Logged in as guest
Viewing Incoming/6457 Full headers
Major security issue: yes no
Notes: can't reproduce Notification:
Date: Mon, 18 Jan 2010 12:38:32 +0000 From: Guillaume.Rousse@inria.fr To: openldap-its@OpenLDAP.org Subject: hiding remote attribute with rwm-map in relay context crashes server
Full_Name: Guillaume Rousse Version: 2.4.21 OS: Linux URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (193.55.250.67) The following configuration is supposed to map remote 'homePhone' attribute to 'telephoneNumber', and hide remote 'telephoneNumber' attribute: database relay suffix ou=telephony,dc=test overlay rwm rwm-suffixmassage ou=users,dc=test rwm-map attribute telephoneNumber homePhone rwm-map attribute telephoneNumber However, the server crashes as soon as it has to handle an entry with a telephoneNumber attribute, as demonstrated with the simple ldif below: dn: dc=test dc: test objectClass: top objectClass: domain dn: ou=users,dc=test ou: users objectClass: top objectClass: organizationalUnit dn: cn=user1,ou=users,dc=test objectClass: inetOrgPerson cn: user1 sn: user1 dn: cn=user2,ou=users,dc=test objectClass: inetOrgPerson cn: user2 sn: user2 telephoneNumber: +33123456789 Here is the relevant part of server log, with debugLevel set to trace: Jan 18 13:29:58 slapd[12035]: >>> dnPrettyNormal: <ou=telephony,dc=test> Jan 18 13:29:58 slapd[12035]: <<< dnPrettyNormal: <ou=telephony,dc=test>, <ou=telephony,dc=test> Jan 18 13:29:58 slapd[12035]: ==> limits_get: conn=1001 op=1 self="[anonymous]" this="ou=telephony,dc=test" Jan 18 13:29:58 slapd[12035]: >>> dnPrettyNormal: <ou=users,dc=test> Jan 18 13:29:58 slapd[12035]: <<< dnPrettyNormal: <ou=users,dc=test>, <ou=users,dc=test> Jan 18 13:29:58 slapd[12035]: => bdb_search Jan 18 13:29:58 slapd[12035]: bdb_dn2entry("ou=users,dc=test") Jan 18 13:29:58 slapd[12035]: search_candidates: base="ou=users,dc=test" (0x00000002) scope=2 Jan 18 13:29:58 slapd[12035]: => bdb_dn2idl("ou=users,dc=test") Jan 18 13:29:58 slapd[12035]: <= bdb_dn2idl: id=3 first=2 last=4 Jan 18 13:29:58 slapd[12035]: => bdb_presence_candidates (objectClass) Jan 18 13:29:58 slapd[12035]: bdb_search_candidates: id=-1 first=2 last=4 Jan 18 13:29:58 slapd[12035]: >>> dnPrettyNormal: <ou=telephony,dc=test> Jan 18 13:29:58 slapd[12035]: <<< dnPrettyNormal: <ou=telephony,dc=test>, <ou=telephony,dc=test> Jan 18 13:29:58 slapd[12035]: => send_search_entry: conn 1001 dn="ou=telephony,dc=test" Jan 18 13:29:58 slapd[12035]: <= send_search_entry: conn 1001 exit. Jan 18 13:29:58 slapd[12035]: >>> dnPrettyNormal: <cn=user1,ou=telephony,dc=test> Jan 18 13:29:58 slapd[12035]: <<< dnPrettyNormal: <cn=user1,ou=telephony,dc=test>, <cn=user1,ou=telephony,dc=test> Jan 18 13:29:58 slapd[12035]: => send_search_entry: conn 1001 dn="cn=user1,ou=telephony,dc=test" Jan 18 13:29:58 slapd[12035]: <= send_search_entry: conn 1001 exit. Jan 18 13:29:58 slapd[12035]: >>> dnPrettyNormal: <cn=user2,ou=telephony,dc=test> Jan 18 13:29:58 slapd[12035]: <<< dnPrettyNormal: <cn=user2,ou=telephony,dc=test>, <cn=user2,ou=telephony,dc=test> Jan 18 13:29:58 slapd[12035]: => send_search_entry: conn 1001 dn="(null)"
Date: Mon, 18 Jan 2010 17:13:55 +0100 (CET) Subject: Re: (ITS#6457) hiding remote attribute with rwm-map in relay context crashes server From: masarati@aero.polimi.it To: Guillaume.Rousse@inria.fr Cc: openldap-its@openldap.org
> Full_Name: Guillaume Rousse > Version: 2.4.21 > OS: Linux > URL: ftp://ftp.openldap.org/incoming/ > Submission from: (NULL) (193.55.250.67) > > The following configuration is supposed to map remote 'homePhone' > attribute to > 'telephoneNumber', and hide remote 'telephoneNumber' attribute: > > database relay > suffix ou=telephony,dc=test > overlay rwm > rwm-suffixmassage ou=users,dc=test > > rwm-map attribute telephoneNumber homePhone > rwm-map attribute telephoneNumber > > However, the server crashes as soon as it has to handle an entry with a > telephoneNumber attribute, as demonstrated with the simple ldif below: > > dn: dc=test > dc: test > objectClass: top > objectClass: domain > > dn: ou=users,dc=test > ou: users > objectClass: top > objectClass: organizationalUnit > > dn: cn=user1,ou=users,dc=test > objectClass: inetOrgPerson > cn: user1 > sn: user1 > > dn: cn=user2,ou=users,dc=test > objectClass: inetOrgPerson > cn: user2 > sn: user2 > telephoneNumber: +33123456789 > > Here is the relevant part of server log, with debugLevel set to trace: > Jan 18 13:29:58 slapd[12035]: >>> dnPrettyNormal: <ou=telephony,dc=test> > Jan 18 13:29:58 slapd[12035]: <<< dnPrettyNormal: <ou=telephony,dc=test>, > <ou=telephony,dc=test> > Jan 18 13:29:58 slapd[12035]: ==> limits_get: conn=1001 op=1 > self="[anonymous]" > this="ou=telephony,dc=test" > Jan 18 13:29:58 slapd[12035]: >>> dnPrettyNormal: <ou=users,dc=test> > Jan 18 13:29:58 slapd[12035]: <<< dnPrettyNormal: <ou=users,dc=test>, > <ou=users,dc=test> > Jan 18 13:29:58 slapd[12035]: => bdb_search > Jan 18 13:29:58 slapd[12035]: bdb_dn2entry("ou=users,dc=test") > Jan 18 13:29:58 slapd[12035]: search_candidates: base="ou=users,dc=test" > (0x00000002) scope=2 > Jan 18 13:29:58 slapd[12035]: => bdb_dn2idl("ou=users,dc=test") > Jan 18 13:29:58 slapd[12035]: <= bdb_dn2idl: id=3 first=2 last=4 > Jan 18 13:29:58 slapd[12035]: => bdb_presence_candidates (objectClass) > Jan 18 13:29:58 slapd[12035]: bdb_search_candidates: id=-1 first=2 last=4 > Jan 18 13:29:58 slapd[12035]: >>> dnPrettyNormal: <ou=telephony,dc=test> > Jan 18 13:29:58 slapd[12035]: <<< dnPrettyNormal: <ou=telephony,dc=test>, > <ou=telephony,dc=test> > Jan 18 13:29:58 slapd[12035]: => send_search_entry: conn 1001 > dn="ou=telephony,dc=test" > Jan 18 13:29:58 slapd[12035]: <= send_search_entry: conn 1001 exit. > Jan 18 13:29:58 slapd[12035]: >>> dnPrettyNormal: > <cn=user1,ou=telephony,dc=test> > Jan 18 13:29:58 slapd[12035]: <<< dnPrettyNormal: > <cn=user1,ou=telephony,dc=test>, <cn=user1,ou=telephony,dc=test> > Jan 18 13:29:58 slapd[12035]: => send_search_entry: conn 1001 > dn="cn=user1,ou=telephony,dc=test" > Jan 18 13:29:58 slapd[12035]: <= send_search_entry: conn 1001 exit. > Jan 18 13:29:58 slapd[12035]: >>> dnPrettyNormal: > <cn=user2,ou=telephony,dc=test> > Jan 18 13:29:58 slapd[12035]: <<< dnPrettyNormal: > <cn=user2,ou=telephony,dc=test>, <cn=user2,ou=telephony,dc=test> > Jan 18 13:29:58 slapd[12035]: => send_search_entry: conn 1001 dn="(null)" Could not reproduce. Apparently, it's something else that's creating hassle. Please provide a stack backtrace. p.
Date: Wed, 20 Jan 2010 12:53:47 +0100 From: Guillaume Rousse <Guillaume.Rousse@inria.fr> To: masarati@aero.polimi.it CC: openldap-its@openldap.org Subject: Re: (ITS#6457) hiding remote attribute with rwm-map in relay context crashes server
Le 18/01/2010 17:13, masarati@aero.polimi.it a .crit : > Could not reproduce. Apparently, it's something else that's creating > hassle. Please provide a stack backtrace. Actually, it's an assertion failure un entry.c: slapd: entry.c:483: entry_clean: Assertion `e->e_private == ((void *)0)' failed. Abandon Here the backtrace, but compilation optimisation may hinder its usability: #0 0x00007ffff6476955 in raise (sig=<value optimized out>) at ../nptl/sysdeps/unix/sysv/linux/raise.c:64 pid = <value optimized out> selftid = <value optimized out> #1 0x00007ffff6477f70 in abort () at abort.c:92 act = {__sigaction_handler = {sa_handler = 0x5068de, sa_sigaction = 0x5068de}, sa_mask = {__val = {140737326326544, 140737233550016, 483, 140737233550256, 140737325461350, 206158430232, 140737233550272, 140737233550048, 140737325372360, 206158430256, 140737233550296, 140737019750384, 117, 117, 0, 140737488347048}}, sa_flags = -162034579, sa_restorer = 0x50a16f} sigs = {__val = {32, 0 <repeats 15 times>}} #2 0x00007ffff646f861 in __assert_fail (assertion=0x5068de "e->e_private == ((void *)0)", file=<value optimized out>, line=483, function=0x506d68 "entry_clean") at assert.c:81 buf = 0x7fffe411a7f0 "slapd: entry.c:483: entry_clean: Assertion `e->e_private == ((void *)0)' failed.\n" #3 0x000000000043c9f8 in entry_clean (e=0xbcf148) at entry.c:483 __PRETTY_FUNCTION__ = "entry_clean" #4 0x000000000043ca1d in entry_free (e=0x2997) at entry.c:514 No locals. #5 0x00000000004430f7 in slap_send_search_entry (op=0x7fffe4002950, rs=0x7ffff0e81a20) at result.c:1310 berbuf = { buffer = "\000\000\001\000\000\000\000\000?\020", '\000' <repeats 14 times>, "]\240\326\331d\355\343P\000\000\000\000\000\000\000\000]\240\326\331d\355\343Pp\265\211\000\000\000\000\000\354\237C\000\000\000\000\000\200@\000\344\377\177\000\000]\240\326\331d\355\343P\370\360\274\000\000\000\000\000\020\343\177\000\000\000\000\000\200@\000\344\377\177\000\000\v\031E", '\000' <repeats 13 times>, "\004\000\000\000\000\000\000\000\260\375\317\360\377\177", '\000' <repeats 18 times>, "\004", '\000' <repeats 102 times>, ialign = 65536, lalign = 65536, falign = 9.18354962e-41, dalign = 3.2379086165851934e-319, palign = 0x10000 <Address 0x10000 out of bounds>} ber = 0x7fffe4002950 a = 0x80bf90 i = 1 j = <value optimized out> rc = 0 bytes = 8437648 userattrs = 0 acl_state = {as_desc = 0x0, as_access = ACL_NONE, as_vd_acl = 0x0, as_vd_acl_count = 0, as_vd_mask = 1, as_result = -1, as_fe_done = 0} attrsonly = 0 ad_entry = 0x80bf90 e_flags = 0x0 #6 0x00000000004b407c in bdb_search (op=0x7fffe4002950, rs=0x7ffff0e81a20) at search.c:961 bois = {boi_oe = {oe_next = {sle_next = 0x7ffff0e80480}, oe_key = 0x89b570}, boi_txn = 0x0, boi_locks = 0x7ffff0cfff70, boi_err = 0, boi_acl_cache = 0 '\000', boi_flag = 1 '\001'} blis = {bli_next = 0x0, bli_lock = {off = 398968, ndx = 98, gen = 2, mode = DB_LOCK_READ}, bli_id = 4, bli_flag = 1} scopeok = 1 bdb = 0x89b570 id = 4 cursor = 4 lastid = 18446744073709551615 candidates = {18446744073709551615, 2, 4, 4, 0, 7, 140737019654336, 0, 0, 0, 0, 140737018603728, 0, 398968, 4294967394, 1, 4, 1, 0, 9024880, 0, 140737233551920, 1099511627776, 0 <repeats 31 times>, 140737018605160, 0, 161, 140737018605160, 0, 0, 0, 0, 0, 0, 160, 140737233552240, 0, 0, 0, 4294967394, 1, 0, 0, 0, 7, 140737019654336, 0, 0, 0, 0, 0, 140737019653408, 4159, 140737019655616, 0, 18446744073709551615, 5, 8589934592, 18446744073709551615, 1, 4, 0 <repeats 130981 times>} scopes = {0 <repeats 63786 times>, 64, 0, 0, 0, 0, 0, 64, 0, 0, 206158430210, 532575944795, 140737018593312, 2064, 140737018593312, 2896, 140737019704496, 140737018593416, 140737325535154, 90, 2048, 140737019704256, 80, 6, 32, 4, 0, 2096, 0, 0, 343597383809, 532575944799, 472446402679, 0, 24, 2048, 140737018593312, 2896, 140737019704496, 140737328631424, 140737325539706, 0, 3, 140737235123824, 140737235111168, 140737235111216, 140737235111120, 3, 140737325789440, 140737019662880, 140737019703776, 140737019660544, 140737019662880, 140737019704032, 140737019660544, 140737019662880, 140737019704256, 140737019660544, 140737235123824, 140737235111168, 140737325790836, 8589934594, 140737018603072, 8589934594, 140737019662800, 4294967297, 140737019690064, 8589934594, 140737019662832, 4294967297, 140737019690064, 0 <repeats 502 times>, 17592186044416, 0, 0, 0, 0, 1048576, 0, 0, 18446726481523507198, 18446744073708503039, 18446744073709551615, 18446744073709551615, 0, 16, 0, 0, 18446726477228539902, 184467440737095
Date: Mon, 25 Jan 2010 13:21:20 +0100 From: Pierangelo Masarati <masarati@aero.polimi.it> To: Guillaume.Rousse@inria.fr CC: openldap-its@openldap.org Subject: Re: (ITS#6457) hiding remote attribute with rwm-map in relay context crashes server
Guillaume.Rousse@inria.fr wrote: > Le 18/01/2010 17:13, masarati@aero.polimi.it a .crit : >> Could not reproduce. Apparently, it's something else that's creating >> hassle. Please provide a stack backtrace. > > Actually, it's an assertion failure un entry.c: > slapd: entry.c:483: entry_clean: Assertion `e->e_private == ((void *)0)' > failed. > Abandon > > Here the backtrace, but compilation optimisation may hinder its usability: Well, at least it shows where the failure is. However, since I can't reproduce it, I'll need your (sanitized) slapd.conf, a LDIF to load and the operation that causes the failure. p.
______________ © Copyright 2013, OpenLDAP Foundation, info@OpenLDAP.org
