View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0000580 | AlmaLinux-10 | General | public | 2025-11-18 17:23 | 2025-11-20 10:50 |
| Reporter | dmk1000 | Assigned To | |||
| Priority | normal | Severity | major | Reproducibility | always |
| Status | new | Resolution | open | ||
| Platform | x86_64 | OS | AlmaLinux | OS Version | 10 |
| Summary | 0000580: 389-ds: dirsrv crashed with segfault when binding with account with SSHA hashed password | ||||
| Description | I imported some service accounts from 389-ds 1.2 that had SSHA hashed passwords. When trying to use those accounts to bind on 389-ds 3.0.6, dirsrv crashed with SEGV However if the account has a PBKDF2-SHA512 hashed password using the account to bind succeeds. Because the dirsrv process crashes, nothing is reported in the logs. | ||||
| Steps To Reproduce | Clean install of AlmaLinux-10.0-x86_64-minimal.iso into a VM. [root@localhost 389-ds-min-crash]# sudo dnf install 389-ds-base [root@localhost 389-ds-min-crash]# cat instance.inf [general] config_version = 2 [slapd] root_password = password [backend-userroot] sample_entries = yes suffix = dc=example,dc=com [root@localhost 389-ds-min-crash]# dscreate from-file instance.inf Starting installation ... Validate installation settings ... Create file system structures ... Create self-signed certificate database ... Perform SELinux labeling ... Create database backend: dc=example,dc=com ... Perform post-installation tasks ... Completed installation for instance: slapd-localhost [root@localhost 389-ds-min-crash]# cat new-users.ldif dn: ou=Directory Users,dc=example,dc=com ou: Directory Users objectClass: organizationalUnit objectClass: top dn: userid=crashtest,ou=Directory Users,dc=example,dc=com uid: crashtest objectClass: account objectClass: simpleSecurityObject objectClass: top userPassword:: e1NTSEF9Z0pBNEpxMHZ0WldBenhmYU5EcUJWMk41ak83TEROaFRKZzhmalE9PQ= = dn: userid=test,ou=Directory Users,dc=example,dc=com uid: crashtest objectClass: account objectClass: simpleSecurityObject objectClass: top userPassword: {PBKDF2-SHA512}100000$9DDmLyu/3W7M88WIlT6pGVXXcG3PAYnl$w1V27uYF2EmwIeQr4f+/+ei3jXKuphWctjx3e2SVZaFtjaPXc1G0prNmfxwjikNzeTBgFAHu808nL3BovtljaA== [root@localhost 389-ds-min-crash]# ldapadd -D "cn=Directory Manager" -w password -f new-users.ldif adding new entry "ou=Directory Users,dc=example,dc=com" adding new entry "userid=crashtest,ou=Directory Users,dc=example,dc=com" adding new entry "userid=test,ou=Directory Users,dc=example,dc=com" [root@localhost 389-ds-min-crash]# ldapsearch -D "userid=test,ou=Directory Users,dc=example,dc=com" -w dummy -H ldap://localhost -b "dc=example,dc=com" "(objectClass=*)" # extended LDIF # # LDAPv3 # base <dc=example,dc=com> with scope subtree # filter: (objectClass=*) # requesting: ALL # # example.com ... # search result search: 2 result: 0 Success # numResponses: 9 # numEntries: 8 [root@localhost 389-ds-min-crash]# ldapsearch -D "userid=crashtest,ou=Directory Users,dc=example,dc=com" -w dummy -H ldap://localhost -b "dc=example,dc=com" "(objectClass=*)" ldap_result: Can't contact LDAP server (-1) From Journalctl -xe -u dirsrv@localhost --follow: Stack trace of thread 6859: #0 0x00007fb5182a9eb4 attr_get_deletion_csn (libslapd.so.0 + 0xa9eb4) #1 0x00007fb513af2048 entry_get_rdn_mods (libback-ldbm.so + 0x58048) 0000002 0x00007fb513af497a ldbm_back_modify (libback-ldbm.so + 0x5a97a) 0000003 0x00007fb518309926 op_shared_modify.lto_priv.0 (libslapd.so.0 + 0x109926) 0000004 0x00007fb518367b2c modify_internal_pb.isra.0 (libslapd.so.0 + 0x167b2c) 0000005 0x00007fb5183028d6 slapi_modify_internal_pb (libslapd.so.0 + 0x1028d6) 0000006 0x00007fb518329048 update_pw_encoding (libslapd.so.0 + 0x129048) 0000007 0x00005561ec303164 n/a (n/a + 0x0) 0000008 0x00005561ec3097f8 n/a (n/a + 0x0) 0000009 0x00007fb518582417 _pt_root (libnspr4.so + 0x2b417) 0000010 0x00007fb5180be37f start_thread (libc.so.6 + 0x9837f) 0000011 0x00007fb518130f4c __clone3 (libc.so.6 + 0x10af4c) | ||||
| Tags | No tags attached. | ||||
|
|
I managed to replicate this on the latest 389-ds so I reported it on their github issues. They've explained where I've gone wrong in my configuration and created a patch to fix it anyway. https://github.com/389ds/389-ds-base/issues/7105 |
