March 2018 - openldap-bugs

Re: (ITS#8618) ldapsearch - unexpected behavior with

by arekkusu＠r42.ch

I was referring to best practice/RFC regarding what is a valid hostname. My example was intentionally provocative. I think rejecting hostname containing the '://' construct is actually a good idea. Those would be problematic for parsing and such broken hostname are unlikely to ever be use. Been reading a bit more (1) and I think internationalized domain are also not an issue as they have a ASCII representation. So the only real concern I can think of at this point is underscore. But I could be missing something... I am still not convinced about having addition verification beside: - What the DNS standard says (RFC2181) - Prohibiting hostname that would cause cause an issue with parsing ('://') Why do the 'host' and 'dig' command does not seem to place any restriction when querying for A records ? (would be interested to see how other software handle this) Andew: Did you manage to find out why the behavior with '-h' option and both ' --h' and '-p' option was different ? Best, Alex (1) https://stackoverflow.com/questions/2180465/can-domain-name-subdomains-have- an-underscore-in-it PS: Andrew: In my client (evolution) your previous plain text email did show up as base64 encoded. (had to use 'base64 -d' to read them). I did not remember outlook making it so hard to send plain text email (!) On Sat, 2018-03-03 at 10:29 +0000, michael(a)stroeder.com wrote: > Alexandre Rosenberg wrote: > > Micheal, you are *right* about the man page saying _hostname_. Indeed > > OpenLDAP > > only accepting hostname as per best practice/RFC might be the most correct > > behavior. > > There is no relevant RFC or best practice, only the man-page. And the -h > and -p arguments come from the old UMich LDAP times. > > > However we can not change this behavior without breakable. consider: > > AFAICS backward compability has only be provided to those ancient Umich > or Netscape Directory tools. So IMO LDAP URI does not have to be accepted. > > > - Underscore are not that uncommon with Active Directory > > - What about > > - ... (probably more) > > If you want to fix something for 2.4.x to match what the man-page says > you could effectively reject LDAP URI by simply rejecting colons and > slashes. Those chars are never in even seriously broken hostnames. If > they were they would cause more interop issues anyway. > > > Therefore I believe such change could only be done in a major release. And > > at > > that point we might just remove the depreciated '-h' option altogether. > > Agreed. 2.5 release chould IMO simply remove options -h and -p. > > Ciao, Michael. > > >

3 years, 9 months

1
0
0 / 0

RE: (ITS#8618) ldapsearch - unexpected behavior with

by andrew.lawrence＠siemens.com

I am using Outlook and in addition to sending messages with HTML by default= it also uses some kind of encoding if you select plain text. I have spent = most of the afternoon trying to turn this off and hopefully I have now been= successful. I followed the instructions to upload the patch (andrew-lawrence-180303.pa= tch) to ftp://openldap.org/incoming/. I am not sure if it was successful a= s I cannot see the contents of the folder. The attached file is derived from OpenLDAP Software. All of the modificatio= ns to OpenLDAP Software represented in the following patch(es) were develop= ed by Siemens Rail Automation Holdings Limited. Siemens Rail Automation Hol= dings Limited has not assigned rights and/or interest in this work to any p= arty. I, Andrew Lawrence am authorized by Siemens Rail Automation Holdings = Limited, my employer, to release this work under the following terms. Siemens Rail Automation Holdings Limited hereby place the following modific= ations to OpenLDAP Software (and only these modifications) into the public = domain. Hence, these modifications may be freely used and/or redistributed = for any purpose with or without attribution and/or other notice. Cheers, Andy -----Original Message----- From: Howard Chu [mailto:hyc@symas.com] Sent: 02 March 2018 22:53 To: Lawrence, Andy (MO MM R&D UK IXL); openldap-its(a)OpenLDAP.org Subject: Re: (ITS#8618) ldapsearch - unexpected behavior with andrew.lawrence(a)siemens.com wrote: > --_004_4CF710229787A0419BF92C9304DC6446E7927ADEFTHW99EI5MSXww9_ > Content-Type: multipart/alternative; > boundary=3D"_000_4CF710229787A0419BF92C9304DC6446E7927ADEFTHW99EI5M= SXww9_" > > --_000_4CF710229787A0419BF92C9304DC6446E7927ADEFTHW99EI5MSXww9_ > Content-Type: text/plain; charset=3D"iso-8859-1" > Content-Transfer-Encoding: quoted-printable > > I believe the following patch addresses this problem. I am still a bit > conf=3D used about what constitutes a DNS name. Alex has suggested they > should cont=3D ain an underscore. My colleague who reviewed the code had > a different opini=3D on. > > > > I am also not sure what to do about copyright headers and whether it > is acc=3D eptable or not for me to add them into the files. Please read the Contributing guidelines. Please do not use HTML email. Please demonstrate a basic ability to read and follow directions, otherwise= your patch will be discarded. It's not like the information is hard to fin= d, everything is linked from the front page of the web site. http://www.openldap.org/devel/contributing.html -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/

3 years, 9 months

1
0
0 / 0

Re: (ITS#8618) ldapsearch - unexpected behavior with

by michael＠stroeder.com

Alexandre Rosenberg wrote: > Micheal, you are *right* about the man page saying _hostname_. Indeed OpenLDAP > only accepting hostname as per best practice/RFC might be the most correct > behavior. There is no relevant RFC or best practice, only the man-page. And the -h and -p arguments come from the old UMich LDAP times. > However we can not change this behavior without breakable. consider: AFAICS backward compability has only be provided to those ancient Umich or Netscape Directory tools. So IMO LDAP URI does not have to be accepted. > - Underscore are not that uncommon with Active Directory > - What about internationalized DNS name > - ... (probably more) If you want to fix something for 2.4.x to match what the man-page says you could effectively reject LDAP URI by simply rejecting colons and slashes. Those chars are never in even seriously broken hostnames. If they were they would cause more interop issues anyway. > Therefore I believe such change could only be done in a major release. And at > that point we might just remove the depreciated '-h' option altogether. Agreed. 2.5 release chould IMO simply remove options -h and -p. Ciao, Michael.

3 years, 9 months

1
0
0 / 0

RE: (ITS#8618) ldapsearch - unexpected behavior with

by andrew.lawrence＠siemens.com

SSBmb2xsb3dlZCB0aGUgaW5zdHJ1Y3Rpb25zIHRvIHVwbG9hZCB0aGUgcGF0Y2ggIChhbmRyZXct bGF3cmVuY2UtMTgwMzAzLnBhdGNoKSAgdG8gZnRwOi8vb3BlbmxkYXAub3JnL2luY29taW5nLy4g SSBhbSBub3Qgc3VyZSBpZiBpdCB3YXMgc3VjY2Vzc2Z1bCBhcyBJIGNhbm5vdCBzZWUgdGhlIGNv bnRlbnRzIG9mIHRoZSBmb2xkZXIuDQoNClRoZSBhdHRhY2hlZCBmaWxlIGlzIGRlcml2ZWQgZnJv bSBPcGVuTERBUCBTb2Z0d2FyZS4gQWxsIG9mIHRoZSBtb2RpZmljYXRpb25zIHRvIE9wZW5MREFQ IFNvZnR3YXJlIHJlcHJlc2VudGVkIGluIHRoZSBmb2xsb3dpbmcgcGF0Y2goZXMpIHdlcmUgZGV2 ZWxvcGVkIGJ5IFNpZW1lbnMgUmFpbCBBdXRvbWF0aW9uIEhvbGRpbmdzIExpbWl0ZWQuIFNpZW1l bnMgUmFpbCBBdXRvbWF0aW9uIEhvbGRpbmdzIExpbWl0ZWQgaGFzIG5vdCBhc3NpZ25lZCByaWdo dHMgYW5kL29yIGludGVyZXN0IGluIHRoaXMgd29yayB0byBhbnkgcGFydHkuIEksIEFuZHJldyBM YXdyZW5jZSBhbSBhdXRob3JpemVkIGJ5IFNpZW1lbnMgUmFpbCBBdXRvbWF0aW9uIEhvbGRpbmdz IExpbWl0ZWQsIG15IGVtcGxveWVyLCB0byByZWxlYXNlIHRoaXMgd29yayB1bmRlciB0aGUgZm9s bG93aW5nIHRlcm1zLg0KDQpTaWVtZW5zIFJhaWwgQXV0b21hdGlvbiBIb2xkaW5ncyBMaW1pdGVk IGhlcmVieSBwbGFjZSB0aGUgZm9sbG93aW5nIG1vZGlmaWNhdGlvbnMgdG8gT3BlbkxEQVAgU29m dHdhcmUgKGFuZCBvbmx5IHRoZXNlIG1vZGlmaWNhdGlvbnMpIGludG8gdGhlIHB1YmxpYyBkb21h aW4uIEhlbmNlLCB0aGVzZSBtb2RpZmljYXRpb25zIG1heSBiZSBmcmVlbHkgdXNlZCBhbmQvb3Ig cmVkaXN0cmlidXRlZCBmb3IgYW55IHB1cnBvc2Ugd2l0aCBvciB3aXRob3V0IGF0dHJpYnV0aW9u IGFuZC9vciBvdGhlciBub3RpY2UuDQoNCkNoZWVycywNCkFuZHkNCg0KLS0tLS1PcmlnaW5hbCBN ZXNzYWdlLS0tLS0NCkZyb206IEhvd2FyZCBDaHUgW21haWx0bzpoeWNAc3ltYXMuY29tXSANClNl bnQ6IDAyIE1hcmNoIDIwMTggMjI6NTMNClRvOiBMYXdyZW5jZSwgQW5keSAoTU8gTU0gUiZEIFVL IElYTCk7IG9wZW5sZGFwLWl0c0BPcGVuTERBUC5vcmcNClN1YmplY3Q6IFJlOiAoSVRTIzg2MTgp IGxkYXBzZWFyY2ggLSB1bmV4cGVjdGVkIGJlaGF2aW9yIHdpdGgNCg0KYW5kcmV3Lmxhd3JlbmNl QHNpZW1lbnMuY29tIHdyb3RlOg0KPiAtLV8wMDRfNENGNzEwMjI5Nzg3QTA0MTlCRjkyQzkzMDRE QzY0NDZFNzkyN0FERUZUSFc5OUVJNU1TWHd3OV8NCj4gQ29udGVudC1UeXBlOiBtdWx0aXBhcnQv YWx0ZXJuYXRpdmU7DQo+IAlib3VuZGFyeT0iXzAwMF80Q0Y3MTAyMjk3ODdBMDQxOUJGOTJDOTMw NERDNjQ0NkU3OTI3QURFRlRIVzk5RUk1TVNYd3c5XyINCj4gDQo+IC0tXzAwMF80Q0Y3MTAyMjk3 ODdBMDQxOUJGOTJDOTMwNERDNjQ0NkU3OTI3QURFRlRIVzk5RUk1TVNYd3c5Xw0KPiBDb250ZW50 LVR5cGU6IHRleHQvcGxhaW47IGNoYXJzZXQ9Imlzby04ODU5LTEiDQo+IENvbnRlbnQtVHJhbnNm ZXItRW5jb2Rpbmc6IHF1b3RlZC1wcmludGFibGUNCj4gDQo+IEkgYmVsaWV2ZSB0aGUgZm9sbG93 aW5nIHBhdGNoIGFkZHJlc3NlcyB0aGlzIHByb2JsZW0uIEkgYW0gc3RpbGwgYSBiaXQgDQo+IGNv bmY9IHVzZWQgYWJvdXQgd2hhdCBjb25zdGl0dXRlcyBhIEROUyBuYW1lLiBBbGV4IGhhcyBzdWdn ZXN0ZWQgdGhleSANCj4gc2hvdWxkIGNvbnQ9IGFpbiBhbiB1bmRlcnNjb3JlLiBNeSBjb2xsZWFn dWUgd2hvIHJldmlld2VkIHRoZSBjb2RlIGhhZCANCj4gYSBkaWZmZXJlbnQgb3Bpbmk9IG9uLg0K PiANCj4gDQo+IA0KPiBJIGFtIGFsc28gbm90IHN1cmUgd2hhdCB0byBkbyBhYm91dCBjb3B5cmln aHQgaGVhZGVycyBhbmQgd2hldGhlciBpdCANCj4gaXMgYWNjPSBlcHRhYmxlIG9yIG5vdCBmb3Ig bWUgdG8gYWRkIHRoZW0gaW50byB0aGUgZmlsZXMuDQoNClBsZWFzZSByZWFkIHRoZSBDb250cmli dXRpbmcgZ3VpZGVsaW5lcy4NClBsZWFzZSBkbyBub3QgdXNlIEhUTUwgZW1haWwuDQoNClBsZWFz ZSBkZW1vbnN0cmF0ZSBhIGJhc2ljIGFiaWxpdHkgdG8gcmVhZCBhbmQgZm9sbG93IGRpcmVjdGlv bnMsIG90aGVyd2lzZSB5b3VyIHBhdGNoIHdpbGwgYmUgZGlzY2FyZGVkLiBJdCdzIG5vdCBsaWtl IHRoZSBpbmZvcm1hdGlvbiBpcyBoYXJkIHRvIGZpbmQsIGV2ZXJ5dGhpbmcgaXMgbGlua2VkIGZy b20gdGhlIGZyb250IHBhZ2Ugb2YgdGhlIHdlYiBzaXRlLg0KDQpodHRwOi8vd3d3Lm9wZW5sZGFw Lm9yZy9kZXZlbC9jb250cmlidXRpbmcuaHRtbA0KDQotLSANCiAgIC0tIEhvd2FyZCBDaHUNCiAg IENUTywgU3ltYXMgQ29ycC4gICAgICAgICAgIGh0dHA6Ly93d3cuc3ltYXMuY29tDQogICBEaXJl Y3RvciwgSGlnaGxhbmQgU3VuICAgICBodHRwOi8vaGlnaGxhbmRzdW4uY29tL2h5Yy8NCiAgIENo aWVmIEFyY2hpdGVjdCwgT3BlbkxEQVAgIGh0dHA6Ly93d3cub3BlbmxkYXAub3JnL3Byb2plY3Qv DQo=

3 years, 9 months

1
0
0 / 0

Re: (ITS#8618) ldapsearch - unexpected behavior with

by arekkusu＠r42.ch

I am also not a C programmer. I've not even looked at patch at this point. I agree best practice says hostname are limited to specific ASCII characters. And underscore are indeed not included. However DNS name in general only have very few restriction (RFC2181) (2). I did some tests using the 'host' and 'dig' command and they do not perform additional validation. For example (2): $ host 'ldap://.test.com' ldap://.test.com has address 69.172.200.109 I would expect C library for resolving DNS names to already enforce those basic constrain. I believe we should be careful about performing additional validation/restriction. Micheal, you are *right* about the man page saying _hostname_. Indeed OpenLDAP only accepting hostname as per best practice/RFC might be the most correct behavior. However we can not change this behavior without breakable. consider: - Underscore are not that uncommon with Active Directory - What about internationalized DNS name - ... (probably more) Therefore I believe such change could only be done in a major release. And at that point we might just remove the depreciated '-h' option altogether. I don't know how OpenLDAP code work. I have a suspicion it might transform hostname + port into a URI. The ITC shows that (for some cases) hostname are handled differently when: 1. Using only '-h' without '-p' 2. Using both '-h' and '-p' And this is clearly not a correct behavior. Best, Alex (1) See RFC for reference but essentially: - A full domain name is limited to 255 octets (including the separators) - Each part of the domain (label) can be between 1 and 63 octets (2) test.com DNS seems to simply return the same A record for any subdomain (wildcard). It highlights that wierd name like works at the DNS level. PS: I exchanged a few email regarding DNS/hostname with Lawrence off the list. I believe this email summarizes the main points from my perspective. On Fri, 2018-03-02 at 18:48 +0000, michael(a)stroeder.com wrote: > andrew.lawrence(a)siemens.com wrote: > > I believe the following patch addresses this problem. I am still a > > bit conf used about what constitutes a DNS name. Alex has suggested > > they should contain an underscore. My colleague who reviewed the code > > had a different opinion. > > Disclaimer: Since I'm not a C programmer I did not really review your > patch in detail but just want to add some general notes. > > 1. Reviewing this ticket my is that the only problem is that > -h also accepts a LDAP URI because -H should be used instead. > IIRC -h was only meant to take an IP address or hostname. > Therefore I'd strongly recommend to simply reject an LDAP URI for -h. > Is that your goal? > > 2. The term "DNS name" is a bit too blurry. In case of option -h it > should be an IP address or . And according to best practices > hostnames SHOULD NOT contain underscores. > Whether you _allow_ underscores to accommodate some strange setups is > your decision. > > Ciao, . > > >

3 years, 9 months

1
0
0 / 0

Re: (ITS#8618) ldapsearch - unexpected behavior with

by hyc＠symas.com

andrew.lawrence(a)siemens.com wrote: > --_004_4CF710229787A0419BF92C9304DC6446E7927ADEFTHW99EI5MSXww9_ > Content-Type: multipart/alternative; > boundary="_000_4CF710229787A0419BF92C9304DC6446E7927ADEFTHW99EI5MSXww9_" > > --_000_4CF710229787A0419BF92C9304DC6446E7927ADEFTHW99EI5MSXww9_ > Content-Type: text/plain; charset="iso-8859-1" > Content-Transfer-Encoding: quoted-printable > > I believe the following patch addresses this problem. I am still a bit conf= > used about what constitutes a DNS name. Alex has suggested they should cont= > ain an underscore. My colleague who reviewed the code had a different opini= > on. > > > > I am also not sure what to do about copyright headers and whether it is acc= > eptable or not for me to add them into the files. Please read the Contributing guidelines. Please do not use HTML email. Please demonstrate a basic ability to read and follow directions, otherwise your patch will be discarded. It's not like the information is hard to find, everything is linked from the front page of the web site. http://www.openldap.org/devel/contributing.html -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/

3 years, 9 months

1
0
0 / 0

RE: (ITS#8618) ldapsearch - unexpected behavior with

by andrew.lawrence＠siemens.com

SGkgTWljaGFlbCwNCg0KTXkgZ29hbCB3YXMgdG8gb25seSBhbGxvdyB2YWxpZCBob3N0bmFtZXMg d2hlbiB1c2luZyB0aGUgLWggb3B0aW9uLiBBICBiaXByb2R1Y3Qgb2YgdGhpcyBpcyB0aGF0IGxk YXAgdXJpcyBhcmUgYWxzbyByZWplY3RlZC4NCg0KVGhlIHBhdGNoIHJlamVjdHMgaG9zdG5hbWVz IHdpdGggdW5kZXJzY29yZXMgYXMgYmVpbmcgaW52YWxpZC4gSSBoYWQgaGVhcmQgc2V2ZXJhbCBv cGluaW9ucyB3aGVuIHdyaXRpbmcgdGhlIHBhdGNoIGFuZCBvbmUgb2YgdGhlbSB3YXMgdGhhdCBB Y3RpdmUgRGlyZWN0b3J5IGFsbG93cyB1bmRlcnNjb3JlcyBpbiBob3N0bmFtZXMuDQoNCkFuZHkN Cg0KLS0tLS1PcmlnaW5hbCBNZXNzYWdlLS0tLS0NCkZyb206IE1pY2hhZWwgU3Ryw7ZkZXIgW21h aWx0bzptaWNoYWVsQHN0cm9lZGVyLmNvbV0NClNlbnQ6IDAyIE1hcmNoIDIwMTggMTg6NDgNClRv OiBMYXdyZW5jZSwgQW5keSAoTU8gTU0gUiZEIFVLIElYTCk7IG9wZW5sZGFwLWl0c0BPcGVuTERB UC5vcmcNClN1YmplY3Q6IFJlOiAoSVRTIzg2MTgpIGxkYXBzZWFyY2ggLSB1bmV4cGVjdGVkIGJl aGF2aW9yIHdpdGgNCg0KYW5kcmV3Lmxhd3JlbmNlQHNpZW1lbnMuY29tIHdyb3RlOg0KPiBJIGJl bGlldmUgdGhlIGZvbGxvd2luZyBwYXRjaCBhZGRyZXNzZXMgdGhpcyBwcm9ibGVtLiBJIGFtIHN0 aWxsIGEgYml0DQo+IGNvbmYgdXNlZCBhYm91dCB3aGF0IGNvbnN0aXR1dGVzIGEgRE5TIG5hbWUu IEFsZXggaGFzIHN1Z2dlc3RlZCB0aGV5DQo+IHNob3VsZCBjb250YWluIGFuIHVuZGVyc2NvcmUu IE15IGNvbGxlYWd1ZSB3aG8gcmV2aWV3ZWQgdGhlIGNvZGUgaGFkIGENCj4gZGlmZmVyZW50IG9w aW5pb24uDQpEaXNjbGFpbWVyOiBTaW5jZSBJJ20gbm90IGEgQyBwcm9ncmFtbWVyIEkgZGlkIG5v dCByZWFsbHkgcmV2aWV3IHlvdXIgcGF0Y2ggaW4gZGV0YWlsIGJ1dCBqdXN0IHdhbnQgdG8gYWRk IHNvbWUgZ2VuZXJhbCBub3Rlcy4NCg0KMS4gUmV2aWV3aW5nIHRoaXMgdGlja2V0IG15IGltcHJl c3Npb24gaXMgdGhhdCB0aGUgb25seSBwcm9ibGVtIGlzIHRoYXQgLWggYWxzbyBhY2NlcHRzIGEg TERBUCBVUkkgYmVjYXVzZSAtSCBzaG91bGQgYmUgdXNlZCBpbnN0ZWFkLg0KSUlSQyAtaCB3YXMg b25seSBtZWFudCB0byB0YWtlIGFuIElQIGFkZHJlc3Mgb3IgaG9zdG5hbWUuDQpUaGVyZWZvcmUg SSdkIHN0cm9uZ2x5IHJlY29tbWVuZCB0byBzaW1wbHkgcmVqZWN0IGFuIExEQVAgVVJJIGZvciAt aC4NCklzIHRoYXQgeW91ciBnb2FsPw0KDQoyLiBUaGUgdGVybSAiRE5TIG5hbWUiIGlzIGEgYml0 IHRvbyBibHVycnkuIEluIGNhc2Ugb2Ygb3B0aW9uIC1oIGl0IHNob3VsZCBiZSBhbiBJUCBhZGRy ZXNzIG9yIF9ob3N0bmFtZV8uIEFuZCBhY2NvcmRpbmcgdG8gYmVzdCBwcmFjdGljZXMgaG9zdG5h bWVzIFNIT1VMRCBOT1QgY29udGFpbiB1bmRlcnNjb3Jlcy4NCldoZXRoZXIgeW91IF9hbGxvd18g dW5kZXJzY29yZXMgdG8gYWNjb21tb2RhdGUgc29tZSBzdHJhbmdlIHNldHVwcyBpcyB5b3VyIGRl Y2lzaW9uLg0KDQpDaWFvLCBNaWNoYWVsLg0K

3 years, 9 months

1
0
0 / 0

Re: (ITS#8618) ldapsearch - unexpected behavior with

by michael＠stroeder.com

andrew.lawrence(a)siemens.com wrote: > I believe the following patch addresses this problem. I am still a > bit conf used about what constitutes a DNS name. Alex has suggested > they should contain an underscore. My colleague who reviewed the code > had a different opinion. Disclaimer: Since I'm not a C programmer I did not really review your patch in detail but just want to add some general notes. 1. Reviewing this ticket my impression is that the only problem is that -h also accepts a LDAP URI because -H should be used instead. IIRC -h was only meant to take an IP address or hostname. Therefore I'd strongly recommend to simply reject an LDAP URI for -h. Is that your goal? 2. The term "DNS name" is a bit too blurry. In case of option -h it should be an IP address or _hostname_. And according to best practices hostnames SHOULD NOT contain underscores. Whether you _allow_ underscores to accommodate some strange setups is your decision. Ciao, Michael.

3 years, 9 months

1
0
0 / 0

Re: (ITS#8618) ldapsearch - unexpected behavior with

by andrew.lawrence＠siemens.com

--_004_4CF710229787A0419BF92C9304DC6446E7927ADEFTHW99EI5MSXww9_ Content-Type: multipart/alternative; boundary="_000_4CF710229787A0419BF92C9304DC6446E7927ADEFTHW99EI5MSXww9_" --_000_4CF710229787A0419BF92C9304DC6446E7927ADEFTHW99EI5MSXww9_ Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable I believe the following patch addresses this problem. I am still a bit conf= used about what constitutes a DNS name. Alex has suggested they should cont= ain an underscore. My colleague who reviewed the code had a different opini= on. I am also not sure what to do about copyright headers and whether it is acc= eptable or not for me to add them into the files. >From b3d02c8478edaa877b39f3d8824b54dc7b70146d Mon Sep 17 00:00:00 2001 From: Andrew Lawrence <andrew.lawrence(a)siemens.com> Date: Thu, 25 Jan 2018 22:15:14 +0000 Subject: [PATCH] Added host name validation Removed spurious include Fixed review comments Fixed additional review comments regarding errorcode and underscore --- clients/tools/common.c | 14 ++++++++++++-- include/ldap_pvt.h | 4 ++++ libraries/libldap/url.c | 32 ++++++++++++++++++++++++++++++++ 3 files changed, 48 insertions(+), 2 deletions(-) diff --git a/clients/tools/common.c b/clients/tools/common.c index 5eb41aa..821b006 100644 --- a/clients/tools/common.c +++ b/clients/tools/common.c @@ -5,6 +5,7 @@ * Copyright 1998-2017 The OpenLDAP Foundation. * Portions Copyright 2003 Kurt D. Zeilenga. * Portions Copyright 2003 IBM Corporation. + * Portions Copyright 2018 Siemens Rail Automation Holdings Limited. * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -1242,7 +1243,16 @@ tool_conn_setup( int dont, void (*private_setup)( LD= AP * ) ) int rc; if( ( ldaphost !=3D NULL || ldapport ) && ( ldapuri =3D=3D N= ULL ) ) { - /* construct URL */ + + rc =3D ldap_validate_hostname(ldaphost); + if (rc !=3D LDAP_URL_SUCCESS) { + fprintf( stderr, + "Invalid host name %s\n", + ldaphost); + exit( EXIT_FAILURE ); + } + + /* construct URL */ LDAPURLDesc url; memset( &url, 0, sizeof(url)); @@ -1394,7 +1404,7 @@ dnssrv_free:; fprintf( stderr, "Could not create LDAP session handle for URI= =3D%s (%d): %s\n", ldapuri, rc, ldap_err2string(rc) ); - exit( EXIT_FAILURE ); + exit( EXIT_FAILURE ); } if( private_setup ) private_setup( ld ); diff --git a/include/ldap_pvt.h b/include/ldap_pvt.h index f1d93ac..6d1a6cb 100644 --- a/include/ldap_pvt.h +++ b/include/ldap_pvt.h @@ -2,6 +2,7 @@ /* This work is part of OpenLDAP Software <http://www.openldap.org/>. * * Copyright 1998-2017 The OpenLDAP Foundation. + * Portions Copyright 2018 Siemens Rail Automation Holdings Limited. * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -68,6 +69,9 @@ LDAP_F (int) ldap_url_parselist_ext LDAP_P(( const char *sep, unsigned flags )); +LDAP_F (int) ldap_validate_hostname LDAP_P(( + const char *hostname )); + LDAP_F (char *) ldap_url_list2urls LDAP_P(( struct ldap_url_desc *ludlist )); diff --git a/libraries/libldap/url.c b/libraries/libldap/url.c index b65e2b9..2702fec 100644 --- a/libraries/libldap/url.c +++ b/libraries/libldap/url.c @@ -3,6 +3,7 @@ /* This work is part of OpenLDAP Software <http://www.openldap.org/>. * * Copyright 1998-2017 The OpenLDAP Foundation. + * Portions Copyright 2018 Siemens Rail Automation Holdings Limited. * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -36,6 +37,7 @@ #include <stdio.h> + #include <ac/stdlib.h> #include <ac/ctype.h> @@ -1325,6 +1327,36 @@ ldap_url_parselist_ext (LDAPURLDesc **ludlist, const= char *url, const char *sep, } int +ldap_validate_hostname (const char *url) +{ + assert( url !=3D NULL ); + + // Empty host names are invalid + if (strlen(url) =3D=3D 0) { + return LDAP_URL_ERR_BADHOST; + } + + int prevalnum =3D 0; + int labelcount =3D 0; + int i; + + for (i=3D0; url[i] !=3D '\0'; i++) { + if (!(isalnum(url[i]) || url[i] =3D=3D '.' || url[i] =3D=3D= '-') || + (labelcount =3D=3D 0 && url[i] =3D=3D '.'&& !(i =3D=3D 0= && url[i+1] =3D=3D '\0')) || + i =3D=3D 255 || labelcount =3D=3D 63) { + // We have an invalid hostname. Fail. + return LDAP_URL_ERR_BADHOST; + } else if (url[i] =3D=3D '.') { + labelcount =3D 0; + } else { + labelcount++; + } + } + + return LDAP_URL_SUCCESS; +} + +int ldap_url_parsehosts( LDAPURLDesc **ludlist, const char *hosts, -- libgit2 0.26.0 With best regards, Dr Andrew Lawrence Siemens Rail Automation Holdings Limited MO MM R&D UK IXL 17 Langley Park Way Chippenham SN15 1GG, Gro=DFbritannien und Nordirland mailto:andrew.lawrence@siemens.com www.siemens.com/rail-automation<http://www.siemens.com/rail-automation> www.siemens.com/ingenuityforlife<https://siemens.com/ingenuityforlife> www.siemens.com/ingenuityforlife Siemens Rail Automation Holdings Limited - registered office: Faraday House= , Sir William Siemens Square, Frimley Camberley GU16 8QD. Registered No. 00= 016033 --_000_4CF710229787A0419BF92C9304DC6446E7927ADEFTHW99EI5MSXww9_ Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable <html xmlns:v=3D"urn:schemas-microsoft-com:vml" xmlns:o=3D"urn:schemas-micr= osoft-com:office:office" xmlns:w=3D"urn:schemas-microsoft-com:office:word" = xmlns:m=3D"http://schemas.microsoft.com/office/2004/12/omml" xmlns=3D"http:= //www.w3.org/TR/REC-html40"> <head> <meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3Diso-8859-= 1"> <meta name=3D"Generator" content=3D"Microsoft Word 14 (filtered medium)"> <style></style> </head> <body lang=3D"EN-GB" link=3D"blue" vlink=3D"purple"> <div class=3D"WordSection1"> I believe the follo= wing patch addresses this problem. I am still a bit confused about what con= stitutes a DNS name. Alex has suggested they should contain an underscore. My colleague who reviewed the code had a different = opinion.<o:p></o:p> <o:p> </o:p></= span> I am also not sure = what to do about copyright headers and whether it is acceptable or not for = me to add them into the files.<o:p></o:p> <o:p> </o:p></= span> From b3d02c8478edaa= 877b39f3d8824b54dc7b70146d Mon Sep 17 00:00:00 2001<o:p></o:p> From: Andrew Lawren= ce <andrew.lawrence(a)siemens.com><o:p></o:p> Date: Thu, 25 Jan 2= 018 22:15:14 +0000<o:p></o:p> Subject: [PATCH] Ad= ded host name validation<o:p></o:p> <o:p> </o:p></= span> Removed spurious in= clude<o:p></o:p> <o:p> </o:p></= span> Fixed review commen= ts<o:p></o:p> <o:p> </o:p></= span> Fixed additional re= view comments regarding errorcode and underscore<o:p></o:p> ---<o:p></o:p></spa= n> clients/tools/commo= n.c  | 14 ++++++++++++= --<o:p></o:p> include/ldap_pvt.h&= nbsp;     |  4 ++++<o:p></o:p></sp= an> libraries/libldap/u= rl.c | 32 +++++++++++++= +++++++++++++++= ++++<o:p></o:p> 3 files changed, 48= insertions(+), 2 deletions(-)<o:p></o:p> <o:p> </o:p></= span> diff --git a/client= s/tools/common.c b/clients/tools/common.c<o:p></o:p> index 5eb41aa..821b= 006 100644<o:p></o:p> --- a/clients/tools= /common.c<o:p></o:p> +++ b/c= lients/tools/common.c<o:p></o:p> @@ -5,6 +5,7 @@= <o:p></o:p>   * Copyright = 1998-2017 The OpenLDAP Foundation.<o:p></o:p>   * Portions C= opyright 2003 Kurt D. Zeilenga.<o:p></o:p>   * Portions C= opyright 2003 IBM Corporation.<o:p></o:p> + * Portions Co= pyright 2018 Siemens Rail Automation Holdings Limited.<o:p></o:p></p= >   * All rights= reserved.<o:p></o:p>   *<o:p></o:p>=   * Redistribu= tion and use in source and binary forms, with or without<o:p></o:p><= /p> @@ -1242,7 +124= 3,16 @@ tool_conn_setup( int dont, void (*private_setup)( LDAP * ) )<o:p></= o:p>    &= nbsp;          int rc;<o:p></o= :p> <o:p></o:p><= /p>    &= nbsp;           if( ( lda= phost !=3D NULL || ldapport ) && ( ldapuri =3D=3D NULL ) ) {<o:p></= o:p> -   =             &nb= sp;      /* construct URL */<o:p></o:p> +<o:p></o:p></s= pan> +  &n= bsp;           &nbsp= ;       rc =3D ldap_validate_hostname(ldaphos= t);<o:p></o:p> +  &n= bsp;           &nbsp= ;       if (rc !=3D LDAP_URL_SUCCESS) {<o:p><= /o:p> +  &n= bsp;           &nbsp= ;            &n= bsp;  fprintf( stderr,<o:p></o:p> +  &n= bsp;           &nbsp= ;            &n= bsp;     "Invalid host name %s\n",<o:p></o:p></spa= n> +  &n= bsp;           &nbsp= ;            &n= bsp;         ldaphost);<o:p></o:p><= /span> +  &n= bsp;           &nbsp= ;            &n= bsp;  exit( EXIT_FAILURE );<o:p></o:p> +  &n= bsp;            &nbs= p;      }<o:p></o:p> +<o:p></o:p></s= pan> +  &n= bsp;            &nbs= p;      /* construct URL */<o:p></o:p>    &= nbsp;           &nbs= p;      LDAPURLDesc url;<o:p></o:p>    &= nbsp;           &nbs= p;      memset( &url, 0, sizeof(url));<o:p></o= :p> <o:p></o:p><= /p> @@ -1394,7 +140= 4,7 @@ dnssrv_free:;<o:p></o:p>    &= nbsp;           &nbs= p;      fprintf( stderr,<o:p></o:p>    &= nbsp;           &nbs= p;            &= nbsp; "Could not create LDAP session handle for URI=3D%s (%d): %s\n&qu= ot;,<o:p></o:p>    &= nbsp;           &nbs= p;            &= nbsp; ldapuri, rc, ldap_err2string(rc) );<o:p></o:p> -   =             &nb= sp;      exit( EXIT_FAILURE );<o:p></o:p></= p> +  &n= bsp;            &nbs= p;     exit( EXIT_FAILURE );<o:p></o:p>    &= nbsp;          }<o:p></o:p></s= pan> <o:p></o:p><= /p>    &= nbsp;           if( priva= te_setup ) private_setup( ld );<o:p></o:p> diff --git a/includ= e/ldap_pvt.h b/include/ldap_pvt.h<o:p></o:p> index f1d93ac..6d1a= 6cb 100644<o:p></o:p> --- a/include/ldap_= pvt.h<o:p></o:p> +++ b/i= nclude/ldap_pvt.h<o:p></o:p> @@ -2,6 +2,7 @@= <o:p></o:p> /* This work is par= t of OpenLDAP Software <http://www.openldap.org/>.<o:p></o:p><= /p>   * <o:p></o:p>   * Copyr= ight 1998-2017 The OpenLDAP Foundation.<o:p></o:p> + * Portions Co= pyright 2018 Siemens Rail Automation Holdings Limited.<o:p></o:p></p= >   * All rights= reserved.<o:p></o:p>   *<o:p></o:p>=   * Redistribu= tion and use in source and binary forms, with or without<o:p></o:p><= /p> @@ -68,6 +69,9 = @@ LDAP_F (int) ldap_url_parselist_ext LDAP_P((<o:p></o:p>    &= nbsp;   const char *sep,<o:p></o:p>    &= nbsp;   unsigned flags ));<o:p></o:p> <o:p></o:p><= /p> +LDAP_F (int) l= dap_validate_hostname LDAP_P((<o:p></o:p> +  &n= bsp;    const char *hostname ));<o:p></o:p> +<o:p></o:p></s= pan> LDAP_F (char *) lda= p_url_list2urls LDAP_P((<o:p></o:p>    &= nbsp;   struct ldap_url_desc *ludlist ));<o:p></o:p> <o:p></o:p><= /p> diff --git a/librar= ies/libldap/url.c b/libraries/libldap/url.c<o:p></o:p> index b65e2b9..2702= fec 100644<o:p></o:p> --- a/libraries/lib= ldap/url.c<o:p></o:p> +++ b/l= ibraries/libldap/url.c<o:p></o:p> @@ -3,6 +3,7 @@= <o:p></o:p> /* This work is par= t of OpenLDAP Software <http://www.openldap.org/>.<o:p></o:p><= /p>   *<o:p></o:p>=   * Copyright = 1998-2017 The OpenLDAP Foundation.<o:p></o:p> + * Portions Co= pyright 2018 Siemens Rail Automation Holdings Limited.<o:p></o:p></p= >   * All rights= reserved.<o:p></o:p>   *<o:p></o:p>=   * Redistribu= tion and use in source and binary forms, with or without<o:p></o:p><= /p> @@ -36,6 +37,7 = @@<o:p></o:p> <o:p></o:p><= /p>  #include <= stdio.h><o:p></o:p> <o:p></o:p><= /p> +<o:p></o:p></s= pan> #include <ac/std= lib.h><o:p></o:p> #include <ac/cty= pe.h><o:p></o:p> <o:p></o:p><= /p> @@ -1325,6 +132= 7,36 @@ ldap_url_parselist_ext (LDAPURLDesc **ludlist, const char *url, con= st char *sep,<o:p></o:p> }<o:p></o:p>= <o:p></o:p><= /p>  int<o:p></o:p= > +ldap_validate_= hostname (const char *url)<o:p></o:p> +{<o:p></o:p></= span> +  &n= bsp;    assert( url !=3D NULL );<o:p></o:p> +<o:p></o:p></s= pan> +  &n= bsp;    // Empty host names are invalid<o:p></o:p></p= > +  &n= bsp;    if (strlen(url) =3D=3D 0) {<o:p></o:p> +  &n= bsp;           return LDA= P_URL_ERR_BADHOST;<o:p></o:p> +  &n= bsp;    }<o:p></o:p> +  &n= bsp;    <o:p></o:p> +  &n= bsp;     int prevalnum =3D 0;<o:p></o:p> +  &n= bsp;    int labelcount =3D 0;<o:p></o:p> +  &n= bsp;    int i;<o:p></o:p> +  &n= bsp;    <o:p></o:p> +  &n= bsp;    for (i=3D0; url[i] !=3D '\0'; i++) {<o:p></o= :p> +  &n= bsp;            if (!(isa= lnum(url[i]) || url[i] =3D=3D '.' || url[i] =3D=3D '-') ||<o:p></o:p></span= > +  &n= bsp;            &nbs= p;  (labelcount =3D=3D 0 && url[i] =3D=3D '.'&& !(i = =3D=3D 0 && url[i+1] =3D=3D '\0')) ||<o:p></o:p> +  &n= bsp;            &nbs= p;  i =3D=3D 255 || labelcount =3D=3D 63) { <o:p></o:p> +  &n= bsp;           &nbsp= ;       // We have an invalid hostname. Fail.= <o:p></o:p> +  &n= bsp;            &nbs= p;      return LDAP_URL_ERR_BADHOST;<o:p></o:p></s= pan> +  &n= bsp;           } else if = (url[i] =3D=3D '.') {<o:p></o:p> +  &n= bsp;           &nbsp= ;       labelcount =3D 0;<o:p></o:p></= p> +  &n= bsp;           } else {<o= :p></o:p> +  &n= bsp;           &nbsp= ;       labelcount++;<o:p></o:p></spa= n> +  &n= bsp;           } &nb= sp; <o:p></o:p> +  &n= bsp;    }<o:p></o:p> +<o:p></o:p></s= pan> +  &n= bsp;    return LDAP_URL_SUCCESS;<o:p></o:p> +}<o:p></o:p></= span> +<o:p></o:p></s= pan> +int<o:p></o:p>= ldap_url_parsehosts= (<o:p></o:p>    &= nbsp;   LDAPURLDesc **ludlist,<o:p></o:p>    &= nbsp;   const char *hosts,<o:p></o:p> --<o:p></o:p></span= > libgit2 0.26.0<o:p>= </o:p> <o:p> </o:p> <o:p> </o:p> With best rega= rds, Dr Andrew Lawrence Siemens Rail Automation Holdings Limited MO MM R&D UK IXL 17 Langley Park Way Chippenham SN15 1GG, Gro=DFbritannien und Nordirland <a href=3D"mailto:andrew.lawrence@siemens.com">m= ailto:andrew.lawrence@siemens.com</a> <a href=3D"http://www.siemens.com/rail-automation">www.siemens.com/rail-automation</a> <a href=3D"https://siemens.com/ingenuityforlife">www.siemens.com/ingenuityforlife</a> <img border=3D"0" width=3D"300= " height=3D"109" id=3D"_x0000_i1025" src=3D"cid:image003.png@01D3B24C.628B2= 0A0" alt=3D"www.siemens.com/ingenuityforlife"> Siemens Rail Automation Holding= s Limited - registered office: Faraday House, Sir William Siemens Square, F= rimley Camberley GU16 8QD. Registered No. 00016033<o:p></o:p> <o:p> </o:p> </div> </body> </html> --_000_4CF710229787A0419BF92C9304DC6446E7927ADEFTHW99EI5MSXww9_-- --_004_4CF710229787A0419BF92C9304DC6446E7927ADEFTHW99EI5MSXww9_ Content-Type: image/png; name="image003.png" Content-Description: image003.png Content-Disposition: inline; filename="image003.png"; size=9561; creation-date="Fri, 02 Mar 2018 17:32:42 GMT"; modification-date="Fri, 02 Mar 2018 17:32:42 GMT" Content-ID: <image003.png(a)01D3B24C.628B20A0> Content-Transfer-Encoding: base64 iVBORw0KGgoAAAANSUhEUgAAASwAAABtCAYAAAAbDlwIAAAAAXNSR0ICQMB9xQAAAAlwSFlzAAAS dAAAEnQB3mYfeAAAABl0RVh0U29mdHdhcmUATWljcm9zb2Z0IE9mZmljZX/tNXEAACTZSURBVHja 7Z0HfFVV8sdDEwEV7AURsQOWdYtrR1HsiAX76q5rL+ti278FlCotQAgdpPcWeu8ltEDoEDpKgNB7 lTD/+Z73brh5vEBCQPLi/Pjczwv33XvOmXPu/O7MnDnnRYnBYDBECKKsCwwGQ6TACMtgMEQMjLAM BkPEwAjLYDBEDIywDAZDxMAIy2AwRAyMsAwGQ8TACMtgMEQMjLAMBkPEwAjLYDBEDIywDAZDxMAI y2AwRAyMsAwGQ8TACMtgMEQMjLAMBkPEwAjLYDBEDIywDAZDxMAIy2AwRAyMsAwGQ8TACMtgMEQM jLAMBkPEwAjLYDBEDIywDAZDxMAIy2AwRAyMsAwGQ8TACMtgMEQMjLAMBkPEwAjLYDBEDIywDAZD xMAIy2AwRAzOGmH9dvSobNi3T5bt3CmLtm+Xpfr5y969suPQoZPee1SPI3o//1LdcWKkBo+jmfzn rnflZ66s1KOpp9wP3Juu3qB8GcqdJVlEUuVohuWFypKaenI5jh4NtPNIWtlHMyXnoSNHZL2Orxvv HVkbb4PhrBAWJLNg2zbptWKFVJsxQz4cM1b+MXy4vDJsmLwxYoS8O3asVJk8RWrNni2dly2T2Zs3 yyGfEvEX5FY/MVG+nzZdqul1VafPkB+nTZMey5fLpv3709V3UO/tu2qVu6bqjJnu+nTHnPBH1Zkz 9Z7pMvrXX2Xvb7+5sg5rWTM2bZJo6oyPP3a9+/80qT5rlozZsCFT/bD54EHprn3wg7abetLVq+eG rVkjOw8fTnfPVr2nl8r4vdZddVZCJmSZo+cTVG7tn4QEiU9JSVfedJWl4ew5UnVqvLvO1a/X/qDt 6b96tSPs48ZPj6QdO6T5vHny/ZQp2vZpEr1gvqzdsyesnAe1jLlbt0rnpKXyrcr1wZgxOt4j5BUd 89d1vN8JjndN7bvOy5bLEi3bYMgRhLVZ36S9lYTeGDxYrv25vUTFNJWoeg0kqlZtiapRU6Jq1pKo Oj9JVH09V7++XNSihbw/ebJsUUX1cFgVoKcqetFWrfXe+hLVrLle21CifvpJHhk0SOYqGfqB0lcc OTJQZsNGges5YptJVFOO2PBHA8qsK1UmTpQNQRLco8TVcP48ubSZ3le7jkQ1bxE4KC+6saujsirh Dl97M8L4Devl2q5dVYZ6EtWo8bGy+FvrfV+JfHUICSSpRVJp0OBA3fTdyWThfJMYiaqr/dSkidSc OzetLKiorpLOhdRJ/3Mtf1Ouln9Xt24yY3OKe8H4cUj/P0DJ7MZ2P0tU9Rpadj25pEMnGb9+/XEy phw8IJ2XLJFXBg6UK9q2DbSFMaP9jLV/vPX8pa3byI9KoEfFYDjLhIV10mTBArmhTVvJx4MKIaBU jQKKzoOfdvD/aj+4485+/WStug1+wsLKuLhFS6fYroygEjwycIAkhiGsp0aMDFzj1ekUWRWzYXTg XLiDNv7wo3yqxLHOR1gNVMmvpAy+j/WThP5do5aUVsWMW73KtTMj4Aq30HKiohsF6oIkvHbRJpXl w9FjjiMsXKjnVfkdwTRucnJZOAdZ/VDDfX6nVpifsOpoGy6CfHlZ0AbK4qhVRwo3bKgvi0nOqgsl rDi1/m5p2871D2NwRfsOMiGEsHDz6iTOkVItW0o+yqcttBOZ/ePNuHBQ1o/V5emRo44jSYPhdyUs lHdMcrLc07FjQDl40/I2V4Ur1KaN3NKjp5RXRawweJDcowR1fbfuUhAi0zd42T59ZNXu3emUve+K lfrGbhd4+Fu2UtJrIgUaNJCnhw6Reeou+rFLCauyKr8jRurFMvMOSM+zbEIPrlel/0otvA0HDriy cA1jlHRLtgxad5RB/XwqEaOIhRs3lvemTJatJ4jLJKqL9NKQIQGFhSDUskgrR4kjj9b76fjxssZH 1GDZrl3y8tChAYXHsuJ67s1IFs5RPuQVGys/KUH5CStaZSnepnWgHVzrlcU9WsdNXbupO7fluLEc vHat3N6pU8BSUiIqoZbiJJ8rzDVDlNRuwqryW4MxsXKu9lPpnj3VGtbxVov4Lh3vEp07S95GjdxL 4HF1FQ+nporBcNYIC5fu7QkTpGCDgOmPcubXN/ud+uBGz58vo/XtPH3LZpm5ZYtMSUmREUpubRct kq8nTpKac+bIxn370hPWylVyBS4lBISSNYmVAo2i5dlhQ2V+GMJ6Ra0kdy2KiGKqAt3cvYd8Mm2a xC5aLI0XLpRGC9If0eo+NUpMlKmqiPuDMSwsrKZ6bUnqVAvEkRR/88nhXMNGUlYJOHHLlgz7o1VS klzM9R7hQr5eOdrGPEqW/9H+WhtCWMshrGHDAgSEHJCLkn5pleUzlaWRtq2JXxb39wInR+MF82W2 r00QFtdeDalQHmXRDtrAp7bhXH0RfDNzuqwPEnYaGUFYSjKO6PS6Euo++glr+e5d8sboUQF3Lyhj fiXQu/r2lZaLF7vxnqFtYbwn6XgP/fVXablwgXyh7ndT/Txw5IhppeHsERaxl9K9ewfcAt78Sh6F oqPlo4kTZG9qxg8ngelfVWkPBAnjOMLCLXKE1VQKaHkVMyCsl/2ExaGK9oxadJBkVpCOsBpEB5Qb 4oB0OBe0+oopiUC4e8Mo3h5tz6eqmI4kIDiPePyEpWVkirCoVy2hSirLvG1bsyQLhNXYIywsNs/q pEyPfPV8SbWkRiihhCUsXPIwhDVuw3q5pkuXQDsZb5XnvKZN5XMl1RMh5cB+Wb9vr1lYhrNLWPO2 bZOS6uY5N8tZOOoaKIFUUvdmdPI62Xk489Pa2SIsL0CthPX84MEyJyTelSXCqt9Q8qpi5/e7cxCW 1lNQFfVFtTCWKsGEYowq8/1qWTpl177Io/fl13LyelZaVglLLdaXVJakXTuzT1jOhWx+TBZcOf0O t3jToUAs60gmCGu4ElzR9h0C40OZ2ifnqUv68sgRMmNTihsTgyHHEtbiHTvkpp69AhYWpKGKmUcf 5HP0eKBPX4mZmygLlTz2KSGcLNx6WghLlfzZQYOUsLJmlaQjLFXWIqrU1yn5lOjeXc6FPFBODlXi yzt2lKG//JJOHuyGL2fOkkJYHdqG/HrtNXpvcVX4ghBEMH6UVcKqrLIQkD9lwlIChziLKMmcQzs8 K4s69LubOnWWPmvWpMlwMsIaoy7flVhY0cFZWS0zj34WUbkrxPWX5uqeLtNnYp/PcjYYcgxhJe/b J88MHy55iWHxEDMljmLoQ5xPSexKffve36eP1FFlTti0yZHSGSEsyCro6lSIi5MJGze6a8jzIm4S ehxJTU1HOGmE1aaNmxG8WJX9ubFj5MMpU+Q62oMFiVzqEkI6NadPl22HDvr6Ya9UGDgokIYREyOX q7tF2sa96tLl9dyxU3AJn+4fJ9NTUlzfcHjt3x/8JGEzNKcqjbDatXPB7sLaL48OGSqPDR8hVzI+ Xt9qe/LqGFXRdro+0fsIut/WKWPCmqtj8NigwZKP7+l3rC1nPTaX/CrblUpcj/TvL/Vnz5b5mzeL wZCjCOugPug9V66QEq1aBaavIQ2UgoeYqfnglPxVqhwP9+4j38VPkykbN4TNXs8WYVFXcOaseOcu 8syo0fJRfLy8q4Tzjiokx7/1eH3sWPlMP1HCg754SjoLq0ZNOV/l+ffkSTJq3Tp5ZMCAgBxe/EeV 9TE9Fx+Mk6Hs7ZOSpBTfV68hBZs3c/lho5KTpZKSuXO/skpYkJzWdbXK8qzK8v7UqfKeJ4t+vj1x oryphFpl2jTnlocnrJ9dOsH52j+fTJosfZWMKpM6Adl4bmqdn+R2tZiGaFtx5oar5Xgbs4QZEBZ9 /vPixVKkadNA+gf9wXhRVsyxFIwSzZrJ42ph105IkGn6orLIlSFHEBbYffiQy6AuTt5PnTrBqfZm AYuEhzlo+eDinKtE9ESvnhIzb64sD8lFyjZhcT1K2rxlME+pbjAfKHjwd9Vqkl+VtOGcObLdF29J R1i1akleleXF0aNdlvf/zZolRZANhYRMlHQuVkus1dKl7l7SHCqNHiMFabOWX0q/67J8uctXqjw0 SEJZJSxPlhaeLPWOyVK/fiBfS+tC9t4rV2ZMWBCo1vlPJWrqbJyYKPmwFpGFOrTN+bX8jydNcvfO 27pF7uraLTALGIawQMr+/fKZkublseSs1T6WtEt9HEHXnKOYEttTSlytFy2Udfv3mUYazj5hgWR9 iOslzpE/6du6GK4hSoYC8/B60/tYDZxXl6uYPuz/VSVZu3t32ts324TFWz6o5Hm0nrxqJeQhhuMd KJEq+UW160gjdVm2ZUhYqoQxTeThIUNknbq8E9W9/AtxG6wOvodEtKyv1GoBvyipkX7gZFOyK9er l1tHifVZkex1L/B9yoTVMNj+oBxKWHloY7VqUlBl73ciwlJrkb6oQPB+506JVzftrl69A7IQb2Nc 6tSVcj16OHJep+16VC1hl2OVAWEB5KuhRH6buoTnM6vqkkeDrrkX2A+6tVhixVu2lJozpssWXxqF wXDWCAvgYrGGDZfrDlWAC/QBzgtJeDNKrYNuCIqib/BLVCFqz5gpm4IPcbZjWCiKln1Jx45y94A4 eVoJ4Aklnce9Y+hQKde/v0vsZD3ffl9qwnGE1aSJ3D9okIvREQf794gRASX30hy0/S/GDZBEbdPg 1aulODKpkudp3FheGzfOlUmO2UP94wLKfCqEpZ+Xduwk96j7+aTK/8TQY3I8pq5d+X79pPKoUW4N 5AkJS8ssN2CgzN26zc0ERifMlry8VLCyIBZtX3Gtq6aSOORUoV//gIV0AsJy4639N2ldsnyg1tut Sujn6ZilG28vlw3rS9tRSq3U6Hnz1SK3mURDDiAsD6zPS9Q3eeOEBKdUFzRvHlAAT0G8xFBV8Bu6 dpeJGzZmn7C8tXeqnOXj4qTv2jWyQq23FUoEy71j9y5nZazSz13qrh31BauPJ6wYR1jrg4mtPyXO lTzNmh3LqNfP6zt1lsqqrBWURAoFl/SUUPmaLF7s7lmybZvcq+6Qm4w4lVlCJZLHVJah69YFZNl9 TA4+2RlhtZ4PnZELS1hKcLO3BmZOIaDSPXoEEmSdBdxa8ukY3dCjp3w8darcQZtjAkttSnTNmLC8 upJVloSUFKk9c6aU6907EN/CsqJsz00MrqO8Q627+Vu3isGQYwjLw04lBXYRaLNggVSM6x+IA7nU h6C7EMzd6pS0zF2PvdNvVfbTGlhEvCDk2pMhQ8IKEsuI9evlbyTIQrxBVyq/klBBlaOAl/ag7toL g4bIymCOFqR9d58+p05YWteLKsty3/KlzCAcYT0EYQWz4Ynd/aTu+3lqDabN7AZnMi/v0lUuVCLO G0zhOBlh+bFZLeUpem3s3ER5ROXO1zS46NpLnFUCLqr/767jvd8y3g05jbD8mLxxg7w6cqQUhVQa x6RNq6OczZXQQOppIizysGadYPlMVghrXZBYcFu/nTIlveUQDKS7+JlaJHljY6WGbxHyHCWse7JJ WC9oGxZlcVuWkxEWWLxtq9xOwq+3dhFCoc4gweQNvlCyQlj++kevT5aX1I0ujKXGEUynuEj/jk5M lO22T5bhbBAWbhWxjIOZWHLRfNEiucYFrBsEyCg469Z2yZLTR1hq5VQaPFhmbc1G4qiPsH7xEQv7 fBWBeNJicm2OxeRIwuzaVfr98svpIywts7LKsuRUE0dPQFj0HTs8FPN2xPDWPHopFRlYWMTA9mdi vGlDmyWL5BIv1SG4hrGYjlMbfQ72WGKp4WwQFg/vZH2g+6syE8dgMTTKwAO5N3gQZF26c4e8PW6c nA+xoCQoub7dL2zfXoYElfxIdoPuwbVtd/fpK22SktzOCTM3bZIZ2q5jxyaZvnGjxK/f4DKyvQ38 9maCsNiP61E9lw+rxIvHBZfcIEsoEWWbsFTB71NZOixf7uSYdZwsKS6pNH7DRlmupHbQ52adjLAA Y1KO9tWtf8x1847grhahhLVNLaNxycluvHF5t2Uw3nO0798YMyYQ2/MWpjdoINd07CTjk9fbvliG s0NY5CB9OW2alNaHvGz7DvLkiJHypipklenT5JtZs+T/Zs6Uf0+aLA8OGuh2MWDZjjczVaBOHXUb hqdZENlOawjGYYro/dequ3Nrr95ud4Uy/qNnLynTpauU1rZ8PnGS1h2IN+1TZT8ZYe1SZWwyb54U i4kJxN+8tANtayG9r8/Klen2e8oWYQW3gzlPZSmlspTVdh8nC0e3blJa+/MrUkT27skSYZHrjwt7 WfNgnpyXTHoCwlq5Z49LR7lFXzy3duokz4wapeM7ST4PjvfXOt5v6//v7R8nRVu1OjbeasUVql9f Xh87TpL37TfNNJwdwiLQ+tb48YGsZxIZlTjyqWJeoA/8xS1bykWsK3T7Jfk2siMBUq//c5cuMm7d urQALCv5++ibO/1+WI0lv76ZmdYPtx/WC/79sLyUA9+eV2E3viO59bvv5Yl+cTJzS8B1ZPcFNiG8 hjLY10vvv3vAgOO2B56nSn9r9+7H2qdyFWBmUl23BSGxpgSC7uQ8QQbBrW8gj0/GjZc1YXYcdfto eTuthsqS0YaE9OX3VeWZ/v3TrTmMVsK6irWEP1Z3ZT4QFxc2rkebn9R707LWfcuIqJNM+4k+wlq2 e7e8zi6vWmdU9eruOsa3aHC8L1Q5C3hJtjGxgYN0kJo1nTU34yTLswxGWGcUuASfxcdLfhRNScBl SKPwLNMJ7izqttvlPErH4mG1UJ7u2096rFol/rkiCKvb0qVSiIedMiAFrB1Vunvj+klCSFyKHUfL k0lOtrW3P1Ojxsd2+8yIsGoHCatv/zTC2nPkN6mdOEcu4P6v/+cU+MZevdJtMAgIFr+lFhLJlp5s 5yghxarltSMkv4glKWVZl0dfUC+Kq7L8S63QlSHlElh/sl+/QJn1G2ROFo+wVJaKSjpJvh0kasxN VHdM+/HLr1yZZXv2lPjNm8KOYcPERCmMRUufUzf1Mp4q2/lqcY1VF9ADGw9+OH5CgOBoa0bjjawN AwmlV+nLhN1UB/q2sjEYzgphEbPgByUq9Okrt7RuLdepdXS1vqFZBHu5vnk5rmrRQkrqm/tmdRmf 0Ae3ekKCiy+FgjfvyLVr5UElitLqCpXp3kPK6D23aZnvjh93XPCZuMnHU+PdNWU6dgpcf7IDN0qt hjJt2sgXEyamuYRYeR2SkqR8D70mtrkr88UxY1ziqB8HlFR7rVwh5Tp0lJL16kkpJdcHyS0KY72w S8Vr6ubhspVRt66MklfZdu2k1vTpLoPeD/KpqqilSrvKdO2aOVk41GUro6Ty1cSJ6dzMn5cluX4s oxYOZb46ZrS61OG33Jmt7XxPZS2j40cbXR+p9VtaXcryAwa6Rese2Fa53aLFcp/WfYtacKX0YLyv 0PG+jPHWTzfeeq5Mx45SUd3q2uoqrsjixIHBCOuMAOOeXTuX79whE5PXSb8VK6WtPtAxanHU0zc3 v4DTbP586bJkiYzVNyx5TRntOklZW9XFnK0KQj7PtI0pEs+OpXosDbNlCfGipB07Zep6vTZ4fdqR kvERz7VqNazwlcmOB7Rttn4/Vd1UriGX61CYtrJGcOyaNdJZXcieahGO0/aFyyvaqxbXQiXmKfr9 NAL9GwLtXK2W0MGQ6+lDJgGm6rXxem2mZdFruYd7/f3K0hkny6/rnKyLlJT2ZJBhjuwbVfbpyevd LqyubP2k3fyykX+PK2aF6TN+AWe8jid78LdetEga63jXZbznzpVYHe+u2i+TtN4t+/fbLqOGnENY oYRz8EiqKsZvTqm3BQ9cNx7y1Fw0N3Q4qLgQ1R81JoPUkBGzgseN9xFLWzBkHfbLzwaDIWJghGUw GCIGRlgGgyFiYIRlMBgiBkZYBoMhYmCEZTAYIgZGWAaDIWKQqwmLJMZ169bJ8uXLZecfLJMa2ffv 3y979+6V307zVi0HDhyQ7du3n/ZyDYaTIVcTFiT1+eefy6OPPio9evRIt+VxbsERfi8wTKb4xo0b ncwdO3aUX3x7cGUXhw8floEDB0q9evVk1KhRcvDgwTPSr6mpqY4QU0P21eL/4eSlDbt375a1a9c6 Mk21n7zPlcjVhDV37lz5+9//LlFRUfLf//43Vz7EK1askDFjxkhSUlI6RR4yZIhcd911csMNN8iE CRNOS11YVv369ZP77rtPLrnkErn33nulZ8+esm/f6f15Ll40tH/48OGyNWRN6XqWMU2bJosXL043 nitXrpSPP/5Y/va3v0mVKlVkSXDTR0PuQq4lLCyBAQMGOIW96KKLpGHDhrnSwoqPj5dXX31Vnn76 aUdcyJicnCzvvPOOI2q+W7Vq1WmpC0utQoUKcsEFF8iDDz4oL730ktSoUUO2bdt22uTZs2eP/Pjj j3LnnXc66ziUsJDlm2++ce34+eefnTUF2rdvL0WLFpWCBQtK2bJl3f8P26/v5DrkWsLCPahbt64U K1ZMHnjgAZkxY0aulHP16tVSrVo1eeyxx6Rr166OsOLi4qR48eJy+eWXy8yZM09LPcTCcC8hq2ee eUamTp0qiYmJznrbE7J3V3awcOFCufbaayVv3rxSs2ZNORSyt/uOHTukefPmctddd8l//vMf2cAi 9AULpFy5cnLeeec5smvUqJGzzojhGXIXci1hpaSkSKVKlZyV8a9//Us2b978u9SL2/R7v9mpE0Vn cgEQX0JurJQNWfyBiBMRSfny5eWcc86Rtm3bnjE5KBuLGAsKlz4cIK2JEyfKyJEjHVk2aNDAyfvn P//ZWZcA99gsrNyHXEtYxHZKlSrlHuTatWs7y8P9IMbBg+4hP5TFX2XhvhMpAGUTR+ndu7eMHj3a EaQ/xkJ9KOSRTG6lciruK2VT51dffeXkfu+992RLFn8dKCMMGjRIChUqJFdddZUjizMB4lJPPfWU nHvuuRIdHX3CvkJO+pSxfPvttx2Rfv3116fV2jMYYf1umDJlilxxxRXOJezSpYs7RzCXmMvjjz8u nTt3znRZixYtcm9x7sHSQClClYn40Ysvvih/+tOfXFAaK2fNmjVp9aKAX375pYs5nQwQH9fh7vmJ C8Lzuzko7bJly9ICzAS/IZNHHnnEKT1xLMiT8jIiaO4h9QNCzgh8h3t9/vnnu7jSpk2bsj0+tJ1y /aQ+bNgwKVKkiKsHly4zYDxwB6+//noXqPePi9/yPGwpGEZYORUoZ7du3VwMBzdh/Pjx7jwEcvPN N6fNGnrKSHC+T58+TnH9YFqdWTDckzJlyjiXCDfz+++/l1mzZqVdxzQ/JMX3BIQJ/uKOTZo0yX0/ f/58ufXWWyVfvnyOyDwQe4EMUSwPEFT16tXloYcekm+//VaO+BS6e/fubiZs3Lhxrt3MmGFV/POf /5SEhAQXFH/33XddnAmL47bbbnMkyvefffaZ9OrVK51rPG/ePEdq//jHPxzBZ2TRcA9l0J8tWrRw 1it9hWuGC0bMjDhabGysI0cP9PfkyZPl1+DWx5Br69atXf/x4qA9/oB9mzZt3Njcfffdrm2hgJiJ m+32bR9NXO3SSy91lpmfdKdPn+7qefbZZ11IoGOHDmntMBhh5SgwcwQxEAthJgsFg3yGDh3qpuOZ RULpUbiqVavKTTfd5AipXbt26R568pgIAF922WWOPJ5//nmnUBAB9wMUjhk6zr/88svStGlTp3Af ffRRWr2tWrVyAWHqHTFihLPQqIvg9SuvvOLa5ZEV9/zlL39x5eHqeMDi+utf/+rO4/IhI4QIAaOw kBlxuw8//NCRVYkSJdz0PkTCpAP3Pffcc2kW2tKlS+WNN95w57mWeJBHWPQBhITS9+/f3xEohMsM HNYMBPDJJ5/Id9995wgU6+biiy+WkiVLuv9j0SA3biSzlFxLH0Ce9DPt4TpeKh5hYenRVsj2008/ PY5cINS33nrLWXgQPWMH2VMmMlAmVhkueZMmTVzfknZBf/DyuK5UKUeIBiOsHAfe+lhQWDq4YRAE 0+P/+9//5EJ1EWvVquWUmwcbBcFyyJ8/v3v4UVSUDTK4/fbb3WwbDzplonhch1XCrBmWEd+hqNTF TN2bb77pZqk8S4bZNFw04j9Mw3Mf90CC1MtsGC4qeVQASw8CgYhwkSAxCACiQDEvvPBC+eGHHxxh MSvoETDtpd2QLGVTp0e+XIdrjOJiAWH5oMiURxsgd3+sCzKDFMlhQ37cNNoJ6UJcWH+epcp5SAgL DkLEDf/iiy9ceVietI3rOK6++moXVxs8eLDrT/rPc3khKKxD5MF99q9MgJi8lwIWLtbXnDlzHIEx fp4c9D/EhTvsET6zw1hftB231mCEleOA64FlhaLhpgACuk888YQUVuLgTY71ceONNzpLiLc/ikXO FrEossS5n4ee71Gmli1bOuXFrYuJiXEWwdixY930ukckkCPKDinhljLLhRJi8WCdQCaQFfWigLhX 3E+ZtIkycU+x6rCmyCSHiCACys+TJ49TetoLCeNeQYT33HNPWjY7bhbKS3a/ZzFBUMjD+ddff10q V67srDLKox9CA9XIhRUJCVM27UVGXF5cPGYeIX3OQTBYP7SdGFLp0qXdAclC1p5VSH0QJ0QbbvIC d++FF15wbaSf/Offf//9NBLCBaZvSdegjRAmMS9IFDeTlAcIlGshbQgSEuMFxtgYjLByHIhzEFOC KHARAIrmWQXXXHONXHnllU55saiIiXjuEdYTb3CPsMgWhzBQQqwrrB9IDHfotddec9YRiu2RG2SH YqA8vPHvv/9+F4iHsFAkFPLhhx92iki9KBiu6y233OIC5FgeWA4oIQqJRQP5oOxYb7QB5cOVwi2F ZCFbYmpYKygy9UEUXjwJ4kImZkupG5KjvcR3vFQIP7AOifvRHkj3gw8+cPXiqnnxNqwkZMGimj17 tjuHZVm4cGFnyZHg2aFDB2fZ0d9YTXtDfhzWD9qK+0h5uJKAupGZscLlpM0QO8ACYxIE+ZG3b9++ jkghROKIvKxoH5YkpH86JgoMRlhnBASg77jjDveA42IBSMQjIQ5iR8RCPGAl8D1LO7CmiCvh2mBh QGIoO2kSKCBEgrtBNjWJk82aNXPWBy4kVkLFihVdOdyHImE18T2kBcF5wXhA4JyysWJwXWgT7g7k h/WFEnszZrhYEBiu63pVzh1B5cSSINaE5QEJQmjcC6n4ZwdR8k6dOjmCRaEzG9MhQRPXq379+mnL cLA6ISEmNch6h/xJeYCUkRmrDReavsa1PBlhcD0WJy8E+ohYFWTPi6JOnTquDQUKFHCfHiBpyBo3 ERffA2MNuWKVQmbICQHT78TqcLUhWUuBMMLKEcAFwj1DkXBvAJYBf+NeEPANl5SI20hcC4UjHoSS EQPh7c9sIZYCiotyhuYioRDUCcFgkWBt+JfEQICkRoSrl3gPyop7hhsFUEDq8Aef+Rt3Cctie/BX pLHUsCIhOc/Vos2Ux5o7P2FBNpAsioySZ2a9HRYjBImVw73+tApv8gCCwarCzfW7cySBUo9/ZvRE YOEykyBYwlidvAAYD4DVjMWKZYvFiFxYcLSLSYDQ9Yz0PbOEWNoE33mJMDYcjD9jvD3kl8INRlhn BSguDyxvVBTODxQuK4ugcY8IljMT5mVTM9OXEY5k4zf2cOl27dqVqQztzCSWhl7DTCMzolh6zNBl BvQjRIRrjKUYrm24YricfisH8JJgsiMrW/tAPLwcsDo98gZMIGAZEdfzEkZZH4q1iDUVDlwHaWMZ cg1WK5MJxADJz7JMeCOsHAWIKTsLnlE03EJv1o7AL2/rM5XpnRUyOpW+IEhPXI8Zx3B5TuHABAaW DURHTOv32PECoiHeFdoPEAzfcZ6xIZ5FPI4xOlFfQm7E/CBPrCr+b3t5RSZsx9ETgLcxKQLEhHAh sDIIgBMjizTgUpEAi6vFFjGZXRiM1cSkA6SdkYV1NkAeFu4h1iIzh4Y/BoywwgBXBuVkpo44GEpL MJzAOLNWkZgxjRvETB9T/KGu24kAQRFXIpkVNzKn7ICABUacEKuXmUDDHwNGWGFATIacLWbSmFXD rSD4S84RW55E2rYlECxBZ5InveTVrIAgPgF0LMusLho/U8ClIz7FODFT6l/eZMi9MMIKAeSEguIC oQxeZjizXbgfrF2LNJB+wOwmaRu5SbGx/gjCk+zrX19oyL0wwgqBtycTmdmkIQBmq8gwJx0gs7sI 5BQQbCYHDHfWS8jMTcDSwuqzPdz/GDDCCgEzSEyD4/55WfIkYGKhsGOBt2VMJICZNG9NJesos+oK Ggw5DUZYIeBtTZ4VGdRkauNOPfnkky6J0VtgHAlg+p5lP6Qx4AqSnmAwRDqMsMKAKXO2iSFQTcIo 6/LIYYqk+A9rBEmWJPZGSoPBkBtghJUBiImwBIblMriEkQZmBrEUQzclNBgiGUZYJwDLRAhaR+IS DlzXE217bDBEIoywDAZDxMAIy2AwRAyMsAwGQ8TACMtgMEQMjLAMBkPEwAjLYDBEDIywDAZDxMAI y2AwRAyMsAwGQ8TACMtgMEQMjLAMBkPEwAjLYDBEDIywDAZDxMAIy2AwRAyMsAwGQ8TACMtgMEQM jLAMBkPEwAjLYDBEDIywDAZDxOD/AfJ2nuAo4uJvAAAAAElFTkSuQmCC --_004_4CF710229787A0419BF92C9304DC6446E7927ADEFTHW99EI5MSXww9_--

3 years, 9 months

1
0
0 / 0

(ITS#8812) OpenLDAP 2.4 Standalone or embedded

by muthamma.appaiah＠wellsfargo.com

Full_Name: Muthamma Version: 2.4 and 2.3 OS: URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (2620:160:e708:6::a) Hi team, Could you confirm if the product OpenLDAP is a stand-alone product or embedded?

3 years, 9 months

1
0
0 / 0

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

openldap-bugs March 2018