[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
(ITS#8629) slapauth segfault with GSSAPI + olcAuthzRegexp using internal LDAP search + ppolicy overlay
Full_Name: Clement Oudot
Version: 2.4.44
OS: GNU/Linux
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (193.248.50.71)
Hello,
with a simple olcAuthzRegexp configuration like:
olcAuthzRegexp: {0}uid=(.*),cn=gssapi,cn=auth
ldap:///dc=example,dc=com???(uid=$1)
And ppolicy overlay configured, for example like:
dn: olcOverlay={0}ppolicy,olcDatabase={1}mdb,cn=config
objectClass: olcOverlayConfig
objectClass: olcPPolicyConfig
olcOverlay: {0}ppolicy
olcPPolicyHashCleartext: FALSE
olcPPolicyUseLockout: FALSE
olcPPolicyForwardUpdates: FALSE
We have a segfault when running this command:
$ /usr/local/openldap/sbin/slapauth -F
/home/clement/configuration/openldap/example /slapd.d/ -v coudot -M GSSAPI
Here is the GDB backtrace:
Program received signal SIGSEGV, Segmentation fault.
0x000000000055644f in ppolicy_restrict (op=0x7fffffffd0e0, rs=0x7fffffffd070) at
ppolicy.c:1379
1379 ppolicy.c: Aucun fichier ou dossier de ce type.
(gdb) bt
#0 0x000000000055644f in ppolicy_restrict (op=0x7fffffffd0e0,
rs=0x7fffffffd070) at ppolicy.c:1379
#1 0x00000000004a55ca in overlay_op_walk (op=op@entry=0x7fffffffd0e0,
rs=0x7fffffffd070, which=op_search, oi=0xa59ef0, on=0xa571d0) at backover.c:661
#2 0x00000000004a574e in over_op_func (op=0x7fffffffd0e0, rs=<optimized out>,
which=<optimized out>) at backover.c:730
#3 0x0000000000487375 in slap_sasl2dn (opx=0x7fffffffd710, saslname=0x0,
sasldn=0x7fffffffd310, flags=-16, flags@entry=2) at saslauthz.c:2008
#4 0x000000000048e42b in slap_sasl_getdn (conn=conn@entry=0x7fffffffd450,
op=op@entry=0x7fffffffd710, id=id@entry=0x7fffffffd440, user_realm=0x0,
dn=dn@entry=0x7fffffffd410, flags=flags@entry=2) at sasl.c:1891
#5 0x00000000004aba73 in do_check (c=c@entry=0x7fffffffd450,
op=op@entry=0x7fffffffd710, id=id@entry=0x7fffffffd440) at slapauth.c:44
#6 0x00000000004abe54 in slapauth (argc=<optimized out>, argv=0x7fffffffdcc8)
at slapauth.c:161
#7 0x0000000000425e98 in main (argc=7, argv=0x7fffffffdc98) at main.c:664
Note that there is no bug if one of this condition is true:
* overlay ppolicy is not configured
* olcAuthRegexp does not use internal LDAP search
* GSSAPI schema is not requested in slapauth
Hope you have enough information in this report. Feel free to ask more if
needed.