[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
(ITS#4964) consumer with slapo-chain segfaults when using ldappasswd
Full_Name: Markus Krause
Version: openldap2-2.3.34-5.2
OS: SuSE Llinux Enterprise Server 10
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (84.56.13.40)
changing the the ldap password using "ldappasswd" from the command line using
the following slapd.conf on a consumer (only relevant part) crashes the server
with a "segmentation fault":
...
modulepath /usr/lib/openldap/modules
moduleload smbk5pwd.so
sizelimit unlimited
acl ...
TLSstuff ...
#### chain overlay definition
overlay chain
chain-rebind-as-user FALSE
chain-uri "ldaps://ldapprov"
chain-rebind-as-user TRUE
chain-idassert-bind bindmethod="simple"
binddn="cn=manager,o=test"
credentials="secret"
mode="self"
database bdb
suffix "o=test"
directory /var/lib/ldap/
rootdn "cn=manager,o=test"
rootpw "secret"
index objectClass,uidNumber,gidNumber eq
index member,mail eq,pres
index cn,displayname,uid,sn,givenname sub,eq,pres
index sambaSID,sambaPrimaryGroupSID,sambaDomainName eq
index entryCSN,entryUUID eq
index dhcpHWAddress eq,pres
index relativeDomainName eq,pres
index ipHostNumber eq,pres
index zoneName eq,pres
index radiusGroupName eq,pres
syncrepl rid=13
provider=ldaps://ldapprov
type=refreshAndPersist
retry=1,5,5,6,30,+
interval=00:00:00:30
searchbase="o=test"
filter="(objectclass=*)"
scope=sub
attrs="*"
schemachecking=off
binddn="cn=manager,o=test"
bindmethod=simple
credentials="secret"
sizelimit=unlimited
updateref ldaps://ldapprov
overlay syncprov
--- end of slapd.conf
running slapd in debug mode -d 65535 shows:
--- slapd -d 65535
conn=0 op=1 PASSMOD id="uid=test,o=test" new
>>> dnPrettyNormal: <uid=user,o=test>
=> ldap_bv2dn(uid=user,o=test,0)
<= ldap_bv2dn(uid=user,o=test)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(uid=user,o=test)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(uid=user,o=test)=0
<<< dnPrettyNormal: <uid=user,o=test>, <uid=user,o=test>
bdb_dn2entry("uid=user,o=test")
=> bdb_dn2id("uid=user,o=test")
<= bdb_dn2id: got id=0x0000284c
=> bdb_dn2id("o=test")
<= bdb_dn2id: got id=0x00002861
=> bdb_dn2id("uid=user,o=test")
<= bdb_dn2id: got id=0x0000337f
entry_decode: "uid=user,o=test"
<= entry_decode(uid=user,o=test)
ldap_url_parse_ext(ldaps://ldapprov)
send_ldap_extended: err=10 oid= len=0
ldap_url_parse_ext(ldaps://ldapprov)
Segmentation fault
----- end of debug output
the command used was:
ldappasswd -x -h localhost -D "cn=manager,o=test" -W uid=test,o=test -S
New password:
Re-enter new password:
Enter LDAP Password:
ldappasswd: ldap_result: Can't contact LDAP server (-1)
the last 70 lines of strace where:
--- tail -70 slapd-strace.log:
time(NULL) = 1179248871
time(NULL) = 1179248871
close(14) = 0
close(15) = 0
close(13) = 0
lseek(12, 0, SEEK_SET) = 0
fcntl64(12, F_SETLKW, {type=F_WRLCK, whence=SEEK_CUR, start=0, len=1024}) = 0
fstat64(12, {st_mode=S_IFREG|0644, st_size=4096, ...}) = 0
lseek(12, 2048, SEEK_SET) = 2048
read(12, "xV4\22\0\0\0\0\2\0\0\0\0\0\0\0 \300IF\0\0\0\0\310~\0\0"..., 1024) =
1024
lseek(12, 2048, SEEK_SET) = 2048
fcntl64(12, F_GETLK, {type=F_UNLCK, whence=SEEK_CUR, start=0, len=1024, pid=0})
= 0
lseek(12, 2048, SEEK_SET) = 2048
read(12, "xV4\22\0\0\0\0\2\0\0\0\0\0\0\0 \300IF\0\0\0\0\310~\0\0"..., 1024) =
1024
lseek(12, 2048, SEEK_SET) = 2048
write(12, "xV4\22\0\0\0\0\0\0\0\0\0\0\0\0 \300IF\0\0\0\0\310~\0\0"..., 1024) =
1024
lseek(12, 3072, SEEK_SET) = 3072
read(12, "xV4\22\0\0\0\0\0\0\0\0\0\0\0\0 yHF\0\0\0\0\242q\0\0\0\0"..., 1024) =
1024
lseek(12, 0, SEEK_SET) = 0
fcntl64(12, F_SETLK, {type=F_UNLCK, whence=SEEK_CUR, start=0, len=1024}) = 0
stat64("/var/lib/ldap/id2entry.bdb", {st_mode=S_IFREG|0600, st_size=15826944,
...}) = 0
stat64("/var/lib/ldap/id2entry.bdb", {st_mode=S_IFREG|0600, st_size=15826944,
...}) = 0
open("/var/lib/ldap/id2entry.bdb", O_RDWR|O_LARGEFILE) = 13
fcntl64(13, F_SETFD, FD_CLOEXEC) = 0
read(13, "\22\0\0\0\212^i\0\0\0\0\0b1\5\0\t\0\0\0\0@\0\0\0\t\0\0"..., 512) =
512
close(13) = 0
stat64("/var/lib/ldap/id2entry.bdb", {st_mode=S_IFREG|0600, st_size=15826944,
...}) = 0
open("/var/lib/ldap/id2entry.bdb", O_RDWR|O_LARGEFILE) = 13
fcntl64(13, F_SETFD, FD_CLOEXEC) = 0
fstat64(13, {st_mode=S_IFREG|0600, st_size=15826944, ...}) = 0
time(NULL) = 1179248871
stat64("/var/lib/ldap/dn2id.bdb", {st_mode=S_IFREG|0600, st_size=5132288, ...})
= 0
stat64("/var/lib/ldap/dn2id.bdb", {st_mode=S_IFREG|0600, st_size=5132288, ...})
= 0
open("/var/lib/ldap/dn2id.bdb", O_RDWR|O_LARGEFILE) = 14
fcntl64(14, F_SETFD, FD_CLOEXEC) = 0
read(14, "\22\0\0\0\tEQ\0\0\0\0\0b1\5\0\t\0\0\0\0\20\0\0\0\t\0\0"..., 512) =
512
close(14) = 0
stat64("/var/lib/ldap/dn2id.bdb", {st_mode=S_IFREG|0600, st_size=5132288, ...})
= 0
open("/var/lib/ldap/dn2id.bdb", O_RDWR|O_LARGEFILE) = 14
fcntl64(14, F_SETFD, FD_CLOEXEC) = 0
fstat64(14, {st_mode=S_IFREG|0600, st_size=5132288, ...}) = 0
time(NULL) = 1179248871
pread64(13, "\20\0\0\0008\fY\0\1\0\0\0\0\0\0\0\0\0\0\0\2\0\344?\3\3"..., 16384,
16384) = 16384
pread64(13, "\22\0\0\0:^i\0\220\3\0\0\0\0\0\0\0\0\0\0\335\0010\"\2\3"..., 16384,
14942208) = 16384
pread64(13, "\22\0\0\0\235\0m\0W\3\0\0O\3\0\0\0\0\0\0\20\0\270!\1\5"..., 16384,
14008320) = 16384
mmap2(NULL, 1052672, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0xb63c3000
time(NULL) = 1179248871
write(2, "=> bdb_entry_get: ndn: \"o=testh"..., 49) = 49
write(2, "=> bdb_entry_get: oc: \"(null)\", "..., 49) = 49
write(2, "bdb_dn2entry(\"o=test"..., 40) = 40
write(2, "=> bdb_dn2id(\"o=test"..., 40) = 40
pread64(14, "\t\0\0\0D+=\0\1\0\0\0\0\0\0\0\0\0\0\0\20\0\214\r\3\3\364"..., 4096,
4096) = 4096
pread64(14, "\n\0\0\0\212\242P\0_\2\0\0\0\0\0\0G\4\0\0G\0\364\7\2\3"..., 4096,
2486272) = 4096
pread64(14, "\22\0\0\0i\374l\0\n\0\0\0Q\3\0\0\33\4\0\0>\0\230\6\1\5"..., 4096,
40960) = 4096
write(2, "<= bdb_dn2id: got id=0x00000001\n", 32) = 32
pread64(13, "\20\0\0\0\230\313X\0\217\3\0\0\0\0\0\0\0\0\0\0\307\1\224"...,
16384, 14925824) = 16384
pread64(13, "\22\0\0\0O\2m\0\2\0\0\0\0\0\0\0\3\0\0\0(\0|\4\1\5\370?"..., 16384,
32768) = 16384
write(2, "entry_decode: \"o=test"..., 40) = 40
write(2, "<= entry_decode(o=test"..., 41) = 41
write(2, "=> bdb_entry_get: found entry: \""..., 57) = 57
write(2, "bdb_entry_get: rc=0\n", 20) = 20
mmap2(NULL, 8392704, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0xb5bc2000
mprotect(0xb5bc2000, 4096, PROT_NONE) = 0
clone(child_stack=0xb63c24d4,
flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID,
parent_tidptr=0xb63c2be8, {entry_number:6, base_addr:0xb63c2ba0, limit:1048575,
seg_32bit:1, contents:0, read_exec_only:0, limit_in_pages:1, seg_not_present:0,
useable:1}, child_tidptr=0xb63c2be8) = 374
futex(0xb63c2be8, FUTEX_WAIT, 374, NULL) = 0
write(2, "slapd starting\n", 15) = 15
mmap2(NULL, 385024, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0xb5363000
clone(child_stack=0xb63c24d4,
flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID,
parent_tidptr=0xb63c2be8, {entry_number:6, base_addr:0xb63c2ba0, limit:1048575,
seg_32bit:1, contents:0, read_exec_only:0, limit_in_pages:1, seg_not_present:0,
useable:1}, child_tidptr=0xb63c2be8) = 375
futex(0xb63c2be8, FUTEX_WAIT, 375, NULL) = 0
+++ killed by SIGSEGV +++
---- end of tail -70 slapd-strace.log
using a wrong ldap password at "Enter LDAP Password:" when promped by
"ldappasswd" does not crash the server.