Full_Name: Howard Guo Version: 2.4.44 OS: openSUSE URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (195.135.221.2) In a pure IPv6 environment, if LDAP is used as the host resolve, the host may hang when it attempts to resolve its own host name due to usage of gethostbyname*, in the following sequence of events: nss_ldap: locks mutex nss_ldap: calls libldap A-A-> libldap: gethostbyname -> nss_ldap: lock mutex and hang See patch file "howard-guo-160222.patch".
changed notes moved from Incoming to Software Bugs
FWIW: The patch is still available here in openSUSE's package openldap2: https://build.opensuse.org/package/view_file/network:ldap/openldap2/0009-Fix-ldap-host-lookup-ipv6.patch?expand=1
There are two problems with this ITS: a) It was not submitted for inclusion with the project by the original author (as generally required). I.e., 3rd party submissions are usually rejected. b) It lacks an IPR notice, which must come from the original author. If someone from SuSE can track down the original author, and have them follow up with the IPR information, then we can likely look to include it in a future release. <http://www.openldap.org/devel/contributing.html> may be a useful reference for the SuSE team for future issues. --Quanah --On Saturday, April 15, 2017 3:27 PM +0000 michael@stroeder.com wrote: > FWIW: The patch is still available here in openSUSE's package openldap2: > > https://build.opensuse.org/package/view_file/network:ldap/openldap2/0009- > Fix-ldap-host-lookup-ipv6.patch?expand=1 > > > > -- Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: <http://www.symas.com>
changed notes
The attached file is derived from OpenLDAP Software. All of the modifications to OpenLDAP Software represented in the following patch(es) were developed by SUSE Linux GmbH. SUSE Linux GmbH has not assigned rights and/or interest in this work to any party. I, Christian Kornacker am authorized by SUSE Linux GmbH, my employer, to release this work under the following terms. SUSE Linux GmbH hereby places the referenced modifications to OpenLDAP Software (and only these modifications) into the public domain. Hence, these modifications may be freely used and/or redistributed for any purpose with or without attribution and/or other notice.
has patch;openldap-scratch IPR ok
Created attachment 637 [details] howard-guo-160222.patch
Created attachment 638 [details] original-author-with-ipr.patch
https://git.openldap.org/openldap/openldap/-/merge_requests/14
I may have set up my environment incorrectly for this, but I don't see how the patch fixes the issue described, since getaddrinfo() is also backed by NSS. With the patch applied (note getaddrinfo() at #7) I still see nss_ldap deadlocking with itself: (gdb) bt #0 0x00007ffff7d1329c in __lll_lock_wait () from /lib/x86_64-linux-gnu/libpthread.so.0 #1 0x00007ffff7d0c714 in pthread_mutex_lock () from /lib/x86_64-linux-gnu/libpthread.so.0 #2 0x00007ffff7dd8683 in _nss_ldap_enter () at ldap-nss.c:595 #3 0x00007ffff7dd9fbc in _nss_ldap_getbyname (args=args@entry=0x7fffffffc500, result=0x7fffffffc650, buffer=0x7fffffffc8c0 "\377\002", buflen=1024, errnop=0x7ffff7fcb4c0, filterprot=0x7ffff7dee980 <_nss_ldap_filt_gethostbyname> "(&(objectClass=ipHost)(cn=%s))", sel=LM_HOSTS, parser=0x7ffff7ddc5e0 <_nss_ldap_parse_hostv4>) at ldap-nss.c:3509 #4 0x00007ffff7ddc645 in _nss_ldap_gethostbyname2_r (af=<optimized out>, h_errnop=0x7ffff7fcb524, errnop=<optimized out>, buflen=<optimized out>, buffer=<optimized out>, result=<optimized out>, name=<optimized out>) at ldap-hosts.c:287 #5 _nss_ldap_gethostbyname2_r (name=<optimized out>, af=<optimized out>, result=<optimized out>, buffer=<optimized out>, buflen=<optimized out>, errnop=<optimized out>, h_errnop=0x7ffff7fcb524) at ldap-hosts.c:269 #6 0x00007ffff7eebfb7 in ?? () from /lib/x86_64-linux-gnu/libc.so.6 #7 0x00007ffff7eece37 in getaddrinfo () from /lib/x86_64-linux-gnu/libc.so.6 #8 0x00007ffff7db257e in ldap_pvt_get_fqdn (name=0x7fffffffcd50 "t570", name@entry=0x0) at util-int.c:866 #9 0x00007ffff7db09c5 in ldap_int_initialize (gopts=gopts@entry=0x7ffff7dcfde0 <ldap_int_global_options>, dbglvl=dbglvl@entry=0x0) at init.c:645 #10 0x00007ffff7d97122 in ldap_create (ldp=ldp@entry=0x7fffffffcec8) at open.c:109 #11 0x00007ffff7d9737f in ldap_initialize (ldp=ldp@entry=0x7ffff7de8360 <__session>, url=url@entry=0x7ffff7de8be8 <__configbuf+1480> "ldap://::1") at open.c:241 #12 0x00007ffff7dd7796 in do_init_session (ld=0x7ffff7de8360 <__session>, defport=0, uri=0x7ffff7de8be8 <__configbuf+1480> "ldap://::1") at ldap-nss.c:1066 #13 do_init () at ldap-nss.c:1360 #14 0x00007ffff7dd8a73 in _nss_ldap_search_s (args=args@entry=0x7fffffffe8e0, filterprot=filterprot@entry=0x7ffff7dee980 <_nss_ldap_filt_gethostbyname> "(&(objectClass=ipHost)(cn=%s))", sel=sel@entry=LM_HOSTS, user_attrs=user_attrs@entry=0x0, sizelimit=sizelimit@entry=1, res=res@entry=0x7fffffffe870) at ldap-nss.c:3098 #15 0x00007ffff7dd9ff3 in _nss_ldap_getbyname (args=args@entry=0x7fffffffe8e0, result=0x7ffff7fc8060, buffer=0x55555555e8d0 "\377\002", buflen=1024, errnop=0x7ffff7fcb4c0, filterprot=0x7ffff7dee980 <_nss_ldap_filt_gethostbyname> "(&(objectClass=ipHost)(cn=%s))", sel=LM_HOSTS, parser=0x7ffff7ddc5e0 <_nss_ldap_parse_hostv4>) at ldap-nss.c:3517 #16 0x00007ffff7ddc645 in _nss_ldap_gethostbyname2_r (af=<optimized out>, h_errnop=0x7fffffffe9ec, errnop=<optimized out>, buflen=<optimized out>, buffer=<optimized out>, result=<optimized out>, name=<optimized out>) at ldap-hosts.c:287 #17 _nss_ldap_gethostbyname2_r (name=<optimized out>, af=<optimized out>, result=<optimized out>, buffer=<optimized out>, buflen=<optimized out>, errnop=<optimized out>, h_errnop=0x7fffffffe9ec) at ldap-hosts.c:269 #18 0x00007ffff7f148b5 in gethostbyname2_r () from /lib/x86_64-linux-gnu/libc.so.6 #19 0x00007ffff7f145ac in gethostbyname2 () from /lib/x86_64-linux-gnu/libc.so.6 #20 0x0000555555558bc7 in ?? () #21 0x000055555555771c in ?? () #22 0x00007ffff7e2d09b in __libc_start_main () from /lib/x86_64-linux-gnu/libc.so.6 #23 0x00005555555577ea in ?? () What am I missing, please?
Hello Christian, 2 issues have been found with your proposed patch. See comment#13 for the first issue, and https://git.openldap.org/openldap/openldap/-/merge_requests/14#note_58 for the second issue. Regards, Quanah
Note: SuSE has zero interest in pursuing this patch, as per https://bugzilla.opensuse.org/show_bug.cgi?id=1171127#c3
Suspending until someone cares to work on this.