This service will be undergoing maintenance at 00:00 UTC, 2017-10-23 It is expected to last about 30 minutes
Bug 487574 - server crash during modify operation
server crash during modify operation
Status: CLOSED CURRENTRELEASE
Product: 389
Classification: Community
Component: Server - DNA Plug-in (Show other bugs)
1.1.3
All Linux
low Severity urgent
: ---
: ---
Assigned To: Nathan Kinder
Chandrasekar Kannan
:
Depends On:
Blocks: 249650 487590 FDS1.2.0
  Show dependency treegraph
 
Reported: 2009-02-26 14:04 EST by Rob Crittenden
Modified: 2015-01-04 18:36 EST (History)
3 users (show)

See Also:
Fixed In Version: 8.1
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
: 487590 (view as bug list)
Environment:
Last Closed: 2009-04-29 19:10:52 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
DS DNA patch (3.20 KB, patch)
2009-02-26 14:58 EST, Nathan Kinder
no flags Details | Diff
Revised DS DNA patch (3.20 KB, patch)
2009-02-26 16:09 EST, Nathan Kinder
no flags Details | Diff

  None (edit)
Description Rob Crittenden 2009-02-26 14:04:57 EST
Description of problem:

I can force a server crash using ldapmodify.

Version-Release number of selected component (if applicable):

fedora-ds-base-1.1.3-2.fc9.i386

How reproducible:

Every time.

Steps to Reproduce:
% ldapmodify -x -D "cn=directory manager" -W
dn: cn=foo,cn=groups,cn=accounts,dc=example.com,dc=com
changetype: modify
delete: gidnumber

(gdb) where
#0  dna_pre_op (pb=0x930fe60, modtype=4) at dna.c:1295
#1  0x0017c0a1 in ?? () from /usr/lib/dirsrv/libslapd.so.0
#2  0x0017c2ae in plugin_call_plugins () from /usr/lib/dirsrv/libslapd.so.0
#3  0x0016fb7c in ?? () from /usr/lib/dirsrv/libslapd.so.0
#4  0x001711bc in do_modify () from /usr/lib/dirsrv/libslapd.so.0
#5  0x08058157 in ber_sockbuf_free ()
#6  0x00927f81 in ?? () from /lib/libnspr4.so
#7  0x00bd532f in start_thread () from /lib/libpthread.so.0
#8  0x00af220e in clone () from /lib/libc.so.6
(gdb) print bv
$1 = (struct berval *) 0x0
Comment 1 Rob Crittenden 2009-02-26 14:13:08 EST
Backtrace using the FDS DNA plugin. This build is from the source tip from 2/11/09.

#0  dna_pre_op (pb=0x9c48460, modtype=4) at ldap/servers/plugins/dna/dna.c:2636
#1  0x0017c0a1 in plugin_call_func (list=0x9a14070, operation=405, 
    pb=0x9c48460, call_one=0) at ldap/servers/slapd/plugin.c:1369
#2  0x0017c2ae in plugin_call_plugins (pb=0x9c48460, whichfunction=405)
    at ldap/servers/slapd/plugin.c:1331
#3  0x0016fb7c in op_shared_modify (pb=0x9c48460, pw_change=0, old_pw=0x0)
    at ldap/servers/slapd/modify.c:777
#4  0x001711bc in do_modify (pb=0x9c48460) at ldap/servers/slapd/modify.c:341
#5  0x08058157 in connection_threadmain ()
    at ldap/servers/slapd/connection.c:502
#6  0x00927f81 in ?? () from /lib/libnspr4.so
#7  0x00bd532f in start_thread () from /lib/libpthread.so.0
#8  0x00af220e in clone () from /lib/libc.so.6
(gdb) print bv
$1 = (struct berval *) 0x0
Comment 2 Nathan Kinder 2009-02-26 14:58:16 EST
Created attachment 333377 [details]
DS DNA patch
Comment 3 Rob Crittenden 2009-02-26 15:18:49 EST
Tested 3 scenarios, 2 passed:

1. PASS
dn: cn=foo,cn=groups,cn=accounts,dc=example,dc=com
changetype: modify
delete: gidnumber

2. PASS
dn: cn=foo,cn=groups,cn=accounts,dc=example,dc=com
changetype: modify
replace: gidnumber

3. FAIL
dn: cn=foo,cn=groups,cn=accounts,dc=example,dc=com
changetype: modify
delete: gidnumber
gidnumber: 1103

The entry looks like this:

dn: cn=foo,cn=groups,cn=accounts,dc=example,dc=com
objectClass: top
objectClass: groupofnames
objectClass: posixGroup
objectClass: inetUser
description: foo
cn: foo
gidNumber: 1103

I'm attached to the slapd process but not getting a backtrace when it quits, just:

[Thread 0xb4c21b90 (LWP 31146) exited]
[ a slew more ]
[Thread 0xb6023b90 (LWP 31144) exited]

Program exited with code 0177.
Comment 4 Nathan Kinder 2009-02-26 16:09:36 EST
Created attachment 333386 [details]
Revised DS DNA patch
Comment 5 Rob Crittenden 2009-02-26 16:20:45 EST
All my tests pass now
Comment 6 Nathan Kinder 2009-02-26 16:41:45 EST
Checked into ldapserver (HEAD).  Thanks to Rich for his review, and to Rob for his testing!

Checking in ldap/servers/plugins/dna/dna.c;
/cvs/dirsec/ldapserver/ldap/servers/plugins/dna/dna.c,v  <--  dna.c
new revision: 1.17; previous revision: 1.16
done
Comment 7 Jenny Galipeau 2009-04-08 09:39:12 EDT
Rob -Nathan - can I get a bit of information on the setup for this bug? I would like to add regression tests to the automated acceptance tests.  How was the original group assigned its gidNumber - I don't want to assume via DNA plugin?  Thanks Jenny
Comment 8 Rob Crittenden 2009-04-08 10:29:14 EDT
gidnumber was assigned by DNA when the group entry was created during my testing.
Comment 9 Jenny Galipeau 2009-04-08 10:35:21 EDT
thanks Rich!
Comment 10 Jenny Galipeau 2009-04-08 14:53:14 EDT
fix verified - RHEL 4 - DS 8.1 - scenarios above do not crash the server and new gidNumbers are assigned.
Comment 11 Chandrasekar Kannan 2009-04-29 19:10:52 EDT
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHEA-2009-0455.html

Note You need to log in before you can comment on or make changes to this bug.