Full_Name: Clement Oudot Version: 2.4.44 OS: GNU/Linux URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (193.248.50.71) Hello, with a simple olcAuthzRegexp configuration like: olcAuthzRegexp: {0}uid=(.*),cn=gssapi,cn=auth ldap:///dc=example,dc=com???(uid=$1) And ppolicy overlay configured, for example like: dn: olcOverlay={0}ppolicy,olcDatabase={1}mdb,cn=config objectClass: olcOverlayConfig objectClass: olcPPolicyConfig olcOverlay: {0}ppolicy olcPPolicyHashCleartext: FALSE olcPPolicyUseLockout: FALSE olcPPolicyForwardUpdates: FALSE We have a segfault when running this command: $ /usr/local/openldap/sbin/slapauth -F /home/clement/configuration/openldap/example /slapd.d/ -v coudot -M GSSAPI Here is the GDB backtrace: Program received signal SIGSEGV, Segmentation fault. 0x000000000055644f in ppolicy_restrict (op=0x7fffffffd0e0, rs=0x7fffffffd070) at ppolicy.c:1379 1379 ppolicy.c: Aucun fichier ou dossier de ce type. (gdb) bt #0 0x000000000055644f in ppolicy_restrict (op=0x7fffffffd0e0, rs=0x7fffffffd070) at ppolicy.c:1379 #1 0x00000000004a55ca in overlay_op_walk (op=op@entry=0x7fffffffd0e0, rs=0x7fffffffd070, which=op_search, oi=0xa59ef0, on=0xa571d0) at backover.c:661 #2 0x00000000004a574e in over_op_func (op=0x7fffffffd0e0, rs=<optimized out>, which=<optimized out>) at backover.c:730 #3 0x0000000000487375 in slap_sasl2dn (opx=0x7fffffffd710, saslname=0x0, sasldn=0x7fffffffd310, flags=-16, flags@entry=2) at saslauthz.c:2008 #4 0x000000000048e42b in slap_sasl_getdn (conn=conn@entry=0x7fffffffd450, op=op@entry=0x7fffffffd710, id=id@entry=0x7fffffffd440, user_realm=0x0, dn=dn@entry=0x7fffffffd410, flags=flags@entry=2) at sasl.c:1891 #5 0x00000000004aba73 in do_check (c=c@entry=0x7fffffffd450, op=op@entry=0x7fffffffd710, id=id@entry=0x7fffffffd440) at slapauth.c:44 #6 0x00000000004abe54 in slapauth (argc=<optimized out>, argv=0x7fffffffdcc8) at slapauth.c:161 #7 0x0000000000425e98 in main (argc=7, argv=0x7fffffffdc98) at main.c:664 Note that there is no bug if one of this condition is true: * overlay ppolicy is not configured * olcAuthRegexp does not use internal LDAP search * GSSAPI schema is not requested in slapauth Hope you have enough information in this report. Feel free to ask more if needed.
moved from Incoming to Software Bugs
Hello, I would like to know if some of you have an idea on how to fix this bug? I am able to test a patch if you can provide one. Regards, Clément.
--On Thursday, April 06, 2017 3:22 PM +0000 clement.oudot@savoirfairelinux.com wrote: > Hello, > > I would like to know if some of you have an idea on how to fix this bug? > > I am able to test a patch if you can provide one. Hi Clement, Ondrej will be looking at this on Monday. --Quanah -- Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: <http://www.symas.com>
A fix for this bug has now been committed to master (b71235ac45fcd702f9c7d188dbfd24e611ce1a93) and should be part of 2.4.49. Regards, -- Ondřej Kuzník Senior Software Engineer Symas Corporation http://www.symas.com Packaged, certified, and supported LDAP solutions powered by OpenLDAP
changed notes changed state Open to Test
changed notes changed state Test to Release
Fixed in master (b71235ac45fcd702f9c7d188dbfd24e611ce1a93) Fixed in RE24 (2.4.49)
changed notes changed state Release to Closed