RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 1371284 - Disabling CLEAR password storage scheme will crash server when setting a password
Summary: Disabling CLEAR password storage scheme will crash server when setting a pass...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: 389-ds-base
Version: 7.3
Hardware: Unspecified
OS: Unspecified
high
high
Target Milestone: rc
: ---
Assignee: Noriko Hosoi
QA Contact: Viktor Ashirov
URL:
Whiteboard:
Depends On:
Blocks: 1371678
TreeView+ depends on / blocked
 
Reported: 2016-08-29 19:40 UTC by Noriko Hosoi
Modified: 2020-09-13 21:50 UTC (History)
6 users (show)

Fixed In Version: 389-ds-base-1.3.5.10-9.el7
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
: 1371678 (view as bug list)
Environment:
Last Closed: 2016-11-03 20:45:29 UTC
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Github 389ds 389-ds-base issues 2034 0 None None None 2020-09-13 21:50:43 UTC
Red Hat Product Errata RHSA-2016:2594 0 normal SHIPPED_LIVE Moderate: 389-ds-base security, bug fix, and enhancement update 2016-11-03 12:11:08 UTC

Description Noriko Hosoi 2016-08-29 19:40:17 UTC
This bug is created as a clone of upstream ticket:
https://fedorahosted.org/389/ticket/48975

The server always expects the the CLEAR password storage scheme to always be enabled.  If it is disabled then a NULL pointer gets dereferenced and the server crashes:

Program terminated with signal 11, Segmentation fault.
#0  valuearray_init_bervalarray_unhashed_only (pb=0x13ea250, pw_change=1, old_pw=0x0) at ldap/servers/slapd/modify.c:1460
1460                            if(strcmp(pwsp->pws_name, "CLEAR") == 0){

#0  valuearray_init_bervalarray_unhashed_only (pb=0x13ea250, pw_change=1, old_pw=0x0) at ldap/servers/slapd/modify.c:1460
#1  op_shared_modify (pb=0x13ea250, pw_change=1, old_pw=0x0) at ldap/servers/slapd/modify.c:968
#2  0x0000003c9208867e in do_modify (pb=0x13ea250) at ldap/servers/slapd/modify.c:408
#3  0x00000000004146d4 in connection_dispatch_operation () at ldap/servers/slapd/connection.c:594
#4  connection_threadmain () at ldap/servers/slapd/connection.c:2360
#5  0x00000036e4c29c13 in _pt_root (arg=0x1419ee0) at ../../../nspr/pr/src/pthreads/ptthread.c:212
#6  0x00000036e2c07aa1 in start_thread (arg=0x7f084e1fc700) at pthread_create.c:301
#7  0x00000036e28e8aad in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:115

Comment 1 mreynolds 2016-08-30 18:50:48 UTC
Fixed upstream

Comment 3 Sankar Ramalingam 2016-09-09 04:08:50 UTC
Verification steps:
1. Disable password storage scheme CLEAR
2. Add users with password with clear text.
3. Modify users password with clear text.

Comment 4 Sankar Ramalingam 2016-09-09 04:59:50 UTC
[root@ratangad ~]# PORT=1189 ; /usr/bin/ldapmodify -x -p $PORT -h localhost -D "cn=Directory Manager" -w Secret123 << EOF> dn: cn=CLEAR,cn=Password Storage Schemes,cn=plugins,cn=config
> replace: nsslapd-pluginEnabled
> nsslapd-pluginEnabled: off
> EOF
modifying entry "cn=CLEAR,cn=Password Storage Schemes,cn=plugins,cn=config"

[root@ratangad ~]# PORT=1189 ; /usr/bin/ldapsearch -x -p $PORT -h localhost -D "cn=Directory Manager" -w Secret123 -b "cn=CLEAR,cn=Password Storage Schemes,cn=plugins,cn=config" |grep -i nsslapd-pluginEnabled
nsslapd-pluginEnabled: off

[root@ratangad MMR_WINSYNC]# cat DATA/PUser1.ldif |grep -i pass
userPassword: Secret123

[root@ratangad MMR_WINSYNC]# ./AddEntry.sh Users 1189 "ou=testing,dc=passsync,dc=com" clearusrpwd 3 localhost
adding new entry "uid=clearusrpwd3,ou=testing,dc=passsync,dc=com"
adding new entry "uid=clearusrpwd2,ou=testing,dc=passsync,dc=com"
adding new entry "uid=clearusrpwd1,ou=testing,dc=passsync,dc=com"

[root@ratangad ~]# PORT=1189 ; /usr/bin/ldapmodify -x -p $PORT -h localhost -D "cn=Directory Manager" -w Secret123 << EOF> dn: uid=clearusrpwd3,ou=Testing,dc=passsync,dc=com
> replace: userpassword
> userPassword: 123456www
> EOF
modifying entry "uid=clearusrpwd3,ou=Testing,dc=passsync,dc=com"

[root@ratangad ~]# ps -ef |grep -i slapd-M1
dsuser    3430     1  0 Sep07 ?        00:02:44 /usr/sbin/ns-slapd -D /etc/dirsrv/slapd-M1 -i /var/run/dirsrv/slapd-M1.pid

[root@ratangad MMR_WINSYNC]# PORT=1189 ; /usr/bin/ldapmodify -x -p $PORT -h localhost -D "cn=Directory Manager" -w Secret123 << EOFdn: cn=CLEAR,cn=Password Storage Schemes,cn=plugins,cn=config
replace: nsslapd-pluginEnabled
nsslapd-pluginEnabled: on 
EOF

modifying entry "cn=CLEAR,cn=Password Storage Schemes,cn=plugins,cn=config"

[root@ratangad MMR_WINSYNC]# ./AddEntry.sh Users 1189 "ou=testing,dc=passsync,dc=com" ONclearusrpwd 3 localhost
No of entries added will be 3
Adding 3 Users to 
adding new entry "uid=ONclearusrpwd3,ou=testing,dc=passsync,dc=com"

adding new entry "uid=ONclearusrpwd2,ou=testing,dc=passsync,dc=com"

adding new entry "uid=ONclearusrpwd1,ou=testing,dc=passsync,dc=com"

[root@ratangad ~]# PORT=1189 ; /usr/bin/ldapmodify -x -p $PORT -h localhost -D "cn=Directory Manager" -w Secret123 << EOF
dn: uid=ONclearusrpwd3,ou=Testing,dc=passsync,dc=com
replace: userpassword
userPassword: 2333$123456www
EOF

modifying entry "uid=ONclearusrpwd3,ou=Testing,dc=passsync,dc=com"

[root@ratangad ~]# ps -eaf |grep -i slapd-M1
dsuser    7797     1  0 10:21 ?        00:00:00 /usr/sbin/ns-slapd -D /etc/dirsrv/slapd-M1 -i /var/run/dirsrv/slapd-M1.pid
root     21787  9982  0 10:26 pts/2    00:00:00 grep --color=auto -i slapd-M1


Successfully added/modified clear text password to users by setting CLEAR password storage scheme plugin to Off/On. Hence, marking the bug as Verified.

Comment 5 Sankar Ramalingam 2016-09-09 05:00:31 UTC
[root@ratangad MMR_WINSYNC]# rpm -qa |grep -i 389-ds-base
389-ds-base-1.3.5.10-10.el7.x86_64
389-ds-base-debuginfo-1.3.5.10-6.el7.x86_64
389-ds-base-libs-1.3.5.10-10.el7.x86_64
389-ds-base-devel-1.3.5.10-10.el7.x86_64

Comment 7 errata-xmlrpc 2016-11-03 20:45:29 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHSA-2016-2594.html


Note You need to log in before you can comment on or make changes to this bug.