[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: rwm overlay causes slapd segfault

To: Ulrich Windl <Ulrich.Windl@rz.uni-regensburg.de>
Subject: Re: rwm overlay causes slapd segfault
From: Jarbas Peixoto Júnior <jarbas.junior@gmail.com>
Date: Wed, 12 Feb 2014 13:49:49 -0300
Cc: openldap-technical@openldap.org
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; bh=WlPIZ6ozjTkw9z5eeRpo5WchfYwS2t0sSimSN6E3FTc=; b=dE9Msk9dk4uKRTJQbGTtjnjfLIjXuXS13g97efIB9WOzNrxlabMEWmgItJBx6SWQlU qQOCsmqcdJg/C6njhUuyx1NS+GL96e6hfb087CPgxigKGO+4LKfnIrabHuREoFEuwzLZ UlBcANo15aVvekR+IgfO8x4Gd6ATEuM1tEsWPPTN7PjG3OBeackRyK78V/JqvcnjIKqt nBewQb8kM1Yt7jTGoF7ycCVQBUYfojDpcwBoCKySMIjY0rAKn/IVmCIa2mly/939D+om O01Ly/LSFlJ/ARtI9W4wsgZdjW6Xu4jxeyxLy2tC9fBxRqG8s2W7YibsuKRT0YdN2wFv lgDA==
In-reply-to: <52FB9313020000A100014595@gwsmtp1.uni-regensburg.de>
References: <CAKJak0oDAi=REfJBH4KQS7_tW5HwU5HGLdbit50MH5+vpyucvg@mail.gmail.com> <52FB9313020000A100014595@gwsmtp1.uni-regensburg.de>

2014-02-12 11:28 GMT-03:00 Ulrich Windl <Ulrich.Windl@rz.uni-regensburg.de>:
> Hi!
>
> As the bug seems to occur in a C library routine, it could be helpful to
> attach to slapd using "ltrace -p .." to see what the last call was.
> You could also attach gdb to the process, and try a backtrace when there was a
> segfault...

Ulrich, when I run "ltrace -p PID-OF-SLAPD", I have:

13:26:16 root@linuxprev ~ # ltrace -p 28758
+++ killed by SIGTRAP +++

The process "slapd" crash again.

Regards,
Jarbas
>
> Ulrich
>
>>>> Jarbas Peixoto Júnior<jarbas.junior@gmail.com> schrieb am 12.02.2014 um
> 14:14
> in Nachricht
> <CAKJak0oDAi=REfJBH4KQS7_tW5HwU5HGLdbit50MH5+vpyucvg@mail.gmail.com>:
>> Needed to enable authentication on ldap server via the mail attribute.
>>
>> I used the overlay rwm as documentation:
>>    * http://www.openldap.org/doc/admin24/overlays.html # Rewrite / Remap
>>    * http://www.openldap.org/lists/openldap-software/200707/msg00487.html
>>    *
>>
> http://www.openldap.org/software/man.cgi?query=slapo-rwm&sektion=5&apropos=0&;
>
>> manpath=OpenLDAP+2.4-Release
>>
>> I run the current version of OpenLDAP :
>>
>> dpkg -l | grep openldap
>> ii  openldap-ltb                       2.4.39-1
>> amd64        OpenLDAP server with addons from the LDAP Tool Box
>> project
>> ii  openldap-ltb-check-password        2.4.39-1
>> amd64        check_password module for password policy
>> ii  openldap-ltb-contrib-overlays      2.4.39-1
>> amd64        Overlays contributed to OpenLDAP
>>
>> My configuration snippet is shown below :
>>
>> ...
>> backend         hdb
>>
>> moduleload      rwm
>> overlay rwm
>> rwm-rewriteEngine       on
>> rwm-rewriteMap  ldap    attr2dn "ldaps:///dc=gov,dc=br?dn?sub?"
>> rwm-rewriteContext      bindDN
>> rwm-rewriteRule "^mail=[^,]+@[^,]+$" "${attr2dn($0)}" ":@I"
>>
>> database        hdb
>> ...
>>
>> Everything worked fine , but sometimes occurred a ' slapd segfault "
>> there was no apparent cause .
>>
>> A log analysis allowed us to identify the query that caused the "crash
>> " was the folder containing " ** " as follows :
>>
>> "(mail=*name**surname*)(mailAlternateAddress=*name**surname*)"
>>
>> Redid several searches and this is really "crash " in some situations :
>>
>> Normal
>> =======
>> ldapsearch -xLLL -H ldaps://www-linuxprev -b dc=gov,dc=br
>> "(uid=jarbas*peixoto)" mail
>> dn: uid=jarbas.peixoto,ou=URMS,ou=SUAT,ou=DRD,ou=DATAPREV,dc=gov,dc=br
>> mail: jarbas.peixoto@dataprev.gov.br
>>
>> Normal
>> =======
>> ldapsearch -xLLL -H ldaps://www-linuxprev -b dc=gov,dc=br
>> "(uid=jarbas**peixoto)" mail
>> ldap_search_ext: Bad search filter (-7)
>>
>> Normal
>> =======
>> ldapsearch -xLLL -H ldaps://www-linuxprev -b dc=gov,dc=br
>> "(mail=jarbas*peixoto@dataprev.gov.br)" mail
>> dn: uid=jarbas.peixoto,ou=URMS,ou=SUAT,ou=DRD,ou=DATAPREV,dc=gov,dc=br
>> mail: jarbas.peixoto@dataprev.gov.br
>>
>> Normal
>> =======
>> ldapsearch -xLLL -H ldaps://www-linuxprev -b dc=gov,dc=br
>> "(mail=jarbas**peixoto@dataprev.gov.br)" mail
>> ldap_search_ext: Bad search filter (-7)
>>
>> Segfault - Note that there is a space between the two asterisks ( "* *" )
>> ================================================================
>> ldapsearch -xLLL -H ldaps://www-linuxprev -b dc=gov,dc=br
>> "(mail=jarbas* *peixoto@dataprev.gov.br)" mail
>> Additional information: massaged filter parse error
>>
>> The excerpts from server logs are:
>>
>> Feb 12 09:49:18 linuxprev slapd[27108]: conn=1004 fd=19 ACCEPT from
>> IP=10.82.0.22:46996 (IP=0.0.0.0:636)
>> Feb 12 09:49:18 linuxprev slapd[27108]: conn=1004 fd=19 TLS
>> established tls_ssf=128 ssf=128
>> Feb 12 09:49:18 linuxprev slapd[27108]: conn=1004 op=0 BIND dn=""
> method=128
>> Feb 12 09:49:18 linuxprev slapd[27108]: conn=1004 op=0 RESULT tag=97 err=0
>> text=
>> Feb 12 09:49:18 linuxprev slapd[27108]: conn=1004 op=1 SRCH
>> base="dc=gov,dc=br" scope=2 deref=0
>> filter="(mail=jarbas**peixoto@dataprev.gov.br)"
>> Feb 12 09:49:18 linuxprev slapd[27108]: conn=1004 op=1 SRCH attr=mail
>> Feb 12 09:49:18 linuxprev slapd[27108]: conn=1004 op=1 SEARCH RESULT
>> tag=101 err=0 nentries=0 text=massaged filter parse error
>> Feb 12 09:49:18 linuxprev kernel: [19683068.279488] slapd[27112]
>> general protection ip:7f9c3520cac9 sp:7f9bc9eb2960 error:0 in
>> libc-2.13.so[7f9c35191000+182000]
>>
>> To work around this error I added the lines:
>>
>> # Remove os '**" da pesquisa 'mail=**' evitando o segfault
>> rwm-rewriteContext searchFilter
>> rwm-rewriteRule "(.*)(\\* ?\\*)(.*)" "$1*$3" "@I"
>>
>> This problem also occurs in other versions of slapd native Debian and
>> Ubuntu.
>>
>> Without the overlay rwm not occur this BUG . Can anyone confirm if it
>> is really a bug in the " rwm overlay" ?
>>
>>
>> Regards,
>> Jarbas
>
>

Follow-Ups:
- Re: rwm overlay causes slapd segfault
  - From: Quanah Gibson-Mount <quanah@zimbra.com>

References:
- rwm overlay causes slapd segfault
  - From: Jarbas Peixoto Júnior <jarbas.junior@gmail.com>
- Antw: rwm overlay causes slapd segfault
  - From: "Ulrich Windl" <Ulrich.Windl@rz.uni-regensburg.de>

Prev by Date: subtree-exclude (was Re: slapd-meta exclude syntax; larger problem with rwm, collective attributes.)
Next by Date: Re: rwm overlay causes slapd segfault
Index(es):
- Chronological
- Thread