|
 |
a2f18f |
From 34024061a980fa5472fab680b873c0666413e5ec Mon Sep 17 00:00:00 2001
|
|
|
a2f18f |
From: Mark Reynolds <mreynolds@redhat.com>
|
|
|
a2f18f |
Date: Mon, 17 Aug 2015 14:51:17 -0400
|
|
|
a2f18f |
Subject: [PATCH 46/47] Ticket 48233 - Server crashes in ACL_LasFindFlush
|
|
|
a2f18f |
during shutdown if ACIs contain IP addresss restrictions
|
|
|
a2f18f |
|
|
|
a2f18f |
Bug Description: The server will crash at shutdown if there are ACI's that use IP rules.
|
|
|
a2f18f |
|
|
|
a2f18f |
Fix Description: When we stop the acl plugin we need to free aci avl list first, before
|
|
|
a2f18f |
we free the libaccess ACL global lists. Otherwise, we dereference a freed
|
|
|
a2f18f |
struct.
|
|
|
a2f18f |
|
|
|
a2f18f |
https://fedorahosted.org/389/ticket/48233
|
|
|
a2f18f |
|
|
|
a2f18f |
Reviewed by: nhosoi(Thanks!)
|
|
|
a2f18f |
|
|
|
a2f18f |
(cherry picked from commit 22d315b910b086d3e7edca3b6b52511d5da63802)
|
|
|
a2f18f |
(cherry picked from commit 57c5d35b4a5ea3e85ae2a7471cbe487531ee3835)
|
|
|
a2f18f |
---
|
|
|
a2f18f |
dirsrvtests/tickets/ticket48233_test.py | 105 ++++++++++++++++++++++++++++++++
|
|
|
a2f18f |
ldap/servers/plugins/acl/aclplugin.c | 2 +-
|
|
|
a2f18f |
2 files changed, 106 insertions(+), 1 deletion(-)
|
|
|
a2f18f |
create mode 100644 dirsrvtests/tickets/ticket48233_test.py
|
|
|
a2f18f |
|
|
|
a2f18f |
diff --git a/dirsrvtests/tickets/ticket48233_test.py b/dirsrvtests/tickets/ticket48233_test.py
|
|
|
a2f18f |
new file mode 100644
|
|
|
a2f18f |
index 0000000..387279d
|
|
|
a2f18f |
--- /dev/null
|
|
|
a2f18f |
+++ b/dirsrvtests/tickets/ticket48233_test.py
|
|
|
a2f18f |
@@ -0,0 +1,105 @@
|
|
|
a2f18f |
+import os
|
|
|
a2f18f |
+import sys
|
|
|
a2f18f |
+import time
|
|
|
a2f18f |
+import ldap
|
|
|
a2f18f |
+import logging
|
|
|
a2f18f |
+import pytest
|
|
|
a2f18f |
+from lib389 import DirSrv, Entry, tools, tasks
|
|
|
a2f18f |
+from lib389.tools import DirSrvTools
|
|
|
a2f18f |
+from lib389._constants import *
|
|
|
a2f18f |
+from lib389.properties import *
|
|
|
a2f18f |
+from lib389.tasks import *
|
|
|
a2f18f |
+from lib389.utils import *
|
|
|
a2f18f |
+
|
|
|
a2f18f |
+logging.getLogger(__name__).setLevel(logging.DEBUG)
|
|
|
a2f18f |
+log = logging.getLogger(__name__)
|
|
|
a2f18f |
+
|
|
|
a2f18f |
+installation1_prefix = None
|
|
|
a2f18f |
+
|
|
|
a2f18f |
+
|
|
|
a2f18f |
+class TopologyStandalone(object):
|
|
|
a2f18f |
+ def __init__(self, standalone):
|
|
|
a2f18f |
+ standalone.open()
|
|
|
a2f18f |
+ self.standalone = standalone
|
|
|
a2f18f |
+
|
|
|
a2f18f |
+
|
|
|
a2f18f |
+@pytest.fixture(scope="module")
|
|
|
a2f18f |
+def topology(request):
|
|
|
a2f18f |
+ global installation1_prefix
|
|
|
a2f18f |
+ if installation1_prefix:
|
|
|
a2f18f |
+ args_instance[SER_DEPLOYED_DIR] = installation1_prefix
|
|
|
a2f18f |
+
|
|
|
a2f18f |
+ # Creating standalone instance ...
|
|
|
a2f18f |
+ standalone = DirSrv(verbose=False)
|
|
|
a2f18f |
+ args_instance[SER_HOST] = HOST_STANDALONE
|
|
|
a2f18f |
+ args_instance[SER_PORT] = PORT_STANDALONE
|
|
|
a2f18f |
+ args_instance[SER_SERVERID_PROP] = SERVERID_STANDALONE
|
|
|
a2f18f |
+ args_instance[SER_CREATION_SUFFIX] = DEFAULT_SUFFIX
|
|
|
a2f18f |
+ args_standalone = args_instance.copy()
|
|
|
a2f18f |
+ standalone.allocate(args_standalone)
|
|
|
a2f18f |
+ instance_standalone = standalone.exists()
|
|
|
a2f18f |
+ if instance_standalone:
|
|
|
a2f18f |
+ standalone.delete()
|
|
|
a2f18f |
+ standalone.create()
|
|
|
a2f18f |
+ standalone.open()
|
|
|
a2f18f |
+
|
|
|
a2f18f |
+ # Delete each instance in the end
|
|
|
a2f18f |
+ def fin():
|
|
|
a2f18f |
+ standalone.delete()
|
|
|
a2f18f |
+ request.addfinalizer(fin)
|
|
|
a2f18f |
+
|
|
|
a2f18f |
+ # Clear out the tmp dir
|
|
|
a2f18f |
+ standalone.clearTmpDir(__file__)
|
|
|
a2f18f |
+
|
|
|
a2f18f |
+ return TopologyStandalone(standalone)
|
|
|
a2f18f |
+
|
|
|
a2f18f |
+
|
|
|
a2f18f |
+def test_ticket48233(topology):
|
|
|
a2f18f |
+ """Test that ACI's that use IP restrictions do not crash the server at
|
|
|
a2f18f |
+ shutdown
|
|
|
a2f18f |
+ """
|
|
|
a2f18f |
+
|
|
|
a2f18f |
+ # Add aci to restrict access my ip
|
|
|
a2f18f |
+ aci_text = ('(targetattr != "userPassword")(version 3.0;acl ' +
|
|
|
a2f18f |
+ '"Enable anonymous access - IP"; allow (read,compare,search)' +
|
|
|
a2f18f |
+ '(userdn = "ldap:///anyone") and (ip="127.0.0.1");)')
|
|
|
a2f18f |
+
|
|
|
a2f18f |
+ try:
|
|
|
a2f18f |
+ topology.standalone.modify_s(DEFAULT_SUFFIX, [(ldap.MOD_ADD, 'aci', aci_text)])
|
|
|
a2f18f |
+ except ldap.LDAPError as e:
|
|
|
a2f18f |
+ log.error('Failed to add aci: (%s) error %s' % (aci_text, e.message['desc']))
|
|
|
a2f18f |
+ assert False
|
|
|
a2f18f |
+ time.sleep(1)
|
|
|
a2f18f |
+
|
|
|
a2f18f |
+ # Anonymous search to engage the aci
|
|
|
a2f18f |
+ try:
|
|
|
a2f18f |
+ topology.standalone.simple_bind_s("", "")
|
|
|
a2f18f |
+ except ldap.LDAPError as e:
|
|
|
a2f18f |
+ log.error('Failed to anonymously bind -error %s' % (e.message['desc']))
|
|
|
a2f18f |
+ assert False
|
|
|
a2f18f |
+
|
|
|
a2f18f |
+ try:
|
|
|
a2f18f |
+ entries = topology.standalone.search_s(DEFAULT_SUFFIX, ldap.SCOPE_SUBTREE, 'objectclass=*')
|
|
|
a2f18f |
+ if not entries:
|
|
|
a2f18f |
+ log.fatal('Failed return an entries from search')
|
|
|
a2f18f |
+ assert False
|
|
|
a2f18f |
+ except ldap.LDAPError, e:
|
|
|
a2f18f |
+ log.fatal('Search failed: ' + e.message['desc'])
|
|
|
a2f18f |
+ assert False
|
|
|
a2f18f |
+
|
|
|
a2f18f |
+ # Restart the server
|
|
|
a2f18f |
+ topology.standalone.restart(timeout=10)
|
|
|
a2f18f |
+
|
|
|
a2f18f |
+ # Check for crash
|
|
|
a2f18f |
+ if topology.standalone.detectDisorderlyShutdown():
|
|
|
a2f18f |
+ log.fatal('Server crashed!')
|
|
|
a2f18f |
+ assert False
|
|
|
a2f18f |
+
|
|
|
a2f18f |
+ log.info('Test complete')
|
|
|
a2f18f |
+
|
|
|
a2f18f |
+
|
|
|
a2f18f |
+if __name__ == '__main__':
|
|
|
a2f18f |
+ # Run isolated
|
|
|
a2f18f |
+ # -s for DEBUG mode
|
|
|
a2f18f |
+ CURRENT_FILE = os.path.realpath(__file__)
|
|
|
a2f18f |
+ pytest.main("-s %s" % CURRENT_FILE)
|
|
|
a2f18f |
\ No newline at end of file
|
|
|
a2f18f |
diff --git a/ldap/servers/plugins/acl/aclplugin.c b/ldap/servers/plugins/acl/aclplugin.c
|
|
|
a2f18f |
index 45a6315..d90996e 100644
|
|
|
a2f18f |
--- a/ldap/servers/plugins/acl/aclplugin.c
|
|
|
a2f18f |
+++ b/ldap/servers/plugins/acl/aclplugin.c
|
|
|
a2f18f |
@@ -269,13 +269,13 @@ aclplugin_stop ( Slapi_PBlock *pb )
|
|
|
a2f18f |
{
|
|
|
a2f18f |
int rc = 0; /* OK */
|
|
|
a2f18f |
|
|
|
a2f18f |
+ free_acl_avl_list();
|
|
|
a2f18f |
ACL_Destroy();
|
|
|
a2f18f |
acl_destroy_aclpb_pool();
|
|
|
a2f18f |
acl_remove_ext();
|
|
|
a2f18f |
ACL_AttrGetterHashDestroy();
|
|
|
a2f18f |
ACL_MethodHashDestroy();
|
|
|
a2f18f |
ACL_DestroyPools();
|
|
|
a2f18f |
- free_acl_avl_list();
|
|
|
a2f18f |
aclanom__del_profile(1);
|
|
|
a2f18f |
aclgroup_free();
|
|
|
a2f18f |
//aclext_free_lockarray();
|
|
|
a2f18f |
--
|
|
|
a2f18f |
1.9.3
|
|
|
a2f18f |
|