[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
(ITS#7249) slapd segfault with memberof overlay on frontend db
Full_Name: Jan Vcelak
Version: master
OS: Linux
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (209.132.186.34)
Enabling memberof overlay on frontend database causes slapd to SEGFAULT due to
stack overflow when renaming an entry.
Slapd should not segfault even if the configuration is wrong.
Initial server configuration:
(slapadd -F /etc/openldap/slapd.d -n 0 -l slapd.ldif)
dn: cn=config
objectClass: olcGlobal
cn: config
olcArgsFile: /var/run/slapd.args
olcPidFile: /var/run/slapd.pid
dn: cn=schema,cn=config
objectClass: olcSchemaConfig
cn: schema
include: file:///etc/openldap/schema/core.ldif
dn: olcDatabase=frontend,cn=config
objectClass: olcDatabaseConfig
olcDatabase: frontend
dn: olcDatabase=config,cn=config
objectClass: olcDatabaseConfig
olcDatabase: config
olcAccess: to * by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=external,c
n=auth" manage by * none
dn: olcDatabase=bdb,cn=config
objectClass: olcDatabaseConfig
objectClass: olcBdbConfig
olcDatabase: bdb
olcSuffix: dc=my-domain,dc=com
olcRootDN: cn=Manager,dc=my-domain,dc=com
olcRootPW: secret
olcDbDirectory: /var/lib/ldap
olcDbIndex: objectClass eq
Initial data:
(ldapadd -c -H ldap://localhost -x -D cn=manager,dc=my-domain,dc=com -w secret
-f data.ldif)
dn: dc=my-domain,dc=com
objectclass: dcObject
objectclass: organization
o: Example Org
dc: my-domain
dn: cn=Manager,dc=my-domain,dc=com
objectclass: organizationalRole
cn: Manager
dn: ou=users,dc=my-domain,dc=com
objectclass: organizationalUnit
ou: users
dn: cn=foo,ou=users,dc=my-domain,dc=com
objectclass: organizationalRole
cn: foo
Enabling overlay:
(ldapadd -c -Y EXTERNAL -H ldapi:/// -f data_overlays.ldif)
dn: olcOverlay={0}memberof,olcDatabase={-1}frontend,cn=config
objectClass: olcOverlayConfig
objectClass: olcMemberOf
olcOverlay: {0}memberof
olcMemberOfDangling: error
olcMemberOfDanglingError: constraintViolation
olcMemberOfRefInt: TRUE
olcMemberOfGroupOC: groupOfNames
olcMemberOfMemberAD: member
olcMemberOfMemberOfAD: memberOf
Renaming the entries, causing segmentation fault:
(ldapmodify -c -H ldap://localhost -x -D cn=manager,dc=my-domain,dc=com -w
secret -f data_modify.ldif)
dn: cn=foo,ou=users,dc=my-domain,dc=com
changetype: modrdn
newrdn: cn=bar
deleteoldrdn: 1
dn: cn=bar,ou=users,dc=my-domain,dc=com
changetype: modrdn
newrdn: cn=foo
deleteoldrdn: 1
Server backtrace:
(gdb) bt 6 full
#0 0x000000000044f188 in backend_check_restrictions (op=0x0, rs=0x0,
opdata=0x0) at ../../../servers/slapd/backend.c:1022
restrictops = 140737153878880
requires = 4515244
opflag = 8413346912
exopflag = 140737311768104
ssfs = {sss_ssf = 0, sss_transport = 0, sss_tls = 0, sss_sasl = 0,
sss_update_ssf = 0, sss_update_transport = 0, sss_update_tls = 0,
sss_update_sasl = 0, sss_simple_bind = 0}
ssf = 0xa0bc30
updateop = 0
starttls = 0
session = -184966544
#1 0x000000000043f3cf in fe_op_search (op=0x7ffff5797df0, rs=0x7ffff5797c60) at
../../../servers/slapd/search.c:370
bd = 0x7ffff4f9a180
#2 0x00000000004d9fd4 in overlay_op_walk (op=0x7ffff5797df0, rs=0x7ffff5797c60,
which=op_search, oi=0x7fffec104b60, on=0x0) at
../../../servers/slapd/backover.c:671
func = 0x8dc018
rc = 32768
#3 0x00000000004da225 in over_op_func (op=0x7ffff5797df0, rs=0x7ffff5797c60,
which=op_search) at ../../../servers/slapd/backover.c:723
oi = 0x7fffec104b60
on = 0x7fffec104d40
be = 0xa0bc30
db = {bd_info = 0x8dbfc0, bd_self = 0xa0bc30, be_ctrls =
"\000\001\001\001\000\001\000\000\001\000\000\001\001\000\001\001", '\000'
<repeats 16 times>, "\001", be_flags = 67848, be_restrictops = 0, be_requires =
0, be_ssf_set = {sss_ssf = 0, sss_transport = 0, sss_tls = 0, sss_sasl = 0,
sss_update_ssf = 0, sss_update_transport = 0, sss_update_tls = 0,
sss_update_sasl = 0, sss_simple_bind = 0}, be_suffix = 0xa16380, be_nsuffix =
0xa163b0, be_schemadn = {bv_len = 0, bv_val = 0x0}, be_schemandn = {bv_len = 0,
bv_val = 0x0}, be_rootdn = {bv_len = 30, bv_val = 0xa16450
"cn=Manager,dc=my-domain,dc=com"}, be_rootndn = {bv_len = 30, bv_val = 0xa164a0
"cn=manager,dc=my-domain,dc=com"}, be_rootpw = {bv_len = 6, bv_val = 0xa16320
"secret"}, be_max_deref_depth = 15, be_def_limit = {lms_t_soft = 3600,
lms_t_hard = 0, lms_s_soft = 500, lms_s_hard = 0, lms_s_unchecked = -1, lms_s_pr
= 0, lms_s_pr_hide = 0, lms_s_pr_total = 0}, be_limits = 0x0, be_acl = 0x0,
be_dfltaccess = ACL_READ, be_extra_anlist = 0x0, be_update_ndn = {bv_len = 0,
bv_val = 0x0}, be_update_refs = 0x0, be_pending_csn_list = 0xbefb60,
be_pcl_mutex = {__data = {__lock = 0, __count = 0, __owner = 0, __nusers = 0,
__kind = 0, __spins = 0, __list = {__prev = 0x0, __next = 0x0}}, __size = '\000'
<repeats 39 times>, __align = 0}, be_syncinfo = 0x0, be_pb = 0x0, be_cf_ocs =
0x8d4c60, be_private = 0xa11e80, be_next = {stqe_next = 0x0}}
cb = {sc_next = 0x7ffff4f9a410, sc_response = 0x4d8d5b
<over_back_response>, sc_cleanup = 0, sc_private = 0x7fffec104b60}
sc = 0x0
rc = 32768
__PRETTY_FUNCTION__ = "over_op_func"
#4 0x00000000004da334 in over_op_search (op=0x7ffff5797df0, rs=0x7ffff5797c60)
at ../../../servers/slapd/backover.c:750
No locals.
#5 0x000000000043f5bb in fe_op_search (op=0x7ffff5797df0, rs=0x7ffff5797c60) at
../../../servers/slapd/search.c:402
bd = 0x7ffff4f9a460
(More stack frames follow...)
...
#45535 0x00000000004da225 in over_op_func (op=0x7ffff5797df0, rs=0x7ffff5797c60,
which=op_search) at ../../../servers/slapd/backover.c:723
#45536 0x00000000004da334 in over_op_search (op=0x7ffff5797df0,
rs=0x7ffff5797c60) at ../../../servers/slapd/backover.c:750
#45537 0x000000000043f5bb in fe_op_search (op=0x7ffff5797df0, rs=0x7ffff5797c60)
at ../../../servers/slapd/search.c:402
#45538 0x00000000004d9fd4 in overlay_op_walk (op=0x7ffff5797df0,
rs=0x7ffff5797c60, which=op_search, oi=0x7fffe81050a0, on=0x0) at
../../../servers/slapd/backover.c:671
#45539 0x00000000004da225 in over_op_func (op=0x7ffff5797df0, rs=0x7ffff5797c60,
which=op_search) at ../../../servers/slapd/backover.c:723
#45540 0x00000000004da334 in over_op_search (op=0x7ffff5797df0,
rs=0x7ffff5797c60) at ../../../servers/slapd/backover.c:750
#45541 0x00000000005abaeb in memberof_isGroupOrMember (op=0x7fffec000940,
mci=0x7fffec001420) at ../../../../servers/slapd/overlays/memberof.c:289
#45542 0x00000000005b00c0 in memberof_res_modrdn (op=0x7fffec000940,
rs=0x7ffff57989e0) at ../../../../servers/slapd/overlays/memberof.c:1513
#45543 0x000000000045262c in slap_response_play (op=0x7fffec000940,
rs=0x7ffff57989e0) at ../../../servers/slapd/result.c:507
#45544 0x0000000000452868 in send_ldap_response (op=0x7fffec000940,
rs=0x7ffff57989e0) at ../../../servers/slapd/result.c:582
#45545 0x0000000000453a52 in slap_send_ldap_result (op=0x7fffec000940,
rs=0x7ffff57989e0) at ../../../servers/slapd/result.c:860
#45546 0x000000000050e0a9 in bdb_modrdn (op=0x7fffec000940, rs=0x7ffff57989e0)
at ../../../../servers/slapd/back-bdb/modrdn.c:789
#45547 0x00000000004626be in fe_op_modrdn (op=0x7fffec000940, rs=0x7ffff57989e0)
at ../../../servers/slapd/modrdn.c:314
#45548 0x00000000004d9fd4 in overlay_op_walk (op=0x7fffec000940,
rs=0x7ffff57989e0, which=op_modrdn, oi=0x7fffe81050a0, on=0x0) at
../../../servers/slapd/backover.c:671
#45549 0x00000000004da225 in over_op_func (op=0x7fffec000940, rs=0x7ffff57989e0,
which=op_modrdn) at ../../../servers/slapd/backover.c:723
#45550 0x00000000004da3b2 in over_op_modrdn (op=0x7fffec000940,
rs=0x7ffff57989e0) at ../../../servers/slapd/backover.c:768
#45551 0x0000000000461e20 in do_modrdn (op=0x7fffec000940, rs=0x7ffff57989e0) at
../../../servers/slapd/modrdn.c:186
#45552 0x000000000043a9df in connection_operation (ctx=0x7ffff5798b20,
arg_v=0x7fffec000940) at ../../../servers/slapd/connection.c:1150
#45553 0x000000000043af9c in connection_read_thread (ctx=0x7ffff5798b20,
argv=0x13) at ../../../servers/slapd/connection.c:1286
#45554 0x00000000005d0dd2 in ldap_int_thread_pool_wrapper (xpool=0x9b0170) at
../../../libraries/libldap_r/tpool.c:688
#45555 0x00000034ad607b41 in start_thread (arg=0x7ffff5799700) at
pthread_create.c:305
#45556 0x00000034acee0e6d in clone () at
../sysdeps/unix/sysv/linux/x86_64/clone.S:115