(ITS#8330) Fix robust mutex detection for glibc 2.10 and 2.11
by sebastien@slaunay.fr
Full_Name: Sebastien Launay
Version: LMDB 0.9.17
OS: Ubuntu 10.04.4 LTS x86_64
URL: https://gist.githubusercontent.com/slaunay/3252415fad66d641e5b1/raw/356a5...
Submission from: (NULL) (104.36.15.110)
I am having trouble compiling version 0.9.17 as well as the master branch of
LMDB with Ubuntu Lucid.
When compiling the project under Ubuntu Lucid x86_64 (glibc 2.11), I get the
following errors:
$ make
gcc -pthread -O2 -g -W -Wall -Wno-unused-parameter -Wbad-function-cast
-Wuninitialized -c mdb.c
mdb.c: In function 'mdb_mutex_failed':
mdb.c:10137: warning: implicit declaration of function
'pthread_mutex_consistent'
gcc -pthread -O2 -g -W -Wall -Wno-unused-parameter -Wbad-function-cast
-Wuninitialized -c midl.c
ar rs liblmdb.a mdb.o midl.o
ar: creating liblmdb.a
gcc -pthread -O2 -g -W -Wall -Wno-unused-parameter -Wbad-function-cast
-Wuninitialized -fPIC -c mdb.c -o mdb.lo
mdb.c: In function 'mdb_mutex_failed':
mdb.c:10137: warning: implicit declaration of function
'pthread_mutex_consistent'
gcc -pthread -O2 -g -W -Wall -Wno-unused-parameter -Wbad-function-cast
-Wuninitialized -fPIC -c midl.c -o midl.lo
gcc -pthread -shared -o liblmdb.so mdb.lo midl.lo
gcc -pthread -O2 -g -W -Wall -Wno-unused-parameter -Wbad-function-cast
-Wuninitialized -c mdb_stat.c
gcc -pthread -O2 -g -W -Wall -Wno-unused-parameter -Wbad-function-cast
-Wuninitialized mdb_stat.o liblmdb.a -o mdb_stat
liblmdb.a(mdb.o): In function `mdb_mutex_failed':
/home/vagrant/lmdb/libraries/liblmdb/mdb.c:10137: undefined reference to
`pthread_mutex_consistent'
liblmdb.a(mdb.o): In function `mdb_env_setup_locks':
/home/vagrant/lmdb/libraries/liblmdb/mdb.c:4752: undefinerereference to
`pthread_mutexattr_setrobust'
collect2: ld returned 1 exit status
make: *** [mdb_stat] Error 1
The exact version of the glibc is the following:
$ ldd --version
ldd (Ubuntu EGLIBC 2.11.1-0ubuntu7.21) 2.11.1
Copyright (C) 2009 Free Stwtware Foundation, Inc.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Written by Roland McGrath and Ulrich Drepper.
$ lsb_release -a
No LSB modules are available.
Distribut I ID: Ubuntu
Description: Ubuntu 10.04.4 LTS
Release: 10.04
Codename: lucid
I noticed that pthread_mutexattr_setrobust and pthread_mutex_consistent are
provided since 2.12 not 2.10:
https://github.molgen.mpg.de/git-mirror/glibc/commit/402cd98775db1478f64c...
https://github.molgen.mpg.de/git-mirror/glibc/commit/78ee21859939ff75ccf8...
After applying the provided fix against master (see attached patch URL), the
compilation and runtime are working properly.
8 years
Re: (ITS#8329) id_query config in the back_sql module
by quanah@zimbra.com
--On Thursday, December 03, 2015 5:57 PM +0000 paterry(a)gmx.com wrote:
> Full_Name: Paul Terry
> Version: 2.4.43
> OS: Red Hat Enterprise Server 6.7
> URL: ftp://ftp.openldap.org/incoming/
> Submission from: (NULL) (85.91.5.16)
>
>
> If the following line is in slapd.conf for the back_sql.la module:
>
> id_query "SELECT id, keyval, oc_map_id, dn FROM ldap_entries WHERE
> pusername = ?"
>
> Then slapd will not start and logs the following error:
>
> Nov 30 12:00:59 testbrazilldap01 slapd[24111]: /etc/openldap/slapd.conf:
> line 36: unknown directive <id_query> inside backend database definition.
>
> This worked correctly in version 2.4.23.
>
> After looking through the code, the 'id_query' configuration appears to be
> missing from servers/slapd/back-sql/config.c, while it was present in
> that file for version 2.4.23.
>
> I've sent a patch for config.c named paul-terry-151203.patch
>
Broken in 6d57371903bccab23eaf7b909136d9e7a7e1ec81
--Quanah
--
Quanah Gibson-Mount
Platform Architect
Zimbra, Inc.
--------------------
Zimbra :: the leader in open source messaging and collaboration
8 years
(ITS#8329) id_query config in the back_sql module
by paterry@gmx.com
Full_Name: Paul Terry
Version: 2.4.43
OS: Red Hat Enterprise Server 6.7
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (85.91.5.16)
If the following line is in slapd.conf for the back_sql.la module:
id_query "SELECT id, keyval, oc_map_id, dn FROM ldap_entries WHERE pusername =
?"
Then slapd will not start and logs the following error:
Nov 30 12:00:59 testbrazilldap01 slapd[24111]: /etc/openldap/slapd.conf: line
36: unknown directive <id_query> inside backend database definition.
This worked correctly in version 2.4.23.
After looking through the code, the 'id_query' configuration appears to be
missing from servers/slapd/back-sql/config.c, while it was present in that file
for version 2.4.23.
I've sent a patch for config.c named paul-terry-151203.patch
8 years
(ITS#8328) Information leak in slapo-auditlog
by moritz@wikimedia.org
Full_Name: Moritz M.hlenhoff
Version: 2.4.40
OS: Debian
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (91.96.145.189)
I setup a test system which made use of the slapo-auditlog overlay using these
config options:
moduleload auditlog
overlay auditlog
auditlog /var/lib/ldap/slapd-audit.log
The /var/lib/ldap/slapd-audit.log was created with world-readable permissions,
which constitutes a security issue since that file also logs sensitive
attributes which are otherwise protected by ACLs (such as password hashes).
Proposed patch:
diff -aur openldap-2.4.40+dfsg.orig/servers/slapd/overlays/auditlog.c
openldap-2.4.40+dfsg/rvrvers/slapd/overlays/auditlog.c
--- openldap-2.4.40+dfsg.orig/servers/slapd/overlays/auditlog.c 2014-09-19
01:48:49.000000000 +0000
+++ openldap-2.4.40+dfsg/servers/slapd/overlays/auditlog.c 2015-12-02
11:08:24.331146770 +0000
@@ -121,6 121,7 @@
peername = op->o_conn->c_peer_name;
ldap_pvt_thread_mutex_lock(&ad->ad_mutex);
+ umask(027);
if((f = fopen(ad->ad_logfile, "a")) == NULL) {
ldap_pvt_thread_mutex_unlock(&ad->ad_mutex);
return SLAP_CB_CONTINUE;
8 years
Re: (ITS#8327) The mod->sm_numvals values is checked and not seen as valid in mods.c
by elecharny@gmail.com
The full stack trace that didn't get copied in the original ITS :
#0 0x0000003a9b632625 in raise () from /lib64/libc.so.6
#1 0x0000003a9b633e05 in abort () from /lib64/libc.so.6
#2 0x0000003a9b62b74e in __assert_fail_base () from /lib64/libc.so.6
#3 0x0000003a9b62b810 in __assert_fail () from /lib64/libc.so.6
#4 0x000000000047efc8 in modify_add_values (e=0x7f7027ffdc90,
mod=0x7f7018105560, permissive=0, text=0x7f7027ffe170,
textbuf=0x7f7027ffdd00 "", textlen=256) at
/home/build/sold-2.4.42.2/openldap/servers/slapd/mods.c:64
#5 0x00007f706e1909b9 in mdb_modify_internal (op=0x7f7027ffe1c0,
tid=0x2685180, modlist=0x7f7018105560, e=0x7f7027ffdc90,
text=0x7f7027ffe170, textbuf=0x7f7027ffdd00 "", textlen=256)
at
/home/build/sold-2.4.42.2/openldap/servers/slapd/back-mdb/modify.c:168
#6 0x00007f706e191a1c in mdb_modify (op=0x7f7027ffe1c0,
rs=0x7f7027ffe150) at
/home/build/sold-2.4.42.2/openldap/servers/slapd/back-mdb/modify.c:623
#7 0x00000000004945f0 in overlay_op_walk (op=0x7f7027ffe1c0,
rs=0x7f7027ffe150, which=op_modify, oi=0x24fcef0, on=0xfefefefefefefeff)
at /home/build/sold-2.4.42.2/openldap/servers/slapd/backover.c:677
#8 0x00000000004946a3 in over_op_func (op=0x7f7027ffe1c0,
rs=0x7f7027ffe150, which=op_modify) at
/home/build/sold-2.4.42.2/openldap/servers/slapd/backover.c:730
#9 0x00007f706df53a74 in ppolicy_bind_response (op=0x7f7018106040,
rs=0x7f7027ffe9f0) at
/home/build/sold-2.4.42.2/openldap/servers/slapd/overlays/ppolicy.c:1277
#10 0x000000000043d40c in slap_response_play (op=0x7f7018106040,
rs=0x7f7027ffe9f0) at
/home/build/sold-2.4.42.2/openldap/servers/slapd/result.c:521
#11 0x000000000043d83b in send_ldap_response (op=0x7f7018106040,
rs=0x1da6) at /home/build/sold-2.4.42.2/openldap/servers/slapd/result.c:596
#12 0x000000000043ddd2 in slap_send_ldap_result (op=0x7f7018106040,
rs=0x7f7027ffe9f0) at
/home/build/sold-2.4.42.2/openldap/servers/slapd/result.c:891
#13 0x00007f706e18e9f1 in mdb_bind (op=0x7f7018106040,
rs=0x7f7027ffe9f0) at
/home/build/sold-2.4.42.2/openldap/servers/slapd/back-mdb/bind.c:150
#14 0x00000000004945f0 in overlay_op_walk (op=0x7f7018106040,
rs=0x7f7027ffe9f0, which=op_bind, oi=0x24fcef0, on=0xfefefefefefefeff)
at /home/build/sold-2.4.42.2/openldap/servers/slapd/backover.c:677
#15 0x00000000004946a3 in over_op_func (op=0x7f7018106040,
rs=0x7f7027ffe9f0, which=op_bind) at
/home/build/sold-2.4.42.2/openldap/servers/slapd/backover.c:730
#16 0x000000000044a769 in fe_op_bind (op=0x7f7018106040,
rs=0x7f7027ffe9f0) at
/home/build/sold-2.4.42.2/openldap/servers/slapd/bind.c:383
#17 0x0000000000449f51 in do_bind (op=0x7f7018106040, rs=0x7f7027ffe9f0)
at /home/build/sold-2.4.42.2/openldap/servers/slapd/bind.c:205
#18 0x000000000042ecb6 in connection_operation (ctx=0x7f7027ffeb70,
arg_v=0x7f7018106040) at
/home/build/sold-2.4.42.2/openldap/servers/slapd/connection.c:1158
#19 0x000000000042f4b3 in connection_read_thread (ctx=0x7f7027ffeb70,
argv=<value optimized out>) at
/home/build/sold-2.4.42.2/openldap/servers/slapd/connection.c:1294
#20 0x00007f707002a7bc in ldap_int_thread_pool_wrapper (xpool=<value
optimized out>) at
/home/build/sold-2.4.42.2/openldap/libraries/libldap_r/tpool.c:956
#21 0x0000003a9ba07a51 in start_thread () from /lib64/libpthread.so.0
#22 0x0000003a9b6e896d in clone () from /lib64/libc.so.6
8 years
(ITS#8327) The mod->sm_numvals values is checked and not seen as valid in mods.c
by elecharny@apache.org
Full_Name: Emmanuel Lecharny
Version: 2.4.42
OS: Linux CentOS 6
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (2a01:cb04:49:8d00:e9fd:e874:85a8:1553)
On an architecture with 2 servers replicated using delta-syncrepl (MMR), doing
some modififications on one server might lead to a core dump, where the stack
trace shows that the mod->sm_numvals value is not what is expcted in the
modify_add_values value :
...
if ( !BER_BVISNULL( &mod->sm_values[mod->sm_numvals] )) {
unsigned i;
for ( i = 0; !BER_BVISNULL( &mod->sm_values[i] ); i++ );
assert( mod->sm_numvals == i );
}
...
Here, the assert fails. Here is the stacktrace :
(gdb) bt
#0 0x0000003a9b632625 in raise () from /lib64/libc.so.6
#1 0x0000003a9b633e05 in abort () from /lib64/libc.so.6
#2 0x0000003a9b62b74e in __assert_fail_base () from /lib64/libc.so.6
#3 0x0000003a9b62b810 in __assert_fail () from /lib64/libc.so.6
8 years
Re: (ITS#8325) Building Problems openLDAP 2.4.43 pthread_mutexattr_setrobust
by bernhard.pfeiffer33@gmail.com
--001a11407ed8d5462d0525e599d1
Content-Type: text/plain; charset=UTF-8
Work-Around works perfectly!
Thanks.
Issue can be closed.
Greets,
Bernhard
--001a11407ed8d5462d0525e599d1
Content-Type: text/html; charset=UTF-8
<div dir="ltr"><div><div><div><div>Work-Around works perfectly!<br><br></div>Thanks.<br><br></div>Issue can be closed.<br><br></div>Greets,<br></div>Bernhard<br></div>
--001a11407ed8d5462d0525e599d1--
8 years
Re: (ITS#8325) Building Problems openLDAP 2.4.43 pthread_mutexattr_setrobust
by hyc@symas.com
bernhard.pfeiffer33(a)gmail.com wrote:
> Full_Name: Bernhard Pfeiffer
> Version: openLDAP 2.4.43
> OS: SUSE 11
> URL: ftp://ftp.openldap.org/incoming/
> Submission from: (NULL) (85.158.227.32)
>
>
> Since the new version i get building problems under SUSE11:
Unfortunate. Read liblmdb/mdb.c around lines 241 onward. Either the glibc
version detection is wrong, or your system just has a weirdly patched glibc.
You can either try to fix the version detection, or just compile with
-DMDB_USE_ROBUST=0 to bypass this.
> cc -g -O2 -o slapd main.o globals.o bconfig.o config.o daemon.o connection.o
> search.o filter.o add.o cr.o attr.o entry.o backend.o backends.o result.o
> operation.o dn.o compare.o modify.o delete.o modrdn.o ch_malloc.o value.o ava.o
> bind.o unbind.o abandon.o filterentry.o phonetic.o acl.o str2filter.o aclparse.o
> init.o user.o lock.o controls.o extended.o passwd.o schema.o schema_check.o
> schema_init.o schema_prep.o schemaparse.o ad.o at.o mr.o syntax.o oc.o
> saslauthz.o oidm.o starttls.o index.o sets.o referral.o root_dse.o sasl.o
> module.o mra.o mods.o sl_malloc.o zn_malloc.o limits.o operational.o
> matchedValues.o cancel.o syncrepl.o backglue.o backover.o ctxcsn.o ldapsync.o
> frontend.o slapadd.o slapcat.o slapcommon.o slapdn.o slapindex.o slappasswd.o
> slaptest.o slapauth.o slapacl.o component.o aci.o alock.o txn.o slapschema.o
> version.o -pthread -L/products/db-5.2.42/lib -L/products/openssl-1.0.2d/lib
> libbackends.a liboverlays.a ../../libraries/liblunicode/liblunicode.a
> ../../libraries/librewrite/librewrite.a ../../libraries/liblutil/liblutil.a
> ../../libraries/libldap_r/.libs/libldap_r.a
> /data0/install/openLDAP_v2/openldap-2.4.43/libraries/liblber/.libs/liblber.a
> ../../libraries/liblber/.libs/liblber.a /products/db-5.2.42/lib/libdb-5.2.so
> -lpthread -lssl -lcrypto -lresolv -pthread -Wl,--rpath
> -Wl,/products/db-5.2.42/lib -Wl,--rpath -Wl,/products/openssl-1.0.2d/lib
> daemon.o: In function `alap_listener':
> /data0/install/openLDAP_v2/openldap-2.4.43/servers/slapd/daemon.c:1873: warning:
> `sys_errlist' is deprecated; use `strerror' or `strerror_r' instead
> /data0/install/openLDAP_v2/openldap-2.4.43/servers/slapd/daemon.c:1873: warning:
> `sys_nerr' is deprecated; use `strerror' or `strerror_r' instead
> libbackends.a(mdbmdb.o): In function `mdb_mutex_failed':
> /data0/install/openLDAP_v2/openldap-2.4.43/servers/slapd/back-mdb/./../../../libraries/liblmdb/mdb.c:9977:
> undefined reference to `pthread_mutex_consistent'
> libbackends.a(mdbmdb.o): In function `mdb_env_setup_locks':
> /data0/install/openLDAP_v2/openldap-2.4.43/servers/slapd/back-mdb/./../../../libraries/liblmdb/mdb.c:4620:
> undefined reference to `pthread_mutexattr_setrobust'
> collect2: ld returned 1 exit status
> make[2]: *** [slapd] Error 1
> make[2]: Leaving directory
> `/data0/install/openLDAP_v2/openldap-2.4.43/servers/slapd'
> make[1]: *** [all-common] Error 1
> make[1]: Leaving directory `/data0/install/openLDAP_v2/openldap-2.4.43/servers'
> make: *** [all-common] Error 1
>
>
>
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
8 years
Re: (ITS#8326) failure to start due to pwdMaxRecordedFailure
by hyc@symas.com
afrunning(a)gmail.com wrote:
> Full_Name: Al F
> Version: 2.4.43
> OS: Redhat 6.7
> URL: ftp://ftp.openldap.org/incoming/
> Submission from: (NULL) (74.123.146.10)
>
>
> Hi,
>
> I just attepted to upgrade my development environment from 2.4.42 to 43, but
> unfortunately the service won't start. The following is in my logs:
>
> Dec 1 08:44:45 myserver slapd[5698]: @(#) $OpenLDAP: slapd 2.4.43 (Dec 1 2015
> 08:19:43) $#012#011root@myserver:/root/openldap-2.4.43/servers/slapd
> Dec 1 08:44:45 myserver slapd[5698]: User Schema load failed for attribute
> "pwdMaxRecordedFailure". Error code 17: attribute type undefined
> Dec 1 08:44:45 myserver slapd[9698]: config error processing
> olcOverlay={2}ppolicy,olcDatabase={1}mdb,cn=config: User Schema load failed for
> attribute "pwdMaxRecordedFailure". Error code 17: attribute type undefined
>
> I do not have any pwdMaxRecordedFailure attributes in my ppolicy objects - which
> I'm assuming is the issue. I rely on the defaults.
>
> Let me know what else I can do to help.
You need to replace your ppolicy.schema/ppolicy.ldif from 2.4.42 with the one
bundled in 2.4.43.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
8 years