[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#5715) segfault in libdb



michael@stroeder.com wrote:

> I will check this right now. Anyway find below the tail of the server's
> log when invoking
> 
> ldapwhoami -H
> ldapi://%2Fhome%2Fmichael%2Ftemp%2Fopenldap-testbed-RE24%2Fslapd1 -Y
> EXTERNAL

OK, at a first glance, I see two things:

1) your search finds nothing, probably because anonymous cannot read the 
"entry" pseudo-attribute of "ou=schulung,dc=stroeder,dc=local" (see [1])

2) this causes a sigsegv, which Is Bad (TM).

You should check whether the result of those ACLs is correct, and in the 
meanwhile provide a core dump, to fix the sigsegv issue.

p.

> --------------------------------- snip --------------------------------
> ==> sasl_bind: dn="" mech=EXTERNAL datalen=0
> SASL Canonicalize [conn=0]:
> authcid="gidNumber=100+uidNumber=500,cn=peercred,cn=external,cn=auth"
> slap_sasl_getdn: conn 0
> id=gidNumber=100+uidNumber=500,cn=peercred,cn=external,cn=auth [len=59]
> ==>slap_sasl2dn: converting SASL name
> gidNumber=100+uidNumber=500,cn=peercred,cn=external,cn=auth to a DN
> ==> rewrite_context_apply [depth=1]
> string='gidNumber=100+uidNumber=500,cn=peercred,cn=external,cn=auth'
> ==> rewrite_rule_apply
> rule='gidnumber=([0-9]+)\+uidnumber=([0-9]+),cn=peercred,cn=external,cn=auth'
> string='gidNumber=100+uidNumber=500,cn=peercred,cn=external,cn=auth' [1
> pass(es)]
> ==> rewrite_context_apply [depth=1]
> res={0,'ldap:///ou=schulung,dc=stroeder,dc=local??sub?(&(objectClass=posixAccount)(uidNumber=500)(gidNumber=100))'}
> [rw] authid:
> "gidNumber=100+uidNumber=500,cn=peercred,cn=external,cn=auth" ->
> "ldap:///ou=schulung,dc=stroeder,dc=local??sub?(&(objectClass=posixAccount)(uidNumber=500)(gidNumber=100))"
> slap_parseURI: parsing
> ldap:///ou=schulung,dc=stroeder,dc=local??sub?(&(objectClass=posixAccount)(uidNumber=500)(gidNumber=100))
> ldap_url_parse_ext(ldap:///ou=schulung,dc=stroeder,dc=local??sub?(&(objectClass=posixAccount)(uidNumber=500)(gidNumber=100)))
> put_filter: "(&(objectClass=posixAccount)(uidNumber=500)(gidNumber=100))"
> put_filter: AND
> put_filter_list "(objectClass=posixAccount)(uidNumber=500)(gidNumber=100)"
> put_filter: "(objectClass=posixAccount)"
> put_filter: simple
> put_simple_filter: "objectClass=posixAccount"
> put_filter: "(uidNumber=500)"
> put_filter: simple
> put_simple_filter: "uidNumber=500"
> put_filter: "(gidNumber=100)"
> put_filter: simple
> put_simple_filter: "gidNumber=100"
> ber_scanf fmt ({mm}) ber:
> ber_scanf fmt ({mm}) ber:
> ber_scanf fmt ({mm}) ber:
>>>> dnNormalize: <ou=schulung,dc=stroeder,dc=local>
> => ldap_bv2dn(ou=schulung,dc=stroeder,dc=local,0)
> <= ldap_bv2dn(ou=schulung,dc=stroeder,dc=local)=0
> => ldap_dn2bv(272)
> <= ldap_dn2bv(ou=schulung,dc=stroeder,dc=local)=0
> <<< dnNormalize: <ou=schulung,dc=stroeder,dc=local>
> slap_sasl2dn: performing internal search
> (base=ou=schulung,dc=stroeder,dc=local, scope=2)
> => hdb_search
> bdb_dn2entry("ou=schulung,dc=stroeder,dc=local")
> => access_allowed: auth access to "ou=schulung,dc=stroeder,dc=local"
> "entry" requested
> => dn: [4] ou=users,ou=schulung,dc=stroeder,dc=local
> => dn: [5] ou=groups,ou=schulung,dc=stroeder,dc=local
> => dn: [6] ou=schulung,dc=stroeder,dc=local
> => acl_get: [6] matched
> => acl_get: [6] attr entry
> => acl_mask: access to entry "ou=schulung,dc=stroeder,dc=local", attr
> "entry" requested
> => acl_mask: to all values by "", (=0)
> <= check a_dn_pat: *
> <= acl_mask: [2] applying none(=0) (stop)
> <= acl_mask: [2] mask: none(=0)
> => slap_access_allowed: auth access denied by none(=0)

[1]

> => access_allowed: no more rules
> send_ldap_result: conn=0 op=0 p=3
> send_ldap_result: err=32 matched="" text=""
> <==slap_sasl2dn: Converted SASL name to <nothing>
> SASL Canonicalize [conn=0]:
> slapAuthcDN="gidNumber=100+uidNumber=500,cn=peercred,cn=external,cn=auth"
> ./start-slapd1.sh: line 14: 20820 Segmentation fault
> ${OPENLDAP_PREFIX}/libexec/slapd -d stats,acl,args,trace,sync -h
> "ldap://0.0.0.0:2071
> ldapi://%2Fhome%2Fmichael%2Ftemp%2Fopenldap-testbed-RE24%2Fslapd1" -n
> slapd-schulung-1 -u michael -f ${LOCALCONFIG}/slapd-1.conf -F
> ${LOCALCONFIG}/slapd-1.conf.d
> michael@nb2:~/temp/openldap-testbed-RE24>
> 
> 



Ing. Pierangelo Masarati
OpenLDAP Core Team

SysNet s.r.l.
via Dossi, 8 - 27100 Pavia - ITALIA
http://www.sys-net.it
-----------------------------------
Office:  +39 02 23998309
Mobile:  +39 333 4963172
Fax:     +39 0382 476497
Email:   ando@sys-net.it
-----------------------------------