December 2010 - openldap-bugs

Re: (ITS#6664) Server control forwarding in back_meta and back_ldap

by hyc＠symas.com

masarati(a)aero.polimi.it wrote: >> Note that the SSSVLV overlay can handle paged results locally too, thus >> negating any need for back-ldap/back-meta to forward it to a remote >> server. >> Obviously for greatest generality, there needs to be a way to configure >> which >> set of controls to pass through, and which to process locally. (Much like >> back-ldap's option to process the WhoAmI exop...) > > Right. With proxies the problem is twofold: > > a) clients request pr because they think they're talking to AD > > b) the proxy may need to use pr even if the client does not request it, > because it knows it's talking to AD > > In (a), the issue could be handled the way sssvlv does, relieving the > proxy from having to deal with server-side pr; this would be extremely > beneficial, for example, for back-meta > > In (b), the proxy could be configured to use pr the way I mentioned above; > in principle, the proxy could be so clever to avoid using pr, and simply > accept to handle unrequested pr responses, but only if instructed to do > so. > > Filtering what controls are passed thru should be easy, since both proxy > backends always call ldap_back_controls_add()/meta_back_controls_add() to > muck with request controls (usually to add proxied authorization and so); > this function could easily strip or add pr if instructed to do so. Should also revisit ITS#4591 while thinking about this. -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/

12 years, 5 months

1
0
0 / 0

ITS#5966

by hyc＠symas.com

cn=Monitor does not appear to have this problem any more, at least not for test056 or test039 on my dual-core machine. Can we close this out? -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/

12 years, 5 months

1
0
0 / 0

Re: (ITS#5862) Assert control ignored on non-database entries

by hyc＠symas.com

h.b.furuseth(a)usit.uio.no wrote: > Full_Name: Hallvard B Furuseth > Version: HEAD > OS: Linux > URL: > Submission from: (NULL) (129.240.6.233) > Submitted by: hallvard > > > slapd does not apply the Assert control to non-database entries > (at least the root and subschema entries), yet does not reject > a critical control either. > > I have not explored the magnitutde of the problem: Where the > control can get ignored, and which other controls are ignored. > > $ ldapsearch -LLLx -e\!assert='(objectClass=person)' -b "" -s base > dn: > objectClass: top > objectClass: OpenLDAProotDSE > > $ ldapsearch -LLLx -e\!assert='(objectClass=person)' -b cn=subschema -s base > dn: cn=Subschema > objectClass: top > objectClass: subentry > objectClass: subschema > objectClass: extensibleObject > cn: Subschema > > > -b "" -s sub does apply the control with database bdb + suffix "". > Don't know about back-sql. > However I imagine it varies how careful backends "" are about generating > the root DSE when suffix == "" so controls can be applied to it. Might > need a backend flag which says whether the backend does this, and reject > the critical controls with unwillingToPerform if this flag is not set. With ITS#6753 I've centralized Compare processing into the frontend, so the Assert control is now processed for non-database entries with this op. Someone should take a look and see what other operations we need to worry about. -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/

12 years, 5 months

1
0
0 / 0

Re: (ITS#6741)

by hyc＠symas.com

The ITS doesn't really handle MIME messages very well. Please just follow the guidelines on the OpenLDAP web site. http://www.openldap.org/devel/contributing.html jgcardoso(a)seguridata.com wrote: > This is a multi-part message in MIME format. > > ------_=_NextPart_001_01CBA7B8.A7EC1D62 > Content-Type: text/plain; > charset="us-ascii" > Content-Transfer-Encoding: quoted-printable > > I created a function to support conversion from DER BitString encoded > data to RFC4517 Bit String Format. > > I tested it alone and it seems to work fine with normal and abnormal > situations. > > =20 > > I also wrote a proposal to the call that must be included at > ldap_X509dn2bv() function. > > =20 > > First comes the conversion function and after comes the proposal. > > =20 > > =20 > > /*****************************************************/ > > =20 > > #define BITS_PER_BYTE 8 > > #define SQUOTE_LENGTH 1 > > #define B_CHAR_LENGTH 1 > > #define STR_OVERHEAD (2*SQUOTE_LENGTH + B_CHAR_LENGTH) > > =20 > > int ldap_der_to_rfc4517_BitString (struct berval *berValue, > > struct berval *rfc4517Value) { > > > ber_len_t bitPadding=3D0; > > ber_len_t bits, maxBits; > > char *tmpStr; > > unsigned char byte; > > ber_len_t bitLength; > > ber_len_t valLen; > > unsigned char* valPtr; > > =20 > > rfc4517Value->bv_len=3D0; > > rfc4517Value->bv_val=3DNULL; > > =20 > > /* Gets padding and points to binary data */ > > valLen=3DberValue->bv_len; > > valPtr=3D(unsigned char*)berValue->bv_val; > > if (valLen) { > > bitPadding=3D(ber_len_t)(valPtr[0]); > > valLen--; > > valPtr++; > > } > > /* If Block is non DER encoding fixes to DER encoding */ > > if (bitPadding>=3D BITS_PER_BYTE) { > > if (valLen*BITS_PER_BYTE> bitPadding ) { > > valLen-=3D(bitPadding/BITS_PER_BYTE); > > bitPadding%=3DBITS_PER_BYTE; > > } else { > > valLen=3D0; > > bitPadding=3D0; > > } > > } > > /* Just in case bad encoding */ > > if (valLen*BITS_PER_BYTE< bitPadding ) { > > bitPadding=3D0; > > valLen=3D0; > > } > > =20 > > /* Gets buffer to hold RFC4517 Bit String format */ > > bitLength=3DvalLen*BITS_PER_BYTE-bitPadding; > > tmpStr=3DLDAP_MALLOC(bitLength + STR_OVERHEAD + 1); > > =20 > > if (!tmpStr) > > return LDAP_NO_MEMORY; > > =20 > > rfc4517Value->bv_val=3DtmpStr; > > rfc4517Value->bv_len=3DbitLength + STR_OVERHEAD; > > =20 > > /* Formatting in '*binary-digit'B format */ > > maxBits=3DBITS_PER_BYTE; > > *tmpStr=3D'\''; > > tmpStr++; > > while(valLen) { > > byte=3D*valPtr; > > if (valLen=3D=3D1) > > maxBits-=3DbitPadding; > > for (bits=3D0; bits<maxBits; bits++) { > > if (0x80& byte) > > *tmpStr=3D'1'; > > else > > *tmpStr=3D'0'; > > tmpStr++; > > byte<<=3D1; > > } > > valPtr++; > > valLen--; > > } > > *tmpStr=3D'\''; > > tmpStr++; > > *tmpStr=3D'B'; > > tmpStr++; > > *tmpStr=3D0; > > =20 > > return LDAP_SUCCESS; > > } > > =20 > > =20 > > /*****************************************************/ > > /*****************************************************/ > > =20 > > =20 > > /* > > * Other tags found in AVAs (X.520) > > */ > > #define LBER_TAG_BITSTRING ((ber_tag_t) 0x03UL) > > =20 > > =20 > > ldap_X509dn2bv function updated: > > =20 > > switch(tag) { > > case LBER_TAG_UNIVERSAL: > > /* This uses 32-bit ISO 10646-1 */ > > csize =3D 4; goto to_utf8; > > case LBER_TAG_BMP: > > /* This uses 16-bit ISO 10646-1 */ > > csize =3D 2; goto to_utf8; > > case LBER_TAG_BITSTRING: > > /* X.690 bitString value converted to RFC4517 Bit > String */ > > rc =3D ldap_der_to_rfc4517_BitString(&Val, > &newAVA->la_value ); > > goto after_utf8; > > case LBER_TAG_TELETEX: > > /* This uses 8-bit, assume ISO 8859-1 */ > > csize =3D 1; > > to_utf8: rc =3D ldap_ucs_to_utf8s(&Val, csize, > &newAVA->la_value ); > > after_utf8: newAVA->la_flags |=3D LDAP_AVA_FREE_VALUE; > > if (rc !=3D LDAP_SUCCESS) goto nomem; > > newAVA->la_flags =3D LDAP_AVA_NONPRINTABLE; > > break; > > case LBER_TAG_UTF8: > > newAVA->la_flags =3D LDAP_AVA_NONPRINTABLE; > > /* This is already in UTF-8 encoding */ > > case LBER_TAG_IA5: > > case LBER_TAG_PRINTABLE: > > /* These are always 7-bit strings */ > > newAVA->la_value =3D Val; > > default: > > ; > > } > > =20 > > > ------_=_NextPart_001_01CBA7B8.A7EC1D62 > Content-Type: text/html; > charset="us-ascii" > Content-Transfer-Encoding: quoted-printable > > <html xmlns:v=3D"urn:schemas-microsoft-com:vml" = > xmlns:o=3D"urn:schemas-microsoft-com:office:office" = > xmlns:w=3D"urn:schemas-microsoft-com:office:word" = > xmlns:x=3D"urn:schemas-microsoft-com:office:excel" = -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/

12 years, 5 months

1
0
0 / 0

(ITS#6741)

by jgcardoso＠seguridata.com

This is a multi-part message in MIME format. ------_=_NextPart_001_01CBA7B8.A7EC1D62 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable I created a function to support conversion from DER BitString encoded data to RFC4517 Bit String Format. I tested it alone and it seems to work fine with normal and abnormal situations. =20 I also wrote a proposal to the call that must be included at ldap_X509dn2bv() function. =20 First comes the conversion function and after comes the proposal. =20 =20 /*****************************************************/ =20 #define BITS_PER_BYTE 8 #define SQUOTE_LENGTH 1 #define B_CHAR_LENGTH 1 #define STR_OVERHEAD (2*SQUOTE_LENGTH + B_CHAR_LENGTH) =20 int ldap_der_to_rfc4517_BitString (struct berval *berValue, struct berval *rfc4517Value) { ber_len_t bitPadding=3D0; ber_len_t bits, maxBits; char *tmpStr; unsigned char byte; ber_len_t bitLength; ber_len_t valLen; unsigned char* valPtr; =20 rfc4517Value->bv_len=3D0; rfc4517Value->bv_val=3DNULL; =20 /* Gets padding and points to binary data */ valLen=3DberValue->bv_len; valPtr=3D(unsigned char*)berValue->bv_val; if (valLen) { bitPadding=3D(ber_len_t)(valPtr[0]); valLen--; valPtr++; } /* If Block is non DER encoding fixes to DER encoding */ if (bitPadding >=3D BITS_PER_BYTE) { if (valLen*BITS_PER_BYTE > bitPadding ) { valLen-=3D(bitPadding/BITS_PER_BYTE); bitPadding%=3DBITS_PER_BYTE; } else { valLen=3D0; bitPadding=3D0; } } /* Just in case bad encoding */ if (valLen*BITS_PER_BYTE < bitPadding ) { bitPadding=3D0; valLen=3D0; } =20 /* Gets buffer to hold RFC4517 Bit String format */ bitLength=3DvalLen*BITS_PER_BYTE-bitPadding; tmpStr=3DLDAP_MALLOC(bitLength + STR_OVERHEAD + 1); =20 if (!tmpStr) return LDAP_NO_MEMORY; =20 rfc4517Value->bv_val=3DtmpStr; rfc4517Value->bv_len=3DbitLength + STR_OVERHEAD; =20 /* Formatting in '*binary-digit'B format */ maxBits=3DBITS_PER_BYTE; *tmpStr=3D'\''; tmpStr++; while(valLen) { byte=3D*valPtr; if (valLen=3D=3D1) maxBits-=3DbitPadding; for (bits=3D0; bits<maxBits; bits++) { if (0x80 & byte) *tmpStr=3D'1'; else *tmpStr=3D'0'; tmpStr++; byte<<=3D1; } valPtr++; valLen--; } *tmpStr=3D'\''; tmpStr++; *tmpStr=3D'B'; tmpStr++; *tmpStr=3D0; =20 return LDAP_SUCCESS; } =20 =20 /*****************************************************/ /*****************************************************/ =20 =20 /* * Other tags found in AVAs (X.520) */ #define LBER_TAG_BITSTRING ((ber_tag_t) 0x03UL) =20 =20 ldap_X509dn2bv function updated: =20 switch(tag) { case LBER_TAG_UNIVERSAL: /* This uses 32-bit ISO 10646-1 */ csize =3D 4; goto to_utf8; case LBER_TAG_BMP: /* This uses 16-bit ISO 10646-1 */ csize =3D 2; goto to_utf8; case LBER_TAG_BITSTRING: /* X.690 bitString value converted to RFC4517 Bit String */ rc =3D ldap_der_to_rfc4517_BitString( &Val, &newAVA->la_value ); goto after_utf8; case LBER_TAG_TELETEX: /* This uses 8-bit, assume ISO 8859-1 */ csize =3D 1; to_utf8: rc =3D ldap_ucs_to_utf8s( &Val, csize, &newAVA->la_value ); after_utf8: newAVA->la_flags |=3D LDAP_AVA_FREE_VALUE; if (rc !=3D LDAP_SUCCESS) goto nomem; newAVA->la_flags =3D LDAP_AVA_NONPRINTABLE; break; case LBER_TAG_UTF8: newAVA->la_flags =3D LDAP_AVA_NONPRINTABLE; /* This is already in UTF-8 encoding */ case LBER_TAG_IA5: case LBER_TAG_PRINTABLE: /* These are always 7-bit strings */ newAVA->la_value =3D Val; default: ; } =20 ------_=_NextPart_001_01CBA7B8.A7EC1D62 Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable <html xmlns:v=3D"urn:schemas-microsoft-com:vml" = xmlns:o=3D"urn:schemas-microsoft-com:office:office" = xmlns:w=3D"urn:schemas-microsoft-com:office:word" = xmlns:x=3D"urn:schemas-microsoft-com:office:excel" = xmlns:m=3D"http://schemas.microsoft.com/office/2004/12/omml" = xmlns=3D"http://www.w3.org/TR/REC-html40"><head><meta = http-equiv=3DContent-Type content=3D"text/html; = charset=3Dus-ascii"><meta name=3DGenerator content=3D"Microsoft Word 12 = (filtered medium)"><style></style></head><body lang=3DES-MX link=3Dblue = vlink=3Dpurple><div class=3DWordSection1>I created a function to = support conversion from DER BitString encoded data to RFC4517 Bit String = Format.<o:p></o:p>I tested it alone and it seems to = work fine with normal and abnormal situations.<o:p></o:p><o:p> </o:p>I also wrote a proposal = to the call that must be included at ldap_X509dn2bv() = function.<o:p></o:p><o:p> </o:p>First comes the conversion function and after comes the = proposal.<o:p></o:p><o:p> </o:p><o:p> </o:p>/*****************************************************/<o:p></o:p><= /span><o:p> </o:p>#define BITS_PER_BYTE     = 8<o:p></o:p>#define = SQUOTE_LENGTH     1<o:p></o:p>#define B_CHAR_LENGTH     = 1<o:p></o:p>#define = STR_OVERHEAD    (2*SQUOTE_LENGTH + = B_CHAR_LENGTH)<o:p></o:p><o:p> </o:p>int = ldap_der_to_rfc4517_BitString (struct berval = *berValue,<o:p></o:p>         =             &= nbsp;           &n= bsp; struct berval *rfc4517Value) = {            =             &= nbsp;        <o:p></o:p>ber_len_t bitPadding=3D0;<o:p></o:p>ber_len_t bits, maxBits;<o:p></o:p>char *tmpStr;<o:p></o:p>unsigned char = byte;<o:p></o:p>ber_len_t = bitLength;<o:p></o:p>ber_len_t = valLen;<o:p></o:p>unsigned char* = valPtr;<o:p></o:p><o:p> </o:p>   rfc4517Value->bv_len=3D0;<o:p></o:p>   = rfc4517Value->bv_val=3DNULL;<o:p></o:p><o:p> </o:p>   /* Gets = padding and points to binary data */<o:p></o:p>   valLen=3DberValue->bv_len;<o:p></o:p>   valPtr=3D(unsigned = char*)berValue->bv_val;<o:p></o:p>   if (valLen) {<o:p></o:p>      = bitPadding=3D(ber_len_t)(valPtr[0]);<o:p></o:p>      valLen--;<o:p></o:p>      valPtr++;<o:p></o:p>   }<o:p></o:p>   /* If = Block is non DER encoding fixes to DER encoding = */<o:p></o:p>   if (bitPadding >=3D = BITS_PER_BYTE) {<o:p></o:p>      if (valLen*BITS_PER_BYTE > = bitPadding ) {<o:p></o:p>         = valLen-=3D(bitPadding/BITS_PER_BYTE);<o:p></o:p>         = bitPadding%=3DBITS_PER_BYTE;<o:p></o:p>      } else {<o:p></o:p>         = valLen=3D0;<o:p></o:p>         = bitPadding=3D0;<o:p></o:p>      }<o:p></o:p>   }<o:p></o:p>   /* Just in = case bad encoding */<o:p></o:p>   if = (valLen*BITS_PER_BYTE < bitPadding ) {<o:p></o:p>      = bitPadding=3D0;<o:p></o:p>      valLen=3D0;<o:p></o:p>   }<o:p></o:p><o:p> </o:p>   /* Gets = buffer to hold RFC4517 Bit String format */<o:p></o:p>   = bitLength=3DvalLen*BITS_PER_BYTE-bitPadding;<o:p></o:p>   tmpStr=3DLDAP_MALLOC(bitLength + STR_OVERHEAD + = 1);<o:p></o:p>   = <o:p></o:p>   if = (!tmpStr)<o:p></o:p>      = return LDAP_NO_MEMORY;<o:p></o:p><o:p> </o:p>   = rfc4517Value->bv_val=3DtmpStr;<o:p></o:p>   rfc4517Value->bv_len=3DbitLength + = STR_OVERHEAD;<o:p></o:p><o:p> </o:p>   /* = Formatting in '*binary-digit'B format */<o:p></o:p>   maxBits=3DBITS_PER_BYTE;<o:p></o:p>   *tmpStr=3D'\'';<o:p></o:p>   tmpStr++;<o:p></o:p>   while(valLen) {<o:p></o:p>      = byte=3D*valPtr;<o:p></o:p>      if = (valLen=3D=3D1)<o:p></o:p>         = maxBits-=3DbitPadding;<o:p></o:p>      for (bits=3D0; bits<maxBits; = bits++) {<o:p></o:p>         if (0x80 & = byte)<o:p></o:p>            = *tmpStr=3D'1';<o:p></o:p>         = else<o:p></o:p>            = *tmpStr=3D'0';<o:p></o:p>         = tmpStr++;<o:p></o:p>         = byte<<=3D1;<o:p></o:p>      }<o:p></o:p>      valPtr++;<o:p></o:p>      valLen--;<o:p></o:p>   }<o:p></o:p>   = *tmpStr=3D'\'';<o:p></o:p>   = tmpStr++;<o:p></o:p>   = *tmpStr=3D'B';<o:p></o:p>   = tmpStr++;<o:p></o:p>   = *tmpStr=3D0;<o:p></o:p><o:p> </o:p>   return = LDAP_SUCCESS;<o:p></o:p>}<o:p></o:p><o:p> </o:p><o:p> </o:p>/*****************************************************/<o:p></o:p><= /span>/*****************************************************/<o:p></o:p><= /span><o:p> </o:p><o:p> </o:p>/*<o:p></o:p> * Other tags = found in AVAs (X.520)<o:p></o:p> = */<o:p></o:p>#define = LBER_TAG_BITSTRING     ((ber_tag_t) = 0x03UL)<o:p></o:p><o:p> </o:p><o:p> </o:p>ldap_X509dn2bv function = updated:<o:p></o:p><o:p> </o:p>           &= nbsp;    switch(tag) {<o:p></o:p>           &= nbsp;    case LBER_TAG_UNIVERSAL:<o:p></o:p>           &= nbsp;         /* This uses = 32-bit ISO 10646-1 */<o:p></o:p>           &= nbsp;         csize =3D 4; goto = to_utf8;<o:p></o:p>           &= nbsp;    case LBER_TAG_BMP:<o:p></o:p>           &= nbsp;         /* This uses = 16-bit ISO 10646-1 */<o:p></o:p>           &= nbsp;         csize =3D 2; goto = to_utf8;<o:p></o:p>         &nb= sp;      case = LBER_TAG_BITSTRING:<o:p></o:p>         &nb= sp;           /* X.690 = bitString value converted to RFC4517 Bit String = */<o:p></o:p>         &nb= sp;           rc =3D = ldap_der_to_rfc4517_BitString( &Val, &newAVA->la_value = );<o:p></o:p>         &nb= sp;           goto = after_utf8;<o:p></o:p>           &= nbsp;    case LBER_TAG_TELETEX:<o:p></o:p>           &= nbsp;         /* This uses = 8-bit, assume ISO 8859-1 */<o:p></o:p>           &= nbsp;         csize =3D = 1;<o:p></o:p>to_utf8:         &nbsp= ;   rc =3D ldap_ucs_to_utf8s( &Val, csize, = &newAVA->la_value );<o:p></o:p>after_utf8:          = newAVA->la_flags |=3D LDAP_AVA_FREE_VALUE;<o:p></o:p>           &= nbsp;         if (rc !=3D = LDAP_SUCCESS) goto nomem;<o:p></o:p>           &= nbsp;         newAVA->la_flags =3D = LDAP_AVA_NONPRINTABLE;<o:p></o:p>           &= nbsp;         break;<o:p></o:p>           &= nbsp;    case LBER_TAG_UTF8:<o:p></o:p>           &= nbsp;         newAVA->la_flags =3D = LDAP_AVA_NONPRINTABLE;<o:p></o:p>           &= nbsp;         /* This is already in = UTF-8 encoding */<o:p></o:p>           &= nbsp;    case LBER_TAG_IA5:<o:p></o:p>           &= nbsp;    case LBER_TAG_PRINTABLE:<o:p></o:p>           &= nbsp;         /* These are = always 7-bit strings */<o:p></o:p>           &= nbsp;         newAVA->la_value =3D = Val;<o:p></o:p>           &= nbsp;    default:<o:p></o:p>           &= nbsp;         ;<o:p></o:p>           &= nbsp;    }<o:p></o:p><o:p> </o:p></div></body></html> ------_=_NextPart_001_01CBA7B8.A7EC1D62--

12 years, 5 months

1
0
0 / 0

Re: (ITS#6745) HEAD emfile race condition -> slapd stopping listening?

by h.b.furuseth＠usit.uio.no

Howard Chu wrote: >>h.b.furuseth(a)usit.uio.no wrote: >>> Maybe to compensate, slapd_remove() has code which checks if emfile >>> is too big, but nothing checks if it is too small - which looks like >>> slapd might never start listening again. > > On 2nd thought - I don't see how the outcome you describe can occur. If emfile > is non-zero, the list of listeners will be checked for a listener with > non-zero mute status. If any are found, one is guaranteed to be unmuted. But if emfile becomes too small, it reaches zero with a listener still muted - and with emfile = zero, the nothing is unmuted. -- Hallvard

12 years, 5 months

1
0
0 / 0

Re: (ITS#6745) HEAD emfile race condition -> slapd stopping listening?

by hyc＠symas.com

Howard Chu wrote: > h.b.furuseth(a)usit.uio.no wrote: >> Full_Name: Hallvard B Furuseth >> Version: HEAD >> OS: >> URL: >> Submission from: (NULL) (129.240.6.233) >> Submitted by: hallvard >> >> >> In HEAD slapd/daemon.c, thanks to HEAD's multiple listener support: >> >> slap_listener() protects emfile with slap_daemon[0 ].sd_mutex, >> but slapd_remove() protects it with slap_daemon[id].sd_mutex. >> >> Maybe to compensate, slapd_remove() has code which checks if emfile >> is too big, but nothing checks if it is too small - which looks like >> slapd might never start listening again. On 2nd thought - I don't see how the outcome you describe can occur. If emfile is non-zero, the list of listeners will be checked for a listener with non-zero mute status. If any are found, one is guaranteed to be unmuted. If none are found, emfile will be zeroed. In no case will slapd fail to unmute a listener. -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/

12 years, 5 months

1
0
0 / 0

Re: (ITS#6745) HEAD emfile race condition -> slapd stopping listening?

by hyc＠symas.com

h.b.furuseth(a)usit.uio.no wrote: > Full_Name: Hallvard B Furuseth > Version: HEAD > OS: > URL: > Submission from: (NULL) (129.240.6.233) > Submitted by: hallvard > > > In HEAD slapd/daemon.c, thanks to HEAD's multiple listener support: > > slap_listener() protects emfile with slap_daemon[0 ].sd_mutex, > but slapd_remove() protects it with slap_daemon[id].sd_mutex. > > Maybe to compensate, slapd_remove() has code which checks if emfile > is too big, but nothing checks if it is too small - which looks like > slapd might never start listening again. > > Simplest fix: add this to slapd_remove(): > > if (id) ldap_pvt_thread_mutex_<lock,unlock>(&slap_daemon[0].sd_mutex ); > > slap_daemon[0].sd_mutex looks quite contended that way, though. > Maybe a separate emfile_mutex is better. Alternatively, just skip the check entirely when id != 0. Which would mean that only closing a session on the first listener would ever trigger the other listeners to be unmuted. Doesn't seem so terrible; if slapd is actually out of descriptors one or two connections either way won't make a huge difference in service. -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/

12 years, 5 months

1
0
0 / 0

Re: (ITS#6449) roadmap update

by hyc＠symas.com

quanah(a)OpenLDAP.org wrote: > Full_Name: Quanah Gibson-Mount > Version: NA > OS: NA > URL: ftp://ftp.openldap.org/incoming/ > Submission from: (NULL) (75.111.29.239) > > > http://www.openldap.org/software/roadmap.html needs to be updated to note that > OpenLDAP 2.3 is no longer maintained, same as 2.2 and prior. > Fixed in CVS. Kurt, can you refresh the web site? -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/

12 years, 5 months

1
0
0 / 0

Re: (ITS#6453) OpenLDAP memory leak on LDAP_TIMEOUT

by hyc＠symas.com

alinachegalati(a)yahoo.com wrote: > Full_Name: Alin Vasile > Version: 2.4.19 > OS: Solaris 10 > URL: ftp://ftp.openldap.org/incoming/ > Submission from: (NULL) (194.237.142.7) > A patch for this is now in CVS HEAD. > > Hi, > > We have a memory leak LDAP_TIMEOUT is encountered on > ldap_search_ext_invocation and we are unable to determine if it is related to > OpenLdap or not. The following summarizes our code in case the LDAP_TIMEOUT > response is returned : > > LDAPMessage *res ; > > // acquire connection > > // perform search > > if(rc == LDAP_TIMEOUT) > { > ldap_msgfree(res); > // return connection > } > > Is ldap_msgfree(res) enough in this case ? > > We tested our program by enabling a low timeout and hence all ldap calls > resulting in timeout. The memory leak is about 9 Megs in several minutes, at a > load of 5 req/ sec. > > dmalloc sees the following not allocated pointers > > 6642692 bytes : Line 640 of "io.c" starts at address 0xff2659c4 > <ber_get_next+468> and ends at 0xff2659cc<ber_get_next+476>. > > 2019876 bytes : Line 277 of "memory.c" starts at address 0xff26676c > <ber_memcalloc_x+132> and ends at 0xff266774<ber_memcalloc_x+140>. > > > -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/

12 years, 5 months

1
0
0 / 0

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

openldap-bugs December 2010