OpenLDAP
Up to top level
Build   Contrib   Development   Documentation   Historical   Incoming   Software Bugs   Software Enhancements   Web  

Logged in as guest

Viewing Incoming/6457
Full headers

From: Guillaume.Rousse@inria.fr
Subject: hiding remote attribute with rwm-map in relay context crashes server
Compose comment
Download message
State:
0 replies:
3 followups: 1 2 3

Major security issue: yes  no

Notes:

Notification:


Date: Mon, 18 Jan 2010 12:38:32 +0000
From: Guillaume.Rousse@inria.fr
To: openldap-its@OpenLDAP.org
Subject: hiding remote attribute with rwm-map in relay context crashes server
Full_Name: Guillaume Rousse
Version: 2.4.21
OS: Linux
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (193.55.250.67)


The following configuration is supposed to map remote 'homePhone' attribute to
'telephoneNumber', and hide remote 'telephoneNumber' attribute:

database          relay
suffix            ou=telephony,dc=test
overlay           rwm
rwm-suffixmassage ou=users,dc=test

rwm-map attribute telephoneNumber homePhone
rwm-map attribute telephoneNumber

However, the server crashes as soon as it has to handle an entry with a
telephoneNumber attribute, as demonstrated with the simple ldif below:

dn: dc=test
dc: test
objectClass: top
objectClass: domain

dn: ou=users,dc=test
ou: users
objectClass: top
objectClass: organizationalUnit

dn: cn=user1,ou=users,dc=test
objectClass: inetOrgPerson
cn: user1
sn: user1

dn: cn=user2,ou=users,dc=test
objectClass: inetOrgPerson
cn: user2
sn: user2
telephoneNumber: +33123456789

Here is the relevant part of server log, with debugLevel set to trace:
Jan 18 13:29:58  slapd[12035]: >>> dnPrettyNormal:
<ou=telephony,dc=test>
Jan 18 13:29:58  slapd[12035]: <<< dnPrettyNormal:
<ou=telephony,dc=test>,
<ou=telephony,dc=test>
Jan 18 13:29:58  slapd[12035]: ==> limits_get: conn=1001 op=1
self="[anonymous]"
this="ou=telephony,dc=test"
Jan 18 13:29:58  slapd[12035]: >>> dnPrettyNormal:
<ou=users,dc=test>
Jan 18 13:29:58  slapd[12035]: <<< dnPrettyNormal:
<ou=users,dc=test>,
<ou=users,dc=test>
Jan 18 13:29:58  slapd[12035]: => bdb_search
Jan 18 13:29:58  slapd[12035]: bdb_dn2entry("ou=users,dc=test")
Jan 18 13:29:58  slapd[12035]: search_candidates: base="ou=users,dc=test"
(0x00000002) scope=2
Jan 18 13:29:58  slapd[12035]: => bdb_dn2idl("ou=users,dc=test")
Jan 18 13:29:58  slapd[12035]: <= bdb_dn2idl: id=3 first=2 last=4
Jan 18 13:29:58  slapd[12035]: => bdb_presence_candidates (objectClass)
Jan 18 13:29:58  slapd[12035]: bdb_search_candidates: id=-1 first=2 last=4
Jan 18 13:29:58  slapd[12035]: >>> dnPrettyNormal:
<ou=telephony,dc=test>
Jan 18 13:29:58  slapd[12035]: <<< dnPrettyNormal:
<ou=telephony,dc=test>,
<ou=telephony,dc=test>
Jan 18 13:29:58  slapd[12035]: => send_search_entry: conn 1001
dn="ou=telephony,dc=test"
Jan 18 13:29:58  slapd[12035]: <= send_search_entry: conn 1001 exit.
Jan 18 13:29:58  slapd[12035]: >>> dnPrettyNormal:
<cn=user1,ou=telephony,dc=test>
Jan 18 13:29:58  slapd[12035]: <<< dnPrettyNormal:
<cn=user1,ou=telephony,dc=test>, <cn=user1,ou=telephony,dc=test>
Jan 18 13:29:58  slapd[12035]: => send_search_entry: conn 1001
dn="cn=user1,ou=telephony,dc=test"
Jan 18 13:29:58  slapd[12035]: <= send_search_entry: conn 1001 exit.
Jan 18 13:29:58  slapd[12035]: >>> dnPrettyNormal:
<cn=user2,ou=telephony,dc=test>
Jan 18 13:29:58  slapd[12035]: <<< dnPrettyNormal:
<cn=user2,ou=telephony,dc=test>, <cn=user2,ou=telephony,dc=test>
Jan 18 13:29:58  slapd[12035]: => send_search_entry: conn 1001 dn="(null)"

Followup 1

Download message
Date: Mon, 18 Jan 2010 17:13:55 +0100 (CET)
Subject: Re: (ITS#6457) hiding remote attribute with rwm-map in relay 
     context crashes server
From: masarati@aero.polimi.it
To: Guillaume.Rousse@inria.fr
Cc: openldap-its@openldap.org
> Full_Name: Guillaume Rousse
> Version: 2.4.21
> OS: Linux
> URL: ftp://ftp.openldap.org/incoming/
> Submission from: (NULL) (193.55.250.67)
>
> The following configuration is supposed to map remote 'homePhone'
> attribute to
> 'telephoneNumber', and hide remote 'telephoneNumber' attribute:
>
> database          relay
> suffix            ou=telephony,dc=test
> overlay           rwm
> rwm-suffixmassage ou=users,dc=test
>
> rwm-map attribute telephoneNumber homePhone
> rwm-map attribute telephoneNumber
>
> However, the server crashes as soon as it has to handle an entry with a
> telephoneNumber attribute, as demonstrated with the simple ldif below:
>
> dn: dc=test
> dc: test
> objectClass: top
> objectClass: domain
>
> dn: ou=users,dc=test
> ou: users
> objectClass: top
> objectClass: organizationalUnit
>
> dn: cn=user1,ou=users,dc=test
> objectClass: inetOrgPerson
> cn: user1
> sn: user1
>
> dn: cn=user2,ou=users,dc=test
> objectClass: inetOrgPerson
> cn: user2
> sn: user2
> telephoneNumber: +33123456789
>
> Here is the relevant part of server log, with debugLevel set to trace:
> Jan 18 13:29:58  slapd[12035]: >>> dnPrettyNormal:
<ou=telephony,dc=test>
> Jan 18 13:29:58  slapd[12035]: <<< dnPrettyNormal:
<ou=telephony,dc=test>,
> <ou=telephony,dc=test>
> Jan 18 13:29:58  slapd[12035]: ==> limits_get: conn=1001 op=1
> self="[anonymous]"
> this="ou=telephony,dc=test"
> Jan 18 13:29:58  slapd[12035]: >>> dnPrettyNormal:
<ou=users,dc=test>
> Jan 18 13:29:58  slapd[12035]: <<< dnPrettyNormal:
<ou=users,dc=test>,
> <ou=users,dc=test>
> Jan 18 13:29:58  slapd[12035]: => bdb_search
> Jan 18 13:29:58  slapd[12035]: bdb_dn2entry("ou=users,dc=test")
> Jan 18 13:29:58  slapd[12035]: search_candidates: base="ou=users,dc=test"
> (0x00000002) scope=2
> Jan 18 13:29:58  slapd[12035]: => bdb_dn2idl("ou=users,dc=test")
> Jan 18 13:29:58  slapd[12035]: <= bdb_dn2idl: id=3 first=2 last=4
> Jan 18 13:29:58  slapd[12035]: => bdb_presence_candidates (objectClass)
> Jan 18 13:29:58  slapd[12035]: bdb_search_candidates: id=-1 first=2 last=4
> Jan 18 13:29:58  slapd[12035]: >>> dnPrettyNormal:
<ou=telephony,dc=test>
> Jan 18 13:29:58  slapd[12035]: <<< dnPrettyNormal:
<ou=telephony,dc=test>,
> <ou=telephony,dc=test>
> Jan 18 13:29:58  slapd[12035]: => send_search_entry: conn 1001
> dn="ou=telephony,dc=test"
> Jan 18 13:29:58  slapd[12035]: <= send_search_entry: conn 1001 exit.
> Jan 18 13:29:58  slapd[12035]: >>> dnPrettyNormal:
> <cn=user1,ou=telephony,dc=test>
> Jan 18 13:29:58  slapd[12035]: <<< dnPrettyNormal:
> <cn=user1,ou=telephony,dc=test>,
<cn=user1,ou=telephony,dc=test>
> Jan 18 13:29:58  slapd[12035]: => send_search_entry: conn 1001
> dn="cn=user1,ou=telephony,dc=test"
> Jan 18 13:29:58  slapd[12035]: <= send_search_entry: conn 1001 exit.
> Jan 18 13:29:58  slapd[12035]: >>> dnPrettyNormal:
> <cn=user2,ou=telephony,dc=test>
> Jan 18 13:29:58  slapd[12035]: <<< dnPrettyNormal:
> <cn=user2,ou=telephony,dc=test>,
<cn=user2,ou=telephony,dc=test>
> Jan 18 13:29:58  slapd[12035]: => send_search_entry: conn 1001
dn="(null)"

Could not reproduce.  Apparently, it's something else that's creating
hassle.  Please provide a stack backtrace.

p.



Followup 2

Download message
Date: Wed, 20 Jan 2010 12:53:47 +0100
From: Guillaume Rousse <Guillaume.Rousse@inria.fr>
To: masarati@aero.polimi.it
CC: openldap-its@openldap.org
Subject: Re: (ITS#6457) hiding remote attribute with rwm-map in relay    
  context crashes server
Le 18/01/2010 17:13, masarati@aero.polimi.it a .crit :
> Could not reproduce.  Apparently, it's something else that's creating
> hassle.  Please provide a stack backtrace.

Actually, it's an assertion failure un entry.c:
slapd: entry.c:483: entry_clean: Assertion `e->e_private == ((void *)0)' 
failed.
Abandon

Here the backtrace, but compilation optimisation may hinder its usability:
#0  0x00007ffff6476955 in raise (sig=<value optimized out>) at 
../nptl/sysdeps/unix/sysv/linux/raise.c:64
         pid = <value optimized out>
         selftid = <value optimized out>
#1  0x00007ffff6477f70 in abort () at abort.c:92
         act = {__sigaction_handler = {sa_handler = 0x5068de, 
sa_sigaction = 0x5068de}, sa_mask = {__val = {140737326326544, 
140737233550016, 483, 140737233550256, 140737325461350, 206158430232,
               140737233550272, 140737233550048, 140737325372360, 
206158430256, 140737233550296, 140737019750384, 117, 117, 0, 
140737488347048}}, sa_flags = -162034579, sa_restorer = 0x50a16f}
         sigs = {__val = {32, 0 <repeats 15 times>}}
#2  0x00007ffff646f861 in __assert_fail (assertion=0x5068de 
"e->e_private == ((void *)0)", file=<value optimized out>, line=483, 
function=0x506d68 "entry_clean") at assert.c:81
         buf = 0x7fffe411a7f0 "slapd: entry.c:483: entry_clean: 
Assertion `e->e_private == ((void *)0)' failed.\n"
#3  0x000000000043c9f8 in entry_clean (e=0xbcf148) at entry.c:483
         __PRETTY_FUNCTION__ = "entry_clean"
#4  0x000000000043ca1d in entry_free (e=0x2997) at entry.c:514
No locals.
#5  0x00000000004430f7 in slap_send_search_entry (op=0x7fffe4002950, 
rs=0x7ffff0e81a20) at result.c:1310
         berbuf = {
           buffer = "\000\000\001\000\000\000\000\000?\020", '\000' 
<repeats 14 times>, 
"]\240\326\331d\355\343P\000\000\000\000\000\000\000\000]\240\326\331d\355\343Pp\265\211\000\000\000\000\000\354\237C\000\000\000\000\000\200@\000\344\377\177\000\000]\240\326\331d\355\343P\370\360\274\000\000\000\000\000\020\343\177\000\000\000\000\000\200@\000\344\377\177\000\000\v\031E",

'\000' <repeats 13 times>, 
"\004\000\000\000\000\000\000\000\260\375\317\360\377\177", '\000' 
<repeats 18 times>, "\004", '\000' <repeats 102 times>, ialign =
65536, 
lalign = 65536, falign = 9.18354962e-41,
           dalign = 3.2379086165851934e-319, palign = 0x10000 <Address 
0x10000 out of bounds>}
         ber = 0x7fffe4002950
         a = 0x80bf90
         i = 1
         j = <value optimized out>
         rc = 0
         bytes = 8437648
         userattrs = 0
         acl_state = {as_desc = 0x0, as_access = ACL_NONE, as_vd_acl = 
0x0, as_vd_acl_count = 0, as_vd_mask = 1, as_result = -1, as_fe_done = 0}
         attrsonly = 0
         ad_entry = 0x80bf90
         e_flags = 0x0
#6  0x00000000004b407c in bdb_search (op=0x7fffe4002950, 
rs=0x7ffff0e81a20) at search.c:961
         bois = {boi_oe = {oe_next = {sle_next = 0x7ffff0e80480}, oe_key 
= 0x89b570}, boi_txn = 0x0, boi_locks = 0x7ffff0cfff70, boi_err = 0, 
boi_acl_cache = 0 '\000', boi_flag = 1 '\001'}
         blis = {bli_next = 0x0, bli_lock = {off = 398968, ndx = 98, gen 
= 2, mode = DB_LOCK_READ}, bli_id = 4, bli_flag = 1}
         scopeok = 1
         bdb = 0x89b570
         id = 4
         cursor = 4
         lastid = 18446744073709551615
         candidates = {18446744073709551615, 2, 4, 4, 0, 7, 
140737019654336, 0, 0, 0, 0, 140737018603728, 0, 398968, 4294967394, 1, 
4, 1, 0, 9024880, 0, 140737233551920, 1099511627776,
           0 <repeats 31 times>, 140737018605160, 0, 161, 
140737018605160, 0, 0, 0, 0, 0, 0, 160, 140737233552240, 0, 0, 0, 
4294967394, 1, 0, 0, 0, 7, 140737019654336, 0, 0, 0, 0, 0,
           140737019653408, 4159, 140737019655616, 0, 
18446744073709551615, 5, 8589934592, 18446744073709551615, 1, 4, 0 
<repeats 130981 times>}
         scopes = {0 <repeats 63786 times>, 64, 0, 0, 0, 0, 0, 64, 0, 0, 
206158430210, 532575944795, 140737018593312, 2064, 140737018593312, 
2896, 140737019704496, 140737018593416, 140737325535154,
           90, 2048, 140737019704256, 80, 6, 32, 4, 0, 2096, 0, 0, 
343597383809, 532575944799, 472446402679, 0, 24, 2048, 140737018593312, 
2896, 140737019704496, 140737328631424, 140737325539706, 0,
           3, 140737235123824, 140737235111168, 140737235111216, 
140737235111120, 3, 140737325789440, 140737019662880, 140737019703776, 
140737019660544, 140737019662880, 140737019704032,
           140737019660544, 140737019662880, 140737019704256, 
140737019660544, 140737235123824, 140737235111168, 140737325790836, 
8589934594, 140737018603072, 8589934594, 140737019662800,
           4294967297, 140737019690064, 8589934594, 140737019662832, 
4294967297, 140737019690064, 0 <repeats 502 times>, 17592186044416, 0, 
0, 0, 0, 1048576, 0, 0, 18446726481523507198,
           18446744073708503039, 18446744073709551615, 
18446744073709551615, 0, 16, 0, 0, 18446726477228539902, 
184467440737095

Message of length 7327 truncated


Followup 3

Download message
Date: Mon, 25 Jan 2010 13:21:20 +0100
From: Pierangelo Masarati <masarati@aero.polimi.it>
To: Guillaume.Rousse@inria.fr
CC: openldap-its@openldap.org
Subject: Re: (ITS#6457) hiding remote attribute with rwm-map in relay context
 crashes server
Guillaume.Rousse@inria.fr wrote:
> Le 18/01/2010 17:13, masarati@aero.polimi.it a .crit :
>> Could not reproduce.  Apparently, it's something else that's creating
>> hassle.  Please provide a stack backtrace.
> 
> Actually, it's an assertion failure un entry.c:
> slapd: entry.c:483: entry_clean: Assertion `e->e_private == ((void *)0)'

> failed.
> Abandon
> 
> Here the backtrace, but compilation optimisation may hinder its usability:

Well, at least it shows where the failure is.  However, since I can't 
reproduce it, I'll need your (sanitized) slapd.conf, a LDIF to load and 
the operation that causes the failure.

p.


Up to top level
Build   Contrib   Development   Documentation   Historical   Incoming   Software Bugs   Software Enhancements   Web  

Logged in as guest


The OpenLDAP Issue Tracking System uses a hacked version of JitterBug

______________
© Copyright 2013, OpenLDAP Foundation, info@OpenLDAP.org