[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
(ITS#3741) slapd segfaults when using proxycache overlay
Full_Name: Eugenio Grytsenko
Version: 2.2.26
OS: SuSE Linux
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (200.5.92.164)
I am using openldap 2.2.26, my distro is SuSE Linux 9.1, and I configured the
openldap server as metadirectory with proxycache overlay. When I tried to use
"proxytemplate" directive (number 3 in my config file) without any
"proxyattrset", slapd segfaults. Here is the config file:
==CUT HERE==
ucdata-path /usr/share/openldap/ucdata
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/openldap.schema
include /etc/openldap/schema/nis.schema
loglevel 256
pidfile /var/run/slapd/slapd.pid
argsfile /var/run/slapd/slapd.args
modulepath /usr/lib/openldap/modules
moduleload back_bdb.la
moduleload back_ldap.la
database ldap
suffix "dc=example,dc=com"
rootdn "dc=example,dc=com"
uri ldap://AAA.BBB.CCC.DDD:389
overlay proxycache
proxycache bdb 1000000 4 1000 86400
proxyattrset 0 sn loginShell uidNumber gidNumber objectClass uid gecos cn
homeDirectory
proxyattrset 1 uid userPassword uidNumber gidNumber cn homeDirectory
loginShell gecos description objectClass
proxyattrset 2 cn userPassword memberUid uniqueMember gidNumber
proxytemplate (cn=) 0 86400
proxytemplate (uid=) 0 86400
proxytemplate (&(objectClass=)(uid=)) 1 86400
proxytemplate (&(objectClass=)(uidNumber=)) 1 86400
proxytemplate (&(objectClass=)(memberUid=)) 2 86400
proxytemplate (&(objectClass=)(gidNumber=)) 2 86400
proxytemplate (&(objectClass=)(cn=)) 2 86400
proxytemplate (uid=) 3 86400
cachesize 500000
directory /var/run/slapd/data
index objectClass eq
index uid eq
index uidNumber eq
index gidNumber eq
index memberUid eq
index cn pres,eq,sub
==CUT HERE==
How could you reproduce the bug: I tried to authenticate with a user and with
the other.
fred@fred:~> ./check_user user1
User: [user1]
Password: **** <= wrong password
PAM said: Authentication failure
fred@fred:~> ./check_user user1
User: [user1]
Password: ****** <= good password
PAM said: Success
fred@fred:~> ./check_user user2
User: [user2]
Password: ****** <= good password
PAM said: User not known to the underlying authentication module
(server side: openldap segmentation fault)
Here is the source code of check_user:
==CUT HERE==
/* gcc -O2 -Wall -W check_user.c -o check_user -lpam -lpam_misc -s */
#include <stdio.h>
#include <security/pam_appl.h>
#include <security/pam_misc.h>
static struct pam_conv conv = {
misc_conv,
NULL
};
int main(int argc, char *argv[])
{
pam_handle_t *pamh = NULL;
const char *user = argv[1];
int retval;
if (user) {
fprintf(stderr, "User: [%s]\n", user);
}
retval = pam_start("check_user", user, &conv, &pamh);
if (retval == PAM_SUCCESS) {
retval = pam_authenticate(pamh, 0); /* usuario real? */
}
if (retval == PAM_SUCCESS) {
retval = pam_acct_mgmt(pamh, 0); /* acceso permitido? */
}
fprintf(stderr, "PAM said: %s\n", pam_strerror(pamh, retval));
if (retval == PAM_NEW_AUTHTOK_REQD) {
if (pam_chauthtok(pamh, PAM_CHANGE_EXPIRED_AUTHTOK) != PAM_SUCCESS) {
fprintf(stderr, "pam_chauthtok() error\n");
}
}
if (pam_end(pamh, retval) != PAM_SUCCESS) {
pamh = NULL;
fprintf(stderr, "pam_end failed\n");
return 1;
}
return retval == PAM_SUCCESS ? 0:1;
}
==CUT HERE==
And here is the /etc/pam.d/check_user configuration file:
==CUT HERE==
#%PAM-1.0
auth required pam_ldap.so
account required pam_ldap.so
password required pam_ldap.so
==CUT HERE==
Server side debug output:
openldap@server:~#/usr/lib/openldap/slapd -s0 -d 256
@(#) $OpenLDAP: slapd 2.2.26 (May 20 2005 14:44:49) $
root@susetest:/usr/src/openldap-2.2.26/servers/slapd
bdb_db_init: Initializing BDB database
Total # of attribute sets to be cached = 4
Attribute Set # 0
sn
loginShell
uidNumber
gidNumber
objectClass
uid
gecos
cn
homeDirectory
Attribute Set # 1
uid
userPassword
uidNumber
gidNumber
cn
homeDirectory
loginShell
gecos
description
objectClass
Attribute Set # 2
cn
userPassword
memberUid
uniqueMember
gidNumber
Template:
query template: (cn=)
attributes:
sn
loginShell
uidNumber
gidNumber
objectClass
uid
gecos
cn
homeDirectory
Template:
query template: (uid=)
attributes:
sn
loginShell
uidNumber
gidNumber
objectClass
uid
gecos
cn
homeDirectory
Template:
query template: (&(objectClass=)(uid=))
attributes:
uid
userPassword
uidNumber
gidNumber
cn
homeDirectory
loginShell
gecos
description
objectClass
Template:
query template: (&(objectClass=)(uidNumber=))
attributes:
uid
userPassword
uidNumber
gidNumber
cn
homeDirectory
loginShell
gecos
description
objectClass
Template:
query template: (&(objectClass=)(memberUid=))
attributes:
cn
userPassword
memberUid
uniqueMember
gidNumber
Template:
query template: (&(objectClass=)(gidNumber=))
attributes:
cn
userPassword
memberUid
uniqueMember
gidNumber
Template:
query template: (&(objectClass=)(cn=))
attributes:
cn
userPassword
memberUid
uniqueMember
gidNumber
Template:
query template: (uid=)
attributes:
slapd starting
conn=0 fd=11 ACCEPT from IP=AAA.BBB.CCC.ZZZ:2010 (IP=0.0.0.0:389)
conn=0 op=0 BIND dn="" method=128
conn=0 op=0 RESULT tag=97 err=0 text=
conn=0 op=1 SRCH base="dc=example,dc=com" scope=2 deref=0 filter="(uid=user1)"
query template of incoming query = (uid=)
Lock QC index = 7
Not answerable: Unlock QC index=7
QUERY NOT ANSWERABLE
QUERY CACHEABLE
request 1 done
request 2 done
UUID for query being added = 83f76f16-5da5-1029-9e89-a4920bdef69d
ENTRY ADDED/MERGED, CACHED ENTRIES=0
STORED QUERIES = 1
Added query expires at 1116698738
Lock AQ index = 7
TEMPLATE 7 QUERIES++ 1
Unlock AQ index = 7
Base of added query = dc=example,dc=com
conn=0 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text=
conn=0 op=2 BIND dn="uid=user1,ou=People,dc=example,dc=com" method=128
request 1 done
conn=0 op=2 RESULT tag=97 err=49 text=
conn=0 op=3 BIND dn="" method=128
conn=0 op=3 RESULT tag=97 err=0 text=
conn=0 op=4 UNBIND
conn=0 fd=11 closed
conn=1 fd=11 ACCEPT from IP=AAA.BBB.CCC.ZZZ:2011 (IP=0.0.0.0:389)
conn=1 op=0 BIND dn="" method=128
conn=1 op=0 RESULT tag=97 err=0 text=
conn=1 op=1 SRCH base="dc=example,dc=com" scope=2 deref=0 filter="(uid=user1)"
query template of incoming query = (uid=)
Lock QC index = 7
QUERY ANSWERABLE
conn=1 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text=
conn=1 op=2 BIND dn="uid=user1,ou=People,dc=example,dc=com" method=128
request 1 done
conn=1 op=2 RESULT tag=97 err=0 text=
connection_input: conn=1 deferring operation: binding
conn=1 op=2 BIND dn="uid=user1,ou=People,dc=example,dc=com" mech=SIMPLE ssf=0
conn=1 op=2 RESULT tag=97 err=0 text=
conn=1 op=3 BIND anonymous mech=implicit ssf=0
conn=1 op=3 BIND dn="" method=128
conn=1 op=3 RESULT tag=97 err=0 text=
conn=1 op=4 UNBIND
conn=1 fd=11 closed
conn=2 fd=11 ACCEPT from IP=AAA.BBB.CCC.ZZZ:2012 (IP=0.0.0.0:389)
conn=2 op=0 BIND dn="" method=128
conn=2 op=0 RESULT tag=97 err=0 text=
conn=2 op=1 SRCH base="dc=example,dc=com" scope=2 deref=0 filter="(uid=user2)"
query template of incoming query = (uid=)
Lock QC index = 7
Not answerable: Unlock QC index=7
QUERY NOT ANSWERABLE
QUERY CACHEABLE
Segmentation fault
openldap@server:~#
I solve it by doing a hack in servers/slapd/overlays/pcache.c, here is the
patch:
==CUT HERE==
diff -urN openldap-2.2.26/servers/slapd/overlays/pcache.c
openldap-2.2.26-diff/servers/slapd/overlays/pcache.c
--- openldap-2.2.26/servers/slapd/overlays/pcache.c 2005-01-20
14:01:17.000000000 -0300
+++ openldap-2.2.26-diff/servers/slapd/overlays/pcache.c 2005-05-19
15:30:07.585518684 -0300
@@ -1263,7 +1263,7 @@
for (count=0; attrs[count].an_name.bv_val; count++)
;
}
- *new_attrs = (AttributeName*)(op->o_tmpalloc((count+1)*
+ *new_attrs = (AttributeName*)(op->o_tmpcalloc((count+1),
sizeof(AttributeName), op->o_tmpmemctx));
if (attrs == NULL) {
(*new_attrs)[0].an_name.bv_val = "*";
==CUT HERE==
Email: fredme@gmail.com
Web: http://www.unixfamily.com.ar/
fred.-