Bug 876694
| Summary: | RedHat Directory Server crashes (segfaults) when moving ldap entry | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 6 | Reporter: | Rich Megginson <rmeggins> |
| Component: | 389-ds-base | Assignee: | Rich Megginson <rmeggins> |
| Status: | CLOSED ERRATA | QA Contact: | Sankar Ramalingam <sramling> |
| Severity: | urgent | Docs Contact: | |
| Priority: | urgent | ||
| Version: | 6.3 | CC: | jgalipea, mkubik, mrhodes, nhosoi, nkinder |
| Target Milestone: | rc | Keywords: | ZStream |
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | 389-ds-base-1.2.11.15-4.el6 | Doc Type: | Bug Fix |
| Doc Text: |
Cause: The code to check if the new superior entry exists or not was returning the "No such object" error only when the op was requested by the directory manager.
Consequence: If an ordinary (non-root) user tries to use the modrdn operation to move an entry to a non-existing parent, it crashes the server
Fix: This patch is removing the operator condition so that whoever the requester is, it returns the "No such object" error.
Result: Modrdn to the non-existing parent successfully fails for any users.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2013-02-21 08:21:33 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | |||
| Bug Blocks: | 881827, 901534 | ||
|
Description
Rich Megginson
2012-11-14 18:04:09 UTC
Upstream ticket: https://fedorahosted.org/389/ticket/520 Steps to verify: 1. create a user: e.g., uid=tuser0,dc=example,dc=com with a userpassword: tuser0 2. give the all permission to the user. 3. ldapmodify ... -D 'uid=tuser0,dc=example,dc=com -w tuser0 << EOF dn: uid=tuser0,dc=example,dc=com changetype: modrdn newrdn: uid=tuser0 deleteoldrdn: 1 newsuperior: ou=bogus,dc=example,dc=com EOF where ou=bogus,dc=example,dc=com does not exist. If the operation successfully fails with "No such object" error, the bug is verified. 1. add user $ /usr/lib64/mozldap/ldapsearch -b "ou=people,dc=brq,dc=redhat,dc=com" uid=tuser02 dn version: 1 dn: uid=tuser02,ou=People,dc=brq,dc=redhat,dc=com 2. grant user administrator permissions $ /usr/lib64/mozldap/ldapsearch -D "cn=directory manager" -w Secret123 -b "dc=brq,dc=redhat,dc=com" cn="directory administrators" uniqueMember version: 1 dn: cn=Directory Administrators,dc=brq,dc=redhat,dc=com uniqueMember: cn=Directory Manager uniqueMember: uid=tuser02,ou=people,dc=brq,dc=redhat,dc=com 3. Attempt to modify entry $ /usr/lib64/mozldap/ldapmodify -D "uid=tuser02,ou=people,dc=bre,dc=redhat,dc=com" -w Secret123 -a -f modentry.ldif ldap_simple_bind: No such object $ echo $? 32 $ cat modentry.ldif dn: uid=tuser02,ou=people,dc=brq,dc=redhat,dc=com changetype: modrdn newrdn: uid=tuser0 deleteoldrdn: 1 newsuperior: ou=bogus,dc=brq,dc=redhat,dc=com $ rpm -qa | grep 389 389-ds-base-1.2.11.15-4.el6.x86_64 typo in step 3. $ /usr/lib64/mozldap/ldapmodify -D "uid=tuser02,ou=people,dc=brq,dc=redhat,dc=com" -w Secret123 -a -f modentry.ldif modifying RDN of entry uid=tuser02,ou=people,dc=brq,dc=redhat,dc=com and/or moving it beneath a new parent ldap_rename: No such object ldap_rename: matched: dc=brq,dc=redhat,dc=com Result remaining: VERIFIED Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHSA-2013-0503.html Covered in subtreeRenames suite |