When specifying path to plugin library in DS console > configuration > plug-ins the Plug-in module path field/value is not validated and allows to save any value which can lead to a crash during the start of the directory server.
The bug is most probably related to #308221 where the check for filename was removed to allow relative paths. Currently it supports only relative paths even when tried to use an absolute one. The path is just appended to default plugin location wich also leads to crash during startup.
E.g. with path '/qq/libcos-plugin'
[22/May/2013:15:22:20 +0200] - Netscape Portable Runtime error -5977: /usr/lib/dirsrv/plugins//qq/libcos-plugin.so: cannot open shared object file: No such file or directory [22/May/2013:15:22:20 +0200] - Could not open library "/usr/lib/dirsrv/plugins//qq/libcos-plugin.so" for plugin Class of Service [22/May/2013:15:22:21 +0200] - Unable to load plugin "cn=Class of Service,cn=plugins,cn=config"
Version-Release number of selected component (if applicable): DS9.1
How reproducible: Always
Steps to Reproduce: 1. In Console > configuration tab > plug-ins pick any plugin 2. change the plug-in module path to non existent path/filename. Either an absolute path or relative path will do. 3. Try to save the change.
Actual results: The value is saved to DS config file (dse.ldif) and on the next start it crashes as the partiucular file does not exist.
Expected results: The value should not be saved and some kind of error should be displayed.
We don't allow one to put plug-ins outside of the "plugins" directory (for various reasons, including SELinux). This is by design and will not be changed.
We could validate the plug-in path at the preop phase in the 389-ds-base package. If the path does not exist, we can reject the modify/add operation. This would cover both Console and changes made over LDAP. Direct modification of dse.ldif would still trigger the server to not start, but that is by design.
Copied from the original bug: Nathan Kinder 2013-06-05 13:39:24 EDT We don't allow one to put plug-ins outside of the "plugins" directory (for various reasons, including SELinux). This is by design and will not be changed.
I would also like to clarify that the server is not crashing. The server refuses to start if certain things are invalid in dse.ldif. This is by design. There are multiple ways that one can put invalid info in dse.ldif, including via Console, LDAP, or by manual editing. There is only so much we can do to prevent an admin from shooting themselves in the foot.
I'm changing this to a 389-ds-base bug, as the verification should be done there (not in Console).
Plugin path validation fix 0001-Ticket-47384-Plugin-library-path-validation.patch
Thank you for implementing the code which is a good proof of concept. After reading your code, I think we'd better move it to some other place such as in dse_callback. The layer of dse_modify and _add would not be a good place to handle the config entry specific data. I'll let you know when I find a good place.
git patch file (master) 0001-Ticket-47384-Plugin-library-path-validation.2.patch
Anupam,
Sorry, implementing the code as a callback is a bit too much for me to explain to you. So, I updated it myself based upon your patch.
Thanks, --noriko
Bug description: ldapmodify could replace the plugin path with an invalid path.
Fix description: This patch adds the validation code to dse callback. If modify operation is requested for a plugin entry, the registered callback check_plugin_path is called and check the given plugin path.
This patch also has made get_plugin_name public as slapi_get_ plugin_name. Now, the following plugin paths are allowed: /path/to/lib<plugin>.so, /path/to/lib<plugin>, lib<plugin>.so, lib<plugin>
Reviewed by Rich (Thank you!!)
Pushed to master: commit a4b81c0
git patch file (master) 0001-Ticket-47384-Plugin-library-path-validation.3.patch
Description: commit a4b81c0 only checks the invalid plugin path when the value is modified. This patch adds the check when a plugin entry is added.
Pushed to master: commit 1cd68bb
Fix returntext 0001-Ticket-47384-Plugin-path-validation-returntext-not-s.patch
returntext was not set properly, patch out for review...
git merge ticket47384 Updating 7e9cae5..36f3f34 Fast-forward ldap/servers/slapd/fedse.c | 4 ++-- 1 files changed, 2 insertions(+), 2 deletions(-)
git push origin master Counting objects: 11, done. Delta compression using up to 4 threads. Compressing objects: 100% (6/6), done. Writing objects: 100% (6/6), 725 bytes, done. Total 6 (delta 4), reused 0 (delta 0) To ssh://git.fedorahosted.org/git/389/ds.git 7e9cae5..36f3f34 master -> master
commit 36f3f34 Author: Mark Reynolds mreynolds@redhat.com Date: Wed Aug 14 16:56:36 2013 -0400
Metadata Update from @mreynolds: - Issue assigned to anjain - Issue set to the milestone: 1.3.2 - 09/13 (September)
389-ds-base is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in 389-ds-base's github repository.
This issue has been cloned to Github and is available here: - https://github.com/389ds/389-ds-base/issues/721
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Metadata Update from @spichugi: - Issue close_status updated to: wontfix (was: Fixed)
Login to comment on this ticket.