Bug 1302823 - Crash in slapi_get_object_extension
Summary: Crash in slapi_get_object_extension
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: 389-ds-base
Version: 7.2
Hardware: All
OS: Linux
Target Milestone: rc
: ---
Assignee: Noriko Hosoi
QA Contact: Viktor Ashirov
Petr Bokoc
Depends On:
Blocks: 1309964
TreeView+ depends on / blocked
Reported: 2016-01-28 17:27 UTC by German Parente
Modified: 2020-09-13 21:39 UTC (History)
6 users (show)

Fixed In Version: 389-ds-base-
Doc Type: Bug Fix
Doc Text:
ACL plug-in no longer crashes due to missing `pblock` object When a persistent search (psearch) was launched by a "bind" user without sufficient permissions, the access permissions object in cache failed to reset to point the initial `pblock` structure to the permanent structure. As a consequence, the access control list (ACL) plug-in could crash the server due to a missing `pblock` object. This update ensures that the initial object is reset to the permanent structure, and Directory Server no longer crashes in this situation.
Clone Of:
: 1309964 (view as bug list)
Last Closed: 2016-11-03 20:39:01 UTC
Target Upstream Version:

Attachments (Terms of Use)
access log buffer (4.43 KB, application/x-gzip)
2016-01-28 20:05 UTC, German Parente
no flags Details
Script for modifying group attributes (1.14 KB, text/x-python)
2016-07-25 08:11 UTC, Punit Kundal
no flags Details

System ID Private Priority Status Summary Last Updated
Github 389ds 389-ds-base issues 1776 0 None None None 2020-09-13 21:39:26 UTC
Red Hat Product Errata RHSA-2016:2594 0 normal SHIPPED_LIVE Moderate: 389-ds-base security, bug fix, and enhancement update 2016-11-03 12:11:08 UTC

Description German Parente 2016-01-28 17:27:41 UTC
Description of problem:

This crash is exactly identical to one of the attachments in this bug:




But the former bug has been fixed in 3.4.0-1 and customer is in 3.4.0-21.el.7.2

	slapi_pblock_get ( pb, SLAPI_OPERATION, &op );
	aclpb = (Acl_PBlock *) acl_get_ext ( ACL_EXT_OPERATION, op );

operation is already null at this instance: 

(gdb) print op
$2 = (void *) 0x0

Error logs:

we see this error in errors log:

[22/Jan/2016:18:53:09 +0000] NSACLPlugin - Missing aclpb 4

which means the scan of ACL's has failed with fatal error. in function: acllist_init_scan ?

Version-Release number of selected component (if applicable): 389-ds-base-

How reproducible: not often.

Steps to Reproduce: no testcase. Customer has had this in ipa context only three times.

Actual results:

sever crashes

Additional info:

Comment 5 German Parente 2016-01-28 20:05:14 UTC
Created attachment 1119265 [details]
access log buffer

Comment 12 Noriko Hosoi 2016-02-09 00:03:43 UTC
Upstream ticket:

Comment 19 Mike McCune 2016-03-28 23:13:32 UTC
This bug was accidentally moved from POST to MODIFIED via an error in automation, please see mmccune@redhat.com with any questions

Comment 21 Punit Kundal 2016-07-25 08:10:06 UTC
RHEL 7.3 x86_64 Server

DS builds:
[root@org47 ~]# rpm -qa | grep 389-ds-base

Steps Performed:
1. Added 1k users using ldapadd as below
[root@org47 python_utilities]# ldapadd -x -D 'cn=Directory Manager' -w secret123 -h localhost -p 389 -f 1kusers.ldif
adding new entry "uid=tuser1,ou=people,dc=example,dc=com"
adding new entry "uid=tuser2,ou=people,dc=example,dc=com"
adding new entry "uid=tuser3,ou=people,dc=example,dc=com"
adding new entry "uid=tuser4,ou=people,dc=example,dc=com"
adding new entry "uid=tuser5,ou=people,dc=example,dc=com"
adding new entry "uid=tuser6,ou=people,dc=example,dc=com"
adding new entry "uid=tuser7,ou=people,dc=example,dc=com"
adding new entry "uid=tuser8,ou=people,dc=example,dc=com"
adding new entry "uid=tuser9,ou=people,dc=example,dc=com"
adding new entry "uid=tuser10,ou=people,dc=example,dc=com"
2. Added a static group containing the above 1kusers as its uniquemembers
[root@org47 python_utilities]# ldapadd -x -D 'cn=Directory Manager' -w secret123 -h localhost -p 389 -f 1kgroup.ldif
adding new entry "cn=test group,ou=Groups,dc=example,dc=com"

3. Verified that the group was added properly

[root@org47 python_utilities]# ldapsearch -xLLL -b 'cn=test group,ou=Groups,dc=example,dc=com' -h localhost -p 389 uniquemember
dn: cn=test group,ou=Groups,dc=example,dc=com
uniquemember: uid=tuser1,ou=people,dc=example,dc=com
uniquemember: uid=tuser2,ou=people,dc=example,dc=com
uniquemember: uid=tuser3,ou=people,dc=example,dc=com
uniquemember: uid=tuser4,ou=people,dc=example,dc=com
uniquemember: uid=tuser5,ou=people,dc=example,dc=com
uniquemember: uid=tuser6,ou=people,dc=example,dc=com
uniquemember: uid=tuser7,ou=people,dc=example,dc=com
uniquemember: uid=tuser8,ou=people,dc=example,dc=com
uniquemember: uid=tuser9,ou=people,dc=example,dc=com
uniquemember: uid=tuser10,ou=people,dc=example,dc=com

4. Ran a python script (please refer next comment for the script) which keeps on
modifying the group attributes continuously for 1 hour

5. While the script was working, ran a psearch using mozldap tools as below
/usr/lib64/mozldap/ldapsearch -p 389 -D 'uid=tuser100,ou=People,dc=example,dc=com' -w secret123 -b "dc=example,dc=com" -C ps:any "(objectclass=*)"

6. When the script was complete, checked the status of DS instance as below
[root@org47 python_utilities]# status-dirsrv ds
● dirsrv@ds.service - 389 Directory Server ds.
   Loaded: loaded (/usr/lib/systemd/system/dirsrv@.service; enabled; vendor preset: disabled)
   Active: active (running) since Wed 2016-07-20 14:13:28 IST; 12min ago
 Main PID: 3775 (ns-slapd)
   Status: "slapd started: Ready to process requests"
   CGroup: /system.slice/system-dirsrv.slice/dirsrv@ds.service

Comment 22 Punit Kundal 2016-07-25 08:11:15 UTC
Created attachment 1183616 [details]
Script for modifying group attributes

Comment 24 errata-xmlrpc 2016-11-03 20:39:01 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.


Note You need to log in before you can comment on or make changes to this bug.