[Date Prev][Date Next] [Chronological] [Thread] [Top]

(ITS#4964) consumer with slapo-chain segfaults when using ldappasswd



Full_Name: Markus Krause
Version: openldap2-2.3.34-5.2
OS: SuSE Llinux Enterprise Server 10
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (84.56.13.40)


changing the the ldap password using "ldappasswd" from the command line using
the following slapd.conf on a consumer (only relevant part) crashes the server
with a "segmentation fault":
...
modulepath      /usr/lib/openldap/modules
moduleload      smbk5pwd.so
sizelimit unlimited
acl ...
TLSstuff ...
#### chain overlay definition
overlay chain
chain-rebind-as-user    FALSE
chain-uri       "ldaps://ldapprov"
chain-rebind-as-user    TRUE
chain-idassert-bind     bindmethod="simple"
                        binddn="cn=manager,o=test"
                        credentials="secret"
                        mode="self"

database bdb
suffix "o=test"
directory /var/lib/ldap/
rootdn "cn=manager,o=test"
rootpw "secret"
index objectClass,uidNumber,gidNumber eq
index member,mail eq,pres
index cn,displayname,uid,sn,givenname sub,eq,pres
index sambaSID,sambaPrimaryGroupSID,sambaDomainName eq
index entryCSN,entryUUID eq
index dhcpHWAddress eq,pres
index relativeDomainName eq,pres
index ipHostNumber eq,pres
index zoneName eq,pres
index radiusGroupName eq,pres

syncrepl rid=13
        provider=ldaps://ldapprov
        type=refreshAndPersist
        retry=1,5,5,6,30,+
        interval=00:00:00:30
        searchbase="o=test"
        filter="(objectclass=*)"
        scope=sub
        attrs="*"
        schemachecking=off
        binddn="cn=manager,o=test"
        bindmethod=simple
        credentials="secret"
        sizelimit=unlimited
updateref ldaps://ldapprov

overlay syncprov
--- end of slapd.conf

running slapd in debug mode -d 65535 shows:
--- slapd -d 65535
conn=0 op=1 PASSMOD id="uid=test,o=test" new
>>> dnPrettyNormal: <uid=user,o=test>
=> ldap_bv2dn(uid=user,o=test,0)
<= ldap_bv2dn(uid=user,o=test)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(uid=user,o=test)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(uid=user,o=test)=0
<<< dnPrettyNormal: <uid=user,o=test>, <uid=user,o=test>
bdb_dn2entry("uid=user,o=test")
=> bdb_dn2id("uid=user,o=test")
<= bdb_dn2id: got id=0x0000284c
=> bdb_dn2id("o=test")
<= bdb_dn2id: got id=0x00002861
=> bdb_dn2id("uid=user,o=test")
<= bdb_dn2id: got id=0x0000337f
entry_decode: "uid=user,o=test"
<= entry_decode(uid=user,o=test)
ldap_url_parse_ext(ldaps://ldapprov)
send_ldap_extended: err=10 oid= len=0
ldap_url_parse_ext(ldaps://ldapprov)
Segmentation fault
----- end of debug output

the command used was:
 ldappasswd -x -h localhost -D "cn=manager,o=test" -W  uid=test,o=test -S
New password:
Re-enter new password:
Enter LDAP Password:
ldappasswd: ldap_result: Can't contact LDAP server (-1)

the last 70 lines of strace where:
--- tail -70 slapd-strace.log:
time(NULL)                              = 1179248871
time(NULL)                              = 1179248871
close(14)                               = 0
close(15)                               = 0
close(13)                               = 0
lseek(12, 0, SEEK_SET)                  = 0
fcntl64(12, F_SETLKW, {type=F_WRLCK, whence=SEEK_CUR, start=0, len=1024}) = 0
fstat64(12, {st_mode=S_IFREG|0644, st_size=4096, ...}) = 0
lseek(12, 2048, SEEK_SET)               = 2048
read(12, "xV4\22\0\0\0\0\2\0\0\0\0\0\0\0 \300IF\0\0\0\0\310~\0\0"..., 1024) =
1024
lseek(12, 2048, SEEK_SET)               = 2048
fcntl64(12, F_GETLK, {type=F_UNLCK, whence=SEEK_CUR, start=0, len=1024, pid=0})
= 0
lseek(12, 2048, SEEK_SET)               = 2048
read(12, "xV4\22\0\0\0\0\2\0\0\0\0\0\0\0 \300IF\0\0\0\0\310~\0\0"..., 1024) =
1024
lseek(12, 2048, SEEK_SET)               = 2048
write(12, "xV4\22\0\0\0\0\0\0\0\0\0\0\0\0 \300IF\0\0\0\0\310~\0\0"..., 1024) =
1024
lseek(12, 3072, SEEK_SET)               = 3072
read(12, "xV4\22\0\0\0\0\0\0\0\0\0\0\0\0 yHF\0\0\0\0\242q\0\0\0\0"..., 1024) =
1024
lseek(12, 0, SEEK_SET)                  = 0
fcntl64(12, F_SETLK, {type=F_UNLCK, whence=SEEK_CUR, start=0, len=1024}) = 0
stat64("/var/lib/ldap/id2entry.bdb", {st_mode=S_IFREG|0600, st_size=15826944,
...}) = 0
stat64("/var/lib/ldap/id2entry.bdb", {st_mode=S_IFREG|0600, st_size=15826944,
...}) = 0
open("/var/lib/ldap/id2entry.bdb", O_RDWR|O_LARGEFILE) = 13
fcntl64(13, F_SETFD, FD_CLOEXEC)        = 0
read(13, "\22\0\0\0\212^i\0\0\0\0\0b1\5\0\t\0\0\0\0@\0\0\0\t\0\0"..., 512) =
512
close(13)                               = 0
stat64("/var/lib/ldap/id2entry.bdb", {st_mode=S_IFREG|0600, st_size=15826944,
...}) = 0
open("/var/lib/ldap/id2entry.bdb", O_RDWR|O_LARGEFILE) = 13
fcntl64(13, F_SETFD, FD_CLOEXEC)        = 0
fstat64(13, {st_mode=S_IFREG|0600, st_size=15826944, ...}) = 0
time(NULL)                              = 1179248871
stat64("/var/lib/ldap/dn2id.bdb", {st_mode=S_IFREG|0600, st_size=5132288, ...})
= 0
stat64("/var/lib/ldap/dn2id.bdb", {st_mode=S_IFREG|0600, st_size=5132288, ...})
= 0
open("/var/lib/ldap/dn2id.bdb", O_RDWR|O_LARGEFILE) = 14
fcntl64(14, F_SETFD, FD_CLOEXEC)        = 0
read(14, "\22\0\0\0\tEQ\0\0\0\0\0b1\5\0\t\0\0\0\0\20\0\0\0\t\0\0"..., 512) =
512
close(14)                               = 0
stat64("/var/lib/ldap/dn2id.bdb", {st_mode=S_IFREG|0600, st_size=5132288, ...})
= 0
open("/var/lib/ldap/dn2id.bdb", O_RDWR|O_LARGEFILE) = 14
fcntl64(14, F_SETFD, FD_CLOEXEC)        = 0
fstat64(14, {st_mode=S_IFREG|0600, st_size=5132288, ...}) = 0
time(NULL)                              = 1179248871
pread64(13, "\20\0\0\0008\fY\0\1\0\0\0\0\0\0\0\0\0\0\0\2\0\344?\3\3"..., 16384,
16384) = 16384
pread64(13, "\22\0\0\0:^i\0\220\3\0\0\0\0\0\0\0\0\0\0\335\0010\"\2\3"..., 16384,
14942208) = 16384
pread64(13, "\22\0\0\0\235\0m\0W\3\0\0O\3\0\0\0\0\0\0\20\0\270!\1\5"..., 16384,
14008320) = 16384
mmap2(NULL, 1052672, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0xb63c3000
time(NULL)                              = 1179248871
write(2, "=> bdb_entry_get: ndn: \"o=testh"..., 49) = 49
write(2, "=> bdb_entry_get: oc: \"(null)\", "..., 49) = 49
write(2, "bdb_dn2entry(\"o=test"..., 40) = 40
write(2, "=> bdb_dn2id(\"o=test"..., 40) = 40
pread64(14, "\t\0\0\0D+=\0\1\0\0\0\0\0\0\0\0\0\0\0\20\0\214\r\3\3\364"..., 4096,
4096) = 4096
pread64(14, "\n\0\0\0\212\242P\0_\2\0\0\0\0\0\0G\4\0\0G\0\364\7\2\3"..., 4096,
2486272) = 4096
pread64(14, "\22\0\0\0i\374l\0\n\0\0\0Q\3\0\0\33\4\0\0>\0\230\6\1\5"..., 4096,
40960) = 4096
write(2, "<= bdb_dn2id: got id=0x00000001\n", 32) = 32
pread64(13, "\20\0\0\0\230\313X\0\217\3\0\0\0\0\0\0\0\0\0\0\307\1\224"...,
16384, 14925824) = 16384
pread64(13, "\22\0\0\0O\2m\0\2\0\0\0\0\0\0\0\3\0\0\0(\0|\4\1\5\370?"..., 16384,
32768) = 16384
write(2, "entry_decode: \"o=test"..., 40) = 40
write(2, "<= entry_decode(o=test"..., 41) = 41
write(2, "=> bdb_entry_get: found entry: \""..., 57) = 57
write(2, "bdb_entry_get: rc=0\n", 20)   = 20
mmap2(NULL, 8392704, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0xb5bc2000
mprotect(0xb5bc2000, 4096, PROT_NONE)   = 0
clone(child_stack=0xb63c24d4,
flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID,
parent_tidptr=0xb63c2be8, {entry_number:6, base_addr:0xb63c2ba0, limit:1048575,
seg_32bit:1, contents:0, read_exec_only:0, limit_in_pages:1, seg_not_present:0,
useable:1}, child_tidptr=0xb63c2be8) = 374
futex(0xb63c2be8, FUTEX_WAIT, 374, NULL) = 0
write(2, "slapd starting\n", 15)        = 15
mmap2(NULL, 385024, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0xb5363000
clone(child_stack=0xb63c24d4,
flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID,
parent_tidptr=0xb63c2be8, {entry_number:6, base_addr:0xb63c2ba0, limit:1048575,
seg_32bit:1, contents:0, read_exec_only:0, limit_in_pages:1, seg_not_present:0,
useable:1}, child_tidptr=0xb63c2be8) = 375
futex(0xb63c2be8, FUTEX_WAIT, 375, NULL) = 0
+++ killed by SIGSEGV +++
---- end of tail -70 slapd-strace.log

using a wrong ldap password at "Enter LDAP Password:" when promped by
"ldappasswd" does not crash the server.