[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Changing cert paths may cause openldap to stop
- To: openldap-technical <openldap-technical@openldap.org>
- Subject: Changing cert paths may cause openldap to stop
- From: Nick Milas <nick@eurobjects.com>
- Date: Thu, 27 Mar 2014 12:52:38 +0200
- User-agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.4.0
Hi,
On 2.4.39 (CentOS 5.10 x86_64), I found that if I attempt to change
certificate values but there is an error in a path, openldap stops.
I would expect this should be avoided. Openldap should reject the
modification and not stop.
Running the modification below, it hungs; we press Ctrl-C (and we print
a full backtrace), then we find slapd is stopped.
Please check the output below.
Best regards,
Nick
Example:
-------------------------------------------------------------------------------
Modification file: /root/work/certmod2:
-------------------------------------------------------------------------------
dn: cn=config
changetype: modify
replace: olcTLSCACertificateFile
olcTLSCACertificateFile:
/usr/local/openldap/etc/openldap/certs/chain-2241.pem
-
replace: olcTLSCertificateFile
olcTLSCertificateFile: /usr/local/openldap/etc/openldap/certs/cert-2241.pem
-
replace: olcTLSCertificateKeyFile
olcTLSCertificateKeyFile:
/usr/local/openldap/etc/openldap/certs/priv-2241.pem
-------------------------------------------------------------------------------
In this case priv-2241.pem does not exist (the correct value would be:
key-2241.pem).
-------------------------------------------------------------------------------
Modification attempt:
-------------------------------------------------------------------------------
# /usr/local/openldap/bin/ldapmodify -h localhost -x -v -W -D
"cn=admin,cn=config" -f /root/work/certmod2
ldap_initialize( ldap://localhost )
Enter LDAP Password:
replace olcTLSCACertificateFile:
/usr/local/openldap/etc/openldap/certs/chain-2241.pem
replace olcTLSCertificateFile:
/usr/local/openldap/etc/openldap/certs/cert-2241.pem
replace olcTLSCertificateKeyFile:
/usr/local/openldap/etc/openldap/certs/priv-2241.pem
modifying entry "cn=config"
<it hungs and we press Ctrl-C>
ldap_result: Can't contact LDAP server (-1)
-------------------------------------------------------------------------------
-------------------------------------------------------------------------------
(gdb) backtrace full
#0 0x00000033bf830265 in raise () from /lib64/libc.so.6
No symbol table info available.
#1 0x00000033bf831d10 in abort () from /lib64/libc.so.6
No symbol table info available.
#2 0x00000033bf829706 in __assert_fail () from /lib64/libc.so.6
No symbol table info available.
#3 0x000000000044f66d in slap_send_ldap_result (op=0xcd75580,
rs=0x2ba278651c20) at result.c:813
tmp = <value optimized out>
otext = 0x2ba278650664 ""
oref = 0x0
__PRETTY_FUNCTION__ = "slap_send_ldap_result"
#4 0x000000000042ca7f in config_back_modify (op=0xcd75580,
rs=0x2ba278651c20) at bconfig.c:5926
cfb = 0x8787a0
ce = 0xffffffff
last = 0x600000000
ml = 0x6
ca = {argc = 2, argv = 0xce77200, argv_size = 513, line =
0xce75c00 "/usr/local/openldap/etc/openldap/certs/priv-2241.pem",
tline = 0xc81a880 "\220d\224\f", fname = 0x5c7c99 "slapd",
lineno = 0, log = "olcTLSCertificateKeyFile: value #0", '\000' <repeats
4089 times>,
reply = {err = 0, msg = '\000' <repeats 255 times>}, depth =
0, valx = -1, values = {v_int = 209823808, v_uint = 209823808, v_long =
209823808,
v_ulong = 209823808, v_ber_t = 209823808, v_string =
0xc81a840 "/usr/local/openldap/etc/openldap/certs/priv-2241.pem", v_bv =
{bv_len = 209823808,
bv_val = 0x0}, v_dn = {vdn_dn = {bv_len = 209823808,
bv_val = 0x0}, vdn_ndn = {bv_len = 0, bv_val = 0x0}}, v_ad = 0xc81a840},
rvalue_vals = 0x0,
rvalue_nvals = 0x0, op = 0, type = 8, ca_op = 0xcd75580, be =
0x87a520, bi = 0x0, ca_entry = 0xc81ab48, ca_private = 0xc81a280,
cleanup = 0x427850 <config_tls_cleanup>, table = Cft_Global}
rdn = {bv_len = 2, bv_val = 0xc81a7e0 "cn=config"}
rad = 0xc7c4e90
do_pause = 1
#5 0x0000000000455ff7 in fe_op_modify (op=0xcd75580, rs=0x2ba278651c20)
at modify.c:303
repl_user = <value optimized out>
bd = 0x87a520
textbuf =
"\005\000\000\000\000\000\000\000xZ\327\f\000\000\000\000h[\327\f\000\000\000\000\003\000\000\000\000\000\000\000\b\000\000\000\000\000\000\000\270Z\327\f\000\000\000\000P\271}\f\000\000\000\000\000\\\347\f\000\000\000\000\320[\347\f\000\000\000\000:\213E",
'\000' <repeats 21 times>,
"4\000\000\000\000\000\000\000\000\\\347\f\000\000\000\000\270U\327\f",
'\000' <repeats 12 times>, "@\\\347\f", '\000' <repeats 12 times>"\340,
\272}\f\000\000\000\000\020", '\000' <repeats 15 times>"\304,
XE\000\000\000\000\000\340:\306\f\000\000\000\000\000\001\000\000\000\000\000\000\320\032ex\242+\000\000@\034ex\242+\000\000\200U\327\f\000\000\000\000\001\000\000\000\000\000\000\000\270U\327\f\000\000\000\000\250U\327\f\000\000\000\000\340:\306\f\000\000\000\000\251\063"...
#6 0x0000000000456762 in do_modify (op=0xcd75580, rs=0x2ba278651c20) at
modify.c:177
dn = {bv_len = 9, bv_val = 0xcd75459 "cn=config"}
textbuf =
"\000\b\000\000\000\000\000\000\000\001\000\000\000\000\000\000
\000\000\000\000\000\000\000\004", '\000' <repeats 15 times>"\377,
\017\000\000\000\000\000\000\260\005\002", '\000' <repeats 14
times>"\360, \377\377\377\377\377\377\000\000\000\000~", '\000' <repeats
27 times>"\271, \312\065\062\"", '\000' <repeats 11 times>"\340,
I\265\277\063\000\000\000\000\000\020\000\000\000\000\000\000\000\020\000\000\000\000\000\001\000\000\000\000\000\000\000\340:\306\f\000\000\000\000\000\000\020\000\000\000\000\000\236@\207\277\063",
'\000' <repeats 13 times>,
"\020\000\000\000\000\000p\035ex\242+\000\000Mc[\000\000\000\000\000\000\000\020\000\000\000\000\000\373\210E\000\000\000\000\000\001\000\000\000\000\000\000\000\330\002I\000\000\000\000\000\200U\327\f\000\000\000\000]\226F\---Type
<return> to continue, or q <return> to quit---
000\000\000\000"
tmp = 0x0
#7 0x000000000043f0d5 in connection_operation (ctx=0x2ba278651d70,
arg_v=<value optimized out>) at connection.c:1155
rc = <value optimized out>
cancel = <value optimized out>
op = 0xcd75580
rs = {sr_type = REP_RESULT, sr_tag = 0, sr_msgid = 0, sr_err =
-1, sr_matched = 0x0, sr_text = 0x2ba278650664 "", sr_ref = 0x0,
sr_ctrls = 0x0,
sr_un = {sru_search = {r_entry = 0x0, r_attr_flags = 0,
r_operational_attrs = 0x0, r_attrs = 0x0, r_nentries = 0, r_v2ref =
0x0}, sru_sasl = {
r_sasldata = 0x0}, sru_extended = {r_rspoid = 0x0,
r_rspdata = 0x0}}, sr_flags = 0}
tag = 102
opidx = SLAP_OP_MODIFY
conn = 0xc9c2d20
memctx = 0xcc63ae0
memctx_null = 0x0
__PRETTY_FUNCTION__ = "connection_operation"
#8 0x000000000043f6af in connection_read_thread (ctx=0x2ba278651d70,
argv=<value optimized out>) at connection.c:1291
s = 12
#9 0x000000000058d92c in ldap_int_thread_pool_wrapper (xpool=0xc7c8430)
at tpool.c:688
task = 0xcd752f0
work_list = <value optimized out>
ctx = {ltu_id = 47976804591936, ltu_key = {{ltk_key = 0x43e040,
ltk_data = 0xcd75950, ltk_free = 0x43e110 <conn_counter_destroy>}, {
ltk_key = 0x48ff50, ltk_data = 0xcc63ae0, ltk_free =
0x48ff70 <slap_sl_mem_destroy>}, {ltk_key = 0x0, ltk_data = 0x0,
ltk_free = 0} <repeats 30 times>}}
kctx = <value optimized out>
keyslot = 435
hash = <value optimized out>
__PRETTY_FUNCTION__ = "ldap_int_thread_pool_wrapper"
#10 0x00002ba23235583d in start_thread () from /lib64/libpthread.so.0
No symbol table info available.
#11 0x00000033bf8d526d in clone () from /lib64/libc.so.6
No symbol table info available.
-------------------------------------------------------------------------------