openldap-bugs January 2011

openldap-bugs@openldap.org

36 participants
177 discussions

Re: (ITS#6746) broken slapo-translucent failure handling
by hyc＠symas.com 04 Jan '11

04 Jan '11

h.b.furuseth(a)usit.uio.no wrote: > I've fixed it in HEAD, unless early errors in translucent_search() > should be ignored Patch looks OK, the remote server is authoritative so the first search must not fail. > or filter errors should NOT be ignored. Looks OK; as with any search if the filter doesn't match there should not be any entry returned. -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/

1 0

Re: (ITS#6773) Per-connection extra stuff
by hyc＠symas.com 04 Jan '11

04 Jan '11

masarati(a)aero.polimi.it wrote: >> masarati(a)aero.polimi.it writes: >>> Unless there are objections, I'd commit it. >> >> Well, it breaks binary compatibility, but perhaps that'll break anyway? >> That is, will overlays/modules compiled with 2.4.23 break with slapd >> 2.4.24 or vice versa? > > No it won't, since I do not expect this to be released with 2.4.24 (nor > with 2.4). > > In general, yes, it will break binary compatibility, but it won't break > source code compatibility; eventuallysource code might if I move paged > results and so under the ConnExtra umbrella, which is not something I'm > struggling for at the moment. I think we can live without this feature. E.g., ppolicy, sssvlv etc. all just create their own private arrays of per-conn structures. Sharing here will require introducing another mutex. -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/

1 0

Re: (ITS#6758) Cleaning up SlapReply usage
by h.b.furuseth＠usit.uio.no 04 Jan '11

04 Jan '11

In addition to the issues listed in my last message, this ITS depends on these: - ITS#6763: slapd does not clear sr_entry/ctrls on sizelimit/busy - ITS#6776: Control handling in PassMod exop + ppolicy - ITS#6760: rwm broken entry handling ==== Howard Chu writes: >h.b.furuseth(a)usit.uio.no wrote: >> * hyc, please have a look at slapd/bconfig.c 1.419. If I have >> gotten things wrong, that one summarizes my mistakes nicely:-) I meant to say "If I've broken anything, that commit should summarize my worst mistakes." At least that worry is out of the way: > I think you're over-paranoid. config_build_entry() is only called by > internal plumbing and the SlapReply here never gets sent to > send_ldap_result(). It's only passed in because be_add() expects one; > the contents are mostly irrelevant. (Aside from rs_err) Thanks. Not exactly what I hoped to hear, but I did ask... I can revert it, or since this SlapReply is so uninteresting, maybe allow rs = NULL in this case so some callers can omit it. ==== Summary of changes: * Add rs_assert_*(), disabled by default, to check SlapReply state. * Majority of changes: Avoid reusing SlapReply: Reinitialize these variables at need with rs_reinit() or move a declaration inwards (typically into loops). I think I introduced 2 new SlapReply's, in bconfig.c (unnecessarily as Howards says) ad in pcache. * Use the rs_*() functions in result.c to manage SlapReply entries, rather than freeing/releasing by hand and every so often forgetting to handle some of the REP_ENTRY_* flags. This also makes slapd more aggressive about freeing entries. E.g. result.c _released_ entries at need before sending, so entry locks for cached entries would not wait for network traffic. OTOH it did not at that point bother with entries that merely needed _freeing_. * "Reset dangerous REP_ENTRY_* flags." This is so when a module puts e.g. puts Extended Operation data in the SlapReply, another module won't try to entry_free/release() that non-entry because of some leftover REP_ENTRY_* flags. This may have been over-paranoid too: I seem closer to having rs.<sr_type, sr_un> behave like a variant record where rs.sr_type actually can be trusted. Anyway, this paranoia shouldn't hurt. Others are some minor cleanups: * Reset some SlapReply flags & data. Reset data more consistenlty. (E.g. rs_entry and flags go together, so don't reset just entry.) * Clear out or avoid filling in known unwanted info (Don't set sr_err = non-success before entering an operation handler, do not set sr_text with sr_err = LDAP_SUCCESS, etc.) * Add an error check or two (was actually done for consistency sr_err vs sr_text) * slap.h: Cast REP_* #defines to slap_mask_t * No-op changes (remove lint, rearrange/simplify code a bit, etc) -- Hallvard

1 0

Re: (ITS#6769) Slapd fails to start when olcDbURI attribute is used
by jwinius＠umrk.nl 04 Jan '11

04 Jan '11

Quoting Quanah Gibson-Mount <quanah(a)zimbra.com>: > Your information is out of date. The patch was committed last November. Excellent! At least we now know that this bug has been taken care of. Thanks, Jaap

1 0

(ITS#6776) Control handling in PassMod exop + ppolicy
by h.b.furuseth＠usit.uio.no 04 Jan '11

04 Jan '11

Full_Name: Hallvard B Furuseth Version: HEAD OS: URL: Submission from: (NULL) (193.157.201.41) Submitted by: hallvard passwd_extop(op, rs) does an internal op->o_bd->be_modify(op, rs) and then intentionally returns with sr_text, sr_ref, sr_ctrls from be_modify intact, so the caller can send them. By my understanding this is quite fragile, since these SlapReply values can be invalid/out of scope after be_modify returns. It clashes with SlapReply cleanup effort, ITS#6758. It does this so ppolicy can insert its controls there, after detecting that the current be->be_modify call is actually a Password Modify exop. Maybe passwd_extop() instead can give the Modify a response or cleanup handler which steals any controls from the SlapReply, and reinserts them after be_modify() returns? OTOH - I don't know how slapd manages controls nowadays (what decides which controls should be freed, etc) - but I notice ppolicy.c has its very own ctrls_cleanup(). Hopefully that function is general enough that it would be useful to move it into slapd - if it needs its own special control handling, then maybe this issue expands to a need for a general control handling module. ppolicy registers its control as valid with Password Modify, which tells Password Modify it can steal it, etc. One final issue: passwd.c says cb.sc_private = qpw; /* let Modify know this was pwdMod, * if it cares... */ and ppolicy recognizes any Modify with (sc->sc_response == slap_null_cb && sc->sc_private) as the Password Modify operation. Seems no guarantee. I suggest to instead set some specific passwd_<response/cleanup>_sc function which ppolicy can recognize - maybe in addition to the current check, so a 2.4.24-compiled ppolicy can work with 2.4.23 slapd and vice versa.

1 0

(ITS#6775) Client tools often log controls not nicely in LDIF mode
by masarati＠aero.polimi.it 04 Jan '11

04 Jan '11

Full_Name: Pierangelo Masarati Version: HEAD/re24 OS: irrelevant URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (188.153.18.39) Submitted by: ando LDIF: control: OID <encoded> <known control name>: <human readable> comment: # control: OID <encoded> # <known control name><human readable> A fix is coming. p.

1 0

(ITS#6774) back-meta can send matchedDN with success
by h.b.furuseth＠usit.uio.no 04 Jan '11

04 Jan '11

Full_Name: Hallvard B Furuseth Version: HEAD OS: URL: Submission from: (NULL) (193.157.201.41) Submitted by: hallvard With this patch (do not commit:-) Index: servers/slapd/back-meta/search.c @@ -1740,2 +1740,3 @@ rs->sr_ref = ( sres == LDAP_REFERRAL ? rs->sr_v2ref : NULL ); + assert( rs->sr_err || !(rs->sr_text || rs->sr_matched )); send_ldap_result( op, rs ); back-meta oftenfails with just env TESTLOOPS=1 TESTCHILDREN=1 ./run -b hdb test036-meta-concurrency It passes the test if instead of the asser you use rs->sr_matched = ( sres == LDAP_SUCCESS ? NULL : matched ); but I have not looked into whether that cures the symptom or the bug.

1 0

Re: (ITS#6769) Slapd fails to start when olcDbURI attribute is used
by quanah＠zimbra.com 04 Jan '11

04 Jan '11

--On Tuesday, January 04, 2011 5:53 PM +0100 Jaap Winius <jwinius(a)umrk.nl> wrote: > Quoting Quanah Gibson-Mount <quanah(a)zimbra.com>: > >> This is a duplicate of ITS#6540, this ITS will be closed. > > Duplicate? That may not be the case. In Pierangelo's own words: > > "That patch was never committed because the reporter of ITS#6540 > said his initial report was not actually relevant for the real > issue he was suffering from... " Your information is out of date. The patch was committed last November. --Quanah -- Quanah Gibson-Mount Sr. Member of Technical Staff Zimbra, Inc A Division of VMware, Inc. -------------------- Zimbra :: the leader in open source messaging and collaboration

1 0

Re: (ITS#6769) Slapd fails to start when olcDbURI attribute is used
by jwinius＠umrk.nl 04 Jan '11

04 Jan '11

Quoting Quanah Gibson-Mount <quanah(a)zimbra.com>: > This is a duplicate of ITS#6540, this ITS will be closed. Duplicate? That may not be the case. In Pierangelo's own words: "That patch was never committed because the reporter of ITS#6540 said his initial report was not actually relevant for the real issue he was suffering from... " Source: http://www.openldap.org/lists/openldap-technical/201011/msg00129.html I filed this report because I'm not sure that the bug for which Pierangelo wrote that patch was ever reported. On the other hand, if the patch has in fact already been committed, then please go ahead and close this ITS. Cheers, Jaap

1 0

Re: (ITS#6770) Proxy authorization fails with SASL-GSSAPI
by masarati＠aero.polimi.it 04 Jan '11

04 Jan '11

Let me confirm that it works as expected with SIMPLE and SASL bind using EXTERNAL (TLS) and DIGEST-MD5. I haven't tried with GSSAPI; the issue might be specific to it. p.

1 0

Jump to page:

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

openldap-bugs January 2011