot/src/net/http/server.go:1995 +0x44
github.com/hashicorp/vault/http.wrapGenericHandler.func1(0x37992c0, 0xc00012c000, 0xc0001db400)
	/gopath/src/github.com/hashicorp/vault/http/handler.go:204 +0x339
net/http.HandlerFunc.ServeHTTP(0xc000a74b10, 0x37992c0, 0xc00012c000, 0xc0001db400)
	/goroot/src/net/http/server.go:1995 +0x44
github.com/hashicorp/vault/vendor/github.com/hashicorp/go-cleanhttp.PrintablePathCheckHandler.func1(0x37992c0, 0xc00012c000, 0xc0001db400)
	/gopath/src/github.com/hashicorp/vault/vendor/github.com/hashicorp/go-cleanhttp/handlers.go:42 +0xbb
net/http.HandlerFunc.ServeHTTP(0xc000a71680, 0x37992c0, 0xc00012c000, 0xc0001db400)
	/goroot/src/net/http/server.go:1995 +0x44
net/http.serverHandler.ServeHTTP(0xc000b14dd0, 0x37992c0, 0xc00012c000, 0xc0001db400)
	/goroot/src/net/http/server.go:2774 +0xa8
net/http.(*conn).serve(0xc0000cc820, 0x37b84c0, 0xc000216b80)
	/goroot/src/net/http/server.go:1878 +0x851
created by net/http.(*Server).Serve
	/goroot/src/net/http/server.go:2884  #+0x2f4
@ncabatoff ncabatoff self-assigned this Aug 9, 2019
@ncabatoff ncabatoff mentioned this issue Aug 9, 2019
Merged
@ncabatoff
Copy link
Collaborator

Hi @2easy,

Thanks for the detailed bug report. We'll include a fix in 1.2.2.

@chrishoffman chrishoffman added the bug Used to indicate a potential bug label Aug 9, 2019
@ncabatoff ncabatoff mentioned this issue Aug 14, 2019
Merged
@jefferai jefferai added this to the 1.2.2 milestone Aug 14, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@ncabatoff ncabatoff

Labels
bug Used to indicate a potential bug
Projects
None yet
Milestone
1.2.2
Development

Successfully merging a pull request may close this issue.

Fix regression that causes panic when logging in via Radius. hashicorp/vault
4 participants
@jefferai @chrishoffman @2easy @ncabatoff