Learn more about these different git repos.
Other Git URLs
ipa-server-4.4.0-14.el7_3.7.x86_64 slapi-nis-0.56.0-4.el7.x86_64
During installation of a freeipa replica, while adding an LDAP entry, slapi-nis does internal searches on sub-trees (users, groups) to update references of already mapped entries. In addition to those correct sub-trees, slapi-nis may issue an additional internal search on a NULL base.
Because of bug https://pagure.io/389-ds-base/issue/49291, it triggers that DS crash. (see backstack below)
The bug is that slapi-nis should detect invalid base before calling slapi_search_internal_set_pb (that does not return error on incomplete pblock setting).
(gdb) where #0 0x00007fa579a22711 in send_ldap_result_ext (pb=pb@entry=0x7fa528007550, err=err@entry=53, matched=matched@entry=0x0, text=text@entry=0x7fa579a4c708 "This plugin is not configured to access operation target data", nentries=nentries@entry=0, urls=urls@entry=0x0, ber=ber@entry=0x0) at ldap/servers/slapd/result.c:353 #1 0x00007fa579a22fd1 in send_ldap_result (pb=pb@entry=0x7fa528007550, err=err@entry=53, matched=matched@entry=0x0, text=text@entry=0x7fa579a4c708 "This plugin is not configured to access operation target data", nentries=nentries@entry=0, urls=urls@entry=0x0) at ldap/servers/slapd/result.c:194 #2 0x00007fa579a13260 in slapi_search_internal_callback_pb (pb=pb@entry=0x7fa528007550, callback_data=callback_data@entry=0x7fa53bfe5ea0, prc=prc@entry=0x0, psec=psec@entry=0x7fa56a802df0 <backend_shr_note_entry_sdn_cb>, prec=prec@entry=0x0) at ldap/servers/slapd/plugin_internal_op.c:559 #3 0x00007fa56a804a61 in backend_shr_update_references_cb (group=0x7fa520007d50 "cn=compat,<suffix>", set=0x7fa52000aa50 "cn=groups", flag=<optimized out>, backend_data=0x7fa52392daa0, cbdata_ptr=<optimized out>) at back-shr.c:1539 #4 0x00007fa56a81203f in map_data_foreach_map (state=state@entry=0x7fa57b585a30, domain_name=domain_name@entry=0x0, fn=fn@entry=0x7fa56a803fd0 <backend_shr_update_references_cb>, cbdata=cbdata@entry=0x7fa53bfe5f50) at map.c:347 #5 0x00007fa56a80279b in backend_shr_update_references (state=0x7fa57b585a30, pb=pb@entry=0x7fa53bfe6a90, e=<optimized out>, mods=mods@entry=0x0, modlist=modlist@entry=0x0) at back-shr.c:1825 #6 0x00007fa56a803a17 in backend_shr_add_cb (pb=pb@entry=0x7fa53bfe6a90) at back-shr.c:1953 #7 0x00007fa56a803b41 in backend_shr_add_cb (pb=0x7fa53bfe6a90) at back-shr.c:1883 #8 backend_shr_betxn_post_add_cb (pb=0x7fa53bfe6a90) at back-shr.c:1965 #9 0x00007fa579a0db18 in plugin_call_func (list=0x7fa57b58e910, operation=operation@entry=560, pb=pb@entry=0x7fa53bfe6a90, call_one=call_one@entry=0) at ldap/servers/slapd/plugin.c:2049 #10 0x00007fa579a0dda3 in plugin_call_list (pb=0x7fa53bfe6a90, operation=560, list=<optimized out>) at ldap/servers/slapd/plugin.c:1993 #11 plugin_call_plugins (pb=pb@entry=0x7fa53bfe6a90, whichfunction=whichfunction@entry=560) at ldap/servers/slapd/plugin.c:445 #12 0x00007fa56c7b9b94 in ldbm_back_add (pb=0x7fa53bfe6a90) at ldap/servers/slapd/back-ldbm/ldbm_add.c:1150 #13 0x00007fa5799b1ed8 in op_shared_add (pb=pb@entry=0x7fa53bfe6a90) at ldap/servers/slapd/add.c:699 #14 0x00007fa5799b31a0 in do_add (pb=pb@entry=0x7fa53bfe6a90) at ldap/servers/slapd/add.c:226 #15 0x00007fa579ee59c3 in connection_dispatch_operation (pb=0x7fa53bfe6a90, op=0x7fa57b7521b0, conn=0x7fa57bc05118) at ldap/servers/slapd/connection.c:612 #16 connection_threadmain () at ldap/servers/slapd/connection.c:1759 #17 0x00007fa577bdb9bb in _pt_root (arg=0x7fa57bbcf3d0) at ../../../nspr/pr/src/pthreads/ptthread.c:216 #18 0x00007fa57757bdc5 in start_thread (arg=0x7fa53bfe7700) at pthread_create.c:308 #19 0x00007fa5772aa76d in __lseek_nocancel () at ../sysdeps/unix/syscall-template.S:81 #20 0x0000000000000000 in ?? ()
The RC is that the backend data contains an invalid backend_sdn list that is not NULL terminated.
During that ADD, schema-compat updates its mapped entries that can get values from the added entry. It intend to do an internal searches like "(member=cn=KEYS,cn=lipa02.c01.aaa.gen.adm2.util.mlbam.net,cn=masters,cn=ipa,cn=etc,<suffix>)" on some subtrees, in particular - "cn=groups,cn=accounts,<suffix>" - "cn=users,cn=accounts,<suffix>"
(gdb) print *((struct backend_shr_set_data *) backend_data)->ref_attr_list[0].links.base_sdn_list[0] $70 = {flag = 15 '\017', udn = 0x7fa510f8b210 "cn=groups,cn=accounts,<suffix>", dn = 0x7fa523e64b60 "cn=groups,cn=accounts,<suffix>", ndn = 0x7fa523e64a20 "cn=groups,cn=accounts,<suffix>", ndn_len = 37} (gdb) print *((struct backend_shr_set_data *) backend_data)->ref_attr_list[0].links.base_sdn_list[1] $71 = {flag = 15 '\017', udn = 0x7fa523e64b30 "cn=users,cn=accounts,<suffix>", dn = 0x7fa5102f3200 "cn=users,cn=accounts,<suffix>", ndn = 0x7fa5102f30e0 "cn=users,cn=accounts,<suffix>", ndn_len = 36}
A problem is that the set of search bases contains an invalid base
(gdb) print *((struct backend_shr_set_data *) backend_data)->ref_attr_list[0].links.base_sdn_list[2] $72 = {flag = 9 '\t', udn = 0x0, dn = 0x0, ndn = 0x0, ndn_len = 0}
This ticket is specifically to improve slapi-nis robustness in order to check backend sdn before calling slapi_search_internal_set_pb
A separated ticket should be opened to fix the problem of incorrectly NULL terminated list of backends.
<img alt="0001-Ticket-16-slapi-nis-issue-internal-searches-on-NULL-.patch" src="/slapi-nis/issue/raw/23bbdbcb49f22fcefffd136210e279a007752f15feeaf4372e64fb7a6e410477-0001-Ticket-16-slapi-nis-issue-internal-searches-on-NULL-.patch" />
Related to BZ https://bugzilla.redhat.com/show_bug.cgi?id=1461437
Looks OK except
143 +ยป slapi_search_internal_set_pb(pb, , LDAP_SCOPE_BASE,
you have an excessive comma there.
Oppsss... sorry for this. Added the new patch
<img alt="0002-Ticket-16-slapi-nis-issue-internal-searches-on-NULL-.patch" src="/slapi-nis/issue/raw/8d6918a5a403bad16335f3a4898bb77e6c1e5210c69fe82946599d81773415d0-0002-Ticket-16-slapi-nis-issue-internal-searches-on-NULL-.patch" />
Login to comment on this ticket.