[Date Prev][Date Next] [Chronological] [Thread] [Top]
assert failure in acl.c when doing moddn (ITS#1582)

To: openldap-its@OpenLDAP.org
Subject: assert failure in acl.c when doing moddn (ITS#1582)
From: leifj@it.su.se
Date: Tue, 5 Feb 2002 22:08:28 GMT
Full_Name: Leif Johansson
Version: 2.0.21
OS: linux
URL: 
Submission from: (NULL) (130.237.91.18)


I am doing a moddn and getting an assert failure in servers/slapd/acl.c:948. It
seems
like acl_check_modlist does not implement access control for moddn operation.
The 
assert causes database corruption.

I enclose the tail end of the debugging output of slapd -d 65535:

conn=0 op=17 MODRDN dn="dc=test2,dc=com"
daemon: select: listen=6 active_threads=1 tvp=NULL
dn2entry_r: dn: "DC=TEST2,DC=COM"
daemon: select: listen=7 active_threads=1 tvp=NULL
=> dn2id( "DC=TEST2,DC=COM" )
daemon: activity on 1 descriptors
====> cache_find_entry_dn2id("DC=TEST2,DC=COM"): 5670 (1 tries)
daemon: select: listen=6 active_threads=1 tvp=NULL
<= dn2id 5670 (in cache)
daemon: select: listen=7 active_threads=1 tvp=NULL
=> id2entry_r( 5670 )
entry_rdwr_rtrylock: ID: 5670
====> cache_find_entry_id( 5670 ) "dc=test2,dc=com" (found) (1 tries)
<= id2entry_r( 5670 ) 0x80ef848 (cache)
entry_rdwr_runlock: ID: 5670
====> cache_return_entry_r( 5670 ): returned (0)
==>ldbm_back_modrdn(newSuperior=dc=example,dc=com)
dn2entry_w: dn: "DC=TEST2,DC=COM"
=> dn2id( "DC=TEST2,DC=COM" )
====> cache_find_entry_dn2id("DC=TEST2,DC=COM"): 5670 (1 tries)
<= dn2id 5670 (in cache)
=> id2entry_w( 5670 )
entry_rdwr_wtrylock: ID: 5670
====> cache_find_entry_id( 5670 ) "dc=test2,dc=com" (found) (1 tries)
<= id2entry_w( 5670 ) 0x80ef848 (cache)
=> has_children( 5670 )
=> ldbm_cache_open( "dn2id.dbb", 73, 600 )
<= ldbm_cache_open (cache 0)
<= has_children( 5670 ): no
dn2entry_w: dn: "DC=COM"
=> dn2id( "DC=COM" )
====> cache_find_entry_dn2id("DC=COM"): 5666 (1 tries)
<= dn2id 5666 (in cache)
=> id2entry_w( 5666 )
entry_rdwr_wtrylock: ID: 5666
====> cache_find_entry_id( 5666 ) "dc=com" (found) (1 tries)
<= id2entry_w( 5666 ) 0x80eed60 (cache)
=> access_allowed: write access to "dc=com" "children" requested
=> acl_get: [1] check attr children
=> acl_get: [2] check attr children
=> acl_get: [3] check attr children
=> acl_get: [4] check attr children
<= acl_get: [4] acl dc=com attr: children
=> acl_mask: access to entry "dc=com", attr "children" requested
=> acl_mask: to all values by "UID=LEIFJ,DC=IT,DC=SU,DC=SE", (=n)
<= check a_dn_pat: uid=replica,dc=su,dc=se
=> string_expand: pattern:  uid=replica,dc=su,dc=se
=> string_expand: expanded: uid=replica,dc=su,dc=se
=> regex_matches: string:   UID=LEIFJ,DC=IT,DC=SU,DC=SE
=> regex_matches: rc: 1 no matches
<= check a_dn_pat: uid=leifj,dc=it,dc=su,dc=se
=> string_expand: pattern:  uid=leifj,dc=it,dc=su,dc=se
=> string_expand: expanded: uid=leifj,dc=it,dc=su,dc=se
=> regex_matches: string:   UID=LEIFJ,DC=IT,DC=SU,DC=SE
=> regex_matches: rc: 0 matches
<= acl_mask: [2] applying write (=wrscx) (stop)
<= acl_mask: [2] mask: write (=wrscx)
=> access_allowed: write access granted by write (=wrscx)
ldbm_back_modrdn: wr to children of entry DC=COM OK
ldbm_back_modrdn: parent dn=dc=com
ldbm_back_modrdn: new parent "dc=example,dc=com" requested...
dn2entry_w: dn: "DC=EXAMPLE,DC=COM"
=> dn2id( "DC=EXAMPLE,DC=COM" )
====> cache_find_entry_dn2id("DC=EXAMPLE,DC=COM"): 5667 (1 tries)
<= dn2id 5667 (in cache)
=> id2entry_w( 5667 )
entry_rdwr_wtrylock: ID: 5667
====> cache_find_entry_id( 5667 ) "dc=example,dc=com" (found) (1 tries)
<= id2entry_w( 5667 ) 0x80ef280 (cache)
ldbm_back_modrdn: wr to new parent OK np=0x80ef280, id=5667
=> access_allowed: write access to "dc=example,dc=com" "children" requested
=> acl_get: [1] check attr children
=> acl_get: [2] check attr children
=> acl_get: [3] check attr children
=> acl_get: [4] check attr children
<= acl_get: [4] acl dc=example,dc=com attr: children
=> acl_mask: access to entry "dc=example,dc=com", attr "children" requested
=> acl_mask: to all values by "UID=LEIFJ,DC=IT,DC=SU,DC=SE", (=n)
<= check a_dn_pat: uid=replica,dc=su,dc=se
=> string_expand: pattern:  uid=replica,dc=su,dc=se
=> string_expand: expanded: uid=replica,dc=su,dc=se
=> regex_matches: string:   UID=LEIFJ,DC=IT,DC=SU,DC=SE
=> regex_matches: rc: 1 no matches
<= check a_dn_pat: uid=leifj,dc=it,dc=su,dc=se
=> string_expand: pattern:  uid=leifj,dc=it,dc=su,dc=se
=> string_expand: expanded: uid=leifj,dc=it,dc=su,dc=se
=> regex_matches: string:   UID=LEIFJ,DC=IT,DC=SU,DC=SE
=> regex_matches: rc: 0 matches
<= acl_mask: [2] applying write (=wrscx) (stop)
<= acl_mask: [2] mask: write (=wrscx)
=> access_allowed: write access granted by write (=wrscx)
ldbm_back_modrdn: wr to new parent's children OK
ldbm_back_modrdn: new ndn=DC=TEST2,DC=EXAMPLE,DC=COM
=> dn2id( "DC=TEST2,DC=EXAMPLE,DC=COM" )
=> ldbm_cache_open( "dn2id.dbb", 73, 600 )
<= ldbm_cache_open (cache 0)
<= dn2id NOID
ldbm_back_modrdn: new ndn=DC=TEST2,DC=EXAMPLE,DC=COM does not exist
ldap_explode_rdn
ldbm_back_modrdn: new_rdn_val="test2", new_rdn_type="dc"
ldap_explode_rdn
ldbm_back_modrdn: DN_X500
=> access_allowed: write access to "dc=test2,dc=com" "dc" requested
=> acl_get: [1] check attr dc
=> acl_get: [2] check attr dc
=> acl_get: [3] check attr dc
<= acl_get: [3] acl dc=test2,dc=com attr: dc
=> acl_mask: access to entry "dc=test2,dc=com", attr "dc" requested
=> acl_mask: to value by "UID=LEIFJ,DC=IT,DC=SU,DC=SE", (=n)
<= check a_dn_pat: uid=replica,dc=su,dc=se
=> string_expand: pattern:  uid=replica,dc=su,dc=se
=> string_expand: expanded: uid=replica,dc=su,dc=se
=> regex_matches: string:   UID=LEIFJ,DC=IT,DC=SU,DC=SE
=> regex_matches: rc: 1 no matches
<= check a_dn_pat: uid=leifj,dc=it,dc=su,dc=se
=> string_expand: pattern:  uid=leifj,dc=it,dc=su,dc=se
=> string_expand: expanded: uid=leifj,dc=it,dc=su,dc=se
=> regex_matches: string:   UID=LEIFJ,DC=IT,DC=SU,DC=SE
=> regex_matches: rc: 0 matches
<= acl_mask: [2] applying write (=wrscx) (stop)
<= acl_mask: [2] mask: write (=wrscx)
=> access_allowed: write access granted by write (=wrscx)
=> access_allowed: write access to "dc=test2,dc=com" "dc" requested
=> acl_get: [1] check attr dc
=> acl_get: [2] check attr dc
=> acl_get: [3] check attr dc
<= acl_get: [3] acl dc=test2,dc=com attr: dc
=> acl_mask: access to entry "dc=test2,dc=com", attr "dc" requested
=> acl_mask: to value by "UID=LEIFJ,DC=IT,DC=SU,DC=SE", (=n)
<= check a_dn_pat: uid=replica,dc=su,dc=se
=> string_expand: pattern:  uid=replica,dc=su,dc=se
=> string_expand: expanded: uid=replica,dc=su,dc=se
=> regex_matches: string:   UID=LEIFJ,DC=IT,DC=SU,DC=SE
=> regex_matches: rc: 1 no matches
<= check a_dn_pat: uid=leifj,dc=it,dc=su,dc=se
=> string_expand: pattern:  uid=leifj,dc=it,dc=su,dc=se
=> string_expand: expanded: uid=leifj,dc=it,dc=su,dc=se
=> regex_matches: string:   UID=LEIFJ,DC=IT,DC=SU,DC=SE
=> regex_matches: rc: 0 matches
<= acl_mask: [2] applying write (=wrscx) (stop)
<= acl_mask: [2] mask: write (=wrscx)
=> access_allowed: write access granted by write (=wrscx)
ldbm_back_modrdn: removing old_rdn_val=test2
=> dn2id_delete( "DC=TEST2,DC=COM", 5670 )
=> ldbm_cache_open( "dn2id.dbb", 73, 600 )
<= ldbm_cache_open (cache 0)
<= dn2id_delete 0
====> cache_delete_entry( 5670 )
=> dn2id_add( "DC=TEST2,DC=EXAMPLE,DC=COM", 5670 )
=> ldbm_cache_open( "dn2id.dbb", 73, 600 )
<= ldbm_cache_open (cache 0)
<= dn2id_add 0
ldbm_modify_internal: dc=test2,dc=com
=> access_allowed: write access to "dc=test2,dc=example,dc=com" "dc" requested
=> acl_get: [1] check attr dc
=> acl_get: [2] check attr dc
=> acl_get: [3] check attr dc
<= acl_get: [3] acl dc=test2,dc=example,dc=com attr: dc
=> acl_mask: access to entry "dc=test2,dc=example,dc=com", attr "dc" requested
=> acl_mask: to value by "UID=LEIFJ,DC=IT,DC=SU,DC=SE", (=n)
<= check a_dn_pat: uid=replica,dc=su,dc=se
=> string_expand: pattern:  uid=replica,dc=su,dc=se
=> string_expand: expanded: uid=replica,dc=su,dc=se
=> regex_matches: string:   UID=LEIFJ,DC=IT,DC=SU,DC=SE
=> regex_matches: rc: 1 no matches
<= check a_dn_pat: uid=leifj,dc=it,dc=su,dc=se
=> string_expand: pattern:  uid=leifj,dc=it,dc=su,dc=se
=> string_expand: expanded: uid=leifj,dc=it,dc=su,dc=se
=> regex_matches: string:   UID=LEIFJ,DC=IT,DC=SU,DC=SE
=> regex_matches: rc: 0 matches
<= acl_mask: [2] applying write (=wrscx) (stop)
<= acl_mask: [2] mask: write (=wrscx)
=> access_allowed: write access granted by write (=wrscx)
slapd: acl.c:948: acl_check_modlist: Assertion `0' failed.
Aborted
Prev by Date: Re: NetBSD regex problem?? (ITS#1579)
Next by Date: followup for ITS#1575
Index(es):
- Chronological
- Thread