openldap-bugs August 2018

openldap-bugs@openldap.org

27 participants
50 discussions

(ITS#8903) Add Bind Early Option to ldappasswd
by randall＠mason.ch 20 Aug '18

20 Aug '18

Full_Name: Randall Mason Version: HEAD OS: Debian Linux URL: https://gist.githubusercontent.com/ClashTheBunny/a9d2b8d0119964a0eb8a5e2ed7… Submission from: (NULL) (67.165.132.233) ldappasswd is slightly different from a standard passwd workflow in that it requests an old password, then a new password, then the old password again. This confuses people who are used to the unix passwd tool as well as people who use password manager. I've seen quite a few people who have generated a new password, overwriting the old one, and then need a password reset because they still need to bind to modify their password. This patch adds an option to bind at the beginning of the process so that you can pass '-E' to ldappasswd and it will bind early in the process so that the process is the same as the standard passwd. All it does is run the bind towards the beginning of the process instead of the end. The attached patch file is derived from OpenLDAP Software. All of the modifications to OpenLDAP Software represented in the following patch(es) were developed by Randall Mason randall(a)mason.ch. I have not assigned rights and/or interest in this work to any party. I, Randall Mason, hereby place the following modifications to OpenLDAP Software (and only these modifications) into the public domain. Hence, these modifications may be freely used and/or redistributed for any purpose with or without attribution and/or other notice.

1 0

(ITS#8902) man page update for slapadd(5)
by quanah＠openldap.org 20 Aug '18

20 Aug '18

Full_Name: Quanah Gibson-Mount Version: 2.4.46 OS: N/A URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (47.208.148.239) The man page for slapadd's -w option needs to be updated to note that it's generally only safe to use with a cold slapcat.

1 0

(ITS#8901) slapd segfaults in mdb_env_reader_dest
by ckowalczyk＠suse.com 20 Aug '18

20 Aug '18

Full_Name: Chris Kowalczyk Version: 2.4.41 OS: SLE12 URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (2620:113:80c0:5::2222) Hello, I have been experiencing segfaults in mdb_env_reader_dest happening randomly, only from time to time, during shutting off openldap. After some investigation I narrowed the problem down to mdb_env_reader_dest destructor function being called after its object had been deleted while powering off the application. mdb_env_reader_dest was called automatically, because it was agginned to the object in pthread_key_create call: https://github.com/openldap/openldap/blob/master/libraries/liblmdb/mdb.c#L4… The problem was not happening often, and always during powering off, so no data was lost etc. However, due to its annoyance, I prepared a simple patch, which prevents mdb_env_reader_dest function being called if the object was already deleted. The patch works fine, I haven't seen the problem since it was introduced. I am using OpenLDAP 2.4.41, but the code seems to be the same in other versions as well. Would you like me to create a pull request for it? ========================== === The backtrace: ========================== Program terminated with signal 11, Segmentation fault. #0 mdb_env_reader_dest (ptr=0x7f4a9c71c080) at ../../../libraries/liblmdb/mdb.c:4050 4050 reader->mr_pid = 0; #thread apply all bt Thread 2 (LWP 20920): #0 0x00007f4a9ac31d9d in close () at ../sysdeps/unix/syscall-template.S:84 #1 0x000055902eaeae8c in mdb_env_close1 (env=env@entry=0x55902fce50e0) at ../../../libraries/liblmdb/mdb.c:4756 #2 0x000055902eaeb578 in mdb_env_close1 (env=0x55902fce50e0) at ../../../libraries/liblmdb/mdb.c:4779 #3 mdb_env_close (env=0x55902fce50e0) at ../../../libraries/liblmdb/mdb.c:4778 #4 0x000055902ea69114 in mdb_db_close (be=0x55902faeb300, cr=<optimized out>) at init.c:340 #5 0x000055902ea3815b in over_db_close (be=0x55902faeb300, cr=0x0) at backover.c:182 #6 0x000055902e9d8c0b in backend_shutdown (be=0x55902faeb300, be@entry=0x0) at backend.c:376 #7 0x000055902e9fa258 in slap_shutdown (be=be@entry=0x0) at init.c:232 #8 0x000055902e9af12f in main (argc=<optimized out>, argv=<optimized out>) at main.c:1027 Thread 1 (LWP 20928): #0 mdb_env_reader_dest (ptr=0x7f4a9c71c080) at ../../../libraries/liblmdb/mdb.c:4050 #1 0x00007f4a9ac2a512 in __nptl_deallocate_tsd () at pthread_create.c:176 #2 0x00007f4a9ac2a767 in start_thread (arg=0x7f4a97acc700) at pthread_create.c:347 #3 0x00007f4a9a968aad in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:109 # frame 0 #0 mdb_env_reader_dest (ptr=0x7f4a9c71c080) at ../../../libraries/liblmdb/mdb.c:4050 4050 reader->mr_pid = 0; #p reader $1 = (MDB_reader *) 0x7f4a9c71c080 #p *reader Cannot access memory at address 0x7f4a9c71c080 ========================== === The proposed patch: ========================== diff --git a/libraries/liblmdb/mdb.c b/libraries/liblmdb/mdb.c index 6bdf3151d..56212151b 100644 --- a/libraries/liblmdb/mdb.c +++ b/libraries/liblmdb/mdb.c @@ -4692,6 +4692,11 @@ mdb_env_close0(MDB_env *env, int excl) if (env->me_flags & MDB_ENV_TXKEY) { pthread_key_delete(env->me_txkey); + + // No need to call desctructor anymore, as all pid + // values are cleared below. + env->me_txkey = NULL; + #ifdef _WIN32 /* Delete our key from the global list */ for (i=0; i<mdb_tls_nkeys; i++)

1 0

(ITS#8900) contextCSN issue for export if last op was to delete an entry
by quanah＠openldap.org 17 Aug '18

17 Aug '18

Full_Name: Quanah Gibson-Mount Version: 2.4.46 OS: N/A URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (47.208.148.239) When making an export for backup using slapcat there could be issues on restore if the last operation logged was for a delete entry operation, as the contextCSN would then point to an entry that no longer exists. If that backup was then used at restoration time in an replicated environment and the master gets a write op before any replicas are online, the replicas will fallback to REFRESH mode since they can't find entry the contextCSN points to.

1 0

(ITS#8899) SLAPD failed to start after updating openldap 2.4.46
by muthaiyan1991＠gmail.com 17 Aug '18

17 Aug '18

Full_Name: Muthaiyan Vel Version: 2.4.46 OS: Solaris 10 URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (116.197.184.12) I have recently updated openldap to version 2.4.46. After upgrading SLAPD is failed to start. Its showing an error "slap_sasl_init: auxprop add plugin failed". I have compiled the openldap with mdb. Dependents used for openldap 2.4.46: cyrus-sasl-2.1.26 openssl-1.0.2o krb5-1.16.1 Steps to Compile OpenLDAP and Dependency: sasl Compiled without LDAP: -------------------------- export LDFLAGS=" -m64 -L/tmp/CODE_BASE/Openldap_Upgrade/openssl-1.0.2o -L/tmp/CODE_BASE/Openldap_Upgrade/krb5-1.16.1/src/lib -L/tmp/CODE_BASE/Openldap_Upgrade/krb5-1.16.1/src/lib/gssapi/" ./configure --enable-auth-sasldb --disable-ldapdb --with-openssl=/tmp/CODE_BASE/Openldap_Upgrade/openssl-1.0.2o --enable-gssapi=/tmp/CODE_BASE/Openldap_Upgrade/krb5-1.16.1/src/lib/gssapi --with-krb5-lib=/tmp/CODE_BASE/Openldap_Upgrade/krb5-1.16.1/src/lib --with-krb5-include=/tmp/CODE_BASE/Openldap_Upgrade/krb5-1.16.1/src/include make openldap: --------- export LDFLAGS=" -m64 -L/tmp/CODE_BASE/Openldap_Upgrade/openssl-1.0.2o/ -L/tmp/CODE_BASE/Openldap_Upgrade/krb5-1.16.1/src/lib/ -L/tmp/CODE_BASE/Openldap_Upgrade/krb5-1.16.1/src/lib/gssapi/ -L/tmp/CODE_BASE/Openldap_Upgrade/cyrus-sasl-2.1.26/lib/.libs/ -L/tmp/CODE_BASE/Openldap_Upgrade/cyrus-sasl-2.1.26/plugins/.libs/" ./configure --enable-debug --with-tls=openssl --with-cyrus-sasl --enable-slapd --enable-bdb=no --enable-hdb=no --enable-mdb=yes --enable-spasswd make sasl Compiled with LDAP: ------------------------ export LDFLAGS=" -m64 -L/tmp/CODE_BASE/Openldap_Upgrade/openssl-1.0.2o/ -L/tmp/CODE_BASE/Openldap_Upgrade/krb5-1.16.1/src/lib/ -L/tmp/CODE_BASE/Openldap_Upgrade/krb5-1.16.1/src/lib/gssapi/ -L/tmp/CODE_BASE/Openldap_Upgrade/openldap-2.4.46/libraries/libldap_r/.libs/ -L/tmp/CODE_BASE/Openldap_Upgrade/openldap-2.4.46/libraries/liblber/.libs/ -L/tmp/CODE_BASE/Openldap_Upgrade/openldap-2.4.46/libraries/libldap/.libs/" make distclean ./configure --enable-auth-sasldb --disable-ldapdb --with-openssl=/tmp/CODE_BASE/Openldap_Upgrade/openssl-1.0.2o/ --enable-gssapi=/tmp/CODE_BASE/Openldap_Upgrade/krb5-1.16.1/src/lib/gssapi/ --with-krb5-lib=/tmp/CODE_BASE/Openldap_Upgrade/krb5-1.16.1/src/lib/ --with-krb5-include=/tmp/CODE_BASE/Openldap_Upgrade/krb5-1.16.1/src/include/ make ./configure --enable-auth-sasldb --with-ldap=/tmp/CODE_BASE/Openldap_Upgrade/openldap-2.4.46/libraries/ --enable-ldapdb --with-openssl=/tmp/CODE_BASE/Openldap_Upgrade/openssl-1.0.2o/ --enable-gssapi=/tmp/CODE_BASE/Openldap_Upgrade/krb5-1.16.1/src/lib/gssapi/ --with-krb5-lib=/tmp/CODE_BASE/Openldap_Upgrade/krb5-1.16.1/src/lib/ --with-krb5-include=/tmp/CODE_BASE/Openldap_Upgrade/krb5-1.16.1/src/include/ make Used these libraries from the above compiled source code: libldap_r-2.4.so.2 liblber-2.4.so.2 libsasl2.so.3 slapd Full Debug Log: ldap_url_parse_ext(ldap://localhost/) ldap_init: trying /usr/local/etc/openldap/ldap.conf ldap_init: using /usr/local/etc/openldap/ldap.conf ldap_init: HOME env is / ldap_init: trying //ldaprc ldap_init: trying //.ldaprc ldap_init: trying ldaprc ldap_init: LDAPCONF env is NULL ldap_init: LDAPRC env is NULL 5b770206 @(#) $OpenLDAP: slapd 2.4.46 (Aug 16 2018 21:16:43) $ root@bng-sbr-perf1:/export/local/jai/CODE_BASE/Openldap_Upgrade/openldap-2.4.46/servers/slapd ldap_pvt_gethostbyname_a: host=bng-sbr-perf1, r=0 5b770206 daemon_init: ldap://127.0.0.1:389 5b770206 daemon_init: listen on ldap://127.0.0.1:389 5b770206 daemon_init: 1 listeners to open... ldap_url_parse_ext(ldap://127.0.0.1:389) 5b770206 daemon: listener initialized ldap://127.0.0.1:389 5b770206 daemon_init: 1 listeners opened ldap_create 5b770206 slapd init: initiated server. 5b770206 slap_sasl_init: auxprop add plugin failed 5b770206 slapd destroy: freeing system resources. 5b770206 slapd stopped. 5b770206 connections_destroy: nothing to destroy. Please help to solve this problem.

1 0

(ITS#8898) mdb_get on corrupted LMDB file crash the process
by iradization＠gmail.com 15 Aug '18

15 Aug '18

Full_Name: Irad.k Version: recent from GitHub. OS: macOS URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (82.81.84.130) Hi, I'm working with LMDB with the following flags : MDB_NOMETASYNC | MDB_NOSUBDIR | MDB_NOTLS. Somehow, even though the DB should be ACI(without the D), it got corrupted after recovering from kernel panic, and It crashes my process when trying to access one of the records (see crash log below). Here's a link to the file : https://drive.google.com/file/d/12Q3KYYrapiJOgiaccnDL3tQACkqrM3C5/view?usp=… According to the crash log from the process, It can clearly be seen that the invalid address reside inside the mapped file region which is the lmdb mapped file, but still I get KERN_MEMORY_ERROR on that address. >From what I know, an attempt to access address within the mapped range can either retrieve the page contents directly from memory (if it's already there), or trigger page fault trap that eventually lead to reading the missing data from disk and return it to process as well. One thing that raise some concerns is that the file size is only 24k and the mapping spans over 256M. However, the file's meta data seems to be coherent to file contents. Any idea how did it happen, and what exactly in the file cause this corruption ? CRASH LOG : ---------------------------------------------------------------------- Exception Type: EXC_BAD_ACCESS (SIGBUS) Exception Codes: KERN_MEMORY_ERROR at 0x000000010648800a Exception Note: EXC_CORPSE_NOTIFY Termination Signal: Bus error: 10 Termination Reason: Namespace SIGNAL, Code 0xa Terminating Process: exc handler [0] VM Regions Near 0x10648800a: __LINKEDIT 0000000106464000-000000010647f000 [ 108K] r--/rwx SM=COW ^Z^C [/usr/lib/dyld] --> mapped file 000000010647f000-000000011647f000 [256.0M] r--/rwx SM=PRV Object_id=9034edd9 STACK GUARD 000070000f2b3000-000070000f2b4000 [ 4K] ---/rwx SM=NUL stack guard for thread 1 Thread 0 Crashed:: Dispatch queue: com.apple.main-thread 0 myprog 0x0000000101666756 mdb_page_search_root + 39 1 myprog 0x00000001016660f7 mdb_page_search + 182 2 myprog 0x00000001016614de mdb_cursor_set + 88 3 myprog 0x0000000101661476 mdb_get + 134

1 0

Re: (ITS#8897) Delta syncrepl + refreshOnly segfault if 2 servers receive same group modification operation within interval
by Mark.Cairney＠ed.ac.uk 13 Aug '18

13 Aug '18

Hi Quanah, It certainly sounds very similar from the description. I've applied the patch on our Dev systems and tried to recreate the crash but this time they don't crash and the change appears to make it to all 4 servers. Based on that I'm happy to close it as a duplicate. For completeness here's the log snippet from one of the 2 servers not to get the change directly: 2018-08-13T15:51:41.309019+01:00 bonsai.authorise-dev.is.ed.ac.uk slapd[33415]: conn=2891 op=1 SEARCH RESULT tag=101 err=0 nentries=0 text= 2018-08-13T15:51:41.310958+01:00 bonsai.authorise-dev.is.ed.ac.uk slapd[33415]: conn=2891 op=2 UNBIND 2018-08-13T15:51:41.311320+01:00 bonsai.authorise-dev.is.ed.ac.uk slapd[33415]: conn=2891 fd=17 closed 2018-08-13T15:52:18.347529+01:00 bonsai.authorise-dev.is.ed.ac.uk slapd[33415]: do_syncrep2: rid=003 cookie=rid=003,sid=00a,csn=20180810152745.105428Z#000000#009#000000 2018-08-13T15:52:18.347925+01:00 bonsai.authorise-dev.is.ed.ac.uk slapd[33415]: do_syncrep2: rid=003 CSN too old, ignoring 20180810152745.105428Z#000000#009#000000 (reqStart=20180810152801.000001Z,cn=accesslog) 2018-08-13T15:52:19.361612+01:00 bonsai.authorise-dev.is.ed.ac.uk slapd[33415]: do_syncrep2: rid=004 cookie=rid=004,sid=00c,csn=20180813145040.294725Z#000000#00c#000000 2018-08-13T15:52:19.361936+01:00 bonsai.authorise-dev.is.ed.ac.uk slapd[33415]: slap_queue_csn: queueing 0x4279380 20180813145040.294725Z#000000#00c#000000 2018-08-13T15:52:19.362187+01:00 bonsai.authorise-dev.is.ed.ac.uk slapd[33415]: syncrepl_message_to_op: rid=004 tid 6f1f6700 2018-08-13T15:52:19.378677+01:00 bonsai.authorise-dev.is.ed.ac.uk slapd[33415]: slap_queue_csn: queueing 0x3e067c0 20180813145040.294725Z#000000#00c#000000 2018-08-13T15:52:19.380316+01:00 bonsai.authorise-dev.is.ed.ac.uk slapd[33415]: slap_graduate_commit_csn: removing 0x3e067c0 20180813145040.294725Z#000000#00c#000000 2018-08-13T15:52:19.380570+01:00 bonsai.authorise-dev.is.ed.ac.uk slapd[33415]: slap_graduate_commit_csn: removing 0x4279380 20180813145040.294725Z#000000#00c#000000 2018-08-13T15:52:19.380819+01:00 bonsai.authorise-dev.is.ed.ac.uk slapd[33415]: syncrepl_message_to_op: rid=004 be_modify uid=jaw,ou=people,ou=central,dc=authorise-dev,dc=ed,dc=ac,dc=uk (0) 2018-08-13T15:52:19.381044+01:00 bonsai.authorise-dev.is.ed.ac.uk slapd[33415]: slap_queue_csn: queueing 0x419d5c0 20180813145040.294725Z#000000#00c#000000 2018-08-13T15:52:19.385145+01:00 bonsai.authorise-dev.is.ed.ac.uk slapd[33415]: slap_graduate_commit_csn: removing 0x419d5c0 20180813145040.294725Z#000000#00c#000000 2018-08-13T15:52:19.385403+01:00 bonsai.authorise-dev.is.ed.ac.uk slapd[33415]: do_syncrep2: rid=004 LDAP_RES_SEARCH_RESULT 2018-08-13T15:52:19.385654+01:00 bonsai.authorise-dev.is.ed.ac.uk slapd[33415]: do_syncrep2: rid=004 cookie=rid=004,sid=00c,csn=20120217162731.749366Z#000000#000#000000;20180701051000.119854Z#000000#003#000000;20180711011500.114848Z#000000#004#000000;20180710075708.402194Z#000000#005#000000;20180703112408.905121Z#000000#006#000000;20180813144557.086593Z#000000#009#000000;20180813145034.034818Z#000000#00b#000000;20180813145040.294725Z#000000#00c#000000 Kind regards, Mark On 10/08/18 17:00, Quanah Gibson-Mount wrote: > --On Friday, August 10, 2018 4:41 PM +0000 Mark.Cairney(a)ed.ac.uk wrote: > >> Full_Name: Mark Cairney >> Version: 2.4.46 >> OS: Centos 7 >> URL: >> Submission from: (NULL) (129.215.149.98) >> >> >> In a MMR setup of >=3 servers (4 in this case) you can cause a segfault >> if you issue the same modification to 2 separate servers within your >> replication interval. >> It seems like it's the last server to receive the change falls over when >> it receives the change from one of the other servers during replication: > > Hi Mark, > > I'm pretty sure you're reporting ITS#8843. I suggest applying this patch: > > <https://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=commit;h=cc24cf6…> > > > --Quanah > > > > -- > > Quanah Gibson-Mount > Product Architect > Symas Corporation > Packaged, certified, and supported LDAP solutions powered by OpenLDAP: > <http://www.symas.com> > > -- /**************************** Mark Cairney ITI Enterprise Services Information Services University of Edinburgh Tel: 0131 650 6565 Email: Mark.Cairney(a)ed.ac.uk PGP: 0x435A9621 *******************************/ The University of Edinburgh is a charitable body, registered in Scotland, with registration number SC005336.

1 0

Re: (ITS#8897) Delta syncrepl + refreshOnly segfault if 2 servers receive same group modification operation within interval
by quanah＠symas.com 10 Aug '18

10 Aug '18

--On Friday, August 10, 2018 4:41 PM +0000 Mark.Cairney(a)ed.ac.uk wrote: > Full_Name: Mark Cairney > Version: 2.4.46 > OS: Centos 7 > URL: > Submission from: (NULL) (129.215.149.98) > > > In a MMR setup of >=3 servers (4 in this case) you can cause a segfault > if you issue the same modification to 2 separate servers within your > replication interval. > It seems like it's the last server to receive the change falls over when > it receives the change from one of the other servers during replication: Hi Mark, I'm pretty sure you're reporting ITS#8843. I suggest applying this patch: <https://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=commit;h=cc24cf6…> --Quanah -- Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: <http://www.symas.com>

1 0

(ITS#8897) Delta syncrepl + refreshOnly segfault if 2 servers receive same group modification operation within interval
by Mark.Cairney＠ed.ac.uk 10 Aug '18

10 Aug '18

Full_Name: Mark Cairney Version: 2.4.46 OS: Centos 7 URL: Submission from: (NULL) (129.215.149.98) In a MMR setup of >=3 servers (4 in this case) you can cause a segfault if you issue the same modification to 2 separate servers within your replication interval. It seems like it's the last server to receive the change falls over when it receives the change from one of the other servers during replication: 2018-08-10T16:01:39.461367+01:00 spruce.authorise-dev.is.ed.ac.uk slapd[11286]: conn=1004 op=3 BIND authcid="mcairney(a)EASE.ED.AC.UK" authzid="mcairney(a)EASE.ED.AC.UK" 2018-08-10T16:01:39.461843+01:00 spruce.authorise-dev.is.ed.ac.uk slapd[11286]: conn=1004 op=3 BIND dn="uid=mcairney,ou=people,ou=central,dc=authorise-dev,dc=ed,dc=ac,dc=uk" mech=GSSAPI sasl_ssf=256 ssf=256 2018-08-10T16:01:39.462205+01:00 spruce.authorise-dev.is.ed.ac.uk slapd[11286]: conn=1004 op=3 RESULT tag=97 err=0 text= 2018-08-10T16:01:39.462858+01:00 spruce.authorise-dev.is.ed.ac.uk slapd[11286]: conn=1004 op=4 MOD dn="cn=marksgroup,ou=ug,ou=iti,ou=is,dc=authorise-dev,dc=ed,dc=ac,dc=uk" 2018-08-10T16:01:39.463268+01:00 spruce.authorise-dev.is.ed.ac.uk slapd[11286]: conn=1004 op=4 MOD attr=member 2018-08-10T16:01:39.463703+01:00 spruce.authorise-dev.is.ed.ac.uk slapd[11286]: slap_queue_csn: queueing 0x46a1a00 20180810150139.461113Z#000000#00c#000000 2018-08-10T16:01:39.464026+01:00 spruce.authorise-dev.is.ed.ac.uk slapd[11286]: slap_queue_csn: queueing 0x46a0540 20180810150139.461113Z#000000#00c#000000 2018-08-10T16:01:39.464554+01:00 spruce.authorise-dev.is.ed.ac.uk slapd[11286]: slap_graduate_commit_csn: removing 0x46a0540 20180810150139.461113Z#000000#00c#000000 2018-08-10T16:01:39.464922+01:00 spruce.authorise-dev.is.ed.ac.uk slapd[11286]: conn=1004 op=4 RESULT tag=103 err=0 text= 2018-08-10T16:01:39.465271+01:00 spruce.authorise-dev.is.ed.ac.uk slapd[11286]: slap_graduate_commit_csn: removing 0x46a1a00 20180810150139.461113Z#000000#00c#000000 2018-08-10T16:01:39.465647+01:00 spruce.authorise-dev.is.ed.ac.uk slapd[11286]: conn=1004 op=5 UNBIND 2018-08-10T16:01:39.465962+01:00 spruce.authorise-dev.is.ed.ac.uk slapd[11286]: conn=1004 fd=12 closed 2018-08-10T16:01:59.042478+01:00 spruce.authorise-dev.is.ed.ac.uk slapd[11286]: conn=1005 fd=12 ACCEPT from IP=129.215.17.49:59638 (IP=129.215.17.52:636) 2018-08-10T16:01:59.045948+01:00 spruce.authorise-dev.is.ed.ac.uk slapd[11286]: conn=1005 fd=12 TLS established tls_ssf=256 ssf=256 2018-08-10T16:01:59.046828+01:00 spruce.authorise-dev.is.ed.ac.uk slapd[11286]: conn=1005 op=0 BIND dn="cn=manager,dc=authorise-dev,dc=ed,dc=ac,dc=uk" method=128 2018-08-10T16:01:59.052303+01:00 spruce.authorise-dev.is.ed.ac.uk slapd[11286]: conn=1005 op=0 BIND dn="cn=manager,dc=authorise-dev,dc=ed,dc=ac,dc=uk" mech=SIMPLE ssf=0 2018-08-10T16:01:59.052924+01:00 spruce.authorise-dev.is.ed.ac.uk slapd[11286]: conn=1005 op=0 RESULT tag=97 err=0 text= 2018-08-10T16:01:59.053419+01:00 spruce.authorise-dev.is.ed.ac.uk slapd[11286]: conn=1005 op=1 SRCH base="cn=accesslog" scope=2 deref=0 filter="(&(objectClass=auditWriteObject)(reqResult=0))" 2018-08-10T16:01:59.053912+01:00 spruce.authorise-dev.is.ed.ac.uk slapd[11286]: conn=1005 op=1 SRCH attr=reqDN reqType reqMod reqNewRDN reqDeleteOldRDN reqNewSuperior entryCSN 2018-08-10T16:01:59.054366+01:00 spruce.authorise-dev.is.ed.ac.uk slapd[11286]: Entry reqStart=20180810144019.000000Z,cn=accesslog CSN 20180810144019.929847Z#000000#00c#000000 older or equal to ctx 20180810144019.929847Z#000000#00c#000000 2018-08-10T16:01:59.054902+01:00 spruce.authorise-dev.is.ed.ac.uk slapd[11286]: Entry reqStart=20180810144922.000002Z,cn=accesslog CSN 20180810144822.605802Z#000000#009#000000 older or equal to ctx 20180810150125.942413Z#000000#009#000000 2018-08-10T16:01:59.055330+01:00 spruce.authorise-dev.is.ed.ac.uk slapd[11286]: syncprov_search_response: cookie=rid=004,sid=00c,csn=20120217162731.749366Z#000000#000#000000;20180701051000.119854Z#000000#003#000000;20180711011500.114848Z#000000#004#000000;20180710075708.402194Z#000000#005#000000;20180703112408.905121Z#000000#006#000000;20180810144822.605802Z#000000#009#000000;20180711161057.835548Z#000000#00b#000000;20180810150139.461113Z#000000#00c#000000 2018-08-10T16:01:59.055753+01:00 spruce.authorise-dev.is.ed.ac.uk slapd[11286]: conn=1005 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text= 2018-08-10T16:01:59.056308+01:00 spruce.authorise-dev.is.ed.ac.uk slapd[11286]: conn=1005 op=2 ABANDON msg=2 2018-08-10T16:01:59.056735+01:00 spruce.authorise-dev.is.ed.ac.uk slapd[11286]: conn=1005 op=3 SRCH base="dc=authorise-dev,dc=ed,dc=ac,dc=uk" scope=2 deref=0 filter="(objectClass=*)" 2018-08-10T16:01:59.057148+01:00 spruce.authorise-dev.is.ed.ac.uk slapd[11286]: conn=1005 op=3 SRCH attr=* + 2018-08-10T16:02:06.066075+01:00 spruce.authorise-dev.is.ed.ac.uk slapd[11286]: do_syncrep2: rid=002 LDAP_RES_SEARCH_RESULT 2018-08-10T16:02:06.075530+01:00 spruce.authorise-dev.is.ed.ac.uk slapd[11286]: do_syncrep2: rid=001 cookie=rid=001,sid=009,csn=20180810150125.942413Z#000000#009#000000 2018-08-10T16:02:06.076055+01:00 spruce.authorise-dev.is.ed.ac.uk slapd[11286]: slap_queue_csn: queueing 0x46a0380 20180810150125.942413Z#000000#009#000000 2018-08-10T16:02:06.076275+01:00 spruce.authorise-dev.is.ed.ac.uk slapd[11286]: syncrepl_message_to_op: rid=001 tid f8504700 The following gets logged in /var/log/messages: 2018-08-10T15:22:25.582679+01:00 spruce.authorise-dev.is.ed.ac.uk su: (to ldap) root on pts/0 2018-08-10T15:59:50.381730+01:00 spruce.authorise-dev.is.ed.ac.uk su: (to ldap) root on pts/0 2018-08-10T16:02:06.076563+01:00 spruce.authorise-dev.is.ed.ac.uk kernel: slapd[11289]: segfault at 1c ip 000000000051c6d4 sp 00007fcbf85022b0 error 4 in slapd[400000+21e000] Even worse is that because the change is stuck in it's accesslog if you try and restart slapd it just falls over again: 2018-08-10T16:12:06.020868+01:00 spruce.authorise-dev.is.ed.ac.uk slapd[11451]: @(#) $OpenLDAP: slapd 2.4.46 (Mar 27 2018 09:23:46) $#012#011mockbuild@harmon.is.ed.ac.uk:/builddir/build/BUILD/openldap-2.4.46/servers/slapd 2018-08-10T16:12:06.052521+01:00 spruce.authorise-dev.is.ed.ac.uk slapd[11453]: slapd starting 2018-08-10T16:12:06.067909+01:00 spruce.authorise-dev.is.ed.ac.uk slapd[11453]: do_syncrep2: rid=002 cookie=rid=002,sid=00b,csn=20180810150125.942413Z#000000#009#000000 2018-08-10T16:12:06.068382+01:00 spruce.authorise-dev.is.ed.ac.uk slapd[11453]: slap_queue_csn: queueing 0x4252a40 20180810150125.942413Z#000000#009#000000 2018-08-10T16:12:06.068652+01:00 spruce.authorise-dev.is.ed.ac.uk slapd[11453]: syncrepl_message_to_op: rid=002 tid ce43f700 2018-08-10T16:12:06.068871+01:00 spruce.authorise-dev.is.ed.ac.uk slapd[11453]: do_syncrep2: rid=001 cookie=rid=001,sid=009,csn=20180810150125.942413Z#000000#009#000000 Finally you can bring the server back up if you clear out the accesslog and restart again. The ldif to trigger it was simply: dn: cn=marksgroup,ou=ug,ou=iti,ou=is,dc=authorise-dev,dc=ed,dc=ac,dc=uk changetype: modify add: member member: uid=mcairney,ou=people,ou=central,dc=authorise-dev,dc=ed,dc=ac,dc=uk - Applied using ldapmodify -H ldaps://<server>.authorise-dev.is.ed.ac.uk:636 -f file.ldif Deleting a member also triggers the same behaviour Changing user attributes e.g. mail in the same manner also triggers the issue. Adding/deleting an object doesn't cause a segfault but simply triggers a resync on each server.

1 0

Re: (ITS#8896) scale() uninitialized j
by hyc＠symas.com 09 Aug '18

09 Aug '18

ethanms(a)gmail.com wrote: > Full_Name: Ethan Schorer > Version: since 2.4 > OS: Linux > URL: ftp://ftp.openldap.org/incoming/ > Submission from: (NULL) (194.29.45.108) > > > In libraries/liblutil/utils.c in the function scale() the code defines "int i, > j;". > > Then, i gets set in a for loop, but j only gets set if prev->len > 1. Wrong. j gets set if prev->len >= 1. > And then, j is used even if it wasn't initialized. Isn't this a bug? No. > Shouldn't j be set to 0 when defined? Or don't use it? There is no bug here. Closing this ITS. -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/

1 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

openldap-bugs August 2018