openldap-bugs March 2008

openldap-bugs@openldap.org

34 participants
162 discussions

Re: ACLs broken by ITS#5419
by hyc＠symas.com 25 Mar '08

25 Mar '08

Rein Tollevik wrote: > On Mon, 24 Mar 2008, Howard Chu wrote: > >> rein(a)basefarm.no wrote: >>> The change to servers/slapd/backend.c for ITS#5416 seem to have broken the >>> ability for group and set statements in access control lines to refer to >>> entries >>> outside the backend currently being operated on. >> That ability was never intended in the first place. Historically, backends in >> slapd have been treated as isolated DSAs with no connection to each other. >> They've required special mechanisms (like back-relay or slapo-glue) to be >> joined. > > Yes, I know, the change that allowed this was imo the one that made sets > and groups really useful. Our database configuration still has traces of > the workarounds the lack of this feature once forced us to make.. > > But, the latest change also removes this ability for databases subordinate > to the same common superior (i.e using the slapo-glue). If I understand > you correct it is a bug that glue'ed databases cannot refer to each other, > although I still consider it a bug (or at least a huge drawback) if this > would no longer be generally possible. Actually, looking back over CVS, it seems this ability has existed since OpenLDAP 2.0, intended or not. Will have to work up a better solution to restore that behavior. -- -- Howard Chu Chief Architect, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/

1 0

Re: (ITS#5439) syncprov race condition seg. fault
by hyc＠symas.com 25 Mar '08

25 Mar '08

rein(a)basefarm.no wrote: > Full_Name: Rein Tollevik > Version: CVS head > OS: CentOS 4.4 > URL: ftp://ftp.openldap.org/incoming/ > Submission from: (NULL) (81.93.160.250) > > > We have bin hit by what looks like a race condition bug in syncprov. We got > some core dumps all showing stack frames like the one at the end. As such nasty > bugs tends to do it have behaved OK after I restarted slapd with more debug > output :-( (trace + stats + stats2 + sync). > > The configuration is a master server with multiple bdb backend databases all > being subordinate to the same glue database where syncprov is used. One of the > backends is a syncrepl consumer from another server, the server is master for > the other backends. There are multiple consumers for the syncprov suffix, which > I assume is what causes the race condition to happen. > > Note the a=0xBAD argument to attr_find(), which I expect is the result of some > other thread freeing the attribute list it was called with while it was > processing it. The rs->sr_entry->e_attrs argument passed to attr_find() as the > original "a" argument by findpres_cb() looks like a perfectly valid structure, > as are all the attributes found by following the a_next pointer. The list is > terminated by an attribute with a NULL a_next value, none of the a_next values > are 0xBAD. I don't believe that's the cause. Notice that arg0 in stack frame #9 is also 0xbad, even though it is shown correctly in frames 8 and 10. Something else is going on. > I'm currently trying to gather more information related to this bug, any > pointers as to what I should look for is appreciated. I'm posting this bug > report now in the hope that the stack frame should enlighten someone with better > knowledge of the code than what I have. Check for stack overruns, compile without optimization and make sure it's not a compiler optimization bug, etc. > > Rein Tollevik > Basefarm AS > > #0 0x0807d03a in attr_find (a=0xbad, desc=0x81e8680) at attr.c:665 > #1 0xb7a656f6 in findpres_cb (op=0xaf068ba4, rs=0xaf068b68) at syncprov.c:546 > #2 0x0808416d in slap_response_play (op=0xaf068ba4, rs=0xaf068b68) at > result.c:307 > #3 0x0808555b in slap_send_search_entry (op=0xaf068ba4, rs=0xaf068b68) at > result.c:770 > #4 0x080f2cdc in bdb_search (op=0xaf068ba4, rs=0xaf068b68) at search.c:870 > #5 0x080db72b in overlay_op_walk (op=0xaf068ba4, rs=0xaf068b68, > which=op_search, oi=0x8274218, on=0x8274318) at backover.c:653 > #6 0x080dbcaf in over_op_func (op=0xaf068ba4, rs=0xaf068b68, which=op_search) > at backover.c:705 > #7 0x080dbdef in over_op_search (op=0xaf068ba4, rs=0xaf068b68) at > backover.c:727 > #8 0x080d9570 in glue_sub_search (op=0xaf068ba4, rs=0xaf068b68, b0=0xaf068ba4, > on=0xaf068ba4) at backglue.c:340 > #9 0x080da131 in glue_op_search (op=0xbad, rs=0xaf068b68) at backglue.c:459 > #10 0x080db6d5 in overlay_op_walk (op=0xaf068ba4, rs=0xaf068b68, > which=op_search, oi=0x8271860, on=0x8271a60) at backover.c:643 > #11 0x080dbcaf in over_op_func (op=0xaf068ba4, rs=0xaf068b68, which=op_search) > at backover.c:705 > #12 0x080dbdef in over_op_search (op=0xaf068ba4, rs=0xaf068b68) at > backover.c:727 > #13 0xb7a65ff4 in syncprov_findcsn (op=0x85c7e60, mode=FIND_PRESENT) at > syncprov.c:700 > #14 0xb7a670a0 in syncprov_op_search (op=0x85c7e60, rs=0xaf06a1c0) at > syncprov.c:2277 > #15 0x080db6d5 in overlay_op_walk (op=0x85c7e60, rs=0xaf06a1c0, which=op_search, > oi=0x8271860, on=0x8271b60) at backover.c:643 > #16 0x080dbcaf in over_op_func (op=0x85c7e60, rs=0xaf06a1c0, which=op_search) at > backover.c:705 > #17 0x080dbdef in over_op_search (op=0x85c7e60, rs=0xaf06a1c0) at > backover.c:727 > #18 0x08076554 in fe_op_search (op=0x85c7e60, rs=0xaf06a1c0) at search.c:368 > #19 0x080770e4 in do_search (op=0x85c7e60, rs=0xaf06a1c0) at search.c:217 > #20 0x08073e28 in connection_operation (ctx=0xaf06a2b8, arg_v=0x85c7e60) at > connection.c:1084 > #21 0x08074f14 in connection_read_thread (ctx=0xaf06a2b8, argv=0x59) at > connection.c:1211 > #22 0xb7fb5546 in ldap_int_thread_pool_wrapper (xpool=0x81ee240) at tpool.c:663 > #23 0xb7c80371 in start_thread () from /lib/tls/libpthread.so.0 > #24 0xb7c17ffe in clone () from /lib/tls/libc.so.6 -- -- Howard Chu Chief Architect, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/

1 0

Re: (ITS#5340) REP_ENTRY_MODIFIABLE bug in dynlist
by ando＠sys-net.it 25 Mar '08

25 Mar '08

h.b.furuseth(a)usit.uio.no wrote: > h.b.furuseth(a)usit.uio.no writes: >> overlays/dynlist.c lines 371-376 sets REP_ENTRY_MUSTBEFREED in rs->sr_flags >> without duplicating the entry, if REP_ENTRY_MODIFIABLE was set. >> Thus the entry gets freed twice. Breaks test044-dynlist with back-ldif. > > Actually obeying rs->sr_flags seems to be a more general problem - but I > don't know what are bugs and what are my lacking understanding of the > flags. I.e. when can an overlay change REP_ENTRY_MUSTBEFREED, > REP_ENTRY_MUSTRELEASE? Usually backends/overlays that do not set these > flags, don't seem to expect them to change either. In general, callbacks are supposed to know about the existence of rs->sr_flags and deal with them. In detail, callbacks should use mechanisms that allow them to dispose of read-only resources without counting on the fact that rs->sr_* fields will be persistent through the callback chain. So, callbacks that need to modify data should check whether that data is modifiable; if it's not, they should first copy it, and set the rs->sr_flags as appropriate. The main reason for those flags to exist is optimization, otherwise we'd always duplicate data and dispose of it when done. So back-bdb/back-hdb, which are supposed to be the high-end database implementations, will always pass read-only data to the callback chain; however, if an overlay needs to muck with that data, it will first copy it, and set the REP_ENTRY_MODIFYABLE to inform other overlays that data can be freely modified without copying it again. On its own, back-bdb/back-hdb will take care of releasing the original entry without the need to use the value of rs->sr_entry; it'll use its copy of the entry's pointer. The existence of the REP_ENTRY_MUSTRELEASE value is not totally clear to me; it seems to indicate that in some cases callbacks want to pass a read-only entry without providing further cleanup code to release it; it makes sense, since this simple operation can be done by slap_send_search_entry() instead, if all that's required; however, this means that any callback that replaces the entry must remember to release it and must muck with rs->sr_flags accordingly. However, it is not clear what happens when a callback chain is interrupted by slap_null_cb() or similar, without getting to slap_send_search_entry(). This seems to indicate that callbacks should always provide a last resort means to release the resources they set; if read-only, by keeping track of what they sent; if modifiable, by freeing the contents of rs->sr_* if not NULL, setting it to NULL to prevent further cleanup. Similarly, the existence of REP_ENTRY_MUSTBEFREED is not totally clear: in principle as soon as REP_ENTRY_MODIFYABLE is set, it should imply REP_ENTRY_MUSTBEFREED; the only difference in the semantics of the two is that REP_ENTRY_MODIFYABLE without REP_ENTRY_MUSTBEFREED implies that the callback that set the former will take care of freeing the entry; however, other callbacks may further modify it, so freeing temporary data should probably be left to the final handler. p. Ing. Pierangelo Masarati OpenLDAP Core Team SysNet s.r.l. via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it --------------------------------------- Office: +39 02 23998309 Mobile: +39 333 4963172 Email: pierangelo.masarati(a)sys-net.it ---------------------------------------

1 0

(ITS#5439) syncprov race condition seg. fault
by rein＠basefarm.no 25 Mar '08

25 Mar '08

Full_Name: Rein Tollevik Version: CVS head OS: CentOS 4.4 URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (81.93.160.250) We have bin hit by what looks like a race condition bug in syncprov. We got some core dumps all showing stack frames like the one at the end. As such nasty bugs tends to do it have behaved OK after I restarted slapd with more debug output :-( (trace + stats + stats2 + sync). The configuration is a master server with multiple bdb backend databases all being subordinate to the same glue database where syncprov is used. One of the backends is a syncrepl consumer from another server, the server is master for the other backends. There are multiple consumers for the syncprov suffix, which I assume is what causes the race condition to happen. Note the a=0xBAD argument to attr_find(), which I expect is the result of some other thread freeing the attribute list it was called with while it was processing it. The rs->sr_entry->e_attrs argument passed to attr_find() as the original "a" argument by findpres_cb() looks like a perfectly valid structure, as are all the attributes found by following the a_next pointer. The list is terminated by an attribute with a NULL a_next value, none of the a_next values are 0xBAD. I'm currently trying to gather more information related to this bug, any pointers as to what I should look for is appreciated. I'm posting this bug report now in the hope that the stack frame should enlighten someone with better knowledge of the code than what I have. Rein Tollevik Basefarm AS #0 0x0807d03a in attr_find (a=0xbad, desc=0x81e8680) at attr.c:665 #1 0xb7a656f6 in findpres_cb (op=0xaf068ba4, rs=0xaf068b68) at syncprov.c:546 #2 0x0808416d in slap_response_play (op=0xaf068ba4, rs=0xaf068b68) at result.c:307 #3 0x0808555b in slap_send_search_entry (op=0xaf068ba4, rs=0xaf068b68) at result.c:770 #4 0x080f2cdc in bdb_search (op=0xaf068ba4, rs=0xaf068b68) at search.c:870 #5 0x080db72b in overlay_op_walk (op=0xaf068ba4, rs=0xaf068b68, which=op_search, oi=0x8274218, on=0x8274318) at backover.c:653 #6 0x080dbcaf in over_op_func (op=0xaf068ba4, rs=0xaf068b68, which=op_search) at backover.c:705 #7 0x080dbdef in over_op_search (op=0xaf068ba4, rs=0xaf068b68) at backover.c:727 #8 0x080d9570 in glue_sub_search (op=0xaf068ba4, rs=0xaf068b68, b0=0xaf068ba4, on=0xaf068ba4) at backglue.c:340 #9 0x080da131 in glue_op_search (op=0xbad, rs=0xaf068b68) at backglue.c:459 #10 0x080db6d5 in overlay_op_walk (op=0xaf068ba4, rs=0xaf068b68, which=op_search, oi=0x8271860, on=0x8271a60) at backover.c:643 #11 0x080dbcaf in over_op_func (op=0xaf068ba4, rs=0xaf068b68, which=op_search) at backover.c:705 #12 0x080dbdef in over_op_search (op=0xaf068ba4, rs=0xaf068b68) at backover.c:727 #13 0xb7a65ff4 in syncprov_findcsn (op=0x85c7e60, mode=FIND_PRESENT) at syncprov.c:700 #14 0xb7a670a0 in syncprov_op_search (op=0x85c7e60, rs=0xaf06a1c0) at syncprov.c:2277 #15 0x080db6d5 in overlay_op_walk (op=0x85c7e60, rs=0xaf06a1c0, which=op_search, oi=0x8271860, on=0x8271b60) at backover.c:643 #16 0x080dbcaf in over_op_func (op=0x85c7e60, rs=0xaf06a1c0, which=op_search) at backover.c:705 #17 0x080dbdef in over_op_search (op=0x85c7e60, rs=0xaf06a1c0) at backover.c:727 #18 0x08076554 in fe_op_search (op=0x85c7e60, rs=0xaf06a1c0) at search.c:368 #19 0x080770e4 in do_search (op=0x85c7e60, rs=0xaf06a1c0) at search.c:217 #20 0x08073e28 in connection_operation (ctx=0xaf06a2b8, arg_v=0x85c7e60) at connection.c:1084 #21 0x08074f14 in connection_read_thread (ctx=0xaf06a2b8, argv=0x59) at connection.c:1211 #22 0xb7fb5546 in ldap_int_thread_pool_wrapper (xpool=0x81ee240) at tpool.c:663 #23 0xb7c80371 in start_thread () from /lib/tls/libpthread.so.0 #24 0xb7c17ffe in clone () from /lib/tls/libc.so.6

1 0

Re: (ITS#5401) slapd crashes in mirrormode
by ali.pouya＠free.fr 25 Mar '08

25 Mar '08

Howard Chu wrote : >A patch for this is now in CVS HEAD. Please test. >I was unable to reproduce the reported crash, so your feedback is important >here. Hi Howard; We tested the HEAD extracted march 18 around 16h GMT. It's OK. Thanks a lot. The ITS can be closed. Best regards Ali

1 0

Re: ACLs broken by ITS#5419
by rein＠basefarm.no 24 Mar '08

24 Mar '08

On Mon, 24 Mar 2008, Howard Chu wrote: > rein(a)basefarm.no wrote: >> >> The change to servers/slapd/backend.c for ITS#5416 seem to have broken the >> ability for group and set statements in access control lines to refer to >> entries >> outside the backend currently being operated on. > > That ability was never intended in the first place. Historically, backends in > slapd have been treated as isolated DSAs with no connection to each other. > They've required special mechanisms (like back-relay or slapo-glue) to be > joined. Yes, I know, the change that allowed this was imo the one that made sets and groups really useful. Our database configuration still has traces of the workarounds the lack of this feature once forced us to make.. But, the latest change also removes this ability for databases subordinate to the same common superior (i.e using the slapo-glue). If I understand you correct it is a bug that glue'ed databases cannot refer to each other, although I still consider it a bug (or at least a huge drawback) if this would no longer be generally possible. Rein

1 0

Re: ACLs broken by ITS#5419
by hyc＠symas.com 24 Mar '08

24 Mar '08

rein(a)basefarm.no wrote: > Full_Name: Rein Tollevik > Version: CVS head > OS: linux, solaris > URL: ftp://ftp.openldap.org/incoming/ > Submission from: (NULL) (84.215.2.34) > > > The change to servers/slapd/backend.c for ITS#5416 seem to have broken the > ability for group and set statements in access control lines to refer to entries > outside the backend currently being operated on. That ability was never intended in the first place. Historically, backends in slapd have been treated as isolated DSAs with no connection to each other. They've required special mechanisms (like back-relay or slapo-glue) to be joined. -- -- Howard Chu Chief Architect, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/

1 0

ACLs broken by ITS#5419
by rein＠basefarm.no 24 Mar '08

24 Mar '08

Full_Name: Rein Tollevik Version: CVS head OS: linux, solaris URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (84.215.2.34) The change to servers/slapd/backend.c for ITS#5416 seem to have broken the ability for group and set statements in access control lines to refer to entries outside the backend currently being operated on. This is caused by op->op_bd being set back to the backend being operated on when backend_group() was called, not the backend returned by select_backend() for the group being referred to as was always done before this change was made. >From what I can see of the cases where backend_group() is called (i.e in ACLs, limits and the dynlist and dyngroup overlays) I think the correct fix is to back out this changes as far as that function is conserned. But I don't know enough of other consequences, so I haven't tried it. Rein Tollevik Basefarm AS

1 0

Re: (ITS#5434) syncprov in a glue'ed environment must search through the glue overlay
by rein＠basefarm.no 23 Mar '08

23 Mar '08

On Wed, 19 Mar 2008, Howard Chu wrote: > rein(a)basefarm.no wrote: >> >> When the syncprov overlay is stacked on top of other overlays (notably the >> glue >> overlay) it must search through the next overlay, not the original backend >> DB. >> Otherwise it will not find any entries from the subordinate databases and >> consumers will remove those entries when they enters the refresh phase of >> the >> syncrepl protocol. >> >> The attached patch fixes this problem. > > Thanks, fixed in HEAD It looks as if my fix to this bug was utterly wrong :-( It probably only works when syncprov is stacked on top of the glue overlay. not with other overlays. First, searching through the next overlay looses the overlay semantics (i.e to return SLAP_CB_CONTINUE etc.) Even worse, a seg. fault will occur if the bi_op_search() method is not implement by the next overlay. I don't know whether that is actually allowed or not, but it is not done in at least the auditlog overlay. The correct fix should (I hope...) be to use the original overinst structure as the bd_info, as the patch at the end (which is relative to the current cvs head) implements. Since o_sync_mode appear to always have been cleared before be_search() is called it should be ignored by syncprov_op_search(). Sorry for the inconvenience! Rein Index: OpenLDAP/servers/slapd/overlays/syncprov.c diff -u OpenLDAP/servers/slapd/overlays/syncprov.c:1.1.1.12 OpenLDAP/servers/slapd/overlays/syncprov.c:1.9 --- OpenLDAP/servers/slapd/overlays/syncprov.c:1.1.1.12 Sat Mar 22 16:48:20 2008 +++ OpenLDAP/servers/slapd/overlays/syncprov.c Sun Mar 23 14:06:03 2008 @@ -696,10 +696,7 @@ break; } - if ( on->on_next ) - fop.o_bd->bd_info = (BackendInfo *)on->on_next; - else - fop.o_bd->bd_info = on->on_info->oi_orig; + fop.o_bd->bd_info = (BackendInfo *)on->on_info; fop.o_bd->be_search( &fop, &frs ); fop.o_bd->bd_info = (BackendInfo *)on; @@ -1531,10 +1528,7 @@ fop.ors_filter = ⁡ cb.sc_response = playlog_cb; - if ( on->on_next ) - fop.o_bd->bd_info = (BackendInfo *)on->on_next; - else - fop.o_bd->bd_info = on->on_info->oi_orig; + fop.o_bd->bd_info = (BackendInfo *)on->on_info; for ( i=ndel; i<num; i++ ) { if ( uuids[i].bv_len == 0 ) continue;

1 0

Re: (ITS#5340) REP_ENTRY_MODIFIABLE bug in dynlist
by h.b.furuseth＠usit.uio.no 22 Mar '08

22 Mar '08

h.b.furuseth(a)usit.uio.no writes: > overlays/dynlist.c lines 371-376 sets REP_ENTRY_MUSTBEFREED in rs->sr_flags > without duplicating the entry, if REP_ENTRY_MODIFIABLE was set. > Thus the entry gets freed twice. Breaks test044-dynlist with back-ldif. Actually obeying rs->sr_flags seems to be a more general problem - but I don't know what are bugs and what are my lacking understanding of the flags. I.e. when can an overlay change REP_ENTRY_MUSTBEFREED, REP_ENTRY_MUSTRELEASE? Usually backends/overlays that do not set these flags, don't seem to expect them to change either. -- Hallvard

1 0

← Newer
1
2
3
4
5
6
7
...
17
Older →

Jump to page:

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

openldap-bugs March 2008