Re: (ITS#5002) Windows Service: logoff causes shutdown
by hyc@symas.com
This bug was fixed several years ago. You should update to a current
release. This ITS will be closed.
mark.lakes(a)alcatel-lucent.com wrote:
> Full_Name: Mark Lakes
> Version: 2.1.22
> OS: Windows
> URL: ftp://ftp.openldap.org/incoming/
> Submission from: (NULL) (198.206.187.100)
>
>
> Summary: LDAP service stops when user logs off.
>
> The LDAP server is registered as a Windows Service and works correctly with
> SCM.
> It is registered as an automatic service so should be running all the time.
> When a user logs off from the box, the logoff triggers the service to stop
> running.
> This happens on WindowsXP and Windows 2003 Server that are configured on a
> Domain.
>
> I have a solution.
> The problem is that despite the fact it is a service, it receives an event
> called CTRL_LOGOFF_EVENT. Since it is not handling this event, the default
> behavior by Windows is to shutdown the service.
> Add the following code to the source at an appropriate place(probably somewhere
> in ntservice.c) for when it runs as a service:
>
> /**
> This is used to handle CTRL_LOGOFF_EVENT from shutting us down when we are
> running as a service.
> Return TRUE works. We dont really care what the crtlType is.
> */
> BOOL WINAPI
> WinSigHANDLER_ROUTINE(DWORD ctrlType)
> {
> /*
> char logstr[256];
> sprintf(logstr, "NTservice: caught signal(%d)\n", ctrlType);
> writeStatusLog(logstr);
> switch (ctrlType)
> {
> case CTRL_LOGOFF_EVENT:
> ...
> default:
>
> } */
> return TRUE;
> }
>
> Then, register the above function in the appropriate place as follows:
> SetConsoleCtrlHandler(WinSigHANDLER_ROUTINE, TRUE);
>
>
>
>
--
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
15 years, 8 months
(ITS#5002) Windows Service: logoff causes shutdown
by mark.lakes@alcatel-lucent.com
Full_Name: Mark Lakes
Version: 2.1.22
OS: Windows
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (198.206.187.100)
Summary: LDAP service stops when user logs off.
The LDAP server is registered as a Windows Service and works correctly with
SCM.
It is registered as an automatic service so should be running all the time.
When a user logs off from the box, the logoff triggers the service to stop
running.
This happens on WindowsXP and Windows 2003 Server that are configured on a
Domain.
I have a solution.
The problem is that despite the fact it is a service, it receives an event
called CTRL_LOGOFF_EVENT. Since it is not handling this event, the default
behavior by Windows is to shutdown the service.
Add the following code to the source at an appropriate place(probably somewhere
in ntservice.c) for when it runs as a service:
/**
This is used to handle CTRL_LOGOFF_EVENT from shutting us down when we are
running as a service.
Return TRUE works. We dont really care what the crtlType is.
*/
BOOL WINAPI
WinSigHANDLER_ROUTINE(DWORD ctrlType)
{
/*
char logstr[256];
sprintf(logstr, "NTservice: caught signal(%d)\n", ctrlType);
writeStatusLog(logstr);
switch (ctrlType)
{
case CTRL_LOGOFF_EVENT:
...
default:
} */
return TRUE;
}
Then, register the above function in the appropriate place as follows:
SetConsoleCtrlHandler(WinSigHANDLER_ROUTINE, TRUE);
15 years, 8 months
(ITS#5001) Incorrect SSF display
by quanah@OpenLDAP.org
Full_Name: Quanah Gibson-Mount
Version: 2.3.35
OS: NA
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (71.202.148.128)
I was playing with SASL connections on an TLS encrypted connection, and noticed
the SSF displayed is not correct in the SASL part.
Jun 7 12:51:27 ldap-dev1 slapd[11858]: conn=4494 fd=29 TLS established
tls_ssf=256 ssf=256
Jun 7 12:51:27 ldap-dev1 slapd[11858]: conn=4494 op=4 BIND
dn="uid=quanah,cn=accounts,dc=stanford,dc=edu" mech=GSSAPI ssf=56
I believe that the second line above should really display "sasl_ssf=56", or
probably even better, "sasl_ssf=56 ssf=256", similar to how the first line has
"tls_ssf=256 ssf=256", so that it is clear that there are different security
factors in play here.
--Quanah
15 years, 8 months
Re: (ITS#4965) slapd stops if access to cn=monitor is restricted
by ando@sys-net.it
HEAD as of now:
<slapd.conf>
# ...
access to * by * none
database bdb
suffix "dc=example,dc=com"
directory
/home/masarati/Lavoro/sysnet/Ldap/ldap-devel/tests/testrun/db.1.a
rootdn "cn=Manager,dc=example,dc=com"
rootpw secret
index objectClass eq
index cn,sn,uid pres,eq,sub
database monitor
</slapd.conf>
$ slapd -d stats
@(#) $OpenLDAP: slapd 2.X (Jun 7 2007 17:39:58) $
masarati@mbdyn-pm:/home/masarati/Lavoro/sysnet/Ldap/ldap-devel/servers/slapd
bdb_db_open: Warning - No DB_CONFIG file found in directory
/home/masarati/Lavoro/sysnet/Ldap/ldap-devel/tests/testrun/db.1.a: (2)
Expect poor performance for suffix dc=example,dc=com.
monitor_back_register_entry_attrs(""): base="cn=databases,cn=monitor"
scope=one
filter="(namingContexts:distinguishedNameMatch:=dc=example,dc=com)":
unable to find entry
slapd starting
It seems fine to me. Are you sure there isn't anything else? You might
be disguised by a warning that has nothing to do with your real issue.
Or, you're not posting enough info.
p.
ali.pouya(a)free.fr wrote:
> Hi Pierangelo;
> Unfortunately I reproduced the problem with the HEAD dated June 5.
> If I do not add a rootdn to the monitor database, slapd cannot start.
> At the end of the log I find :
>
> monitor_back_register_entry_attrs(""): base="cn=databases,cn=monitor" scope=one
> filter="(namingContexts:distinguishedNameMatch:=c=fr)": unable to find entry
>
> ====> bdb_cache_release_all
> backend_startup_one: bi_db_open failed! (-1)
> slapd shutdown: initiated
> ====> bdb_cache_release_all
> bdb_db_close: alock_close failed
> slapd destroy: freeing system resources.
> slapd stopped.
> connections_destroy: nothing to destroy.
>
> Is the rootdn mandatory for monitor ?
> Best Regards
> Ali
>
>
>
>
Ing. Pierangelo Masarati
OpenLDAP Core Team
SysNet s.r.l.
via Dossi, 8 - 27100 Pavia - ITALIA
http://www.sys-net.it
---------------------------------------
Office: +39 02 23998309
Mobile: +39 333 4963172
Email: pierangelo.masarati(a)sys-net.it
---------------------------------------
15 years, 8 months
Re: (ITS#5000) slapd with invalid url causes crashes
by hyc@symas.com
This is most likely the same as ITS#4957 which has already been fixed in
the new release candidate. This ITS will be closed.
jl+openldap(a)lists.wasmer.ca wrote:
> Full_Name: Jean-Luc Wasmer
> Version: 2.3.32
> OS: NetBSD 4.0 Beta2
> URL: ftp://ftp.openldap.org/incoming/
> Submission from: (NULL) (70.50.240.203)
>
>
>
> When slapd is started with an invalid url, it looks like it's trying to destroy
> an uninitialized mutex:
>
> Program received signal SIGABRT, Aborted.
> 0xbb87dfff in kill () from /usr/lib/libc.so.12
> (gdb) backtrace
> #0 0xbb87dfff in kill () from /usr/lib/libc.so.12
> #1 0xbb94adb3 in pthread__errorfunc () from /usr/lib/libpthread.so.0
> #2 0xbb9491fe in pthread_mutex_destroy () from /usr/lib/libpthread.so.0
> #3 0xbbbbd1eb in ldap_pvt_thread_mutex_destroy () from
> /usr/pkg/lib/libldap_r-2.3.so.0
> #4 0x0805a756 in ?? ()
> #5 0x0819e4fc in __ps_strings ()
> #6 0x00000002 in ?? ()
> #7 0xbfbfe8e8 in ?? ()
> #8 0x0805a713 in ?? ()
> #9 0x00000286 in ?? ()
> #10 0x00000001 in ?? ()
> #11 0xbfbfe958 in ?? ()
> #12 0x0804e2c1 in ?? ()
> #13 0xbfa00000 in ?? ()
> #14 0xbb92cdd0 in tzname () from /usr/lib/libc.so.12
> #15 0x00000002 in ?? ()
> #16 0x00000000 in ?? ()
>
> Invalid argument that triggered the bug:
> -h 'ldap://127.0.0.1 ldaps://<external ip>'
> with no interfaces on the system configured with <external ip>
>
>
> .
>
--
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
15 years, 8 months
Re: (ITS#4965) slapd stops if access to cn=monitor is restricted
by ali.pouya@free.fr
Hi Pierangelo;
Unfortunately I reproduced the problem with the HEAD dated June 5.
If I do not add a rootdn to the monitor database, slapd cannot start.
At the end of the log I find :
monitor_back_register_entry_attrs(""): base="cn=databases,cn=monitor" scope=one
filter="(namingContexts:distinguishedNameMatch:=c=fr)": unable to find entry
====> bdb_cache_release_all
backend_startup_one: bi_db_open failed! (-1)
slapd shutdown: initiated
====> bdb_cache_release_all
bdb_db_close: alock_close failed
slapd destroy: freeing system resources.
slapd stopped.
connections_destroy: nothing to destroy.
Is the rootdn mandatory for monitor ?
Best Regards
Ali
15 years, 8 months
(ITS#5000) slapd with invalid url causes crashes
by jl+openldap@lists.wasmer.ca
Full_Name: Jean-Luc Wasmer
Version: 2.3.32
OS: NetBSD 4.0 Beta2
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (70.50.240.203)
When slapd is started with an invalid url, it looks like it's trying to destroy
an uninitialized mutex:
Program received signal SIGABRT, Aborted.
0xbb87dfff in kill () from /usr/lib/libc.so.12
(gdb) backtrace
#0 0xbb87dfff in kill () from /usr/lib/libc.so.12
#1 0xbb94adb3 in pthread__errorfunc () from /usr/lib/libpthread.so.0
#2 0xbb9491fe in pthread_mutex_destroy () from /usr/lib/libpthread.so.0
#3 0xbbbbd1eb in ldap_pvt_thread_mutex_destroy () from
/usr/pkg/lib/libldap_r-2.3.so.0
#4 0x0805a756 in ?? ()
#5 0x0819e4fc in __ps_strings ()
#6 0x00000002 in ?? ()
#7 0xbfbfe8e8 in ?? ()
#8 0x0805a713 in ?? ()
#9 0x00000286 in ?? ()
#10 0x00000001 in ?? ()
#11 0xbfbfe958 in ?? ()
#12 0x0804e2c1 in ?? ()
#13 0xbfa00000 in ?? ()
#14 0xbb92cdd0 in tzname () from /usr/lib/libc.so.12
#15 0x00000002 in ?? ()
#16 0x00000000 in ?? ()
Invalid argument that triggered the bug:
-h 'ldap://127.0.0.1 ldaps://<external ip>'
with no interfaces on the system configured with <external ip>
15 years, 8 months
Re: (ITS#4998) overlays/ppolicy.c: invalid pointer due to free() of unallocated buffer
by msl@calivia.com
Howard Chu wrote:
> msl(a)calivia.com wrote:
>> Full_Name: Michael Steinmann
>> Version: 2.3.35 / HEAD
>> OS: Linux
>> URL: ftp://ftp.openldap.org/incoming/
>> Submission from: (NULL) (80.254.173.218)
>>
>>
>> This is while testing a custom pwdCheckModule.
>> In function check_password_quality(), char *txt is free()'d, slapd
>> crashes with
>> "invalid pointer".
>
> The code works as designed (and as documented). Re-read the
> slapo-ppolicy(5) manpage. This ITS will be closed.
Got it, thanks. Sorry for the noise.
--
mike
15 years, 8 months
Re: (ITS#4629) slapd failure on HP-UX 11.23/IA 64-bit
by h.b.furuseth@usit.uio.no
I've been looking rather belatedly at this patch... it's simple,
but the type name ACCEPT_TYPE_ARG3 is a bit ugly to use in .c
source files instead of socklen_t.
What's the "nice" way to do this? It's an internal type dependent
on compiler switches (-D_XOPEN_SOURCE_EXTENDED on HP-UX), so I
don't think it is wise to expose it in lber_types.h. It depends
on <sys/socket.h> anyway. If not... just use ACCEPT_TYPE_ARG3 or
maybe AC_SOCKLEN_T directly in .c files? #define AC_SOCKLEN_T in
portable.h and typedef ac_socklen_t as it in sys/socket.h? Cheat
and #define ber_socklen_t in portable.h?
Also the patch is incomplete, we need to use this type (or some
configured type) in getpeername(), getsockopt() and recvfrom()
too. I _hope_ they all use the same type or at least a type with
the same size on all these platforms...
Googling around a bit, the mess with socklen_t and accept()
prototypes seems amazing. I'm not sure I dare commit a patch
which fails if it doesn't figure out the right type. At least not
to RE23 - I'll commit a patch there which just guesses socklen_t
or int if it can't figure out the right prototype. We can try one
which fails in that case in HEAD and see if anyone complain.
If we are going to be as paranoid as some other code out there,
it'd be something like this (and even more if we want to try until
succeeding in HEAD) - that's 12 compiles instead of the 5 in the
submitted patch. Quite a lot...
dnl socklen_t-like type in accept(), default socklen_t or int:
dnl - The OS might define socklen_t without using it. POSIX moved from
dnl int to size_t to socklen_t, hoping to stay at a 32-bit type, and
dnl HP-UX has selectors for what to use.
dnl - On Solaris 2.8 the prototype has void *len, but the default is OK.
AC_MSG_CHECKING([for socklen_t-like type in accept()])
AC_CACHE_VAL(ol_cv_type_lber_socklen_t, [
set socklen_t int unsigned "unsigned long" long size_t
test "$ac_cv_type_socklen_t" = yes || shift
ol_cv_type_lber_socklen_t=$1 guessing="guessing "
for lentype in "$@" ; do for addrtype in "struct sockaddr" void ; do
AC_COMPILE_IFELSE([AC_LANG_PROGRAM([$ac_includes_default
#ifdef HAVE_SYS_SOCKET_H
#include <sys/socket.h>
#endif
extern int accept(int s, $addrtype *ap, $lentype *lp);
], [
$lentype len;
accept(0, (struct sockaddr *) 0, &len);
])], [ol_cv_type_lber_socklen_t=$lentype guessing= ; break 2])
done ; done])
AC_MSG_RESULT([$guessing$ol_cv_type_lber_socklen_t])
AC_DEFINE_UNQUOTED(LBER_SOCKLEN_T, $ol_cv_type_lber_socklen_t,
[define to socklen_t-like type in accept()])
--
Regards,
Hallvard
15 years, 8 months