openldap-bugs December 2015

openldap-bugs@openldap.org

25 participants
52 discussions

(ITS#8330) Fix robust mutex detection for glibc 2.10 and 2.11
by sebastien＠slaunay.fr 03 Dec '15

03 Dec '15

Full_Name: Sebastien Launay Version: LMDB 0.9.17 OS: Ubuntu 10.04.4 LTS x86_64 URL: https://gist.githubusercontent.com/slaunay/3252415fad66d641e5b1/raw/356a57a… Submission from: (NULL) (104.36.15.110) I am having trouble compiling version 0.9.17 as well as the master branch of LMDB with Ubuntu Lucid. When compiling the project under Ubuntu Lucid x86_64 (glibc 2.11), I get the following errors: $ make gcc -pthread -O2 -g -W -Wall -Wno-unused-parameter -Wbad-function-cast -Wuninitialized -c mdb.c mdb.c: In function 'mdb_mutex_failed': mdb.c:10137: warning: implicit declaration of function 'pthread_mutex_consistent' gcc -pthread -O2 -g -W -Wall -Wno-unused-parameter -Wbad-function-cast -Wuninitialized -c midl.c ar rs liblmdb.a mdb.o midl.o ar: creating liblmdb.a gcc -pthread -O2 -g -W -Wall -Wno-unused-parameter -Wbad-function-cast -Wuninitialized -fPIC -c mdb.c -o mdb.lo mdb.c: In function 'mdb_mutex_failed': mdb.c:10137: warning: implicit declaration of function 'pthread_mutex_consistent' gcc -pthread -O2 -g -W -Wall -Wno-unused-parameter -Wbad-function-cast -Wuninitialized -fPIC -c midl.c -o midl.lo gcc -pthread -shared -o liblmdb.so mdb.lo midl.lo gcc -pthread -O2 -g -W -Wall -Wno-unused-parameter -Wbad-function-cast -Wuninitialized -c mdb_stat.c gcc -pthread -O2 -g -W -Wall -Wno-unused-parameter -Wbad-function-cast -Wuninitialized mdb_stat.o liblmdb.a -o mdb_stat liblmdb.a(mdb.o): In function `mdb_mutex_failed': /home/vagrant/lmdb/libraries/liblmdb/mdb.c:10137: undefined reference to `pthread_mutex_consistent' liblmdb.a(mdb.o): In function `mdb_env_setup_locks': /home/vagrant/lmdb/libraries/liblmdb/mdb.c:4752: undefinerereference to `pthread_mutexattr_setrobust' collect2: ld returned 1 exit status make: *** [mdb_stat] Error 1 The exact version of the glibc is the following: $ ldd --version ldd (Ubuntu EGLIBC 2.11.1-0ubuntu7.21) 2.11.1 Copyright (C) 2009 Free Stwtware Foundation, Inc. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. Written by Roland McGrath and Ulrich Drepper. $ lsb_release -a No LSB modules are available. Distribut I ID: Ubuntu Description: Ubuntu 10.04.4 LTS Release: 10.04 Codename: lucid I noticed that pthread_mutexattr_setrobust and pthread_mutex_consistent are provided since 2.12 not 2.10: https://github.molgen.mpg.de/git-mirror/glibc/commit/402cd98775db1478f64c9b… https://github.molgen.mpg.de/git-mirror/glibc/commit/78ee21859939ff75ccf8bb… After applying the provided fix against master (see attached patch URL), the compilation and runtime are working properly.

1 0

Re: (ITS#8329) id_query config in the back_sql module
by quanah＠zimbra.com 03 Dec '15

03 Dec '15

--On Thursday, December 03, 2015 5:57 PM +0000 paterry(a)gmx.com wrote: > Full_Name: Paul Terry > Version: 2.4.43 > OS: Red Hat Enterprise Server 6.7 > URL: ftp://ftp.openldap.org/incoming/ > Submission from: (NULL) (85.91.5.16) > > > If the following line is in slapd.conf for the back_sql.la module: > > id_query "SELECT id, keyval, oc_map_id, dn FROM ldap_entries WHERE > pusername = ?" > > Then slapd will not start and logs the following error: > > Nov 30 12:00:59 testbrazilldap01 slapd[24111]: /etc/openldap/slapd.conf: > line 36: unknown directive <id_query> inside backend database definition. > > This worked correctly in version 2.4.23. > > After looking through the code, the 'id_query' configuration appears to be > missing from servers/slapd/back-sql/config.c, while it was present in > that file for version 2.4.23. > > I've sent a patch for config.c named paul-terry-151203.patch > Broken in 6d57371903bccab23eaf7b909136d9e7a7e1ec81 --Quanah -- Quanah Gibson-Mount Platform Architect Zimbra, Inc. -------------------- Zimbra :: the leader in open source messaging and collaboration

1 0

(ITS#8329) id_query config in the back_sql module
by paterry＠gmx.com 03 Dec '15

03 Dec '15

Full_Name: Paul Terry Version: 2.4.43 OS: Red Hat Enterprise Server 6.7 URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (85.91.5.16) If the following line is in slapd.conf for the back_sql.la module: id_query "SELECT id, keyval, oc_map_id, dn FROM ldap_entries WHERE pusername = ?" Then slapd will not start and logs the following error: Nov 30 12:00:59 testbrazilldap01 slapd[24111]: /etc/openldap/slapd.conf: line 36: unknown directive <id_query> inside backend database definition. This worked correctly in version 2.4.23. After looking through the code, the 'id_query' configuration appears to be missing from servers/slapd/back-sql/config.c, while it was present in that file for version 2.4.23. I've sent a patch for config.c named paul-terry-151203.patch

1 0

(ITS#8328) Information leak in slapo-auditlog
by moritz＠wikimedia.org 03 Dec '15

03 Dec '15

Full_Name: Moritz M.hlenhoff Version: 2.4.40 OS: Debian URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (91.96.145.189) I setup a test system which made use of the slapo-auditlog overlay using these config options: moduleload auditlog overlay auditlog auditlog /var/lib/ldap/slapd-audit.log The /var/lib/ldap/slapd-audit.log was created with world-readable permissions, which constitutes a security issue since that file also logs sensitive attributes which are otherwise protected by ACLs (such as password hashes). Proposed patch: diff -aur openldap-2.4.40+dfsg.orig/servers/slapd/overlays/auditlog.c openldap-2.4.40+dfsg/rvrvers/slapd/overlays/auditlog.c --- openldap-2.4.40+dfsg.orig/servers/slapd/overlays/auditlog.c 2014-09-19 01:48:49.000000000 +0000 +++ openldap-2.4.40+dfsg/servers/slapd/overlays/auditlog.c 2015-12-02 11:08:24.331146770 +0000 @@ -121,6 121,7 @@ peername = op->o_conn->c_peer_name; ldap_pvt_thread_mutex_lock(&ad->ad_mutex); + umask(027); if((f = fopen(ad->ad_logfile, "a")) == NULL) { ldap_pvt_thread_mutex_unlock(&ad->ad_mutex); return SLAP_CB_CONTINUE;

1 0

Re: (ITS#8327) The mod->sm_numvals values is checked and not seen as valid in mods.c
by elecharny＠gmail.com 02 Dec '15

02 Dec '15

The full stack trace that didn't get copied in the original ITS : #0 0x0000003a9b632625 in raise () from /lib64/libc.so.6 #1 0x0000003a9b633e05 in abort () from /lib64/libc.so.6 #2 0x0000003a9b62b74e in __assert_fail_base () from /lib64/libc.so.6 #3 0x0000003a9b62b810 in __assert_fail () from /lib64/libc.so.6 #4 0x000000000047efc8 in modify_add_values (e=0x7f7027ffdc90, mod=0x7f7018105560, permissive=0, text=0x7f7027ffe170, textbuf=0x7f7027ffdd00 "", textlen=256) at /home/build/sold-2.4.42.2/openldap/servers/slapd/mods.c:64 #5 0x00007f706e1909b9 in mdb_modify_internal (op=0x7f7027ffe1c0, tid=0x2685180, modlist=0x7f7018105560, e=0x7f7027ffdc90, text=0x7f7027ffe170, textbuf=0x7f7027ffdd00 "", textlen=256) at /home/build/sold-2.4.42.2/openldap/servers/slapd/back-mdb/modify.c:168 #6 0x00007f706e191a1c in mdb_modify (op=0x7f7027ffe1c0, rs=0x7f7027ffe150) at /home/build/sold-2.4.42.2/openldap/servers/slapd/back-mdb/modify.c:623 #7 0x00000000004945f0 in overlay_op_walk (op=0x7f7027ffe1c0, rs=0x7f7027ffe150, which=op_modify, oi=0x24fcef0, on=0xfefefefefefefeff) at /home/build/sold-2.4.42.2/openldap/servers/slapd/backover.c:677 #8 0x00000000004946a3 in over_op_func (op=0x7f7027ffe1c0, rs=0x7f7027ffe150, which=op_modify) at /home/build/sold-2.4.42.2/openldap/servers/slapd/backover.c:730 #9 0x00007f706df53a74 in ppolicy_bind_response (op=0x7f7018106040, rs=0x7f7027ffe9f0) at /home/build/sold-2.4.42.2/openldap/servers/slapd/overlays/ppolicy.c:1277 #10 0x000000000043d40c in slap_response_play (op=0x7f7018106040, rs=0x7f7027ffe9f0) at /home/build/sold-2.4.42.2/openldap/servers/slapd/result.c:521 #11 0x000000000043d83b in send_ldap_response (op=0x7f7018106040, rs=0x1da6) at /home/build/sold-2.4.42.2/openldap/servers/slapd/result.c:596 #12 0x000000000043ddd2 in slap_send_ldap_result (op=0x7f7018106040, rs=0x7f7027ffe9f0) at /home/build/sold-2.4.42.2/openldap/servers/slapd/result.c:891 #13 0x00007f706e18e9f1 in mdb_bind (op=0x7f7018106040, rs=0x7f7027ffe9f0) at /home/build/sold-2.4.42.2/openldap/servers/slapd/back-mdb/bind.c:150 #14 0x00000000004945f0 in overlay_op_walk (op=0x7f7018106040, rs=0x7f7027ffe9f0, which=op_bind, oi=0x24fcef0, on=0xfefefefefefefeff) at /home/build/sold-2.4.42.2/openldap/servers/slapd/backover.c:677 #15 0x00000000004946a3 in over_op_func (op=0x7f7018106040, rs=0x7f7027ffe9f0, which=op_bind) at /home/build/sold-2.4.42.2/openldap/servers/slapd/backover.c:730 #16 0x000000000044a769 in fe_op_bind (op=0x7f7018106040, rs=0x7f7027ffe9f0) at /home/build/sold-2.4.42.2/openldap/servers/slapd/bind.c:383 #17 0x0000000000449f51 in do_bind (op=0x7f7018106040, rs=0x7f7027ffe9f0) at /home/build/sold-2.4.42.2/openldap/servers/slapd/bind.c:205 #18 0x000000000042ecb6 in connection_operation (ctx=0x7f7027ffeb70, arg_v=0x7f7018106040) at /home/build/sold-2.4.42.2/openldap/servers/slapd/connection.c:1158 #19 0x000000000042f4b3 in connection_read_thread (ctx=0x7f7027ffeb70, argv=<value optimized out>) at /home/build/sold-2.4.42.2/openldap/servers/slapd/connection.c:1294 #20 0x00007f707002a7bc in ldap_int_thread_pool_wrapper (xpool=<value optimized out>) at /home/build/sold-2.4.42.2/openldap/libraries/libldap_r/tpool.c:956 #21 0x0000003a9ba07a51 in start_thread () from /lib64/libpthread.so.0 #22 0x0000003a9b6e896d in clone () from /lib64/libc.so.6

1 0

(ITS#8327) The mod->sm_numvals values is checked and not seen as valid in mods.c
by elecharny＠apache.org 02 Dec '15

02 Dec '15

Full_Name: Emmanuel Lecharny Version: 2.4.42 OS: Linux CentOS 6 URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (2a01:cb04:49:8d00:e9fd:e874:85a8:1553) On an architecture with 2 servers replicated using delta-syncrepl (MMR), doing some modififications on one server might lead to a core dump, where the stack trace shows that the mod->sm_numvals value is not what is expcted in the modify_add_values value : ... if ( !BER_BVISNULL( &mod->sm_values[mod->sm_numvals] )) { unsigned i; for ( i = 0; !BER_BVISNULL( &mod->sm_values[i] ); i++ ); assert( mod->sm_numvals == i ); } ... Here, the assert fails. Here is the stacktrace : (gdb) bt #0 0x0000003a9b632625 in raise () from /lib64/libc.so.6 #1 0x0000003a9b633e05 in abort () from /lib64/libc.so.6 #2 0x0000003a9b62b74e in __assert_fail_base () from /lib64/libc.so.6 #3 0x0000003a9b62b810 in __assert_fail () from /lib64/libc.so.6

1 0

Re: (ITS#8325) Building Problems openLDAP 2.4.43 pthread_mutexattr_setrobust
by bernhard.pfeiffer33＠gmail.com 01 Dec '15

01 Dec '15

--001a11407ed8d5462d0525e599d1 Content-Type: text/plain; charset=UTF-8 Work-Around works perfectly! Thanks. Issue can be closed. Greets, Bernhard --001a11407ed8d5462d0525e599d1 Content-Type: text/html; charset=UTF-8 <div dir="ltr"><div><div><div><div>Work-Around works perfectly!<br><br></div>Thanks.<br><br></div>Issue can be closed.<br><br></div>Greets,<br></div>Bernhard<br></div> --001a11407ed8d5462d0525e599d1--

1 0

Re: (ITS#8325) Building Problems openLDAP 2.4.43 pthread_mutexattr_setrobust
by hyc＠symas.com 01 Dec '15

01 Dec '15

bernhard.pfeiffer33(a)gmail.com wrote: > Full_Name: Bernhard Pfeiffer > Version: openLDAP 2.4.43 > OS: SUSE 11 > URL: ftp://ftp.openldap.org/incoming/ > Submission from: (NULL) (85.158.227.32) > > > Since the new version i get building problems under SUSE11: Unfortunate. Read liblmdb/mdb.c around lines 241 onward. Either the glibc version detection is wrong, or your system just has a weirdly patched glibc. You can either try to fix the version detection, or just compile with -DMDB_USE_ROBUST=0 to bypass this. > cc -g -O2 -o slapd main.o globals.o bconfig.o config.o daemon.o connection.o > search.o filter.o add.o cr.o attr.o entry.o backend.o backends.o result.o > operation.o dn.o compare.o modify.o delete.o modrdn.o ch_malloc.o value.o ava.o > bind.o unbind.o abandon.o filterentry.o phonetic.o acl.o str2filter.o aclparse.o > init.o user.o lock.o controls.o extended.o passwd.o schema.o schema_check.o > schema_init.o schema_prep.o schemaparse.o ad.o at.o mr.o syntax.o oc.o > saslauthz.o oidm.o starttls.o index.o sets.o referral.o root_dse.o sasl.o > module.o mra.o mods.o sl_malloc.o zn_malloc.o limits.o operational.o > matchedValues.o cancel.o syncrepl.o backglue.o backover.o ctxcsn.o ldapsync.o > frontend.o slapadd.o slapcat.o slapcommon.o slapdn.o slapindex.o slappasswd.o > slaptest.o slapauth.o slapacl.o component.o aci.o alock.o txn.o slapschema.o > version.o -pthread -L/products/db-5.2.42/lib -L/products/openssl-1.0.2d/lib > libbackends.a liboverlays.a ../../libraries/liblunicode/liblunicode.a > ../../libraries/librewrite/librewrite.a ../../libraries/liblutil/liblutil.a > ../../libraries/libldap_r/.libs/libldap_r.a > /data0/install/openLDAP_v2/openldap-2.4.43/libraries/liblber/.libs/liblber.a > ../../libraries/liblber/.libs/liblber.a /products/db-5.2.42/lib/libdb-5.2.so > -lpthread -lssl -lcrypto -lresolv -pthread -Wl,--rpath > -Wl,/products/db-5.2.42/lib -Wl,--rpath -Wl,/products/openssl-1.0.2d/lib > daemon.o: In function `alap_listener': > /data0/install/openLDAP_v2/openldap-2.4.43/servers/slapd/daemon.c:1873: warning: > `sys_errlist' is deprecated; use `strerror' or `strerror_r' instead > /data0/install/openLDAP_v2/openldap-2.4.43/servers/slapd/daemon.c:1873: warning: > `sys_nerr' is deprecated; use `strerror' or `strerror_r' instead > libbackends.a(mdbmdb.o): In function `mdb_mutex_failed': > /data0/install/openLDAP_v2/openldap-2.4.43/servers/slapd/back-mdb/./../../../libraries/liblmdb/mdb.c:9977: > undefined reference to `pthread_mutex_consistent' > libbackends.a(mdbmdb.o): In function `mdb_env_setup_locks': > /data0/install/openLDAP_v2/openldap-2.4.43/servers/slapd/back-mdb/./../../../libraries/liblmdb/mdb.c:4620: > undefined reference to `pthread_mutexattr_setrobust' > collect2: ld returned 1 exit status > make[2]: *** [slapd] Error 1 > make[2]: Leaving directory > `/data0/install/openLDAP_v2/openldap-2.4.43/servers/slapd' > make[1]: *** [all-common] Error 1 > make[1]: Leaving directory `/data0/install/openLDAP_v2/openldap-2.4.43/servers' > make: *** [all-common] Error 1 > > > -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/

1 0

Re: (ITS#8326) failure to start due to pwdMaxRecordedFailure
by afrunning＠gmail.com 01 Dec '15

01 Dec '15

> > You need to replace your ppolicy.schema/ppolicy.ldif from 2.4.42 with the > one bundled in 2.4.43. Yep - that was it. Thanks. Sorry for the noise. Al

1 0

Re: (ITS#8326) failure to start due to pwdMaxRecordedFailure
by hyc＠symas.com 01 Dec '15

01 Dec '15

afrunning(a)gmail.com wrote: > Full_Name: Al F > Version: 2.4.43 > OS: Redhat 6.7 > URL: ftp://ftp.openldap.org/incoming/ > Submission from: (NULL) (74.123.146.10) > > > Hi, > > I just attepted to upgrade my development environment from 2.4.42 to 43, but > unfortunately the service won't start. The following is in my logs: > > Dec 1 08:44:45 myserver slapd[5698]: @(#) $OpenLDAP: slapd 2.4.43 (Dec 1 2015 > 08:19:43) $#012#011root@myserver:/root/openldap-2.4.43/servers/slapd > Dec 1 08:44:45 myserver slapd[5698]: User Schema load failed for attribute > "pwdMaxRecordedFailure". Error code 17: attribute type undefined > Dec 1 08:44:45 myserver slapd[9698]: config error processing > olcOverlay={2}ppolicy,olcDatabase={1}mdb,cn=config: User Schema load failed for > attribute "pwdMaxRecordedFailure". Error code 17: attribute type undefined > > I do not have any pwdMaxRecordedFailure attributes in my ppolicy objects - which > I'm assuming is the issue. I rely on the defaults. > > Let me know what else I can do to help. You need to replace your ppolicy.schema/ppolicy.ldif from 2.4.42 with the one bundled in 2.4.43. -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/

1 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

openldap-bugs December 2015