Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.
First Last Prev Next    This bug is not in your last search results.
Bug 1371284 - Disabling CLEAR password storage scheme will crash server when setting a password
Disabling CLEAR password storage scheme will crash server when setting a pass...
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: 389-ds-base (Show other bugs)
7.3
Unspecified Unspecified
high Severity high
: rc
: ---
Assigned To: Noriko Hosoi
Viktor Ashirov
:
Depends On:
Blocks: 1371678
  Show dependency treegraph
 
Reported: 2016-08-29 15:40 EDT by Noriko Hosoi
Modified: 2016-11-03 16:45 EDT (History)
6 users (show)

See Also:
Fixed In Version: 389-ds-base-1.3.5.10-9.el7
Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
: 1371678 (view as bug list)
Environment:
Last Closed: 2016-11-03 16:45:29 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2016:2594 normal SHIPPED_LIVE Moderate: 389-ds-base security, bug fix, and enhancement update 2016-11-03 08:11:08 EDT

  None (edit)
Description Noriko Hosoi 2016-08-29 15:40:17 EDT 
This bug is created as a clone of upstream ticket:
https://fedorahosted.org/389/ticket/48975

The server always expects the the CLEAR password storage scheme to always be enabled.  If it is disabled then a NULL pointer gets dereferenced and the server crashes:

Program terminated with signal 11, Segmentation fault.
#0  valuearray_init_bervalarray_unhashed_only (pb=0x13ea250, pw_change=1, old_pw=0x0) at ldap/servers/slapd/modify.c:1460
1460                            if(strcmp(pwsp->pws_name, "CLEAR") == 0){

#0  valuearray_init_bervalarray_unhashed_only (pb=0x13ea250, pw_change=1, old_pw=0x0) at ldap/servers/slapd/modify.c:1460
#1  op_shared_modify (pb=0x13ea250, pw_change=1, old_pw=0x0) at ldap/servers/slapd/modify.c:968
#2  0x0000003c9208867e in do_modify (pb=0x13ea250) at ldap/servers/slapd/modify.c:408
#3  0x00000000004146d4 in connection_dispatch_operation () at ldap/servers/slapd/connection.c:594
#4  connection_threadmain () at ldap/servers/slapd/connection.c:2360
#5  0x00000036e4c29c13 in _pt_root (arg=0x1419ee0) at ../../../nspr/pr/src/pthreads/ptthread.c:212
#6  0x00000036e2c07aa1 in start_thread (arg=0x7f084e1fc700) at pthread_create.c:301
#7  0x00000036e28e8aad in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:115
Comment 1 mreynolds 2016-08-30 14:50:48 EDT 
Fixed upstream
Comment 3 Sankar Ramalingam 2016-09-09 00:08:50 EDT 
Verification steps:
1. Disable password storage scheme CLEAR
2. Add users with password with clear text.
3. Modify users password with clear text.
Comment 4 Sankar Ramalingam 2016-09-09 00:59:50 EDT 
[root@ratangad ~]# PORT=1189 ; /usr/bin/ldapmodify -x -p $PORT -h localhost -D "cn=Directory Manager" -w Secret123 << EOF> dn: cn=CLEAR,cn=Password Storage Schemes,cn=plugins,cn=config
> replace: nsslapd-pluginEnabled
> nsslapd-pluginEnabled: off
> EOF
modifying entry "cn=CLEAR,cn=Password Storage Schemes,cn=plugins,cn=config"

[root@ratangad ~]# PORT=1189 ; /usr/bin/ldapsearch -x -p $PORT -h localhost -D "cn=Directory Manager" -w Secret123 -b "cn=CLEAR,cn=Password Storage Schemes,cn=plugins,cn=config" |grep -i nsslapd-pluginEnabled
nsslapd-pluginEnabled: off

[root@ratangad MMR_WINSYNC]# cat DATA/PUser1.ldif |grep -i pass
userPassword: Secret123

[root@ratangad MMR_WINSYNC]# ./AddEntry.sh Users 1189 "ou=testing,dc=passsync,dc=com" clearusrpwd 3 localhost
adding new entry "uid=clearusrpwd3,ou=testing,dc=passsync,dc=com"
adding new entry "uid=clearusrpwd2,ou=testing,dc=passsync,dc=com"
adding new entry "uid=clearusrpwd1,ou=testing,dc=passsync,dc=com"

[root@ratangad ~]# PORT=1189 ; /usr/bin/ldapmodify -x -p $PORT -h localhost -D "cn=Directory Manager" -w Secret123 << EOF> dn: uid=clearusrpwd3,ou=Testing,dc=passsync,dc=com
> replace: userpassword
> userPassword: 123456www
> EOF
modifying entry "uid=clearusrpwd3,ou=Testing,dc=passsync,dc=com"

[root@ratangad ~]# ps -ef |grep -i slapd-M1
dsuser    3430     1  0 Sep07 ?        00:02:44 /usr/sbin/ns-slapd -D /etc/dirsrv/slapd-M1 -i /var/run/dirsrv/slapd-M1.pid

[root@ratangad MMR_WINSYNC]# PORT=1189 ; /usr/bin/ldapmodify -x -p $PORT -h localhost -D "cn=Directory Manager" -w Secret123 << EOFdn: cn=CLEAR,cn=Password Storage Schemes,cn=plugins,cn=config
replace: nsslapd-pluginEnabled
nsslapd-pluginEnabled: on 
EOF

modifying entry "cn=CLEAR,cn=Password Storage Schemes,cn=plugins,cn=config"

[root@ratangad MMR_WINSYNC]# ./AddEntry.sh Users 1189 "ou=testing,dc=passsync,dc=com" ONclearusrpwd 3 localhost
No of entries added will be 3
Adding 3 Users to 
adding new entry "uid=ONclearusrpwd3,ou=testing,dc=passsync,dc=com"

adding new entry "uid=ONclearusrpwd2,ou=testing,dc=passsync,dc=com"

adding new entry "uid=ONclearusrpwd1,ou=testing,dc=passsync,dc=com"

[root@ratangad ~]# PORT=1189 ; /usr/bin/ldapmodify -x -p $PORT -h localhost -D "cn=Directory Manager" -w Secret123 << EOF
dn: uid=ONclearusrpwd3,ou=Testing,dc=passsync,dc=com
replace: userpassword
userPassword: 2333$123456www
EOF

modifying entry "uid=ONclearusrpwd3,ou=Testing,dc=passsync,dc=com"

[root@ratangad ~]# ps -eaf |grep -i slapd-M1
dsuser    7797     1  0 10:21 ?        00:00:00 /usr/sbin/ns-slapd -D /etc/dirsrv/slapd-M1 -i /var/run/dirsrv/slapd-M1.pid
root     21787  9982  0 10:26 pts/2    00:00:00 grep --color=auto -i slapd-M1


Successfully added/modified clear text password to users by setting CLEAR password storage scheme plugin to Off/On. Hence, marking the bug as Verified.
Comment 5 Sankar Ramalingam 2016-09-09 01:00:31 EDT 
[root@ratangad MMR_WINSYNC]# rpm -qa |grep -i 389-ds-base
389-ds-base-1.3.5.10-10.el7.x86_64
389-ds-base-debuginfo-1.3.5.10-6.el7.x86_64
389-ds-base-libs-1.3.5.10-10.el7.x86_64
389-ds-base-devel-1.3.5.10-10.el7.x86_64
Comment 7 errata-xmlrpc 2016-11-03 16:45:29 EDT 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHSA-2016-2594.html
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.