Re: (ITS#6664) Server control forwarding in back_meta and back_ldap
by hyc@symas.com
masarati(a)aero.polimi.it wrote:
>> Note that the SSSVLV overlay can handle paged results locally too, thus
>> negating any need for back-ldap/back-meta to forward it to a remote
>> server.
>> Obviously for greatest generality, there needs to be a way to configure
>> which
>> set of controls to pass through, and which to process locally. (Much like
>> back-ldap's option to process the WhoAmI exop...)
>
> Right. With proxies the problem is twofold:
>
> a) clients request pr because they think they're talking to AD
>
> b) the proxy may need to use pr even if the client does not request it,
> because it knows it's talking to AD
>
> In (a), the issue could be handled the way sssvlv does, relieving the
> proxy from having to deal with server-side pr; this would be extremely
> beneficial, for example, for back-meta
>
> In (b), the proxy could be configured to use pr the way I mentioned above;
> in principle, the proxy could be so clever to avoid using pr, and simply
> accept to handle unrequested pr responses, but only if instructed to do
> so.
>
> Filtering what controls are passed thru should be easy, since both proxy
> backends always call ldap_back_controls_add()/meta_back_controls_add() to
> muck with request controls (usually to add proxied authorization and so);
> this function could easily strip or add pr if instructed to do so.
Should also revisit ITS#4591 while thinking about this.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
12 years, 5 months
Re: (ITS#5862) Assert control ignored on non-database entries
by hyc@symas.com
h.b.furuseth(a)usit.uio.no wrote:
> Full_Name: Hallvard B Furuseth
> Version: HEAD
> OS: Linux
> URL:
> Submission from: (NULL) (129.240.6.233)
> Submitted by: hallvard
>
>
> slapd does not apply the Assert control to non-database entries
> (at least the root and subschema entries), yet does not reject
> a critical control either.
>
> I have not explored the magnitutde of the problem: Where the
> control can get ignored, and which other controls are ignored.
>
> $ ldapsearch -LLLx -e\!assert='(objectClass=person)' -b "" -s base
> dn:
> objectClass: top
> objectClass: OpenLDAProotDSE
>
> $ ldapsearch -LLLx -e\!assert='(objectClass=person)' -b cn=subschema -s base
> dn: cn=Subschema
> objectClass: top
> objectClass: subentry
> objectClass: subschema
> objectClass: extensibleObject
> cn: Subschema
>
>
> -b "" -s sub does apply the control with database bdb + suffix "".
> Don't know about back-sql.
> However I imagine it varies how careful backends "" are about generating
> the root DSE when suffix == "" so controls can be applied to it. Might
> need a backend flag which says whether the backend does this, and reject
> the critical controls with unwillingToPerform if this flag is not set.
With ITS#6753 I've centralized Compare processing into the frontend, so the
Assert control is now processed for non-database entries with this op. Someone
should take a look and see what other operations we need to worry about.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
12 years, 5 months
Re: (ITS#6741)
by hyc@symas.com
The ITS doesn't really handle MIME messages very well. Please just follow the
guidelines on the OpenLDAP web site.
http://www.openldap.org/devel/contributing.html
jgcardoso(a)seguridata.com wrote:
> This is a multi-part message in MIME format.
>
> ------_=_NextPart_001_01CBA7B8.A7EC1D62
> Content-Type: text/plain;
> charset="us-ascii"
> Content-Transfer-Encoding: quoted-printable
>
> I created a function to support conversion from DER BitString encoded
> data to RFC4517 Bit String Format.
>
> I tested it alone and it seems to work fine with normal and abnormal
> situations.
>
> =20
>
> I also wrote a proposal to the call that must be included at
> ldap_X509dn2bv() function.
>
> =20
>
> First comes the conversion function and after comes the proposal.
>
> =20
>
> =20
>
> /*****************************************************/
>
> =20
>
> #define BITS_PER_BYTE 8
>
> #define SQUOTE_LENGTH 1
>
> #define B_CHAR_LENGTH 1
>
> #define STR_OVERHEAD (2*SQUOTE_LENGTH + B_CHAR_LENGTH)
>
> =20
>
> int ldap_der_to_rfc4517_BitString (struct berval *berValue,
>
> struct berval *rfc4517Value) {
>
>
> ber_len_t bitPadding=3D0;
>
> ber_len_t bits, maxBits;
>
> char *tmpStr;
>
> unsigned char byte;
>
> ber_len_t bitLength;
>
> ber_len_t valLen;
>
> unsigned char* valPtr;
>
> =20
>
> rfc4517Value->bv_len=3D0;
>
> rfc4517Value->bv_val=3DNULL;
>
> =20
>
> /* Gets padding and points to binary data */
>
> valLen=3DberValue->bv_len;
>
> valPtr=3D(unsigned char*)berValue->bv_val;
>
> if (valLen) {
>
> bitPadding=3D(ber_len_t)(valPtr[0]);
>
> valLen--;
>
> valPtr++;
>
> }
>
> /* If Block is non DER encoding fixes to DER encoding */
>
> if (bitPadding>=3D BITS_PER_BYTE) {
>
> if (valLen*BITS_PER_BYTE> bitPadding ) {
>
> valLen-=3D(bitPadding/BITS_PER_BYTE);
>
> bitPadding%=3DBITS_PER_BYTE;
>
> } else {
>
> valLen=3D0;
>
> bitPadding=3D0;
>
> }
>
> }
>
> /* Just in case bad encoding */
>
> if (valLen*BITS_PER_BYTE< bitPadding ) {
>
> bitPadding=3D0;
>
> valLen=3D0;
>
> }
>
> =20
>
> /* Gets buffer to hold RFC4517 Bit String format */
>
> bitLength=3DvalLen*BITS_PER_BYTE-bitPadding;
>
> tmpStr=3DLDAP_MALLOC(bitLength + STR_OVERHEAD + 1);
>
> =20
>
> if (!tmpStr)
>
> return LDAP_NO_MEMORY;
>
> =20
>
> rfc4517Value->bv_val=3DtmpStr;
>
> rfc4517Value->bv_len=3DbitLength + STR_OVERHEAD;
>
> =20
>
> /* Formatting in '*binary-digit'B format */
>
> maxBits=3DBITS_PER_BYTE;
>
> *tmpStr=3D'\'';
>
> tmpStr++;
>
> while(valLen) {
>
> byte=3D*valPtr;
>
> if (valLen=3D=3D1)
>
> maxBits-=3DbitPadding;
>
> for (bits=3D0; bits<maxBits; bits++) {
>
> if (0x80& byte)
>
> *tmpStr=3D'1';
>
> else
>
> *tmpStr=3D'0';
>
> tmpStr++;
>
> byte<<=3D1;
>
> }
>
> valPtr++;
>
> valLen--;
>
> }
>
> *tmpStr=3D'\'';
>
> tmpStr++;
>
> *tmpStr=3D'B';
>
> tmpStr++;
>
> *tmpStr=3D0;
>
> =20
>
> return LDAP_SUCCESS;
>
> }
>
> =20
>
> =20
>
> /*****************************************************/
>
> /*****************************************************/
>
> =20
>
> =20
>
> /*
>
> * Other tags found in AVAs (X.520)
>
> */
>
> #define LBER_TAG_BITSTRING ((ber_tag_t) 0x03UL)
>
> =20
>
> =20
>
> ldap_X509dn2bv function updated:
>
> =20
>
> switch(tag) {
>
> case LBER_TAG_UNIVERSAL:
>
> /* This uses 32-bit ISO 10646-1 */
>
> csize =3D 4; goto to_utf8;
>
> case LBER_TAG_BMP:
>
> /* This uses 16-bit ISO 10646-1 */
>
> csize =3D 2; goto to_utf8;
>
> case LBER_TAG_BITSTRING:
>
> /* X.690 bitString value converted to RFC4517 Bit
> String */
>
> rc =3D ldap_der_to_rfc4517_BitString(&Val,
> &newAVA->la_value );
>
> goto after_utf8;
>
> case LBER_TAG_TELETEX:
>
> /* This uses 8-bit, assume ISO 8859-1 */
>
> csize =3D 1;
>
> to_utf8: rc =3D ldap_ucs_to_utf8s(&Val, csize,
> &newAVA->la_value );
>
> after_utf8: newAVA->la_flags |=3D LDAP_AVA_FREE_VALUE;
>
> if (rc !=3D LDAP_SUCCESS) goto nomem;
>
> newAVA->la_flags =3D LDAP_AVA_NONPRINTABLE;
>
> break;
>
> case LBER_TAG_UTF8:
>
> newAVA->la_flags =3D LDAP_AVA_NONPRINTABLE;
>
> /* This is already in UTF-8 encoding */
>
> case LBER_TAG_IA5:
>
> case LBER_TAG_PRINTABLE:
>
> /* These are always 7-bit strings */
>
> newAVA->la_value =3D Val;
>
> default:
>
> ;
>
> }
>
> =20
>
>
> ------_=_NextPart_001_01CBA7B8.A7EC1D62
> Content-Type: text/html;
> charset="us-ascii"
> Content-Transfer-Encoding: quoted-printable
>
> <html xmlns:v=3D"urn:schemas-microsoft-com:vml" =
> xmlns:o=3D"urn:schemas-microsoft-com:office:office" =
> xmlns:w=3D"urn:schemas-microsoft-com:office:word" =
> xmlns:x=3D"urn:schemas-microsoft-com:office:excel" =
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
12 years, 5 months
(ITS#6741)
by jgcardoso@seguridata.com
This is a multi-part message in MIME format.
------_=_NextPart_001_01CBA7B8.A7EC1D62
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
I created a function to support conversion from DER BitString encoded
data to RFC4517 Bit String Format.
I tested it alone and it seems to work fine with normal and abnormal
situations.
=20
I also wrote a proposal to the call that must be included at
ldap_X509dn2bv() function.
=20
First comes the conversion function and after comes the proposal.
=20
=20
/*****************************************************/
=20
#define BITS_PER_BYTE 8
#define SQUOTE_LENGTH 1
#define B_CHAR_LENGTH 1
#define STR_OVERHEAD (2*SQUOTE_LENGTH + B_CHAR_LENGTH)
=20
int ldap_der_to_rfc4517_BitString (struct berval *berValue,
struct berval *rfc4517Value) {
ber_len_t bitPadding=3D0;
ber_len_t bits, maxBits;
char *tmpStr;
unsigned char byte;
ber_len_t bitLength;
ber_len_t valLen;
unsigned char* valPtr;
=20
rfc4517Value->bv_len=3D0;
rfc4517Value->bv_val=3DNULL;
=20
/* Gets padding and points to binary data */
valLen=3DberValue->bv_len;
valPtr=3D(unsigned char*)berValue->bv_val;
if (valLen) {
bitPadding=3D(ber_len_t)(valPtr[0]);
valLen--;
valPtr++;
}
/* If Block is non DER encoding fixes to DER encoding */
if (bitPadding >=3D BITS_PER_BYTE) {
if (valLen*BITS_PER_BYTE > bitPadding ) {
valLen-=3D(bitPadding/BITS_PER_BYTE);
bitPadding%=3DBITS_PER_BYTE;
} else {
valLen=3D0;
bitPadding=3D0;
}
}
/* Just in case bad encoding */
if (valLen*BITS_PER_BYTE < bitPadding ) {
bitPadding=3D0;
valLen=3D0;
}
=20
/* Gets buffer to hold RFC4517 Bit String format */
bitLength=3DvalLen*BITS_PER_BYTE-bitPadding;
tmpStr=3DLDAP_MALLOC(bitLength + STR_OVERHEAD + 1);
=20
if (!tmpStr)
return LDAP_NO_MEMORY;
=20
rfc4517Value->bv_val=3DtmpStr;
rfc4517Value->bv_len=3DbitLength + STR_OVERHEAD;
=20
/* Formatting in '*binary-digit'B format */
maxBits=3DBITS_PER_BYTE;
*tmpStr=3D'\'';
tmpStr++;
while(valLen) {
byte=3D*valPtr;
if (valLen=3D=3D1)
maxBits-=3DbitPadding;
for (bits=3D0; bits<maxBits; bits++) {
if (0x80 & byte)
*tmpStr=3D'1';
else
*tmpStr=3D'0';
tmpStr++;
byte<<=3D1;
}
valPtr++;
valLen--;
}
*tmpStr=3D'\'';
tmpStr++;
*tmpStr=3D'B';
tmpStr++;
*tmpStr=3D0;
=20
return LDAP_SUCCESS;
}
=20
=20
/*****************************************************/
/*****************************************************/
=20
=20
/*
* Other tags found in AVAs (X.520)
*/
#define LBER_TAG_BITSTRING ((ber_tag_t) 0x03UL)
=20
=20
ldap_X509dn2bv function updated:
=20
switch(tag) {
case LBER_TAG_UNIVERSAL:
/* This uses 32-bit ISO 10646-1 */
csize =3D 4; goto to_utf8;
case LBER_TAG_BMP:
/* This uses 16-bit ISO 10646-1 */
csize =3D 2; goto to_utf8;
case LBER_TAG_BITSTRING:
/* X.690 bitString value converted to RFC4517 Bit
String */
rc =3D ldap_der_to_rfc4517_BitString( &Val,
&newAVA->la_value );
goto after_utf8;
case LBER_TAG_TELETEX:
/* This uses 8-bit, assume ISO 8859-1 */
csize =3D 1;
to_utf8: rc =3D ldap_ucs_to_utf8s( &Val, csize,
&newAVA->la_value );
after_utf8: newAVA->la_flags |=3D LDAP_AVA_FREE_VALUE;
if (rc !=3D LDAP_SUCCESS) goto nomem;
newAVA->la_flags =3D LDAP_AVA_NONPRINTABLE;
break;
case LBER_TAG_UTF8:
newAVA->la_flags =3D LDAP_AVA_NONPRINTABLE;
/* This is already in UTF-8 encoding */
case LBER_TAG_IA5:
case LBER_TAG_PRINTABLE:
/* These are always 7-bit strings */
newAVA->la_value =3D Val;
default:
;
}
=20
------_=_NextPart_001_01CBA7B8.A7EC1D62
Content-Type: text/html;
charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
<html xmlns:v=3D"urn:schemas-microsoft-com:vml" =
xmlns:o=3D"urn:schemas-microsoft-com:office:office" =
xmlns:w=3D"urn:schemas-microsoft-com:office:word" =
xmlns:x=3D"urn:schemas-microsoft-com:office:excel" =
xmlns:m=3D"http://schemas.microsoft.com/office/2004/12/omml" =
xmlns=3D"http://www.w3.org/TR/REC-html40"><head><meta =
http-equiv=3DContent-Type content=3D"text/html; =
charset=3Dus-ascii"><meta name=3DGenerator content=3D"Microsoft Word 12 =
(filtered medium)"><style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p.MsoAcetate, li.MsoAcetate, div.MsoAcetate
{mso-style-priority:99;
mso-style-link:"Balloon Text Char";
margin:0cm;
margin-bottom:.0001pt;
font-size:8.0pt;
font-family:"Tahoma","sans-serif";}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Calibri","sans-serif";
color:windowtext;}
span.BalloonTextChar
{mso-style-name:"Balloon Text Char";
mso-style-priority:99;
mso-style-link:"Balloon Text";
font-family:"Tahoma","sans-serif";}
.MsoChpDefault
{mso-style-type:export-only;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:70.85pt 3.0cm 70.85pt 3.0cm;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext=3D"edit" spidmax=3D"1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext=3D"edit">
<o:idmap v:ext=3D"edit" data=3D"1" />
</o:shapelayout></xml><![endif]--></head><body lang=3DES-MX link=3Dblue =
vlink=3Dpurple><div class=3DWordSection1><p class=3DMsoNormal><span =
lang=3DEN-US style=3D'font-family:"Courier New"'>I created a function to =
support conversion from DER BitString encoded data to RFC4517 Bit String =
Format.<o:p></o:p></span></p><p class=3DMsoNormal><span lang=3DEN-US =
style=3D'font-family:"Courier New"'>I tested it alone and it seems to =
work fine with normal and abnormal situations.<o:p></o:p></span></p><p =
class=3DMsoNormal><span lang=3DEN-US style=3D'font-family:"Courier =
New"'><o:p> </o:p></span></p><p class=3DMsoNormal><span =
lang=3DEN-US style=3D'font-family:"Courier New"'>I also wrote a proposal =
to the call that must be included at ldap_X509dn2bv() =
function.<o:p></o:p></span></p><p class=3DMsoNormal><span lang=3DEN-US =
style=3D'font-family:"Courier New"'><o:p> </o:p></span></p><p =
class=3DMsoNormal><span lang=3DEN-US style=3D'font-family:"Courier =
New"'>First comes the conversion function and after comes the =
proposal.<o:p></o:p></span></p><p class=3DMsoNormal><span lang=3DEN-US =
style=3D'font-family:"Courier New"'><o:p> </o:p></span></p><p =
class=3DMsoNormal><span lang=3DEN-US style=3D'font-family:"Courier =
New"'><o:p> </o:p></span></p><p class=3DMsoNormal><span =
lang=3DEN-US style=3D'font-family:"Courier =
New"'>/*****************************************************/<o:p></o:p><=
/span></p><p class=3DMsoNormal><span lang=3DEN-US =
style=3D'font-family:"Courier New"'><o:p> </o:p></span></p><p =
class=3DMsoNormal><span lang=3DEN-US style=3D'font-family:"Courier =
New"'>#define BITS_PER_BYTE =
8<o:p></o:p></span></p><p class=3DMsoNormal><span lang=3DEN-US =
style=3D'font-family:"Courier New"'>#define =
SQUOTE_LENGTH 1<o:p></o:p></span></p><p =
class=3DMsoNormal><span lang=3DEN-US style=3D'font-family:"Courier =
New"'>#define B_CHAR_LENGTH =
1<o:p></o:p></span></p><p class=3DMsoNormal><span lang=3DEN-US =
style=3D'font-family:"Courier New"'>#define =
STR_OVERHEAD (2*SQUOTE_LENGTH + =
B_CHAR_LENGTH)<o:p></o:p></span></p><p class=3DMsoNormal><span =
lang=3DEN-US style=3D'font-family:"Courier =
New"'><o:p> </o:p></span></p><p class=3DMsoNormal><span =
lang=3DEN-US style=3D'font-family:"Courier New"'>int =
ldap_der_to_rfc4517_BitString (struct berval =
*berValue,<o:p></o:p></span></p><p class=3DMsoNormal><span lang=3DEN-US =
style=3D'font-family:"Courier =
New"'> =
&=
nbsp; &n=
bsp; struct berval *rfc4517Value) =
{ =
&=
nbsp; <o:p></o:p></span></p><p =
class=3DMsoNormal><span lang=3DEN-US style=3D'font-family:"Courier =
New"'>ber_len_t bitPadding=3D0;<o:p></o:p></span></p><p =
class=3DMsoNormal><span lang=3DEN-US style=3D'font-family:"Courier =
New"'>ber_len_t bits, maxBits;<o:p></o:p></span></p><p =
class=3DMsoNormal><span lang=3DEN-US style=3D'font-family:"Courier =
New"'>char *tmpStr;<o:p></o:p></span></p><p class=3DMsoNormal><span =
lang=3DEN-US style=3D'font-family:"Courier New"'>unsigned char =
byte;<o:p></o:p></span></p><p class=3DMsoNormal><span lang=3DEN-US =
style=3D'font-family:"Courier New"'>ber_len_t =
bitLength;<o:p></o:p></span></p><p class=3DMsoNormal><span lang=3DEN-US =
style=3D'font-family:"Courier New"'>ber_len_t =
valLen;<o:p></o:p></span></p><p class=3DMsoNormal><span lang=3DEN-US =
style=3D'font-family:"Courier New"'>unsigned char* =
valPtr;<o:p></o:p></span></p><p class=3DMsoNormal><span lang=3DEN-US =
style=3D'font-family:"Courier New"'><o:p> </o:p></span></p><p =
class=3DMsoNormal><span lang=3DEN-US style=3D'font-family:"Courier =
New"'> rfc4517Value->bv_len=3D0;<o:p></o:p></span></p><p =
class=3DMsoNormal><span lang=3DEN-US style=3D'font-family:"Courier =
New"'> =
rfc4517Value->bv_val=3DNULL;<o:p></o:p></span></p><p =
class=3DMsoNormal><span lang=3DEN-US style=3D'font-family:"Courier =
New"'><o:p> </o:p></span></p><p class=3DMsoNormal><span =
lang=3DEN-US style=3D'font-family:"Courier New"'> /* Gets =
padding and points to binary data */<o:p></o:p></span></p><p =
class=3DMsoNormal><span lang=3DEN-US style=3D'font-family:"Courier =
New"'> valLen=3DberValue->bv_len;<o:p></o:p></span></p><p =
class=3DMsoNormal><span lang=3DEN-US style=3D'font-family:"Courier =
New"'> valPtr=3D(unsigned =
char*)berValue->bv_val;<o:p></o:p></span></p><p =
class=3DMsoNormal><span lang=3DEN-US style=3D'font-family:"Courier =
New"'> if (valLen) {<o:p></o:p></span></p><p =
class=3DMsoNormal><span lang=3DEN-US style=3D'font-family:"Courier =
New"'> =
bitPadding=3D(ber_len_t)(valPtr[0]);<o:p></o:p></span></p><p =
class=3DMsoNormal><span lang=3DEN-US style=3D'font-family:"Courier =
New"'> valLen--;<o:p></o:p></span></p><p =
class=3DMsoNormal><span lang=3DEN-US style=3D'font-family:"Courier =
New"'> valPtr++;<o:p></o:p></span></p><p =
class=3DMsoNormal><span lang=3DEN-US style=3D'font-family:"Courier =
New"'> }<o:p></o:p></span></p><p class=3DMsoNormal><span =
lang=3DEN-US style=3D'font-family:"Courier New"'> /* If =
Block is non DER encoding fixes to DER encoding =
*/<o:p></o:p></span></p><p class=3DMsoNormal><span lang=3DEN-US =
style=3D'font-family:"Courier New"'> if (bitPadding >=3D =
BITS_PER_BYTE) {<o:p></o:p></span></p><p class=3DMsoNormal><span =
lang=3DEN-US style=3D'font-family:"Courier =
New"'> if (valLen*BITS_PER_BYTE > =
bitPadding ) {<o:p></o:p></span></p><p class=3DMsoNormal><span =
lang=3DEN-US style=3D'font-family:"Courier =
New"'> =
valLen-=3D(bitPadding/BITS_PER_BYTE);<o:p></o:p></span></p><p =
class=3DMsoNormal><span lang=3DEN-US style=3D'font-family:"Courier =
New"'> =
bitPadding%=3DBITS_PER_BYTE;<o:p></o:p></span></p><p =
class=3DMsoNormal><span lang=3DEN-US style=3D'font-family:"Courier =
New"'> } else {<o:p></o:p></span></p><p =
class=3DMsoNormal><span lang=3DEN-US style=3D'font-family:"Courier =
New"'> =
valLen=3D0;<o:p></o:p></span></p><p class=3DMsoNormal><span lang=3DEN-US =
style=3D'font-family:"Courier =
New"'> =
bitPadding=3D0;<o:p></o:p></span></p><p class=3DMsoNormal><span =
lang=3DEN-US style=3D'font-family:"Courier =
New"'> }<o:p></o:p></span></p><p =
class=3DMsoNormal><span lang=3DEN-US style=3D'font-family:"Courier =
New"'> }<o:p></o:p></span></p><p class=3DMsoNormal><span =
lang=3DEN-US style=3D'font-family:"Courier New"'> /* Just in =
case bad encoding */<o:p></o:p></span></p><p class=3DMsoNormal><span =
lang=3DEN-US style=3D'font-family:"Courier New"'> if =
(valLen*BITS_PER_BYTE < bitPadding ) {<o:p></o:p></span></p><p =
class=3DMsoNormal><span lang=3DEN-US style=3D'font-family:"Courier =
New"'> =
bitPadding=3D0;<o:p></o:p></span></p><p class=3DMsoNormal><span =
lang=3DEN-US style=3D'font-family:"Courier =
New"'> valLen=3D0;<o:p></o:p></span></p><p =
class=3DMsoNormal><span lang=3DEN-US style=3D'font-family:"Courier =
New"'> }<o:p></o:p></span></p><p class=3DMsoNormal><span =
lang=3DEN-US style=3D'font-family:"Courier =
New"'><o:p> </o:p></span></p><p class=3DMsoNormal><span =
lang=3DEN-US style=3D'font-family:"Courier New"'> /* Gets =
buffer to hold RFC4517 Bit String format */<o:p></o:p></span></p><p =
class=3DMsoNormal><span lang=3DEN-US style=3D'font-family:"Courier =
New"'> =
bitLength=3DvalLen*BITS_PER_BYTE-bitPadding;<o:p></o:p></span></p><p =
class=3DMsoNormal><span lang=3DEN-US style=3D'font-family:"Courier =
New"'> tmpStr=3DLDAP_MALLOC(bitLength + STR_OVERHEAD + =
1);<o:p></o:p></span></p><p class=3DMsoNormal><span lang=3DEN-US =
style=3D'font-family:"Courier New"'> =
<o:p></o:p></span></p><p class=3DMsoNormal><span lang=3DEN-US =
style=3D'font-family:"Courier New"'> if =
(!tmpStr)<o:p></o:p></span></p><p class=3DMsoNormal><span lang=3DEN-US =
style=3D'font-family:"Courier New"'> =
return LDAP_NO_MEMORY;<o:p></o:p></span></p><p class=3DMsoNormal><span =
lang=3DEN-US style=3D'font-family:"Courier =
New"'><o:p> </o:p></span></p><p class=3DMsoNormal><span =
lang=3DEN-US style=3D'font-family:"Courier New"'> =
rfc4517Value->bv_val=3DtmpStr;<o:p></o:p></span></p><p =
class=3DMsoNormal><span lang=3DEN-US style=3D'font-family:"Courier =
New"'> rfc4517Value->bv_len=3DbitLength + =
STR_OVERHEAD;<o:p></o:p></span></p><p class=3DMsoNormal><span =
lang=3DEN-US style=3D'font-family:"Courier =
New"'><o:p> </o:p></span></p><p class=3DMsoNormal><span =
lang=3DEN-US style=3D'font-family:"Courier New"'> /* =
Formatting in '*binary-digit'B format */<o:p></o:p></span></p><p =
class=3DMsoNormal><span lang=3DEN-US style=3D'font-family:"Courier =
New"'> maxBits=3DBITS_PER_BYTE;<o:p></o:p></span></p><p =
class=3DMsoNormal><span lang=3DEN-US style=3D'font-family:"Courier =
New"'> *tmpStr=3D'\'';<o:p></o:p></span></p><p =
class=3DMsoNormal><span lang=3DEN-US style=3D'font-family:"Courier =
New"'> tmpStr++;<o:p></o:p></span></p><p =
class=3DMsoNormal><span lang=3DEN-US style=3D'font-family:"Courier =
New"'> while(valLen) {<o:p></o:p></span></p><p =
class=3DMsoNormal><span lang=3DEN-US style=3D'font-family:"Courier =
New"'> =
byte=3D*valPtr;<o:p></o:p></span></p><p class=3DMsoNormal><span =
lang=3DEN-US style=3D'font-family:"Courier =
New"'> if =
(valLen=3D=3D1)<o:p></o:p></span></p><p class=3DMsoNormal><span =
lang=3DEN-US style=3D'font-family:"Courier =
New"'> =
maxBits-=3DbitPadding;<o:p></o:p></span></p><p class=3DMsoNormal><span =
lang=3DEN-US style=3D'font-family:"Courier =
New"'> for (bits=3D0; bits<maxBits; =
bits++) {<o:p></o:p></span></p><p class=3DMsoNormal><span lang=3DEN-US =
style=3D'font-family:"Courier =
New"'> if (0x80 & =
byte)<o:p></o:p></span></p><p class=3DMsoNormal><span lang=3DEN-US =
style=3D'font-family:"Courier =
New"'> =
*tmpStr=3D'1';<o:p></o:p></span></p><p class=3DMsoNormal><span =
lang=3DEN-US style=3D'font-family:"Courier =
New"'> =
else<o:p></o:p></span></p><p class=3DMsoNormal><span lang=3DEN-US =
style=3D'font-family:"Courier =
New"'> =
*tmpStr=3D'0';<o:p></o:p></span></p><p class=3DMsoNormal><span =
lang=3DEN-US style=3D'font-family:"Courier =
New"'> =
tmpStr++;<o:p></o:p></span></p><p class=3DMsoNormal><span lang=3DEN-US =
style=3D'font-family:"Courier =
New"'> =
byte<<=3D1;<o:p></o:p></span></p><p class=3DMsoNormal><span =
lang=3DEN-US style=3D'font-family:"Courier =
New"'> }<o:p></o:p></span></p><p =
class=3DMsoNormal><span lang=3DEN-US style=3D'font-family:"Courier =
New"'> valPtr++;<o:p></o:p></span></p><p =
class=3DMsoNormal><span lang=3DEN-US style=3D'font-family:"Courier =
New"'> valLen--;<o:p></o:p></span></p><p =
class=3DMsoNormal><span lang=3DEN-US style=3D'font-family:"Courier =
New"'> }<o:p></o:p></span></p><p class=3DMsoNormal><span =
lang=3DEN-US style=3D'font-family:"Courier New"'> =
*tmpStr=3D'\'';<o:p></o:p></span></p><p class=3DMsoNormal><span =
lang=3DEN-US style=3D'font-family:"Courier New"'> =
tmpStr++;<o:p></o:p></span></p><p class=3DMsoNormal><span lang=3DEN-US =
style=3D'font-family:"Courier New"'> =
*tmpStr=3D'B';<o:p></o:p></span></p><p class=3DMsoNormal><span =
lang=3DEN-US style=3D'font-family:"Courier New"'> =
tmpStr++;<o:p></o:p></span></p><p class=3DMsoNormal><span lang=3DEN-US =
style=3D'font-family:"Courier New"'> =
*tmpStr=3D0;<o:p></o:p></span></p><p class=3DMsoNormal><span =
lang=3DEN-US style=3D'font-family:"Courier =
New"'><o:p> </o:p></span></p><p class=3DMsoNormal><span =
lang=3DEN-US style=3D'font-family:"Courier New"'> return =
LDAP_SUCCESS;<o:p></o:p></span></p><p class=3DMsoNormal><span =
lang=3DEN-US style=3D'font-family:"Courier =
New"'>}<o:p></o:p></span></p><p class=3DMsoNormal><span lang=3DEN-US =
style=3D'font-family:"Courier New"'><o:p> </o:p></span></p><p =
class=3DMsoNormal><span lang=3DEN-US style=3D'font-family:"Courier =
New"'><o:p> </o:p></span></p><p class=3DMsoNormal><span =
lang=3DEN-US style=3D'font-family:"Courier =
New"'>/*****************************************************/<o:p></o:p><=
/span></p><p class=3DMsoNormal><span lang=3DEN-US =
style=3D'font-family:"Courier =
New"'>/*****************************************************/<o:p></o:p><=
/span></p><p class=3DMsoNormal><span lang=3DEN-US =
style=3D'font-family:"Courier New"'><o:p> </o:p></span></p><p =
class=3DMsoNormal><span lang=3DEN-US style=3D'font-family:"Courier =
New"'><o:p> </o:p></span></p><p class=3DMsoNormal><span =
lang=3DEN-US style=3D'font-family:"Courier =
New";color:red'>/*<o:p></o:p></span></p><p class=3DMsoNormal><span =
lang=3DEN-US style=3D'font-family:"Courier New";color:red'> * Other tags =
found in AVAs (X.520)<o:p></o:p></span></p><p class=3DMsoNormal><span =
lang=3DEN-US style=3D'font-family:"Courier New";color:red'> =
*/<o:p></o:p></span></p><p class=3DMsoNormal><span lang=3DEN-US =
style=3D'font-family:"Courier New";color:red'>#define =
LBER_TAG_BITSTRING ((ber_tag_t) =
0x03UL)<o:p></o:p></span></p><p class=3DMsoNormal><span lang=3DEN-US =
style=3D'font-family:"Courier New"'><o:p> </o:p></span></p><p =
class=3DMsoNormal><span lang=3DEN-US style=3D'font-family:"Courier =
New"'><o:p> </o:p></span></p><p class=3DMsoNormal><span =
lang=3DEN-US style=3D'font-family:"Courier New"'>ldap_X509dn2bv function =
updated:<o:p></o:p></span></p><p class=3DMsoNormal><span lang=3DEN-US =
style=3D'font-family:"Courier New"'><o:p> </o:p></span></p><p =
class=3DMsoNormal><span lang=3DEN-US style=3D'font-family:"Courier =
New"'> &=
nbsp; switch(tag) {<o:p></o:p></span></p><p =
class=3DMsoNormal><span lang=3DEN-US style=3D'font-family:"Courier =
New"'> &=
nbsp; case LBER_TAG_UNIVERSAL:<o:p></o:p></span></p><p =
class=3DMsoNormal><span lang=3DEN-US style=3D'font-family:"Courier =
New"'> &=
nbsp; /* This uses =
32-bit ISO 10646-1 */<o:p></o:p></span></p><p class=3DMsoNormal><span =
lang=3DEN-US style=3D'font-family:"Courier =
New"'> &=
nbsp; csize =3D 4; goto =
to_utf8;<o:p></o:p></span></p><p class=3DMsoNormal><span lang=3DEN-US =
style=3D'font-family:"Courier =
New"'> &=
nbsp; case LBER_TAG_BMP:<o:p></o:p></span></p><p =
class=3DMsoNormal><span lang=3DEN-US style=3D'font-family:"Courier =
New"'> &=
nbsp; /* This uses =
16-bit ISO 10646-1 */<o:p></o:p></span></p><p class=3DMsoNormal><span =
lang=3DEN-US style=3D'font-family:"Courier =
New"'> &=
nbsp; csize =3D 2; goto =
to_utf8;<o:p></o:p></span></p><p class=3DMsoNormal><span lang=3DEN-US =
style=3D'font-family:"Courier =
New";color:red'> &nb=
sp; case =
LBER_TAG_BITSTRING:<o:p></o:p></span></p><p class=3DMsoNormal><span =
lang=3DEN-US style=3D'font-family:"Courier =
New";color:red'> &nb=
sp; /* X.690 =
bitString value converted to RFC4517 Bit String =
*/<o:p></o:p></span></p><p class=3DMsoNormal><span lang=3DEN-US =
style=3D'font-family:"Courier =
New";color:red'> &nb=
sp; rc =3D =
ldap_der_to_rfc4517_BitString( &Val, &newAVA->la_value =
);<o:p></o:p></span></p><p class=3DMsoNormal><span lang=3DEN-US =
style=3D'font-family:"Courier =
New";color:red'> &nb=
sp; goto =
after_utf8;<o:p></o:p></span></p><p class=3DMsoNormal><span lang=3DEN-US =
style=3D'font-family:"Courier =
New"'> &=
nbsp; case LBER_TAG_TELETEX:<o:p></o:p></span></p><p =
class=3DMsoNormal><span lang=3DEN-US style=3D'font-family:"Courier =
New"'> &=
nbsp; /* This uses =
8-bit, assume ISO 8859-1 */<o:p></o:p></span></p><p =
class=3DMsoNormal><span lang=3DEN-US style=3D'font-family:"Courier =
New"'> &=
nbsp; csize =3D =
1;<o:p></o:p></span></p><p class=3DMsoNormal><span lang=3DEN-US =
style=3D'font-family:"Courier =
New"'>to_utf8:  =
; rc =3D ldap_ucs_to_utf8s( &Val, csize, =
&newAVA->la_value );<o:p></o:p></span></p><p =
class=3DMsoNormal><span lang=3DEN-US style=3D'font-family:"Courier =
New";color:red'>after_utf8:</span><span lang=3DEN-US =
style=3D'font-family:"Courier =
New"'> =
newAVA->la_flags |=3D LDAP_AVA_FREE_VALUE;<o:p></o:p></span></p><p =
class=3DMsoNormal><span lang=3DEN-US style=3D'font-family:"Courier =
New"'> &=
nbsp; if (rc !=3D =
LDAP_SUCCESS) goto nomem;<o:p></o:p></span></p><p =
class=3DMsoNormal><span lang=3DEN-US style=3D'font-family:"Courier =
New"'> &=
nbsp; </span><span =
style=3D'font-family:"Courier New"'>newAVA->la_flags =3D =
LDAP_AVA_NONPRINTABLE;<o:p></o:p></span></p><p class=3DMsoNormal><span =
style=3D'font-family:"Courier =
New"'> &=
nbsp; </span><span =
lang=3DEN-US style=3D'font-family:"Courier =
New"'>break;<o:p></o:p></span></p><p class=3DMsoNormal><span =
lang=3DEN-US style=3D'font-family:"Courier =
New"'> &=
nbsp; case LBER_TAG_UTF8:<o:p></o:p></span></p><p =
class=3DMsoNormal><span lang=3DEN-US style=3D'font-family:"Courier =
New"'> &=
nbsp; </span><span =
style=3D'font-family:"Courier New"'>newAVA->la_flags =3D =
LDAP_AVA_NONPRINTABLE;<o:p></o:p></span></p><p class=3DMsoNormal><span =
style=3D'font-family:"Courier =
New"'> &=
nbsp; </span><span =
lang=3DEN-US style=3D'font-family:"Courier New"'>/* This is already in =
UTF-8 encoding */<o:p></o:p></span></p><p class=3DMsoNormal><span =
lang=3DEN-US style=3D'font-family:"Courier =
New"'> &=
nbsp; case LBER_TAG_IA5:<o:p></o:p></span></p><p =
class=3DMsoNormal><span lang=3DEN-US style=3D'font-family:"Courier =
New"'> &=
nbsp; case LBER_TAG_PRINTABLE:<o:p></o:p></span></p><p =
class=3DMsoNormal><span lang=3DEN-US style=3D'font-family:"Courier =
New"'> &=
nbsp; /* These are =
always 7-bit strings */<o:p></o:p></span></p><p class=3DMsoNormal><span =
lang=3DEN-US style=3D'font-family:"Courier =
New"'> &=
nbsp; </span><span =
style=3D'font-family:"Courier New"'>newAVA->la_value =3D =
Val;<o:p></o:p></span></p><p class=3DMsoNormal><span =
style=3D'font-family:"Courier =
New"'> &=
nbsp; default:<o:p></o:p></span></p><p =
class=3DMsoNormal><span style=3D'font-family:"Courier =
New"'> &=
nbsp; </span><span =
lang=3DEN-US style=3D'font-family:"Courier =
New"'>;<o:p></o:p></span></p><p class=3DMsoNormal><span lang=3DEN-US =
style=3D'font-family:"Courier =
New"'> &=
nbsp; }<o:p></o:p></span></p><p =
class=3DMsoNormal><span =
lang=3DEN-US><o:p> </o:p></span></p></div></body></html>
------_=_NextPart_001_01CBA7B8.A7EC1D62--
12 years, 5 months
Re: (ITS#6745) HEAD emfile race condition -> slapd stopping listening?
by h.b.furuseth@usit.uio.no
Howard Chu wrote:
>>h.b.furuseth(a)usit.uio.no wrote:
>>> Maybe to compensate, slapd_remove() has code which checks if emfile
>>> is too big, but nothing checks if it is too small - which looks like
>>> slapd might never start listening again.
>
> On 2nd thought - I don't see how the outcome you describe can occur. If emfile
> is non-zero, the list of listeners will be checked for a listener with
> non-zero mute status. If any are found, one is guaranteed to be unmuted.
But if emfile becomes too small, it reaches zero with a listener still
muted - and with emfile = zero, the nothing is unmuted.
--
Hallvard
12 years, 5 months
Re: (ITS#6745) HEAD emfile race condition -> slapd stopping listening?
by hyc@symas.com
Howard Chu wrote:
> h.b.furuseth(a)usit.uio.no wrote:
>> Full_Name: Hallvard B Furuseth
>> Version: HEAD
>> OS:
>> URL:
>> Submission from: (NULL) (129.240.6.233)
>> Submitted by: hallvard
>>
>>
>> In HEAD slapd/daemon.c, thanks to HEAD's multiple listener support:
>>
>> slap_listener() protects emfile with slap_daemon[0 ].sd_mutex,
>> but slapd_remove() protects it with slap_daemon[id].sd_mutex.
>>
>> Maybe to compensate, slapd_remove() has code which checks if emfile
>> is too big, but nothing checks if it is too small - which looks like
>> slapd might never start listening again.
On 2nd thought - I don't see how the outcome you describe can occur. If emfile
is non-zero, the list of listeners will be checked for a listener with
non-zero mute status. If any are found, one is guaranteed to be unmuted. If
none are found, emfile will be zeroed.
In no case will slapd fail to unmute a listener.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
12 years, 5 months
Re: (ITS#6745) HEAD emfile race condition -> slapd stopping listening?
by hyc@symas.com
h.b.furuseth(a)usit.uio.no wrote:
> Full_Name: Hallvard B Furuseth
> Version: HEAD
> OS:
> URL:
> Submission from: (NULL) (129.240.6.233)
> Submitted by: hallvard
>
>
> In HEAD slapd/daemon.c, thanks to HEAD's multiple listener support:
>
> slap_listener() protects emfile with slap_daemon[0 ].sd_mutex,
> but slapd_remove() protects it with slap_daemon[id].sd_mutex.
>
> Maybe to compensate, slapd_remove() has code which checks if emfile
> is too big, but nothing checks if it is too small - which looks like
> slapd might never start listening again.
>
> Simplest fix: add this to slapd_remove():
>
> if (id) ldap_pvt_thread_mutex_<lock,unlock>(&slap_daemon[0].sd_mutex );
>
> slap_daemon[0].sd_mutex looks quite contended that way, though.
> Maybe a separate emfile_mutex is better.
Alternatively, just skip the check entirely when id != 0. Which would mean
that only closing a session on the first listener would ever trigger the other
listeners to be unmuted. Doesn't seem so terrible; if slapd is actually out of
descriptors one or two connections either way won't make a huge difference in
service.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
12 years, 5 months
Re: (ITS#6453) OpenLDAP memory leak on LDAP_TIMEOUT
by hyc@symas.com
alinachegalati(a)yahoo.com wrote:
> Full_Name: Alin Vasile
> Version: 2.4.19
> OS: Solaris 10
> URL: ftp://ftp.openldap.org/incoming/
> Submission from: (NULL) (194.237.142.7)
>
A patch for this is now in CVS HEAD.
>
> Hi,
>
> We have a memory leak LDAP_TIMEOUT is encountered on
> ldap_search_ext_invocation and we are unable to determine if it is related to
> OpenLdap or not. The following summarizes our code in case the LDAP_TIMEOUT
> response is returned :
>
> LDAPMessage *res ;
>
> // acquire connection
>
> // perform search
>
> if(rc == LDAP_TIMEOUT)
> {
> ldap_msgfree(res);
> // return connection
> }
>
> Is ldap_msgfree(res) enough in this case ?
>
> We tested our program by enabling a low timeout and hence all ldap calls
> resulting in timeout. The memory leak is about 9 Megs in several minutes, at a
> load of 5 req/ sec.
>
> dmalloc sees the following not allocated pointers
>
> 6642692 bytes : Line 640 of "io.c" starts at address 0xff2659c4
> <ber_get_next+468> and ends at 0xff2659cc<ber_get_next+476>.
>
> 2019876 bytes : Line 277 of "memory.c" starts at address 0xff26676c
> <ber_memcalloc_x+132> and ends at 0xff266774<ber_memcalloc_x+140>.
>
>
>
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
12 years, 5 months