Uploaded image for project: 'OpenAM Agents'
  1. OpenAM Agents
  2. AMAGENTS-3165

Seg Fault if policy evaluation realm properties are null in local configuration.

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 5.6.2.0, 5.6.2.1, 5.8.0
    • Fix Version/s: 5.8.1, 5.9.0
    • Component/s: Web Agents
    • Environment:
      Apache 2.4
      RHEL7

      Description

      Reproduce:

      Exclude mandatory Agent 5 properties:

      bash-4.2# diff agent.conf agent.conf.crash
      34,37d33 
      < #Crash everything
      < #org.forgerock.openam.agents.config.policy.evaluation.realm = /
      < #org.forgerock.openam.agents.config.policy.evaluation.application = iPlanetAMWebAgentService
      

      Note this needs to be a local configuration.

      Restart Apache.
      Access agent URL:

      [Tue Jan 14 00:24:25.559576 2020] [amagent:debug] [pid 19212] source/apache/agent.c(194): amagent_worker_init() 19212
      [Tue Jan 14 00:24:25.559598 2020] [amagent:notice] [pid 19205] OpenSSL library status: trying libssl... libssl.so.1.1 dlopen error: libssl.so.1.1: cannot open shared object file: No such file or directory, found libssl.so.10, failed to load OPENSSL_init_ssl, failed to load TLS_client_method, failed to load SSL_get_state, trying libcrypto... libcrypto.so.1.1 dlopen error: libcrypto.so.1.1: cannot open shared object file: No such file or directory, found libcrypto.so.10, OpenSSL v1.0.x/0.9.8 library support is available
      [Tue Jan 14 00:24:25.559872 2020] [amagent:notice] [pid 19212] OpenSSL library status: trying libssl... libssl.so.1.1 dlopen error: libssl.so.1.1: cannot open shared object file: No such file or directory, found libssl.so.10, failed to load OPENSSL_init_ssl, failed to load TLS_client_method, failed to load SSL_get_state, trying libcrypto... libcrypto.so.1.1 dlopen error: libcrypto.so.1.1: cannot open shared object file: No such file or directory, found libcrypto.so.10, OpenSSL v1.0.x/0.9.8 library support is available
      [Tue Jan 14 00:24:25.603746 2020] [http2:trace1] [pid 19123] h2_h2.c(590): [client 10.166.0.1:42068] h2_h2, process_conn
      [Tue Jan 14 00:24:25.603775 2020] [http2:trace1] [pid 19123] h2_h2.c(604): [client 10.166.0.1:42068] h2_h2, process_conn, new connection using protocol 'http/1.1', direct=0, tls acceptable=1
      [Tue Jan 14 00:24:25.603778 2020] [http2:trace1] [pid 19123] h2_h2.c(662): [client 10.166.0.1:42068] h2_h2, declined
      [Tue Jan 14 00:24:25.603824 2020] [core:trace5] [pid 19123] protocol.c(710): [client 10.166.0.1:42068] Request received from client: GET / HTTP/1.1
      [Tue Jan 14 00:24:25.603911 2020] [http:trace4] [pid 19123] http_request.c(437): [client 10.166.0.1:42068] Headers received from client:
      [Tue Jan 14 00:24:25.603916 2020] [http:trace4] [pid 19123] http_request.c(441): [client 10.166.0.1:42068]   Host: agent.localtest.me
      [Tue Jan 14 00:24:25.603918 2020] [http:trace4] [pid 19123] http_request.c(441): [client 10.166.0.1:42068]   Connection: keep-alive
      [Tue Jan 14 00:24:25.603921 2020] [http:trace4] [pid 19123] http_request.c(441): [client 10.166.0.1:42068]   Cache-Control: max-age=0
      [Tue Jan 14 00:24:25.603923 2020] [http:trace4] [pid 19123] http_request.c(441): [client 10.166.0.1:42068]   DNT: 1
      [Tue Jan 14 00:24:25.603925 2020] [http:trace4] [pid 19123] http_request.c(441): [client 10.166.0.1:42068]   Upgrade-Insecure-Requests: 1
      [Tue Jan 14 00:24:25.603928 2020] [http:trace4] [pid 19123] http_request.c(441): [client 10.166.0.1:42068]   User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
      [Tue Jan 14 00:24:25.603930 2020] [http:trace4] [pid 19123] http_request.c(441): [client 10.166.0.1:42068]   Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
      [Tue Jan 14 00:24:25.603933 2020] [http:trace4] [pid 19123] http_request.c(441): [client 10.166.0.1:42068]   Accept-Encoding: gzip, deflate
      [Tue Jan 14 00:24:25.603935 2020] [http:trace4] [pid 19123] http_request.c(441): [client 10.166.0.1:42068]   Accept-Language: en-GB,en;q=0.9,ja;q=0.8
      [Tue Jan 14 00:24:25.603938 2020] [http:trace4] [pid 19123] http_request.c(441): [client 10.166.0.1:42068]   Cookie: amlbcookie=01; am-auth-jwt=eyJ0eXAiOiJKV1QiLCJraWQiOiJ3VTNpZklJYUxPVUFSZVJCL0ZHNmVNMVAxUU09IiwiYWxnIjoiUlMyNTYifQ.eyJzdWIiOiJhbWFkbWluIiwiYXVkaXRUcmFja2luZ0lkIjoiYWFmMmFiNTgtMjljNS00NjA2LTkwZTItYzM0ZjE2MDU3NmUxLTMxOTczIiwiaXNzIjoiaHR0cDovL29wZW5hbS5sb2NhbHRlc3QubWU6ODA4MC9vcGVuYW0vb2F1dGgyIiwidG9rZW5OYW1lIjoiaWRfdG9rZW4iLCJub25jZSI6Ijc2QzA1RjhGOTJDMTgzOEI2N0Y1NzNCNEVENEJFOTlBIiwiYXVkIjoid3BhLWFnZW50IiwiYWNyIjoiMCIsInNfaGFzaCI6IllaRUhpbzhVTVR3QkxGN3dWN3lrU1EiLCJhenAiOiJ3cGEtYWdlbnQiLCJhdXRoX3RpbWUiOjE1Nzg1MDkzMDUsImZvcmdlcm9jayI6eyJzc290b2tlbiI6Iko0N01IZlRjWGFNM1Y2a1QydEpTQ3hGX3gzVS4qQUFKVFNRQUNNREVBQWxOTEFCd3dOMVV6ZGs5TVNtSnFkVVozU1VGcEt6aEtaVlZzTVUxT2VHczlBQVIwZVhCbEFBTkRWRk1BQWxNeEFBQS4qIiwic3VpZCI6ImFhZjJhYjU4LTI5YzUtNDYwNi05MGUyLWMzNGYxNjA1NzZlMS0yODExMCJ9LCJyZWFsbSI6Ii8iLCJleHAiOjE1Nzg1MTY5MTEsInRva2VuVHlwZSI6IkpXVFRva2VuIiwiaWF0IjoxNTc4NTA5NzExLCJhZ2VudF9yZWFsbSI6Ii8ifQ.W7c0ehpdp2maSSmpie3Dr5AtDtB0Kq7yi7e-pm1bQU_Vyz5speVjc4SX37pSc5CPxMkqvtN6Fjd9HTXM7R9gEGBGB51tXqPXObXj_LUe4BoVHkCRhEiN8xBdXIqXskcKnNY30XS0KRnPOwuVy6TkuE_VvTifhlXSWclq3W3E6OeQrHxLF5XJ_yny7FIkhepopD0vZlLgOVJS8Lw7dQAxt__dBfBBu_yEqpk0oAj_dq90rL_COae4_8mVPgbY53ngoQBkk1FcSp86AolWXX9k7XE5oYVpa2Zv8026Gpr16vyHZnqfzg-pzDoOrj5SuDFAlgCJNeLpDKpGIBOApqjcQg
      [Tue Jan 14 00:24:25.603988 2020] [amagent:debug] [pid 19123] source/apache/agent.c(781): [client 10.166.0.1:42068] amagent_auth_handler(): [/opt/web_agents/apache24_agent/instances/agent_1/config/agent.conf] [3621438416]
      [Tue Jan 14 00:24:26.558908 2020] [core:notice] [pid 1] AH00051: child pid 19123 exit signal Segmentation fault (11), possible coredump in /opt/rh/httpd24/root/etc/httpd
      [Tue Jan 14 00:24:26.558941 2020] [core:trace4] [pid 1] mpm_common.c(533): mpm child 19123 (gen 16/slot 0) exited
      

      Re-introducing these properties causes the agent to config to init.
      Faulting code:

          ap_log_rerror(APLOG_MARK, APLOG_DEBUG | APLOG_NOERRNO, 0, req, "amagent_auth_handler(): [%s] [%ld]", config->config, config->agent_hash);
      
      static void config_initialise(uint32_t hash, uint32_t change_no, uint64_t ts, char *token, const char *file, am_config_t *cnf)
      {
          cnf->instance_id = hash;
          cnf->policy_hash = am_agent_hash(cnf->naming_url[0], cnf->policy_eval_realm, cnf->policy_eval_app);
      

      Fix:
      Introduce agent exit on policy_eval_realm / policy_eval_app being null.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              mareks.malnacs Mareks Malnacs
              Reporter:
              jeremy.cocks Jeremy Cocks
              QA Assignee:
                edwardb edwardb
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: