[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: (ITS#3396) slapd crash during SASL Canonicalize
> It is unclear what software version you're using for slapd; in the headers
> you speak about openldap-stable-20040923 (I guess you mean 2.2.17), later
> in the message you speak about 2.0.27 that ships with RedHat RHEL WS 3.0,
> and in a follow-up you speak about the __client__ ldapsearch from 2.2.17.
> What's the version of the slapd that is crashing? Can you rerpoduce the
> crash with the latest 2.2.X? can you provide a stack backtrace of the
> crashed slapd?
The server is running 2.2.17 (the stable release from the website). I
tried both the 2.0.27 and 2.2.17 ldapsearch clients. Here is some
additional information:
** OpenLDAP build/version info:
OL_PACKAGE="OpenLDAP"
OL_MAJOR=2
OL_MINOR=2
OL_PATCH=17
OL_API_INC=20217
OL_API_LIB_RELEASE=2.2
OL_API_LIB_VERSION=7:10:0
OL_VERSION=2.2.17
OL_TYPE=Release
OL_STRING="OpenLDAP 2.2.17-Release"
OL_RELEASE_DATE="2004/09/13"
** Running on Intel Dual Xeon with Hyperthreading:
vendor_id : GenuineIntel
cpu family : 15
model : 2
model name : Intel(R) Xeon(TM) CPU 2.60GHz
stepping : 9
cpu MHz : 2591.727
cache size : 512 KB
physical id : 0
siblings : 2
runqueue : 0
fdiv_bug : no
hlt_bug : no
f00f_bug : no
coma_bug : no
fpu : yes
fpu_exception : yes
cpuid level : 2
wp : yes
flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge
mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm
bogomips : 5164.23
** Red Hat Enterprise Linux AS 3.0:
Linux husky.cedar.uta.edu 2.4.21-20.ELsmp #1 SMP Wed Aug 18 20:46:40 EDT
2004 i686 i686 i386 GNU/Linux
** Compiled using gcc 3.2.3 and glibc 2.3.2.
** Configuration:
env CFLAGS='-O3' CXXFLAGS='-O3' CCFLAGS='-O3' ./configure
--prefix=/usr/local --disable-ipv6 --with-cyrus-sasl --with-tls
--enable-monitor --enable-dynamic --enable-phonetic --enable-slapd
--enable-spasswd --enable-rlookups --enable-wrappers --enable-hdb
--with-dyngroups=yes --with-proxycache=yes
** Steps to reproduce:
1. Start slapd with: # slapd -h "ldap:/// ldaps:///" -f
/usr/local/etc/openldap/slapd.conf
2. Get ticket for user with kinit: # kinit digant
3. Perform ldapsearch: # ldapsearch -h husky.cedar.uta.edu -b
"dc=uta,dc=edu" "(objectclass=*)"
**gdb back stack trace:
#0 test_filter (op=0x57a33b0, e=0x8f84ae8, f=0x0) at filterentry.c:67
rc = 0
#1 0x0809bff8 in bdb_do_search (op=0x57a33b0, rs=0x57a3370,
sop=0x57a33b0,
ps_e=0x0, ps_type=0) at search.c:1112
x = 10839964
bdb = (struct bdb_info *) 0x8f11c38
stoptime = 1100624123
id = 98832
cursor = 1
candidates = {1, 98832, 0 <repeats 126999 times>, 10840960,
10840008,
25, 150428072, 4, 29, 10839936, 10837656, 10839936, 1, 91878312, 0,
10840960, 10840008, 17, 150428096, 3, 21, 10839936, 10837656,
10839936, 1,
91878360, 10034813, 10839936, 6, 10837656, 8191, 3, 9969716, 91878512,
1998467806, 3, 1998467809, 91878512, 10837656, 150426104, 0, 91878432,
9969475, 150426104, 91878512, 8191, 10, 1, 0, 10837656, 91878472,
9965116,
150426104, 91878512, 8191, 10, 1, 2262984, 91878515, 0, 91886728,
2114752,
9711257, 2262984, 91886728, 2114885, 2097152000, 91878512, 32,
150428056,
32032, 1597268594, 1986948963, 7631461, 1634082877, 6648684, 0,
1684352609,
876034677, 872415289, 57, 0 <repeats 719 times>, 9959147, 0,
135086668, 0,
91883020, 9856574, 91883056, 135086668, 0, 0, 0, 0, 0, 0, 91883000,
9867148,
91881920, 0 <repeats 55 times>, 543424512, 0 <repeats 12 times>, 10,
3, 0,
0, 0, 91881928, 0, 1, 91883340, 91883000, 0, 135086666, 1, 4294967295,
0 <repeats 23 times>, 135086668, 0 <repeats 30 times>, 516, 10839936,
10840008, 25, 150474760, 4, 24, 10039195, 10837656, 16, 150464848,
91882168,
10040737, 10839936, 150464848, 0, 0, 10840960, 10840008, 0, 150477008,
0,
16, 10839936, 10837656, 16, 150481392...}
scopes = {0 <repeats 65536 times>}
e = (Entry *) 0x8f84ae8
base = {e_id = 98832, e_name = {bv_len = 0, bv_val = 0x0},
e_nname = {
bv_len = 36, bv_val = 0x8f83828
"uid=digant,cn=accounts,dc=uta,dc=edu"},
e_attrs = 0x0, e_ocflags = 0, e_bv = {bv_len = 0, bv_val = 0x0},
e_private = 0x8f83d00}
e_root = {e_id = 0, e_name = {bv_len = 0, bv_val = 0x0}, e_nname
= {
bv_len = 0, bv_val = 0x0}, e_attrs = 0x0, e_ocflags = 0, e_bv = {
bv_len = 0, bv_val = 0x0}, e_private = 0x0}
matched = (Entry *) 0x0
ei = (EntryInfo *) 0x8f83d00
ei_root = {bei_parent = 0x0, bei_id = 0, bei_lockpad = 0 '\0',
bei_state = 0, bei_nrdn = {bv_len = 0, bv_val = 0x0}, bei_e = 0x0,
bei_kids = 0x0, bei_kids_mutex = {__m_reserved = 0, __m_count = 0,
__m_owner = 0x0, __m_kind = 0, __m_lock = {__status = 0, __spinlock
= 0}},
bei_lrunext = 0x0, bei_lruprev = 0x0}
realbase = {bv_len = 36,
bv_val = 0x8f83828 "uid=digant,cn=accounts,dc=uta,dc=edu"}
manageDSAit = 0
tentries = 1
lastid = 4294967295
attrs = (AttributeName *) 0x0
contextcsnand = {f_choice = 0, f_un = {f_un_result = 0, f_un_dn
= 0x0,
f_un_desc = 0x0, f_un_ava = 0x0, f_un_ssa = 0x0, f_un_mra = 0x0,
f_un_complex = 0x0}, f_next = 0x0}
contextcsnle = {f_choice = 0, f_un = {f_un_result = 0, f_un_dn =
0x0,
f_un_desc = 0x0, f_un_ava = 0x0, f_un_ssa = 0x0, f_un_mra = 0x0,
f_un_complex = 0x0}, f_next = 0x0}
cookief = {f_choice = 0, f_un = {f_un_result = 0, f_un_dn = 0x0,
f_un_desc = 0x0, f_un_ava = 0x0, f_un_ssa = 0x0, f_un_mra = 0x0,
f_un_complex = 0x0}, f_next = 0x0}
csnfnot = {f_choice = 0, f_un = {f_un_result = 0, f_un_dn = 0x0,
f_un_desc = 0x0, f_un_ava = 0x0, f_un_ssa = 0x0, f_un_mra = 0x0,
f_un_complex = 0x0}, f_next = 0x0}
csnfeq = {f_choice = 0, f_un = {f_un_result = 0, f_un_dn = 0x0,
f_un_desc = 0x0, f_un_ava = 0x0, f_un_ssa = 0x0, f_un_mra = 0x0,
f_un_complex = 0x0}, f_next = 0x0}
csnfand = {f_choice = 0, f_un = {f_un_result = 0, f_un_dn = 0x0,
f_un_desc = 0x0, f_un_ava = 0x0, f_un_ssa = 0x0, f_un_mra = 0x0,
f_un_complex = 0x0}, f_next = 0x0}
csnfge = {f_choice = 0, f_un = {f_un_result = 0, f_un_dn = 0x0,
f_un_desc = 0x0, f_un_ava = 0x0, f_un_ssa = 0x0, f_un_mra = 0x0,
f_un_complex = 0x0}, f_next = 0x0}
aa_ge = {aa_desc = 0x0, aa_value = {bv_len = 0, bv_val = 0x0}}
aa_eq = {aa_desc = 0x0, aa_value = {bv_len = 0, bv_val = 0x0}}
aa_le = {aa_desc = 0x0, aa_value = {bv_len = 0, bv_val = 0x0}}
search_context_csn = (struct berval *) 0x0
ctxcsn_lock = {off = 0, ndx = 0, gen = 0, mode = DB_LOCK_NG}
ctrls = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0}
num_ctrls = 0
uuid_attr = {{an_name = {bv_len = 0, bv_val = 0x0}, an_desc =
0x0,
an_oc_exclude = 0, an_oc = 0x0}, {an_name = {bv_len = 0, bv_val =
0x0},
an_desc = 0x0, an_oc_exclude = 0, an_oc = 0x0}}
rc_sync = 0
entry_sync_state = -1
null_attr = {an_name = {bv_len = 0, bv_val = 0x0}, an_desc =
0x0,
an_oc_exclude = 0, an_oc = 0x0}
no_sync_state_change = 0
locker = 19
lock = {off = 290056, ndx = 736, gen = 17, mode = DB_LOCK_READ}
ps_list = (Operation *) 0xa5679c
sync_send_present_mode = 1
match = 0
mr = (MatchingRule *) 0x0
text = 0x0
slog_found = 91894704
syncUUID_set = 0x0
syncUUID_set_cnt = 0
opinfo = (struct bdb_op_info *) 0x0
ltid = (DB_TXN *) 0x0
#2 0x0809dacf in bdb_search (op=0x48, rs=0x57a3370) at search.c:370
No locals.
#3 0x08082efa in slap_sasl2dn (opx=0x8f74db0, saslname=0x80f0420,
sasldn=0x57a3560, flags=2) at saslauthz.c:953
rc = 150038192
cb = {sc_next = 0x0, sc_response = 0x8083a38 <sasl_sc_sasl2dn>,
sc_cleanup = 0, sc_private = 0x57a3560}
op = {o_opid = 0, o_connid = 0, o_conn = 0x772e6310, o_bd =
0x8f166b0,
o_msgid = 0, o_protocol = 3, o_tag = 99, o_time = 1100624124, o_req_dn
= {
bv_len = 36, bv_val = 0x771e44f4
"uid=digant,cn=accounts,dc=uta,dc=edu"},
o_req_ndn = {bv_len = 36,
bv_val = 0x771e44c4 "uid=digant,cn=accounts,dc=uta,dc=edu"},
o_request = {
oq_add = {rs_e = 0x0}, oq_bind = {rb_method = 0, rb_cred = {bv_len =
0,
bv_val = 0x1 <Address 0x1 out of bounds>}, rb_edn = {
bv_len = 4294967295, bv_val = 0x0}, rb_ssf = 1}, oq_compare = {
rs_ava = 0x0}, oq_delete = {rd_csn = {bv_len = 0, bv_val = 0x0}},
oq_modify = {rs_modlist = 0x0}, oq_modrdn = {rs_newrdn = {bv_len =
0,
bv_val = 0x0}, rs_nnewrdn = {bv_len = 1,
bv_val = 0xffffffff <Address 0xffffffff out of bounds>},
rs_newSup = 0x0, rs_nnewSup = 0x1, rs_deleteoldrdn = 0}, oq_search
= {
rs_scope = 0, rs_deref = 0, rs_slimit = 1, rs_tlimit = -1,
rs_limit = 0x0, rs_attrsonly = 1, rs_attrs = 0x0, rs_filter = 0x0,
rs_filterstr = {bv_len = 0, bv_val = 0x0}}, oq_abandon = {rs_msgid
= 0},
oq_cancel = {rs_msgid = 0}, oq_extended = {rs_reqoid = {bv_len = 0,
bv_val = 0x0}, rs_reqdata = 0x1}, oq_pwdexop = {rs_reqoid = {
bv_len = 0, bv_val = 0x0}, rs_old = {bv_len = 1,
bv_val = 0xffffffff <Address 0xffffffff out of bounds>}, rs_new
= {
bv_len = 0, bv_val = 0x1 <Address 0x1 out of bounds>}, rs_mods =
0x0,
rs_modtail = 0x0}}, o_tid = 0, o_abandon = 0, o_cancel = 0,
o_groups = 0x0, o_do_not_cache = 1 '\001', o_is_auth_check = 1 '\001',
o_managedsait = 0 '\0', o_noop = 0 '\0', o_proxy_authz = 0 '\0',
o_subentries = 0 '\0', o_subentries_visibility = 0 '\0', o_assert = 0
'\0',
o_valuesreturnfilter = 0 '\0', o_permissive_modify = 0 '\0',
o_domain_scope = 0 '\0', o_preread = 0 '\0', o_postread = 0 '\0',
o_preread_attrs = 0x0, o_postread_attrs = 0x0, o_pagedresults = 0
'\0',
o_pagedresults_size = 0, o_pagedresults_state = {ps_be = 0x0,
ps_cookie = 0,
ps_count = 0}, o_sync = 0 '\0', o_sync_mode = 0 '\0', o_sync_state =
{
ctxcsn = 0x0, sid = 0, octet_str = 0x0, rid = 0, sc_next = {
stqe_next = 0x0}}, o_sync_rhint = 0, o_sync_cid = {bv_len = 0,
bv_val = 0x0}, o_sync_slog_size = 0, o_sync_csn = {bv_len = 0,
bv_val = 0x0}, o_sync_slog_omitcsn = {bv_len = 0, bv_val = 0x0},
o_sync_slog_len = 0, o_sync_slog_list = {stqh_first = 0x0, stqh_last =
0x0},
o_ps_entries = 0, o_no_psearch = 0, o_ps_link = {le_next = 0x0,
le_prev = 0x0}, o_pm_list = {lh_first = 0x0}, o_authz = {sai_method
= 0,
sai_mech = {bv_len = 0, bv_val = 0x0}, sai_dn = {bv_len = 0,
bv_val = 0x0}, sai_ndn = {bv_len = 0, bv_val = 0x0}, sai_ssf = 0,
sai_transport_ssf = 0, sai_tls_ssf = 0, sai_sasl_ssf = 0}, o_ber =
0x0,
o_res_ber = 0x0, o_callback = 0x57a3500, o_ctrls = 0x0,
o_threadctx = 0x57a3900, o_tmpmemctx = 0x8f73a40, o_tmpmfuncs =
0x80f2374,
o_private = 0x0, o_next = {stqe_next = 0x0}, o_assertion = 0x0,
o_vrFilter = 0x0, o_nocaching = 0, o_delete_glue_parent = 0}
rs = {sr_type = REP_RESULT, sr_tag = 0, sr_msgid = 0, sr_err =
0,
sr_matched = 0x0, sr_text = 0x0, sr_ref = 0x0, sr_ctrls = 0x0, sr_un =
{
sru_sasl = {r_sasldata = 0x8f84ae8}, sru_extended = {
r_rspoid = 0x8f84ae8 "\020\202\001", r_rspdata = 0x0}, sru_search
= {
r_entry = 0x8f84ae8, r_attrs = 0x0, r_nentries = 0, r_v2ref =
0x0}},
sr_flags = 0}
regout = {bv_len = 45,
bv_val = 0x771e42a4 "ldaps:///uid=digant,cn=accounts,dc=uta,dc=edu"}
#4 0x080879bd in slap_sasl_getdn (conn=0x772e6310, op=0x8f74db0,
id=0x8f76290 "digant", len=91895136, user_realm=0x8f74660
"CEDAR.UTA.EDU",
dn=0x57a35c0, flags=2) at sasl.c:1868
rc = 1998471788
is_dn = 2
do_norm = 1
dn2 = {bv_len = 0, bv_val = 0x0}
mech = (struct berval *) 0x772e635c
#5 0x080887d7 in slap_sasl_canonicalize (sconn=0x8f73a70, context=0x48,
in=0x8f76290 "digant", inlen=6, flags=3,
user_realm=0x8f74660 "CEDAR.UTA.EDU", out=0x8f74481 "", out_max=1,
out_len=0x8f742e0) at sasl.c:729
conn = (Connection *) 0x772e6310
props = (struct propctx *) 0x8f748b8
auxvals = {{name = 0x0, values = 0x0, nvalues = 0, valsize = 0},
{
name = 0x0, values = 0x0, nvalues = 0, valsize = 0}, {name = 0x0,
values = 0x0, nvalues = 0, valsize = 0}}
dn = {bv_len = 45,
bv_val = 0x771e426c "uid=digant,cn=cedar.uta.edu,cn=gssapi,cn=auth"}
rc = 72
which = 1
names = {0x80e2f50 "*slapConn", 0x0}
#6 0x0030c4f7 in _sasl_canon_user () from /usr/local/lib/libsasl2.so.2
No symbol table info available.
#7 0x006c2b13 in gssapi_server_mech_step ()
from /usr/local/lib/sasl2/libgssapiv2.so.2
No symbol table info available.
#8 0x003142b4 in sasl_server_step () from /usr/local/lib/libsasl2.so.2
No symbol table info available.
#9 0x0808757b in slap_sasl_bind (op=0x8f74db0, rs=0x57a3870) at
sasl.c:1499
ctx = (sasl_conn_t *) 0x8f73a70
response = {bv_len = 91895720, bv_val = 0x0}
reslen = 0
sc = 91895720
#10 0x0806cebd in do_bind (op=0x8f74db0, rs=0x57a3870) at bind.c:300
len = 53
ber = (BerElement *) 0x8f73a56
version = 3
method = 163
mech = {bv_len = 6, bv_val = 0x770004e6 "GSSAPI"}
dn = {bv_len = 0, bv_val = 0x770004e2 ""}
tag = 72
be = (Backend *) 0x0
#11 0x0805a619 in connection_operation (ctx=0x57a3900, arg_v=0x8f74db0)
at connection.c:1044
rc = 6
rs = {sr_type = REP_RESULT, sr_tag = 0, sr_msgid = 0, sr_err =
0,
sr_matched = 0x0, sr_text = 0x0, sr_ref = 0x0, sr_ctrls = 0x0, sr_un =
{
sru_sasl = {r_sasldata = 0x0}, sru_extended = {r_rspoid = 0x0,
r_rspdata = 0x0}, sru_search = {r_entry = 0x0, r_attrs = 0x0,
r_nentries = 0, r_v2ref = 0x0}}, sr_flags = 0}
tag = 96
oldtag = 96
conn = (Connection *) 0x772e6310
memctx = (void *) 0x8f73a40
memctx_null = (void *) 0x0
#12 0x0044bf40 in ldap_int_thread_pool_wrapper (xpool=0x8ecc0c8) at
tpool.c:467
ctx = (ldap_int_thread_ctx_t *) 0x8f74678
ltc_key = {{ltk_key = 0x808a054, ltk_data = 0x8f73a40,
ltk_free = 0x808a028 <sl_mem_destroy>}, {ltk_key = 0x8f669e8,
ltk_data = 0x13, ltk_free = 0x80b06b8 <bdb_locker_id_free>}, {
ltk_key = 0x8f669e9, ltk_data = 0x8f836e8,
ltk_free = 0x80b06a8 <bdb_txn_free>}, {ltk_key = 0x0, ltk_data =
0x0,
ltk_free = 0} <repeats 29 times>}
tid = 91896752
i = 150423160
keyslot = 362
hash = 150491400
#13 0x00779dec in start_thread () from /lib/tls/libpthread.so.0
No symbol table info available.
#14 0x009fd19a in clone () from /lib/tls/libc.so.6
No symbol table info available.