[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: (ITS#3741) slapd segfaults when using proxycache overlay
Your analysis appears to be only partially correct; in fact, the fix
that apparently is only partially hitting the problem, which is related
to the proxycache overlay leaving some of the AttributeName struct
fields non-initialized by malloc as opposed to calloc. In HEAD the
configuration error you made is currently disallowed, but this also
prevents the "*" attributelist to be requested (which is implicit in
forgetting to configure a proxyattrset). A fix to both HEAD and 2.2 is
coming.
Thanks for reporting.
fredme@gmail.com wrote:
>Full_Name: Eugenio Grytsenko
>Version: 2.2.26
>OS: SuSE Linux
>URL: ftp://ftp.openldap.org/incoming/
>Submission from: (NULL) (200.5.92.164)
>
>
>I am using openldap 2.2.26, my distro is SuSE Linux 9.1, and I configured the
>openldap server as metadirectory with proxycache overlay. When I tried to use
>"proxytemplate" directive (number 3 in my config file) without any
>"proxyattrset", slapd segfaults. Here is the config file:
>
>==CUT HERE==
>ucdata-path /usr/share/openldap/ucdata
>include /etc/openldap/schema/core.schema
>include /etc/openldap/schema/cosine.schema
>include /etc/openldap/schema/inetorgperson.schema
>include /etc/openldap/schema/openldap.schema
>include /etc/openldap/schema/nis.schema
>
>loglevel 256
>pidfile /var/run/slapd/slapd.pid
>argsfile /var/run/slapd/slapd.args
>
>modulepath /usr/lib/openldap/modules
>moduleload back_bdb.la
>moduleload back_ldap.la
>
>database ldap
>suffix "dc=example,dc=com"
>rootdn "dc=example,dc=com"
>uri ldap://AAA.BBB.CCC.DDD:389
>
>overlay proxycache
>proxycache bdb 1000000 4 1000 86400
>proxyattrset 0 sn loginShell uidNumber gidNumber objectClass uid gecos cn
>homeDirectory
>proxyattrset 1 uid userPassword uidNumber gidNumber cn homeDirectory
>loginShell gecos description objectClass
>proxyattrset 2 cn userPassword memberUid uniqueMember gidNumber
>proxytemplate (cn=) 0 86400
>proxytemplate (uid=) 0 86400
>proxytemplate (&(objectClass=)(uid=)) 1 86400
>proxytemplate (&(objectClass=)(uidNumber=)) 1 86400
>proxytemplate (&(objectClass=)(memberUid=)) 2 86400
>proxytemplate (&(objectClass=)(gidNumber=)) 2 86400
>proxytemplate (&(objectClass=)(cn=)) 2 86400
>proxytemplate (uid=) 3 86400
>
>cachesize 500000
>directory /var/run/slapd/data
>index objectClass eq
>index uid eq
>index uidNumber eq
>index gidNumber eq
>index memberUid eq
>index cn pres,eq,sub
>==CUT HERE==
>
>How could you reproduce the bug: I tried to authenticate with a user and with
>the other.
>
>fred@fred:~> ./check_user user1
>User: [user1]
>Password: **** <= wrong password
>PAM said: Authentication failure
>fred@fred:~> ./check_user user1
>User: [user1]
>Password: ****** <= good password
>PAM said: Success
>fred@fred:~> ./check_user user2
>User: [user2]
>Password: ****** <= good password
>PAM said: User not known to the underlying authentication module
>(server side: openldap segmentation fault)
>
>Here is the source code of check_user:
>
>==CUT HERE==
>/* gcc -O2 -Wall -W check_user.c -o check_user -lpam -lpam_misc -s */
>#include <stdio.h>
>#include <security/pam_appl.h>
>#include <security/pam_misc.h>
>
>static struct pam_conv conv = {
> misc_conv,
> NULL
>};
>
>int main(int argc, char *argv[])
>{
> pam_handle_t *pamh = NULL;
> const char *user = argv[1];
> int retval;
>
> if (user) {
> fprintf(stderr, "User: [%s]\n", user);
> }
>
> retval = pam_start("check_user", user, &conv, &pamh);
> if (retval == PAM_SUCCESS) {
> retval = pam_authenticate(pamh, 0); /* usuario real? */
> }
> if (retval == PAM_SUCCESS) {
> retval = pam_acct_mgmt(pamh, 0); /* acceso permitido? */
> }
>
> fprintf(stderr, "PAM said: %s\n", pam_strerror(pamh, retval));
>
> if (retval == PAM_NEW_AUTHTOK_REQD) {
> if (pam_chauthtok(pamh, PAM_CHANGE_EXPIRED_AUTHTOK) != PAM_SUCCESS) {
> fprintf(stderr, "pam_chauthtok() error\n");
> }
> }
>
> if (pam_end(pamh, retval) != PAM_SUCCESS) {
> pamh = NULL;
> fprintf(stderr, "pam_end failed\n");
> return 1;
> }
>
> return retval == PAM_SUCCESS ? 0:1;
>}
>==CUT HERE==
>
>And here is the /etc/pam.d/check_user configuration file:
>
>==CUT HERE==
>#%PAM-1.0
>auth required pam_ldap.so
>account required pam_ldap.so
>password required pam_ldap.so
>==CUT HERE==
>
>Server side debug output:
>
>openldap@server:~#/usr/lib/openldap/slapd -s0 -d 256
>@(#) $OpenLDAP: slapd 2.2.26 (May 20 2005 14:44:49) $
> root@susetest:/usr/src/openldap-2.2.26/servers/slapd
>bdb_db_init: Initializing BDB database
>Total # of attribute sets to be cached = 4
>Attribute Set # 0
> sn
> loginShell
> uidNumber
> gidNumber
> objectClass
> uid
> gecos
> cn
> homeDirectory
>Attribute Set # 1
> uid
> userPassword
> uidNumber
> gidNumber
> cn
> homeDirectory
> loginShell
> gecos
> description
> objectClass
>Attribute Set # 2
> cn
> userPassword
> memberUid
> uniqueMember
> gidNumber
>Template:
> query template: (cn=)
> attributes:
> sn
> loginShell
> uidNumber
> gidNumber
> objectClass
> uid
> gecos
> cn
> homeDirectory
>Template:
> query template: (uid=)
> attributes:
> sn
> loginShell
> uidNumber
> gidNumber
> objectClass
> uid
> gecos
> cn
> homeDirectory
>Template:
> query template: (&(objectClass=)(uid=))
> attributes:
> uid
> userPassword
> uidNumber
> gidNumber
> cn
> homeDirectory
> loginShell
> gecos
> description
> objectClass
>Template:
> query template: (&(objectClass=)(uidNumber=))
> attributes:
> uid
> userPassword
> uidNumber
> gidNumber
> cn
> homeDirectory
> loginShell
> gecos
> description
> objectClass
>Template:
> query template: (&(objectClass=)(memberUid=))
> attributes:
> cn
> userPassword
> memberUid
> uniqueMember
> gidNumber
>Template:
> query template: (&(objectClass=)(gidNumber=))
> attributes:
> cn
> userPassword
> memberUid
> uniqueMember
> gidNumber
>Template:
> query template: (&(objectClass=)(cn=))
> attributes:
> cn
> userPassword
> memberUid
> uniqueMember
> gidNumber
>Template:
> query template: (uid=)
> attributes:
>slapd starting
>conn=0 fd=11 ACCEPT from IP=AAA.BBB.CCC.ZZZ:2010 (IP=0.0.0.0:389)
>conn=0 op=0 BIND dn="" method=128
>conn=0 op=0 RESULT tag=97 err=0 text=
>conn=0 op=1 SRCH base="dc=example,dc=com" scope=2 deref=0 filter="(uid=user1)"
>query template of incoming query = (uid=)
>Lock QC index = 7
>Not answerable: Unlock QC index=7
>QUERY NOT ANSWERABLE
>QUERY CACHEABLE
>request 1 done
>request 2 done
>UUID for query being added = 83f76f16-5da5-1029-9e89-a4920bdef69d
>ENTRY ADDED/MERGED, CACHED ENTRIES=0
>STORED QUERIES = 1
>Added query expires at 1116698738
>Lock AQ index = 7
>TEMPLATE 7 QUERIES++ 1
>Unlock AQ index = 7
>Base of added query = dc=example,dc=com
>conn=0 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text=
>conn=0 op=2 BIND dn="uid=user1,ou=People,dc=example,dc=com" method=128
>request 1 done
>conn=0 op=2 RESULT tag=97 err=49 text=
>conn=0 op=3 BIND dn="" method=128
>conn=0 op=3 RESULT tag=97 err=0 text=
>conn=0 op=4 UNBIND
>conn=0 fd=11 closed
>conn=1 fd=11 ACCEPT from IP=AAA.BBB.CCC.ZZZ:2011 (IP=0.0.0.0:389)
>conn=1 op=0 BIND dn="" method=128
>conn=1 op=0 RESULT tag=97 err=0 text=
>conn=1 op=1 SRCH base="dc=example,dc=com" scope=2 deref=0 filter="(uid=user1)"
>query template of incoming query = (uid=)
>Lock QC index = 7
>QUERY ANSWERABLE
>conn=1 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text=
>conn=1 op=2 BIND dn="uid=user1,ou=People,dc=example,dc=com" method=128
>request 1 done
>conn=1 op=2 RESULT tag=97 err=0 text=
>connection_input: conn=1 deferring operation: binding
>conn=1 op=2 BIND dn="uid=user1,ou=People,dc=example,dc=com" mech=SIMPLE ssf=0
>conn=1 op=2 RESULT tag=97 err=0 text=
>conn=1 op=3 BIND anonymous mech=implicit ssf=0
>conn=1 op=3 BIND dn="" method=128
>conn=1 op=3 RESULT tag=97 err=0 text=
>conn=1 op=4 UNBIND
>conn=1 fd=11 closed
>conn=2 fd=11 ACCEPT from IP=AAA.BBB.CCC.ZZZ:2012 (IP=0.0.0.0:389)
>conn=2 op=0 BIND dn="" method=128
>conn=2 op=0 RESULT tag=97 err=0 text=
>conn=2 op=1 SRCH base="dc=example,dc=com" scope=2 deref=0 filter="(uid=user2)"
>query template of incoming query = (uid=)
>Lock QC index = 7
>Not answerable: Unlock QC index=7
>QUERY NOT ANSWERABLE
>QUERY CACHEABLE
>Segmentation fault
>openldap@server:~#
>
>I solve it by doing a hack in servers/slapd/overlays/pcache.c, here is the
>patch:
>
>==CUT HERE==
>diff -urN openldap-2.2.26/servers/slapd/overlays/pcache.c
>openldap-2.2.26-diff/servers/slapd/overlays/pcache.c
>--- openldap-2.2.26/servers/slapd/overlays/pcache.c 2005-01-20
>14:01:17.000000000 -0300
>+++ openldap-2.2.26-diff/servers/slapd/overlays/pcache.c 2005-05-19
>15:30:07.585518684 -0300
>@@ -1263,7 +1263,7 @@
> for (count=0; attrs[count].an_name.bv_val; count++)
> ;
> }
>- *new_attrs = (AttributeName*)(op->o_tmpalloc((count+1)*
>+ *new_attrs = (AttributeName*)(op->o_tmpcalloc((count+1),
> sizeof(AttributeName), op->o_tmpmemctx));
> if (attrs == NULL) {
> (*new_attrs)[0].an_name.bv_val = "*";
>==CUT HERE==
>
>Email: fredme@gmail.com
>Web: http://www.unixfamily.com.ar/
>fred.-
>
>
SysNet - via Dossi,8 27100 Pavia Tel: +390382573859 Fax: +390382476497