Bug 519455

Summary: Should not attempt to pop SASL IO layer if not using SASL IO
Product: [Retired] 389 Reporter: Vitaly Kuznetsov <vitty>
Component: Security - SASLAssignee: Rich Megginson <rmeggins>
Status: CLOSED CURRENTRELEASE QA Contact: Viktor Ashirov <vashirov>
Severity: medium Docs Contact:
Priority: low    
Version: 1.2.1CC: jgalipea, nkinder
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2015-12-07 16:57:28 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 434914, 519216    
Attachments:
Description Flags
Simple patch to fix problem (check for c_prfd in connection before calling sasl_io_cleanup)
none
revised patch none

Description Vitaly Kuznetsov 2009-08-26 17:03:51 UTC 
Description of problem:

I'm building 389 (branch 1.2 from git) for ALT Linux. Build if ok, but server fails after first search:

[26/Aug/2009:20:57:37 +0400] 389-Directory/1.2.2 - debug level: packets+connections (10)
[26/Aug/2009:20:57:38 +0400] - 389-Directory/1.2.2 B2009.238.956 starting up
[26/Aug/2009:20:57:38 +0400] - Detected Disorderly Shutdown last time Directory Server was running, recovering database.
[26/Aug/2009:20:57:40 +0400] - slapd started.  Listening on All Interfaces port 389 for LDAP requests
[26/Aug/2009:20:57:56 +0400] - sasl_io_cleanup for connection 0
Assertion failure: 0 != id, at prlayer.c:579
Aborted

Version-Release number of selected component (if applicable):

1.2 branch (commit 30e3822919e20cb13dfc5dabc50e7c1fe5e21d40 from git)

Steps to Reproduce:
1. start ns-slapd
2. query something
  
Actual results:
server fails ;(

Expected results:
server not fails and return something
Comment 1 Rich Megginson 2009-08-26 17:27:40 UTC 
Are you using a build of NSPR with PR_ASSERT enabled?
Comment 2 Vitaly Kuznetsov 2009-08-26 17:49:57 UTC 
(I'm not good with nspr)
Yes, we build nspr-4.8.0 with -DDEBUG=1 (As I see equal to -DFORCE_PR_ASSERT=1)
Comment 3 Rich Megginson 2009-08-26 18:34:51 UTC 
Ok.  The problem is that we pop the SASL IO layer even if there is no SASL IO layer.  There is no bad effect.  The fix will be to check to see if SASL IO has been enabled, and if the layer contains the SASL IO layer.  This targeted for the next bug fix release.
Comment 4 Vitaly Kuznetsov 2009-08-26 20:11:20 UTC 
Thanks, I'll trace git commits ;)
Comment 5 Vitaly Kuznetsov 2009-09-23 13:20:21 UTC 
Created attachment 362292 [details]
Simple patch to fix problem (check for c_prfd in connection before calling  sasl_io_cleanup)
Comment 6 Rich Megginson 2009-09-23 15:51:09 UTC 
Created attachment 362324 [details]
revised patch
Comment 7 Rich Megginson 2009-09-23 16:01:12 UTC 
To ssh://git.fedorahosted.org/git/389/ds.git
   56b9868..7f9f261  master -> master

commit 7f9f26112388c6915fafb1b60b41a2d3e1e4e51e
Author: Rich Megginson <rmeggins>
Date:   Wed Sep 23 09:52:29 2009 -0600

    Reviewed by: nkinder (Thanks!)
    Fix Description: Before attempting to pop the SASL IO layer from the prfd,
    first make sure we are using sasl IO, the prfd is not NULL, and the prfd
    has a SASL IO layer on it.
    This also fixes a bug with setting nsslapd-localhost in the bootstrap code -
    if you are using a system that does not have DNS configured correctly, you
    may want to force the SASL code to use the nsslapd-localhost for the FQDN.
    Platforms tested: RHEL5 x86_64
    Flag Day: no
    Doc impact: no
Comment 10 Jenny Severance 2010-06-02 14:38:02 UTC 
verified - SASL nightly acceptance tests passing - all supported platforms