8410 2005-11-03 16:00:45 +0300 segfault when nsswitch.conf enables looking for groups at ldap 2006-08-09 10:26:48 +0400 1 1 4 Development Sisyphus nss_ldap unstable all Linux CLOSED FIXED P2 blocker --- 7079 1 gns vserge boyarsh hiddenman imz klark ldv master mike shaba slev vitty viy qa-sisyphus oldest_to_newest 32803 0 gns 2005-11-03 16:00:45 +0300 (bug fixed in version 244 from padl.com) debug output: nss_ldap: ==> do_init nss_ldap: <== do_init (cached session) nss_ldap: ==> do_open nss_ldap: ==> do_init nss_ldap: <== do_init (cached session) nss_ldap: <== do_open (cached session) nss_ldap: ==> do_filter nss_ldap: :== do_filter: (&(objectclass=posixGroup)(memberUid=ldaptest)) nss_ldap: <== do_filter nss_ldap: ==> do_with_reconnect nss_ldap: ==> do_open nss_ldap: ==> do_init nss_ldap: <== do_init (cached session) nss_ldap: <== do_open (cached session) nss_ldap: ==> do_search Program received signal SIGSEGV, Segmentation fault. 0xb7ec42cf in strlen () from /lib/libc.so.6 backtrace: #5 0xb7b192f7 in do_search (base=0xb7b26e30 "ou=Group,dc=technoparkcorp,dc=com", scope=2, filter=0xbfd48504 "(&(objectclass=posixGroup)(memberUid=ldaptest))", attrs=0xbfd48da4, sizelimit=0, msgid=0xbfd48d50) at ldap-nss.c:2480 rc = 0 serverctrls = {0x8059ed8, 0x0} #6 0xb7b18ffc in do_with_reconnect (base=0xb7b26e30 "ou=Group,dc=technoparkcorp,dc=com", scope=2, filter=0xbfd48504 "(&(objectclass=posixGroup)(memberUid=ldaptest))", attrs=0xbfd48da4, sizelimit=0, private=0xbfd48d50, search_func=0xb7b1921d <do_search>) at ldap-nss.c:2379 rc = 52 tries = 0 backoff = 0 hard = 1 stat = NSS_STATUS_SUCCESS #7 0xb7b19e83 in _nss_ldap_search (args=0xbfd48dc4, filterprot=0xb7b2f040 "(&(objectclass=posixGroup)(memberUid=%s))", sel=LM_GROUP, user_attrs=0xbfd48da4, sizelimit=0, msgid=0xbfd48d50, csd=0x8059d0c) at ldap-nss.c:2952 sdBase = "&#167;&#1040;&#1078;·\001\000\000\000\230\221\005\bD\211&#1060;&#1111;\017\033&#1078;·&#1092;\017&#1090;·&#1044;\203&#1089;·\030\000\000\000\000\223\005\b\230\221\005\b *&#1090;·&#1092;\017&#1090;·\230\221\005\b *&#1090;·h\211&#1060;&#1111;&#1111;&#1097;&#1078;· *&#1090;·\230\221\005\b&#1092;\017&#1090;·\230\221\005\b&#1103;&#1103;&#1103;&#1103;\234\211&#1060;&#1111;%\004&#1078;·\230\221\005\b\000\000\000\000&#1057;\030&#181;·\000\000\000\000\000\004\000\000\230\221\005\b\000\004\000\000\200#&#1090;·&#1092;_&#181;·&#1088;\211&#1060;&#1111;&#1058;\a\000\000&#172;\211&#1060;&#1111;\b\030&#181;·\230\221\005\b&#1092;_&#181;·&#1112;\211&#1060;&#1111;L\030&#181;·&#1092;\017&#1090;·&#1092;\017&#1090;·\034\216&#1060;&#1111;&#1108;7&#1081;· \030&#181;·&#1072;\211&#1060;&#1111;\000\004\000\000\200#&#1090;·", '\0' <repeats 12 times>... base = 0xb7b26e30 "ou=Group,dc=technoparkcorp,dc=com" filterBuf = "(&(objectclass=posixGroup)(memberUid=ldaptest))\000T\213&#1076;·&#1084;\212&#1060;&#1111;&#1112;\206&#1060;&#1111;&#1072;|&#1030;·\001\000\000\000\"\000\000\000&#1084;m&#1030;·\001\000\000\000\002\000\000\000d\205&#1060;&#1111;&#1072;|&#1030;·\000\000\000\000(&(objectclass=posixAccount)(uid=ldaptest))", '\0' <repeats 99 times>, "s \000\000\000\000&#1103;&#1103;&#1103;&#1103;&#1095;&#1103;&#1103;&#1103;", '\0' <repeats 36 times>, "!&#1098;&#1078;·", '\0' <repeats 20 times>, "\002\000\000\000@\214&#1060;&#1111;&#1084;\212&#1060;&#1111;\000"... dynamicFilterBuf = 0x0 attrs = (const char **) 0xb7b27d60 filter = 0xbfd48504 "(&(objectclass=posixGroup)(memberUid=ldaptest))" scope = 2 stat = NSS_STATUS_SUCCESS sd = (ldap_service_search_descriptor_t *) 0xb7b26e54 #8 0xb7b1a30d in _nss_ldap_getent_ex (args=0xbfd48dc4, ctx=0xbfd48dbc, result=0xbfd48df4, buffer=0x0, buflen=0, errnop=0xb7f22380, filterprot=0xb7b2f040 "(&(objectclass=posixGroup)(memberUid=%s))", sel=LM_GROUP, user_attrs=0xbfd48da4, parser=0xb7b1c0b2 <do_parse_initgroups_nested>) at ldap-nss.c:3116 msgid = -1 stat = NSS_STATUS_SUCCESS #9 0xb7b1c275 in _nss_ldap_initgroups_dyn (user=0x8058b0e "ldaptest", group=0, start=0xbfd48e5c, size=0xbfd48e84, groupsp=0xbfd48e88, limit=65536, errnop=0xb7f22380) at ldap-grp.c:1120 lia = {group = 0, start = 0xbfd48e5c, size = 0xbfd48e84, groups = 0xbfd48e88, limit = 65536, depth = 0, known_groups = 0x0} filter = 0xb7b2f040 "(&(objectclass=posixGroup)(memberUid=%s))" a = {la_type = LA_TYPE_STRING, la_arg1 = {la_string = 0x8058b0e "ldaptest", la_number = 134581006, la_triple = { host = 0x8058b0e "ldaptest", user = 0x8059cd0 "&#1080;\234\005\b", domain = 0x73736e5f <Address 0x73736e5f out of bounds>}, la_string_list = 0x8058b0e}, la_arg2 = {la_string = 0x0}} stat = NSS_STATUS_SUCCESS ctx = (ent_context_t *) 0x8059cf8 gidnumber_attrs = {0xbfd48dd0 "_nss", 0xb7b14000 "\177ELF\001\001\001", 0xb7b14984 "\r\004"} map = LM_GROUP #10 0xb7e9393e in fgetgrent () from /lib/libc.so.6 No symbol table info available. #11 0xb7e93bdc in initgroups () from /lib/libc.so.6 No symbol table info available. #12 0x0804a1b2 in ?? () No symbol table info available. Steps to Reproduce: 1. setup nss_ldap.conf and nsswitch.conf for looking for group and users in ldap 3. rpm -q nss_ldap nss_ldap-239-alt1 2. su - ldaptest Actual Results: segmentation fault (getent group - working. and with "group: files" everything ok) 32805 1 gns 2005-11-03 16:01:26 +0300 *** Bug 8409 has been marked as a duplicate of this bug. *** 33397 2 gns 2005-11-25 15:49:45 +0300 *** Bug 7981 has been marked as a duplicate of this bug. *** 34567 3 vserge 2006-01-09 23:14:48 +0300 Принято, но исправить смогу не раньше чем через неделю 34609 4 gns 2006-01-10 16:09:24 +0300 я заливал в инкоминг 244 в порядке NMU, но в сизиф его не пропустили. 35310 5 gns 2006-01-31 00:01:16 +0300 http://bugzilla.padl.com/show_bug.cgi?id=241: If nss_ldap-239 is built _without_ RFC2307bis support, the module will segfault when enumerating the groups a particular user belongs to, due to an uninitialized pointer. The patch below fixes that. diff -rpu nss_ldap-239.orig/ldap-grp.c nss_ldap-239/ldap-grp.c --- nss_ldap-239.orig/ldap-grp.c 2005-05-24 02:53:19.000000000 +0200 +++ nss_ldap-239/ldap-grp.c 2005-12-22 02:36:52.000000000 +0100 @@ -1115,6 +1115,8 @@ char *_nss_ldap_getgrset (char *user) } #else filter = _nss_ldap_filt_getgroupsbymember; + gidnumber_attrs[0] = ATM (group, gidNumber); + gidnumber_attrs[1] = NULL; #endif /* RFC2307BIS */ stat = _nss_ldap_getent_ex (&a, &ctx, (void *) &lia, NULL, 0, 36564 6 mike 2006-03-09 12:05:11 +0300 Кстати, в nss_ldap бы внести дефолты сообразно http://wiki.sisyphus.ru/changes за 28.01.2006: Евгений Остапец сообщает о проблемах при обновлении nss_ldap до версии 244. Чтобы жизнь была легче, стоит задать таймауты в /etc/nss_ldap.conf: nss_reconnect_sleeptime 2 nss_reconnect_maxsleeptime 2 nss_reconnect_maxconntries 2 nss_reconnect_tries 2 еще имеет смысл bind_policy soft 39458 7 stalker 2006-08-09 10:21:48 +0400 === TelnetClients:x:10008:gorlov Remote Desktop Users:x:10009:gorlov SoftDistributors:x:10012:gorlov,max,crazy ... === Всё из лдапа.