Bug 1498773
Summary: | Installation of ipa fails with crash in topology plugin | |||
---|---|---|---|---|
Product: | Red Hat Enterprise Linux 7 | Reporter: | Lukas Slebodnik <lslebodn> | |
Component: | 389-ds-base | Assignee: | mreynolds | |
Status: | CLOSED ERRATA | QA Contact: | Viktor Ashirov <vashirov> | |
Severity: | urgent | Docs Contact: | ||
Priority: | urgent | |||
Version: | 7.5 | CC: | jpazdziora, nkinder, ppicka, pvoborni, rcritten, rmeggins, tbordaz, tscherf | |
Target Milestone: | rc | Keywords: | Regression, ZStream | |
Target Release: | --- | |||
Hardware: | Unspecified | |||
OS: | Unspecified | |||
Whiteboard: | ||||
Fixed In Version: | 389-ds-base-1.3.7.5-5.el7 | Doc Type: | If docs needed, set a value | |
Doc Text: | Story Points: | --- | ||
Clone Of: | ||||
: | 1511824 (view as bug list) | Environment: | ||
Last Closed: | 2018-04-10 14:19:40 UTC | Type: | Bug | |
Regression: | --- | Mount Type: | --- | |
Documentation: | --- | CRM: | ||
Verified Versions: | Category: | --- | ||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
Cloudforms Team: | --- | Target Upstream Version: | ||
Embargoed: | ||||
Bug Depends On: | ||||
Bug Blocks: | 1511824 |
Description
Lukas Slebodnik
2017-10-05 08:22:33 UTC
Part of ipa 2017-10-04T20:45:31Z DEBUG [40/45]: configuring Posix uid/gid generation 2017-10-04T20:45:31Z DEBUG Starting external process 2017-10-04T20:45:31Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/tmpSzZXI_ -H ldapi://%2fvar%2frun%2fslapd-TESTRELM-TEST.socket -Y EXTERNAL 2017-10-04T20:45:31Z DEBUG Process finished, return code=255 2017-10-04T20:45:31Z DEBUG stdout=add objectclass: top extensibleObject add cn: Posix IDs add dnaType: uidNumber gidNumber add dnaNextValue: 1861400000 add dnaMaxValue: 1861599999 add dnaMagicRegen: -1 add dnaFilter: (|(objectClass=posixAccount)(objectClass=posixGroup)(objectClass=ipaIDobject)) add dnaScope: dc=testrelm,dc=test add dnaThreshold: 500 add dnaSharedCfgDN: cn=posix-ids,cn=dna,cn=ipa,cn=etc,dc=testrelm,dc=test add dnaExcludeScope: cn=provisioning,dc=testrelm,dc=test adding new entry "cn=Posix IDs,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config" modify complete replace nsslapd-pluginEnabled: on modifying entry "cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config" 2017-10-04T20:45:31Z DEBUG stderr=ldap_initialize( ldapi://%2Fvar%2Frun%2Fslapd-TESTRELM-TEST.socket/??base ) SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 ldap_result: Can't contact LDAP server (-1) 2017-10-04T20:45:31Z CRITICAL Failed to load dna.ldif: Command '/usr/bin/ldapmodify -v -f /tmp/tmpSzZXI_ -H ldapi://%2fvar%2frun%2fslapd-TESTRELM-TEST.socket -Y EXTERNAL' returned non-zero exit status 255 2017-10-04T20:45:31Z DEBUG Traceback (most recent call last): File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 504, in start_creation run_step(full_msg, method) File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 494, in run_step method() File "/usr/lib/python2.7/site-packages/ipaserver/install/dsinstance.py", line 704, in __config_uidgid_gen self._ldap_mod("dna.ldif", self.sub_dict) File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 308, in _ldap_mod ipautil.run(args, nolog=nologlist) File "/usr/lib/python2.7/site-packages/ipapython/ipautil.py", line 511, in run raise CalledProcessError(p.returncode, arg_string, str(output)) CalledProcessError: Command '/usr/bin/ldapmodify -v -f /tmp/tmpSzZXI_ -H ldapi://%2fvar%2frun%2fslapd-TESTRELM-TEST.socket -Y EXTERNAL' returned non-zero exit status 255 2017-10-04T20:45:31Z DEBUG [error] CalledProcessError: Command '/usr/bin/ldapmodify -v -f /tmp/tmpSzZXI_ -H ldapi://%2fvar%2frun%2fslapd-TESTRELM-TEST.socket -Y EXTERNAL' returned non-zero exit status 255 Debug details: # # the crash occurs while enabling DNA plugin, topology plugin catches the update # (gdb) where #0 0x00007f411e5ee939 in __strcasecmp_l_sse2 () at ../sysdeps/x86_64/strcmp.S:212 #1 0x00007f41151e5761 in ipa_topo_check_segment_updates (pb=pb@entry=0x556e1722e0a0) at topology_pre.c:393 #2 0x00007f41151e5c78 in ipa_topo_pre_mod (pb=0x556e1722e0a0) at topology_pre.c:573 #3 0x00007f41216c1f74 in plugin_call_func (list=0x556e171ee100, operation=operation@entry=451, pb=pb@entry=0x556e1722e0a0, call_one=call_one@entry=0) at ldap/servers/slapd/plugin.c:2028 #4 0x00007f41216c2203 in plugin_call_list (pb=0x556e1722e0a0, operation=451, list=<optimized out>) at ldap/servers/slapd/plugin.c:1972 #5 0x00007f41216c2203 in plugin_call_plugins (pb=pb@entry=0x556e1722e0a0, whichfunction=whichfunction@entry=451) at ldap/servers/slapd/plugin.c:442 #6 0x00007f412167c00a in dse_modify (pb=0x556e1722e0a0) at ldap/servers/slapd/dse.c:1751 #7 0x00007f41216ae456 in op_shared_modify (pb=pb@entry=0x556e1722e0a0, pw_change=pw_change@entry=0, old_pw=0x0) at ldap/servers/slapd/modify.c:1013 #8 0x00007f41216af8eb in do_modify (pb=pb@entry=0x556e1722e0a0) at ldap/servers/slapd/modify.c:383 #9 0x0000556e159e32b7 in connection_dispatch_operation (pb=0x556e1722e0a0, op=0x556e1732e000, conn=0x556e17d66050) at ldap/servers/slapd/connection.c:624 #10 0x0000556e159e32b7 in connection_threadmain () at ldap/servers/slapd/connection.c:1761 #11 0x00007f411f60dc1b in _pt_root (arg=0x556e17d22900) at ../../../nspr/pr/src/pthreads/ptthread.c:216 #12 0x00007f411efade25 in start_thread (arg=0x7f40f7a4e700) at pthread_create.c:308 #13 0x00007f411e65c1ad in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:113 # # Topology plugin retrieves the SLAPI_PLUGIN_IDENTITY to be sure not # process its own updates # # it uses 'pi' that is not initialized to retrieve SLAPI_PLUGIN_IDENTITY value # (gdb) frame 1 #1 0x00007f41151e5761 in ipa_topo_check_segment_updates (pb=pb@entry=0x556e1722e0a0) at topology_pre.c:393 393 if (pi && 0 == strcasecmp(pi, ipa_topo_get_plugin_id())) { (gdb) list 382,393 382 int 383 ipa_topo_check_segment_updates(Slapi_PBlock *pb) 384 { 385 int rc = 0; 386 Slapi_Entry *mod_entry; 387 char *pi; 388 389 /* we have to check if the operation is triggered by the 390 * topology plugin itself - allow it 391 */ 392 slapi_pblock_get(pb, SLAPI_PLUGIN_IDENTITY,&pi); 393 if (pi && 0 == strcasecmp(pi, ipa_topo_get_plugin_id())) { # # https://pagure.io/389-ds-base/issue/49097 split pblocks into # several sub-structs # # pb_intplugin that contains SLAPI_PLUGIN_IDENTITY is allocated # on demand only if one of its fields is set. # # Here the field was not slapi-pblock-set before slapi-pblock-get # (gdb) print *pb $25 = {pb_backend = 0x556e16fd7dc0, pb_conn = 0x556e17d66050, pb_op = 0x556e1732e000, pb_plugin = 0x556e171ee100, pb_dse = 0x0, pb_task = 0x0, pb_mr = 0x0, pb_misc = 0x556e1801bf00, pb_intop = 0x556e16fd4ea0, pb_intplugin = 0x0, pb_deprecated = 0x0} # # slapi_pblock_get leaves the variable unchanged if the # sub-struct that contains the requested field is not allocate # # the consequence is that 'pi' is keeping the value it got from the stack (gdb) list slapi_pblock_get 353 #define SLAPI_PBLOCK_GET_PLUGIN_RELATED_POINTER(pb, element) \ 354 ((pb)->pb_plugin == NULL ? NULL : (pb)->pb_plugin->element) 355 356 int 357 slapi_pblock_get(Slapi_PBlock *pblock, int arg, void *value) 358 { 359 360 #ifdef PBLOCK_ANALYTICS 361 pblock_analytics_record(pblock, arg); 362 #endif (gdb) list 703 698 } 699 break; 700 case SLAPI_PLUGIN_DESCRIPTION: 701 (*(Slapi_PluginDesc *)value) = pblock->pb_plugin->plg_desc; 702 break; 703 case SLAPI_PLUGIN_IDENTITY: 704 if (pblock->pb_intplugin != NULL) { 705 (*(void **)value) = pblock->pb_intplugin->pb_plugin_identity; 706 } 707 break; Before, pblock was a calloc struct. Get of a unset field always set the variable &pi. So the API behavior changed. Others plugins may hit that issue (accessing a field that has not been previously set). This is a 389-ds bug. slapi-pblock-get should always set the variable, even if the sub-struct is not allocated. Upstream ticket https://pagure.io/389-ds-base/issue/49394 *** Bug 1499179 has been marked as a duplicate of this bug. *** Upstream ticket is pushed -> POST Build tested: 389-ds-base-1.3.7.5-10.el7.x86_64 ipa-server-4.5.4-4.el7.x86_64 I did ipa-server-install several times and didn't observe a crash. Marking as VERIFIED, SanityOnly. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2018:0811 |