Issue 8751 - deref aliases with back meta goes wrong in db_cache_find_ndn()
Summary: deref aliases with back meta goes wrong in db_cache_find_ndn()
Status: VERIFIED WONTFIX
Alias: None
Product: OpenLDAP
Classification: Unclassified
Component: backends (show other issues)
Version: unspecified
Hardware: All All
: --- normal
Target Milestone: ---
Assignee: OpenLDAP project
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2017-10-04 07:35 UTC by paul@subsignal.org
Modified: 2021-02-22 18:33 UTC (History)
0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this issue.
Description paul@subsignal.org 2017-10-04 07:35:12 UTC 
Full_Name: Paul K.lle
Version: 24.44
OS: omnios
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (141.43.201.48)


Disclaimer: I don't know C very well and I'm a complete noob wrt OpenLDAP
source

meta (dc=btu,dc=local) with two olcMetaSub URI:
 0 ->   olcDbURI ldap://localhost/ou=Fak6,dc=btu,dc=local 
        olcDbRewrite {0}suffixmassage "ou=Fak6,dc=btu,dc=local"
"ou=Fak6,dc=IT,dc=local"
 1 ->   olcDbURI ldap://ldap.xxxxx.de/ou=People,dc=btu,dc=local 
        olcDbRewrite � 	{0}suffixmassage "ou=People,dc=btu,dc=local"
"ou=People,o=XXXXXXXXXXXXX XXXXX,c=De"
        
no deref search:
[root@smb01 ~]# ldapsearch -x  -h 192.168.70.101 -b
ou=users,ou=Fak6,dc=btu,dc=local '(cn=Paul*)' '*'
# extended LDIF
#
# LDAPv3
# base <ou=users,ou=Fak6,dc=btu,dc=local> with scope subtree
# filter: (cn=Paul*)
# requesting: *
#

# Paul Koelle, Users, Fak6, btu.local
dn: cn=Paul Koelle,ou=Users,ou=Fak6,dc=btu,dc=local
aliasedObjectName: cn=Paul Koelle,ou=People,dc=btu,dc=local
cn: Paul Koelle
objectClass: alias
objectClass: extensibleObject

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1

with deref:
[root@smb01 ~]# ldapsearch -a always -x  -h 192.168.70.101 -b
ou=users,ou=Fak6,dc=btu,dc=local '(cn=Paul*)' '*'
# extended LDIF
#
# LDAPv3
# base <ou=users,ou=Fak6,dc=btu,dc=local> with scope subtree
# filter: (cn=Paul*)
# requesting: *
#

# search result
search: 2
result: 0 Success

# numResponses: 1

debug log reveals:
59d38a50 bdb_idl_fetch_key: [01872a84]
59d38a50 <= bdb_index_read 1 candidates
59d38a50 <= bdb_equality_candidates: id=1, first=19, last=19
59d38a50 <= bdb_filter_candidates: id=1 first=19 last=19
59d38a50 => hdb_dn2idl("ou=users,ou=fak6,dc=it,dc=local")
59d38a50 bdb_dn2entry("cn=paul koelle,ou=people,dc=btu,dc=local")
59d38a50 => hdb_dn2id("c=btu,dc=local")
59d38a50 <= hdb_dn2id: get failed: DB_NOTFOUND: No matching key/data pair found
(-30988)
59d38a50 bdb_search_candidates: failed (rc=33)


breakpoint for hdb_dn2id

(gdb) bt
#0  hdb_dn2id (op=0xa05510, in=0xfffffd7ffc87f208, ei=0xfffffd7ffc87f1f0,
    txn=0x8e6950, cursor=0xfffffd7ffc87f1e0) at dn2id.c:705
#1  0x000000000059beed in hdb_cache_find_ndn (op=0xa05510, txn=0x8e6950,
    ndn=0xfffffd7ffc87f350, res=0xfffffd7ffc87f2e0) at cache.c:462
#2  0x00000000005a3d81 in hdb_dn2entry (op=0xa05510, tid=0x8e6950,
    dn=0xfffffd7ffc87f350, e=0xfffffd7ffc87f348, matched=0,
    lock=0xfffffd7ffc87f330) at dn2entry.c:47
#3  0x000000000053756c in deref_base (op=0xa05510, rs=0xfffffd7ffc9ffb40,
    e=0x91c0b8, matched=0xfffffd7ffc87f460, txn=0x8e6950,
    lock=0xfffffd7ffc87f3c0, tmp=0x10e3010, visited=0xf63010) at search.c:104
#4  0x0000000000537be7 in search_aliases (op=0xa05510, rs=0xfffffd7ffc9ffb40,
    e=0xfffffd7ffc87f750, txn=0x8e6950, ids=0xfffffd7ffc8ff7a0,
    scopes=0xfffffd7ffc87f7a0, stack=0xde3010) at search.c:250
#5  0x000000000053ab3d in search_candidates (op=0xa05510,
    rs=0xfffffd7ffc9ffb40, e=0xfffffd7ffc87f750, txn=0x8e6950,
    ids=0xfffffd7ffc8ff7a0, scopes=0xfffffd7ffc87f7a0) at search.c:1258
#6  0x0000000000538e27 in hdb_search (op=0xa05510, rs=0xfffffd7ffc9ffb40)
    at search.c:616
#7  0x000000000048438d in fe_op_search (op=0xa05510, rs=0xfffffd7ffc9ffb40)
    at search.c:402
#8  0x0000000000483bcc in do_search (op=0xa05510, rs=0xfffffd7ffc9ffb40)
    at search.c:247
#9  0x0000000000480537 in connection_operation (ctx=0xfffffd7ffc9ffc70,
    arg_v=0xa05510) at connection.c:1158
#10 0x0000000000480acc in connection_read_thread (ctx=0xfffffd7ffc9ffc70,
    argv=0xf) at connection.c:1294
#11 0x0000000000622afd in ldap_int_thread_pool_wrapper (xpool=0x7d8840)
    at tpool.c:696
#12 0xfffffd7ffeb9e43a in _thrp_setup () from /lib/64/libc.so.1
#13 0xfffffd7ffeb9e750 in ?? () from /lib/64/libc.so.1
#14 0x0000000000000000 in ?? ()


if you look at the arguments in (h|b)db_cache_find_ndn there are mixed values
from pre/post meta rewrite?

#1  0x000000000059beed in hdb_cache_find_ndn (op=0xa05510, txn=0x8e6950,
    ndn=0xfffffd7ffc87f350, res=0xfffffd7ffc87f2e0) at cache.c:462
462                             rc = bdb_dn2id( op, &ei.bei_nrdn, &ei, txn,
&cursor );
(gdb) p *ndn
$8 = {bv_len = 40,
  bv_val = 0x9fdd06 "cn=paul koelle,ou=people,dc=btu,dc=local"}
(gdb) p *res
$9 = (EntryInfo *) 0x0
(gdb) p ndn->bv_val
$13 = 0x9fdd06 "cn=paul koelle,ou=people,dc=btu,dc=local"
(gdb) p op->o_bd->be_nsuffix[0]
$16 = {bv_len = 14, bv_val = 0x9f17d0 "dc=it,dc=local"}


and the code in bdb_cache_find_ndn constructs a new BV from *ndn and *op which
have different bases (cache.c line 426):

 /* we're searching a full DN from the root */
ptr = ndn->bv_val + ndn->bv_len - op->o_bd->be_nsuffix[0].bv_len;
ei.bei_nrdn.bv_val = ptr;
ei.bei_nrdn.bv_len = op->o_bd->be_nsuffix[0].bv_len;

where op->o_bd_>be_nsuffix[0] is the post-rewrite suffix and ndn has the
pre-rewrite suffix??

continuing lead to the following debug output:
59d38434 => hdb_dn2id("c=btu,dc=local")
59d38434 <= hdb_dn2id: get failed: DB_NOTFOUND: No matching key/data pair found
(-30988)

note the incomplete "c=btu,dc=local" probably because "dc=it,dc=local" is one
char less than "dc=btu,dc=local"
Comment 1 Quanah Gibson-Mount 2020-03-23 17:13:42 UTC 
Needs confirmation that back-mdb does not suffer from the same problem here as back-hdb.
Comment 2 Quanah Gibson-Mount 2021-02-22 18:33:53 UTC 
Appears to be bdb/hdb specific bug given the code block, which are no longer supported.