The bug is a side effect of https://pagure.io/389-ds-base/issue/49039
(gdb) where #0 0x00007fbd027f03b7 in op_shared_allow_pw_change (pb=pb@entry=0x5634932b8d00, mod=0x5634933d6c20, old_pw=old_pw@entry=0x7fbcb97794d8, smods=smods@entry=0x7fbcb97794e0) at ldap/servers/slapd/modify.c:1241 #1 0x00007fbd027f223f in modify_internal_pb (pb=pb@entry=0x5634932b8d00) at ldap/servers/slapd/modify.c:573 #2 0x00007fbd027f2c93 in slapi_modify_internal_pb (pb=pb@entry=0x5634932b8d00) at ldap/servers/slapd/modify.c:454 #3 0x00007fbcf50f9d10 in ipapwd_apply_mods (dn=0x5634932f8e40 "uid=admin,cn=users,cn=accounts,dc=testrelm,dc=test", mods=0x5634933d66c0) at common.c:950 #4 0x00007fbcf50fa3f9 in ipapwd_SetPassword (krbcfg=krbcfg@entry=0x5634932c8d50, data=data@entry=0x7fbcb97797c0, is_krb=1) at common.c:866 #5 0x00007fbcf510078f in ipapwd_chpwop (krbcfg=0x5634932c8d50, pb=0x7fbcb9779a50) at ipa_pwd_extop.c:577 #6 ipapwd_extop (pb=0x7fbcb9779a50) at ipa_pwd_extop.c:1770 #7 0x000056348c5cb451 in do_extended (pb=pb@entry=0x7fbcb9779a50) at ldap/servers/slapd/extendop.c:348 #8 0x000056348c5c45e8 in connection_dispatch_operation (pb=0x7fbcb9779a50, op=0x56348f6dfa00, conn=0x563492edf240) at ldap/servers/slapd/connection.c:688 #9 connection_threadmain () at ldap/servers/slapd/connection.c:1772 #10 0x00007fbd00b699bb in _pt_root (arg=0x563492e0ca20) at ../../../nspr/pr/src/pthreads/ptthread.c:216 #11 0x00007fbd00509e25 in start_thread (arg=0x7fbcb977a700) at pthread_create.c:308 #12 0x00007fbcffdeb34d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:113
389-ds-base-1.3.6.1-6.el7.x86_64
It is systematically reproducing using ipa plugin (ipa-pwd-extop) that triggers an internal update of password (see https://bugzilla.redhat.com/show_bug.cgi?id=1438724
I "guess" it is reproducible if using password update EXTOP
Crash
Metadata Update from @tbordaz: - Custom field origin adjusted to IPA - Custom field reviewstatus adjusted to new - Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=1438724 - Custom field type adjusted to defect - Custom field version adjusted to 1.3.6
Metadata Update from @mreynolds: - Issue assigned to mreynolds
<img alt="0001-Issue-49210-Fix-regression-when-checking-is-password.patch" src="/389-ds-base/issue/raw/files/4ea36b9f1eb8ef46fb49b2526367a8d19f1ec14638b742ec40c486edd2a9bd5a-0001-Issue-49210-Fix-regression-when-checking-is-password.patch" />
Metadata Update from @mreynolds: - Custom field reviewstatus adjusted to review (was: new)
There are some easier ways to setup TLS/SSL for the test case. Have a look at the RSA/Encryption objects in lib389/config.py, as well as the NSS wrapper. Makes it much simpler. An example is in dirsrvtests/suites/sasl/plain.py
Is the check for needpw because ipa-pwd-extop "gets in the way" of our password change? How does this logic change fix the issue (for my understanding ) :)
Thanks!
Thanks I'll check it out.
The issue is that the server is crashing (triggered by an IPA plugin). This fix addresses the null pointer dereference, while maintaining the correct/expected behavior.
New patch attached that updates the CI test as requested by firstyear
<img alt="0001-Issue-49210-Fix-regression-when-checking-is-password.patch" src="/389-ds-base/issue/raw/files/7e9145267c3b34de1e6ea31b0331c4bbf3398ac78981ff132d58036d624a8e75-0001-Issue-49210-Fix-regression-when-checking-is-password.patch" />
Looks great to me, thanks for the changes.
Metadata Update from @firstyear: - Custom field reviewstatus adjusted to ack (was: review)
master updated (a96f833 -> f5e4b8a)
389-ds-base-1.3.5 updated (a66484c -> 0ebc21e)
389-ds-base-1.3.4 updated (294ebbd -> bad9197)
Metadata Update from @mreynolds: - Issue close_status updated to: fixed - Issue status updated to: Closed (was: Open)
389-ds-base is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in 389-ds-base's github repository.
This issue has been cloned to Github and is available here: - https://github.com/389ds/389-ds-base/issues/2269
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Metadata Update from @spichugi: - Issue close_status updated to: wontfix (was: fixed)
Log in to comment on this ticket.