Full_Name: Markus Krause Version: openldap2-2.3.34-5.2 OS: SuSE Llinux Enterprise Server 10 URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (84.56.13.40) changing the the ldap password using "ldappasswd" from the command line using the following slapd.conf on a consumer (only relevant part) crashes the server with a "segmentation fault": ... modulepath /usr/lib/openldap/modules moduleload smbk5pwd.so sizelimit unlimited acl ... TLSstuff ... #### chain overlay definition overlay chain chain-rebind-as-user FALSE chain-uri "ldaps://ldapprov" chain-rebind-as-user TRUE chain-idassert-bind bindmethod="simple" binddn="cn=manager,o=test" credentials="secret" mode="self" database bdb suffix "o=test" directory /var/lib/ldap/ rootdn "cn=manager,o=test" rootpw "secret" index objectClass,uidNumber,gidNumber eq index member,mail eq,pres index cn,displayname,uid,sn,givenname sub,eq,pres index sambaSID,sambaPrimaryGroupSID,sambaDomainName eq index entryCSN,entryUUID eq index dhcpHWAddress eq,pres index relativeDomainName eq,pres index ipHostNumber eq,pres index zoneName eq,pres index radiusGroupName eq,pres syncrepl rid=13 provider=ldaps://ldapprov type=refreshAndPersist retry=1,5,5,6,30,+ interval=00:00:00:30 searchbase="o=test" filter="(objectclass=*)" scope=sub attrs="*" schemachecking=off binddn="cn=manager,o=test" bindmethod=simple credentials="secret" sizelimit=unlimited updateref ldaps://ldapprov overlay syncprov --- end of slapd.conf running slapd in debug mode -d 65535 shows: --- slapd -d 65535 conn=0 op=1 PASSMOD id="uid=test,o=test" new >>> dnPrettyNormal: <uid=user,o=test> => ldap_bv2dn(uid=user,o=test,0) <= ldap_bv2dn(uid=user,o=test)=0 => ldap_dn2bv(272) <= ldap_dn2bv(uid=user,o=test)=0 => ldap_dn2bv(272) <= ldap_dn2bv(uid=user,o=test)=0 <<< dnPrettyNormal: <uid=user,o=test>, <uid=user,o=test> bdb_dn2entry("uid=user,o=test") => bdb_dn2id("uid=user,o=test") <= bdb_dn2id: got id=0x0000284c => bdb_dn2id("o=test") <= bdb_dn2id: got id=0x00002861 => bdb_dn2id("uid=user,o=test") <= bdb_dn2id: got id=0x0000337f entry_decode: "uid=user,o=test" <= entry_decode(uid=user,o=test) ldap_url_parse_ext(ldaps://ldapprov) send_ldap_extended: err=10 oid= len=0 ldap_url_parse_ext(ldaps://ldapprov) Segmentation fault ----- end of debug output the command used was: ldappasswd -x -h localhost -D "cn=manager,o=test" -W uid=test,o=test -S New password: Re-enter new password: Enter LDAP Password: ldappasswd: ldap_result: Can't contact LDAP server (-1) the last 70 lines of strace where: --- tail -70 slapd-strace.log: time(NULL) = 1179248871 time(NULL) = 1179248871 close(14) = 0 close(15) = 0 close(13) = 0 lseek(12, 0, SEEK_SET) = 0 fcntl64(12, F_SETLKW, {type=F_WRLCK, whence=SEEK_CUR, start=0, len=1024}) = 0 fstat64(12, {st_mode=S_IFREG|0644, st_size=4096, ...}) = 0 lseek(12, 2048, SEEK_SET) = 2048 read(12, "xV4\22\0\0\0\0\2\0\0\0\0\0\0\0 \300IF\0\0\0\0\310~\0\0"..., 1024) = 1024 lseek(12, 2048, SEEK_SET) = 2048 fcntl64(12, F_GETLK, {type=F_UNLCK, whence=SEEK_CUR, start=0, len=1024, pid=0}) = 0 lseek(12, 2048, SEEK_SET) = 2048 read(12, "xV4\22\0\0\0\0\2\0\0\0\0\0\0\0 \300IF\0\0\0\0\310~\0\0"..., 1024) = 1024 lseek(12, 2048, SEEK_SET) = 2048 write(12, "xV4\22\0\0\0\0\0\0\0\0\0\0\0\0 \300IF\0\0\0\0\310~\0\0"..., 1024) = 1024 lseek(12, 3072, SEEK_SET) = 3072 read(12, "xV4\22\0\0\0\0\0\0\0\0\0\0\0\0 yHF\0\0\0\0\242q\0\0\0\0"..., 1024) = 1024 lseek(12, 0, SEEK_SET) = 0 fcntl64(12, F_SETLK, {type=F_UNLCK, whence=SEEK_CUR, start=0, len=1024}) = 0 stat64("/var/lib/ldap/id2entry.bdb", {st_mode=S_IFREG|0600, st_size=15826944, ...}) = 0 stat64("/var/lib/ldap/id2entry.bdb", {st_mode=S_IFREG|0600, st_size=15826944, ...}) = 0 open("/var/lib/ldap/id2entry.bdb", O_RDWR|O_LARGEFILE) = 13 fcntl64(13, F_SETFD, FD_CLOEXEC) = 0 read(13, "\22\0\0\0\212^i\0\0\0\0\0b1\5\0\t\0\0\0\0@\0\0\0\t\0\0"..., 512) = 512 close(13) = 0 stat64("/var/lib/ldap/id2entry.bdb", {st_mode=S_IFREG|0600, st_size=15826944, ...}) = 0 open("/var/lib/ldap/id2entry.bdb", O_RDWR|O_LARGEFILE) = 13 fcntl64(13, F_SETFD, FD_CLOEXEC) = 0 fstat64(13, {st_mode=S_IFREG|0600, st_size=15826944, ...}) = 0 time(NULL) = 1179248871 stat64("/var/lib/ldap/dn2id.bdb", {st_mode=S_IFREG|0600, st_size=5132288, ...}) = 0 stat64("/var/lib/ldap/dn2id.bdb", {st_mode=S_IFREG|0600, st_size=5132288, ...}) = 0 open("/var/lib/ldap/dn2id.bdb", O_RDWR|O_LARGEFILE) = 14 fcntl64(14, F_SETFD, FD_CLOEXEC) = 0 read(14, "\22\0\0\0\tEQ\0\0\0\0\0b1\5\0\t\0\0\0\0\20\0\0\0\t\0\0"..., 512) = 512 close(14) = 0 stat64("/var/lib/ldap/dn2id.bdb", {st_mode=S_IFREG|0600, st_size=5132288, ...}) = 0 open("/var/lib/ldap/dn2id.bdb", O_RDWR|O_LARGEFILE) = 14 fcntl64(14, F_SETFD, FD_CLOEXEC) = 0 fstat64(14, {st_mode=S_IFREG|0600, st_size=5132288, ...}) = 0 time(NULL) = 1179248871 pread64(13, "\20\0\0\0008\fY\0\1\0\0\0\0\0\0\0\0\0\0\0\2\0\344?\3\3"..., 16384, 16384) = 16384 pread64(13, "\22\0\0\0:^i\0\220\3\0\0\0\0\0\0\0\0\0\0\335\0010\"\2\3"..., 16384, 14942208) = 16384 pread64(13, "\22\0\0\0\235\0m\0W\3\0\0O\3\0\0\0\0\0\0\20\0\270!\1\5"..., 16384, 14008320) = 16384 mmap2(NULL, 1052672, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb63c3000 time(NULL) = 1179248871 write(2, "=> bdb_entry_get: ndn: \"o=testh"..., 49) = 49 write(2, "=> bdb_entry_get: oc: \"(null)\", "..., 49) = 49 write(2, "bdb_dn2entry(\"o=test"..., 40) = 40 write(2, "=> bdb_dn2id(\"o=test"..., 40) = 40 pread64(14, "\t\0\0\0D+=\0\1\0\0\0\0\0\0\0\0\0\0\0\20\0\214\r\3\3\364"..., 4096, 4096) = 4096 pread64(14, "\n\0\0\0\212\242P\0_\2\0\0\0\0\0\0G\4\0\0G\0\364\7\2\3"..., 4096, 2486272) = 4096 pread64(14, "\22\0\0\0i\374l\0\n\0\0\0Q\3\0\0\33\4\0\0>\0\230\6\1\5"..., 4096, 40960) = 4096 write(2, "<= bdb_dn2id: got id=0x00000001\n", 32) = 32 pread64(13, "\20\0\0\0\230\313X\0\217\3\0\0\0\0\0\0\0\0\0\0\307\1\224"..., 16384, 14925824) = 16384 pread64(13, "\22\0\0\0O\2m\0\2\0\0\0\0\0\0\0\3\0\0\0(\0|\4\1\5\370?"..., 16384, 32768) = 16384 write(2, "entry_decode: \"o=test"..., 40) = 40 write(2, "<= entry_decode(o=test"..., 41) = 41 write(2, "=> bdb_entry_get: found entry: \""..., 57) = 57 write(2, "bdb_entry_get: rc=0\n", 20) = 20 mmap2(NULL, 8392704, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb5bc2000 mprotect(0xb5bc2000, 4096, PROT_NONE) = 0 clone(child_stack=0xb63c24d4, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tidptr=0xb63c2be8, {entry_number:6, base_addr:0xb63c2ba0, limit:1048575, seg_32bit:1, contents:0, read_exec_only:0, limit_in_pages:1, seg_not_present:0, useable:1}, child_tidptr=0xb63c2be8) = 374 futex(0xb63c2be8, FUTEX_WAIT, 374, NULL) = 0 write(2, "slapd starting\n", 15) = 15 mmap2(NULL, 385024, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb5363000 clone(child_stack=0xb63c24d4, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tidptr=0xb63c2be8, {entry_number:6, base_addr:0xb63c2ba0, limit:1048575, seg_32bit:1, contents:0, read_exec_only:0, limit_in_pages:1, seg_not_present:0, useable:1}, child_tidptr=0xb63c2be8) = 375 futex(0xb63c2be8, FUTEX_WAIT, 375, NULL) = 0 +++ killed by SIGSEGV +++ ---- end of tail -70 slapd-strace.log using a wrong ldap password at "Enter LDAP Password:" when promped by "ldappasswd" does not crash the server.
krause@biochem.mpg.de wrote: > changing the the ldap password using "ldappasswd" from the command line using > the following slapd.conf on a consumer (only relevant part) crashes the server > with a "segmentation fault": The crash is now fixed in HEAD (a NULL pointer was parsed out of the referral's DN, since formally no request DN is available in that exop). However, although the password modify now is correctly resent to the producer, the consumer does not get updated. Investigating... p. Ing. Pierangelo Masarati OpenLDAP Core Team SysNet s.r.l. via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it --------------------------------------- Office: +39 02 23998309 Mobile: +39 333 4963172 Email: pierangelo.masarati@sys-net.it ---------------------------------------
changed notes moved from Incoming to Software Bugs
changed notes changed state Open to Test
This is now completely fixed in HEAD; I need to check any issue related to backporting to re23, for quick release. Please test. Thanks for reporting, p. Ing. Pierangelo Masarati OpenLDAP Core Team SysNet s.r.l. via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it --------------------------------------- Office: +39 02 23998309 Mobile: +39 333 4963172 Email: pierangelo.masarati@sys-net.it ---------------------------------------
changed notes
I have downloaded the cvs version (2007-05-21) and built it, but get, as it seems related to something else, a segfault. i reproduced this trice. what i did: (just to be sure i did not make a fatal mistake) * fetched cvs * ran configure with the following command line: env CPPFLAGS=-I/usr/include/db42 ./configure --enable-wrappers --enable-aclgroups --enable-spasswd --enable-modules --enable-shared --enable-dynamic --with-tls --with-cyrus-sasl --enable-crypt --enable-aci --enable-bdb --enable-hdb --enable-ldbm --enable-rewrite --enable-ldap=yes --enable-meta=mod --enable-monitor=yes --enable-perl=mod --enable-slp --enable-overlays=yes --enable-lmpasswd --with-yielding-select --enable-debug=yes i had to install the development package for BDB 4.2 (although the rpm from opensuse has it built with BDB 4.3, also i could not reuse the existing ldap db) * then make depend; make; make test -> all tests succeded (as far is i can tell) * gdb openldap/servers/slapd/.libs/slapd run -h ldap:/// ldaps:/// -g ldap -u ldap -d 65535 as the "local" ldap db on this consumer is empty the replication starts (reproduced after segfault and removal of the direcory contents): [lot of debugging output, and finally:] entry_decode: "cn=Neurobiologie EDV,ou=IT Contacts,ou=ACL,dc=biochem,dc=mpg,dc=de" <= entry_decode(cn=Neurobiologie EDV,ou=IT Contacts,ou=ACL,dc=biochem,dc=mpg,dc=de) => test_filter PRESENT => access_allowed: search access to "cn=Neurobiologie EDV,ou=IT Contacts,ou=ACL,dc=biochem,dc=mpg,dc=de" "objectClass" requested <= root access granted => access_allowed: search access granted by manage(=mwrscxd) <= test_filter 6 nonpresent_callback: rid=013 got UUID 1f1b0732-9823-102b-8c9e-b3c3d9320a55, dn cn=Neurobiologie EDV,ou=IT Contacts,ou=ACL,dc=biochem,dc=mpg,dc=de send_ldap_result: conn=-1 op=0 p=0 send_ldap_result: err=0 matched="" text="" bdb_modify: dc=biochem,dc=mpg,dc=de bdb_dn2entry("dc=biochem,dc=mpg,dc=de") entry_decode: "dc=biochem,dc=mpg,dc=de" <= entry_decode(dc=biochem,dc=mpg,dc=de) bdb_modify_internal: 0x00000001: dc=biochem,dc=mpg,dc=de <= acl_access_allowed: granted to database root bdb_modify_internal: add contextCSN => entry_encode(0x00000001): dc=biochem,dc=mpg,dc=de bdb_modify: updated id=00000001 dn="dc=biochem,dc=mpg,dc=de" send_ldap_result: conn=-1 op=0 p=0 send_ldap_result: err=0 matched="" text="" Program received signal SIGSEGV, Segmentation fault. [Switching to Thread -1225942112 (LWP 19016)] slap_dup_sync_cookie (dst=0x8283400, src=0xb6ed8cf0) at ldapsync.c:327 327 new->sids[i] = src->sids[i]; the backtrace says: (gdb) bt #0 slap_dup_sync_cookie (dst=0x8283400, src=0xb6ed8cf0) at ldapsync.c:327 #1 0x080c83fd in syncrepl_updateCookie (si=0x8283310, op=0xb6ed8e7c, pdn=<value optimized out>, syncCookie=0xb6ed8cf0) at syncrepl.c:2615 #2 0x080ced95 in do_syncrep2 (op=0xb6ed8e7c, si=0x8283310) at syncrepl.c:1016 #3 0x080cffbc in do_syncrepl (ctx=0xb6ed92d8, arg=0x8282d60) at syncrepl.c:1161 #4 0x08074c0a in connection_read_thread (ctx=0xb6ed92d8, argv=0x11) at connection.c:1273 #5 0xb7f5f7f2 in ldap_int_thread_pool_wrapper (xpool=0x821ff08) at tpool.c:725 #6 0xb7c4134b in start_thread () from /lib/libpthread.so.0 #7 0xb7bd965e in clone () from /lib/libc.so.6 (gdb) after this it also segfaults if started again : [lot of debugging output, and finally:] do_syncrep2: rid=013 LDAP_RES_INTERMEDIATE - REFRESH_PRESENT ber_scanf fmt (t{) ber: ber_dump: buf=0x08312178 ptr=0x08312178 end=0x083121a8 len=48 0000: a2 2e 04 2c 63 73 6e 3d 32 30 30 37 30 35 31 36 ...,csn=20070516 0010: 31 38 30 30 34 38 5a 23 30 30 30 30 36 35 23 30 180048Z#000065#0 0020: 30 23 30 30 30 30 30 30 2c 72 69 64 3d 30 31 33 0#000000,rid=013 ber_scanf fmt (m) ber: ber_dump: buf=0x08312178 ptr=0x0831217a end=0x083121a8 len=46 0000: 04 2c 63 73 6e 3d 32 30 30 37 30 35 31 36 31 38 .,csn=2007051618 0010: 30 30 34 38 5a 23 30 30 30 30 36 35 23 30 30 23 0048Z#000065#00# 0020: 30 30 30 30 30 30 2c 72 69 64 3d 30 31 33 000000,rid=013 ber_scanf fmt (}) ber: ber_dump: buf=0x08312178 ptr=0x083121a8 end=0x083121a8 len=0 Program received signal SIGSEGV, Segmentation fault. [Switching to Thread -1235027040 (LWP 23928)] compare_csns (sc1=0xb662ecd0, sc2=0xb662ecf0, which=0xb662ede4) at syncrepl.c:647 647 if ( sc1->sids[i] != sc2->sids[j] ) backtrace says this time: (gdb) bt #0 compare_csns (sc1=0xb662ecd0, sc2=0xb662ecf0, which=0xb662ede4) at syncrepl.c:647 #1 0x080ced4c in do_syncrep2 (op=0xb662ee7c, si=0x82832b0) at syncrepl.c:1005 #2 0x080cffbc in do_syncrepl (ctx=0xb662f2d8, arg=0x8282d00) at syncrepl.c:1161 #3 0x08074c0a in connection_read_thread (ctx=0xb662f2d8, argv=0x11) at connection.c:1273 #4 0xb7eb67f2 in ldap_int_thread_pool_wrapper (xpool=0x821ff08) at tpool.c:725 #5 0xb7b9834b in start_thread () from /lib/libpthread.so.0 #6 0xb7b3065e in clone () from /lib/libc.so.6 * the configuration on the provider and the consumer were left untouched (except path corrections) to the until now running without errors rpm-version 2.3.34, the old rpms have been removed (using rpm -e) did i make something wrong or did i hit another bug?? regards markus Zitat von Pierangelo Masarati <ando@sys-net.it>: > This is now completely fixed in HEAD; I need to check any issue related > to backporting to re23, for quick release. Please test. Thanks for > reporting, p. > > > > Ing. Pierangelo Masarati > OpenLDAP Core Team > > SysNet s.r.l. > via Dossi, 8 - 27100 Pavia - ITALIA > http://www.sys-net.it > --------------------------------------- > Office: +39 02 23998309 > Mobile: +39 333 4963172 > Email: pierangelo.masarati@sys-net.it > --------------------------------------- > > +-----------------------------------------------------------------+ | Markus Krause, Mogli-Soft | | Support for Mac OS X, Webmail/Horde, LDAP, RADIUS, MySQL | | by order of the | | Computing Center of the Max-Planck-Institute of Biochemistry | +--------------------------------+--------------------------------+ | E-Mail: krause@biochem.mpg.de | Tel.: 089 - 89 40 85 99 | | markus.krause@mac.com | Fax.: 089 - 89 40 85 98 | | Skype: markus.krause | iChat: markus.krause@mac.com | +--------------------------------+--------------------------------+ ---------------------------------------------------------------------- This message was sent using https://webmail2.biochem.mpg.de If you encounter any problems please report to rz-linux@biochem.mpg.de
changed notes changed state Test to Release
changed notes changed state Release to Closed
moved from Software Bugs to Archive.Software Bugs
fixed in HEAD/re23 see also ITS#4973 (HEAD only)