Bug 1049190

Summary: Better input argument validation and error messages for db2index and db2index.pl.
Product: Red Hat Enterprise Linux 7 Reporter: Amita Sharma <amsharma>
Component: 389-ds-baseAssignee: mreynolds
Status: CLOSED ERRATA QA Contact: Viktor Ashirov <vashirov>
Severity: medium Docs Contact:
Priority: medium    
Version: 7.0CC: amsharma, mreynolds, nhosoi, nkinder, spichugi
Target Milestone: rc   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: 389-ds-base-1.3.6.1-11.el7 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2017-08-01 21:10:21 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Amita Sharma 2014-01-07 07:54:25 UTC 
Description of problem:
Better input argument validation and error messages for db2index and db2index.pl.

Version-Release number of selected component (if applicable):
[root@dhcp201-149 basic]# rpm -qa | grep 389
389-adminutil-1.1.15-3.fc19.1.x86_64
389-admin-1.1.31-1.fc19.2.x86_64
389-admin-console-doc-1.1.8-5.fc19.noarch
389-console-1.1.7-4.fc19.noarch
389-ds-base-1.3.1.6-12.el7.x86_64
389-admin-console-1.1.8-5.fc19.noarch
389-ds-console-doc-1.2.7-2.fc19.noarch
389-dsgw-1.1.10-1.fc19.x86_64
389-ds-base-libs-1.3.1.6-12.el7.x86_64
389-ds-console-1.2.7-2.fc19.noarch
389-ds-1.2.2-4.fc19.noarch


How reproducible:
Always

Steps to Reproduce:
Test Case 1:: Difference in results for same thing
=====================================================
 [root@dhcp201-149 ~]# db2index -n userRoot -t cn:eq sub
[06/Jan/2014:15:00:28 +051800] - WARNING: Import is running with nsslapd-db-private-import-mem on; No other process is allowed to access the database
[06/Jan/2014:15:00:28 +051800] - check_and_set_import_cache: pagesize: 4096, pages: 479602, procpages: 53190
[06/Jan/2014:15:00:28 +051800] - Import allocates 767360KB import cache.
[06/Jan/2014:15:00:28 +051800] - userRoot: Indexing attribute: cn
[06/Jan/2014:15:00:28 +051800] - userRoot: Finished indexing.
[06/Jan/2014:15:00:28 +051800] - All database threads now stopped

[root@dhcp201-149 ~]# db2index.pl -v -D "cn=Directory Manager" -w Secret123 -n userRoot -t mail:eq sub
Usage: db2index.pl [-Z serverID] [-D rootdn] { -w password | -w - | -j filename } [-P protocol]
                   -n backendname [-t attributeName[:indextypes[:matchingrules]]] [-T vlvTag] [-v] [-h]

Test Case 2 :: Difference in results for same thing
=====================================================
[root@dhcp201-149 ~]# db2index -n userRoot -t givenname:eq, sub
[06/Jan/2014:15:05:35 +051800] - WARNING: Import is running with nsslapd-db-private-import-mem on; No other process is allowed to access the database
[06/Jan/2014:15:05:35 +051800] - check_and_set_import_cache: pagesize: 4096, pages: 479602, procpages: 53189
[06/Jan/2014:15:05:35 +051800] - Import allocates 767360KB import cache.
[06/Jan/2014:15:05:35 +051800] - userRoot: Indexing attribute: givenname
[06/Jan/2014:15:05:35 +051800] - userRoot: Finished indexing.
[06/Jan/2014:15:05:35 +051800] - All database threads now stopped

[root@dhcp201-149 ~]# db2index.pl -v -D "cn=Directory Manager" -w Secret123 -n userRoot -t mail:eq, sub
Usage: db2index.pl [-Z serverID] [-D rootdn] { -w password | -w - | -j filename } [-P protocol]
                   -n backendname [-t attributeName[:indextypes[:matchingrules]]] [-T vlvTag] [-v] [-h]


Actual results:
1. -t attribute:type, type AND -t attribute:type type gives different output for db2index and db2index.pl.
2. In both cases Index does not get created.

Expected results:
Proper error message and validation required.

Additional info:
Found this bug while testing https://bugzilla.redhat.com/show_bug.cgi?id=918695
Comment 2 Nathan Kinder 2014-01-07 20:29:43 UTC 
Upstream ticket:
https://fedorahosted.org/389/ticket/47662
Comment 4 Noriko Hosoi 2015-03-06 19:11:52 UTC 
Per 389-ds-base ticket triage, put to post 1.3.5.
Comment 8 mreynolds 2016-12-09 23:57:58 UTC 
Fixed upstream
Comment 10 Simon Pichugin 2017-04-10 15:59:49 UTC 
During the bug verification, a regression was found.

In the db2ldif tool, option '-a' is completely ignored.

Command: [root@qeos-249 tmp]# /usr/lib64/dirsrv/slapd-deftestinst/db2ldif -1 -n attrcrypt.com -E -a /ldifstorage/export2.ldif

Expected results:
Exported ldif file: /ldifstorage/export2.ldif
[10/Apr/2017:04:20:03.869235411 -0400] SSL alert: Sending pin request to SVRCore. You may need to run systemd-tty-ask-password-agent to provide the password.
ldiffile: /ldifstorage/export2.ldif
[10/Apr/2017:04:20:03.882845190 -0400] attrcrypt - _back_crypt_crypto_op decrypt (16)
[10/Apr/2017:04:20:03.883384879 -0400] export attrcrypt.com: Processed 3 entries (100%).
[10/Apr/2017:04:20:03.883808312 -0400] All database threads now stopped


Actual results:
Exported ldif file: /var/lib/dirsrv/slapd-deftestinst/ldif/deftestinst-2017_04_10_041941.ldif
[10/Apr/2017:04:19:41.945090565 -0400] SSL alert: Sending pin request to SVRCore. You may need to run systemd-tty-ask-password-agent to provide the password.
ldiffile: /var/lib/dirsrv/slapd-deftestinst/ldif/deftestinst-2017_04_10_041941.ldif
[10/Apr/2017:04:19:41.959166887 -0400] attrcrypt - _back_crypt_crypto_op decrypt (16)
[10/Apr/2017:04:19:41.959848923 -0400] export attrcrypt.com: Processed 3 entries (100%).
[10/Apr/2017:04:19:41.960353583 -0400] All database threads now stopped

Additional information:
In the ldap/admin/src/scripts/db2ldif.in, on the line 133 command 'shift $(($OPTIND - 1))' happens. It causes that '$@' doesn't contain parameters anymore.
Because of this, on line 159, command `make_ldiffile $@` returns one predefined line every time.

It is possible that some other scripts were affected too.
Comment 11 mreynolds 2017-04-10 19:44:47 UTC 
Fixed upstream
Comment 13 Simon Pichugin 2017-04-25 14:46:26 UTC 
One more regression was found.
In ldap/admin/src/scripts/db2index.in:

74 if [ -z $servid ] && [ $# -eq 0 ]; then
75     idxall=1
76 elif [ "$servid" ] && [ $# -eq 2 ]; then
77     idxall=1
78 elif [ -z $benameopt ] && [ -z $includeSuffix ]; then
79     print_usage=1
80 fi
81 if [ -z $servid ] && [ $# -lt 2 ]; then
82     print_usage=1
83 elif [ -n "$servid" ] && [ $# -lt 4 ]; then
84     print_usage=1
85 elif [ -n "$servid" ] && [ $# -eq 4 ]; then
86     idxall=1
87 fi

We use "$#" after we've shifted the parameters with "shift $(($OPTIND - 1))".
It causes an incorrect behaviour like:

db2index -Z slapd-s1 -n userRoot -t entryrdn
Usage: db2index [-Z serverID] [-n backend | {-s includesuffix}* -t attribute[:indextypes[:matchingrules]]
                -T vlvTag] [-h]
Options:
        -Z serverID       - Server instance identifier
        -n backend        - Backend database name.  Example: userRoot
        -s includeSuffix  - The suffix to index
        -t attribute[:indextypes[:matchingrules]]
                          - attributeName: name of the attribute to be indexed
                            If omitted, all the indexes defined for that instance are generated.
                          - indextypes: comma separated index types
                          - matchingrules: comma separated matrules
                                 Example: -t foo:eq,pres
        -T vlvTag         - VLV index name
        -h                - Display usage

It prints a usage, though it should be executed.
Comment 14 mreynolds 2017-05-04 13:53:26 UTC 
Fixed upstream
Comment 16 Amita Sharma 2017-06-05 11:57:49 UTC 
[root@qeos-231 ~]# rpm -qa | grep 389
389-ds-base-1.3.6.1-15.el7.x86_64
389-ds-base-libs-1.3.6.1-15.el7.x86_64

[root@qeos-231 ~]# db2index -Z slapd-qeos-231 -n userRoot -t entryrdn
[05/Jun/2017:04:45:34.910762672 -0400] - INFO - ldbm_instance_config_cachememsize_set - force a minimal value 512000
[05/Jun/2017:04:45:34.920083190 -0400] - INFO - dblayer_instance_start - Import is running with nsslapd-db-private-import-mem on; No other process is allowed to access the database
[05/Jun/2017:04:45:34.945212024 -0400] - INFO - ldbm_back_ldbm2index - userRoot: Indexing entryrdn
[05/Jun/2017:04:45:34.947159580 -0400] - INFO - ldbm_back_ldbm2index - userRoot: Finished indexing.
[05/Jun/2017:04:45:34.948674838 -0400] - INFO - dblayer_pre_close - All database threads now stopped

[root@qeos-231 ~]# tail -f /var/log/dirsrv/slapd-qeos-231/errors
[05/Jun/2017:04:32:06.168038546 -0400] - INFO - ldbm_back_instance_set_destructor - Set of instances destroyed
[05/Jun/2017:04:32:06.168816205 -0400] - INFO - connection_post_shutdown_cleanup - slapd shutting down - freed 0 work q stack objects - freed 0 op stack objects
[05/Jun/2017:04:32:06.244789362 -0400] - INFO - main - slapd stopped.
[05/Jun/2017:04:45:34.911437390 -0400] - INFO - ldbm_instance_config_cachememsize_set - force a minimal value 512000
[05/Jun/2017:04:45:34.920091349 -0400] - INFO - dblayer_instance_start - Import is running with nsslapd-db-private-import-mem on; No other process is allowed to access the database
[05/Jun/2017:04:45:34.920577818 -0400] - INFO - check_and_set_import_cache - pagesize: 4096, available bytes 1627160576, process usage 20742144 
[05/Jun/2017:04:45:34.920878470 -0400] - INFO - check_and_set_import_cache - Import allocates 635609KB import cache.
[05/Jun/2017:04:45:34.945228678 -0400] - INFO - ldbm_back_ldbm2index - userRoot: Indexing entryrdn
[05/Jun/2017:04:45:34.947167436 -0400] - INFO - ldbm_back_ldbm2index - userRoot: Finished indexing.
[05/Jun/2017:04:45:34.948698018 -0400] - INFO - dblayer_pre_close - All database threads now stopped

[root@qeos-231 ~]# db2index -n userRoot -t cn:eq,sub
[05/Jun/2017:07:56:46.187411089 -0400] - INFO - ldbm_instance_config_cachememsize_set - force a minimal value 512000
[05/Jun/2017:07:56:46.194014306 -0400] - INFO - dblayer_instance_start - Import is running with nsslapd-db-private-import-mem on; No other process is allowed to access the database
[05/Jun/2017:07:56:46.210870498 -0400] - INFO - ldbm_back_ldbm2index - userRoot: Indexing attribute: cn
[05/Jun/2017:07:56:46.212510511 -0400] - INFO - ldbm_back_ldbm2index - userRoot: Finished indexing.
[05/Jun/2017:07:56:46.214065294 -0400] - INFO - dblayer_pre_close - All database threads now stopped


[root@qeos-231 ~]# systemctl start dirsrv@qeos-231
[root@qeos-231 ~]# db2index.pl -D "cn=Directory Manager" -w Secret123 -n userRoot -t mail:eq,sub
Successfully added task entry "cn=db2index_2017_6_5_7_57_26, cn=index, cn=tasks, cn=config"
Comment 17 errata-xmlrpc 2017-08-01 21:10:21 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2017:2086