(ITS#8878) PBKDF2 Is Broken (1 in 64 hashes)
by jroose@gmail.com
Full_Name: Jon Roose
Version: HEAD
OS: Linux
URL:
Submission from: (NULL) (68.134.180.197)
The b64_to_ab64 function within the pbkdf2 password module is incorrect.
When str[0] == '+' this function fails to convert that first character to a '.'
The file in question is here: contrib/slapd-modules/passwd/pbkdf2/pw-pbkdf2.c
and occurs at line 62 in the current version of the file.
This occurs because when you write while (*p++), it changes the pointer and
skips over the first character of str.
This needs to be replaced with a for loop such as:
for(char* p = str; *p; p++)
This is a significant bug in this module, because it causes the hash algorithm
to fail to be replicable by outside hash implementations 1 out of every 64
hashes on average.
5 years, 4 months
Re: (ITS#8877) Issue while setting up openLDAP 2.4.44 with mdb
by ryan@openldap.org
Hello,
On Wed, Jul 11, 2018 at 02:16:16AM +0000, sakshi311(a)gmail.com wrote:
>Issue while setting up openLDAP 2.4.44 with mdb. Getting following error when
>trying to setup up mdb database instead of hdb using ansible -
>fatal: [tokyo-ldap1]: FAILED! => {"changed": true, "cmd": ["ldapmodify", "-Y",
>"EXTERNAL", "-H", "ldapi:///", "-f", "/tmp/db.ldif"], "delta": "0:00:00.009641",
>"end": "2018-07-11 02:02:47.684653", "msg": "non-zero return code", "rc": 32,
>"start": "2018-07-11 02:02:47.675012", "stderr": "SASL/EXTERNAL authentication
>started\nSASL username:
>gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth\nSASL SSF:
>0\nldap_modify: No such object (32)\n\tmatched DN: cn=config", "stderr_lines":
>["SASL/EXTERNAL authentication started", "SASL username:
>gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth", "SASL SSF: 0",
>"ldap_modify: No such object (32)", "\tmatched DN: cn=config"], "stdout":
>"modifying entry \"olcDatabase={2}mdb,cn=config\"", "stdout_lines": ["modifying
>entry \"olcDatabase={2}mdb,cn=config\""]}
The ITS is for reporting bugs in the software, not for user support. The
command output clearly shows that you are attempting to modify an entity
that does not exist.
If you need assistance with configuring OpenLDAP, please contact the
openldap-technical(a)openldap.org mailing list, or one of the support
services listed at <https://www.openldap.org/support/>.
This ITS will be closed.
5 years, 5 months
(ITS#8877) Issue while setting up openLDAP 2.4.44 with mdb
by sakshi311@gmail.com
Full_Name: Sakshi Mittal
Version: 2.4.44
OS: Centos7
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (110.161.122.132)
Issue while setting up openLDAP 2.4.44 with mdb. Getting following error when
trying to setup up mdb database instead of hdb using ansible -
fatal: [tokyo-ldap1]: FAILED! => {"changed": true, "cmd": ["ldapmodify", "-Y",
"EXTERNAL", "-H", "ldapi:///", "-f", "/tmp/db.ldif"], "delta": "0:00:00.009641",
"end": "2018-07-11 02:02:47.684653", "msg": "non-zero return code", "rc": 32,
"start": "2018-07-11 02:02:47.675012", "stderr": "SASL/EXTERNAL authentication
started\nSASL username:
gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth\nSASL SSF:
0\nldap_modify: No such object (32)\n\tmatched DN: cn=config", "stderr_lines":
["SASL/EXTERNAL authentication started", "SASL username:
gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth", "SASL SSF: 0",
"ldap_modify: No such object (32)", "\tmatched DN: cn=config"], "stdout":
"modifying entry \"olcDatabase={2}mdb,cn=config\"", "stdout_lines": ["modifying
entry \"olcDatabase={2}mdb,cn=config\""]}
5 years, 5 months
Re: (ITS#8876) Problems About LMDB
by hyc@symas.com
wisbyme(a)gmail.com wrote:
> Full_Name: Daniel.L
> Version: LMDB 0.9.70
> OS: macOS or WIN10
> URL: ftp://ftp.openldap.org/incoming/
> Submission from: (NULL) (113.109.207.158)
>
>
> Hello,
>
> I found some problems about LMDB from github.
> Some problems in windows, I have posted the code behind.
> The same code in macOS, getting data often fails. It always returns
> MDB_NOTFOUND.
> But I can't find the reason at all, is it not available in macOS?
>
> Thank you.
No idea what the below means. Learn to use git, learn to use diff.
> ------CODES MODIFIED----------------------------------------------------------------------
>
> typedef LONG NTSTATUS, *PNTSTATUS; /// LJJ added 2018.07.10
> typedef NTSTATUS WINAPI NtCreateSectionFunc /// LJJ modified 2018.07.10
> (OUT PHANDLE sh, IN ACCESS_MASK acc,
> IN void * oa OPTIONAL,
> IN PLARGE_INTEGER ms OPTIONAL,
> IN ULONG pp, IN ULONG aa, IN HANDLE fh OPTIONAL);
>
> static NtCreateSectionFunc *NtCreateSection;
>
> typedef enum _SECTION_INHERIT {
> ViewShare = 1,
> ViewUnmap = 2
> } SECTION_INHERIT;
>
> typedef NTSTATUS WINAPI NtMapViewOfSectionFunc /// LJJ modified 2018.07.10
> (IN PHANDLE sh, IN HANDLE ph,
> IN OUT PVOID *addr, IN ULONG_PTR zbits,
> IN SIZE_T cs, IN OUT PLARGE_INTEGER off OPTIONAL,
> IN OUT PSIZE_T vs, IN SECTION_INHERIT ih,
> IN ULONG at, IN ULONG pp);
>
> static NtMapViewOfSectionFunc *NtMapViewOfSection; /// LJJ modified 2018.07.10
>
>
> HMODULE h = GetModuleHandleA("NTDLL.DLL"); /// LJJ modified 2018.07.10
>
>
>
>
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
5 years, 5 months
(ITS#8876) Problems About LMDB
by wisbyme@gmail.com
Full_Name: Daniel.L
Version: LMDB 0.9.70
OS: macOS or WIN10
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (113.109.207.158)
Hello,
I found some problems about LMDB from github.
Some problems in windows, I have posted the code behind.
The same code in macOS, getting data often fails. It always returns
MDB_NOTFOUND.
But I can't find the reason at all, is it not available in macOS?
Thank you.
------CODES MODIFIED----------------------------------------------------------------------
typedef LONG NTSTATUS, *PNTSTATUS; /// LJJ added 2018.07.10
typedef NTSTATUS WINAPI NtCreateSectionFunc /// LJJ modified 2018.07.10
(OUT PHANDLE sh, IN ACCESS_MASK acc,
IN void * oa OPTIONAL,
IN PLARGE_INTEGER ms OPTIONAL,
IN ULONG pp, IN ULONG aa, IN HANDLE fh OPTIONAL);
static NtCreateSectionFunc *NtCreateSection;
typedef enum _SECTION_INHERIT {
ViewShare = 1,
ViewUnmap = 2
} SECTION_INHERIT;
typedef NTSTATUS WINAPI NtMapViewOfSectionFunc /// LJJ modified 2018.07.10
(IN PHANDLE sh, IN HANDLE ph,
IN OUT PVOID *addr, IN ULONG_PTR zbits,
IN SIZE_T cs, IN OUT PLARGE_INTEGER off OPTIONAL,
IN OUT PSIZE_T vs, IN SECTION_INHERIT ih,
IN ULONG at, IN ULONG pp);
static NtMapViewOfSectionFunc *NtMapViewOfSection; /// LJJ modified 2018.07.10
HMODULE h = GetModuleHandleA("NTDLL.DLL"); /// LJJ modified 2018.07.10
5 years, 5 months
(ITS#8875) [Patch] Performance problems in back-mdb with large DITs and many aliases
by hbohnenkamp@united-internet.de
Full_Name: Henrik Bohnenkamp
Version: >= 2.4.44, HEAD
OS: Ubuntu 18.04, Coreos 7.5
URL: https://github.com/hbo/openldap-mdb-deref-problem
Submission from: (NULL) (77.176.95.241)
This is a followup to
http://www.openldap.org/lists/openldap-technical/201805/msg00065.html
When MDB is used as backend database and with large DITs (O(10^6)) with many
alias entries (O(10^5)), search requests with deref=always and scope=sub will
take prohibitively long. Servers with a high request rate might become utterly
unresponsive. This problem is not present in the HDB backend.
In this issue I want to contribute two things:
- a means to demonstrate the problem; this in the form of two scripts
(bash/python) which set up a large test DIT and start two slapds (one HDB, one
MDB) to allow easy comparisons of the performance
- a patch to fix the problem
The patch is certainly not production ready (or, if it is, it needs still
exhaustive testing to inspire confidence), however, I think it is far enough to
at least discuss the approach.
Both the scripts and the patch, together with instructions how to use the former
can be found here:
https://github.com/hbo/openldap-mdb-deref-problem
I am looking forward to discuss the patch.
5 years, 5 months
Re: (ITS#8874) --with-fetch incorrectly links libcom_err
by hyc@symas.com
quanah(a)openldap.org wrote:
> Full_Name: Quanah Gibson-Mount
> Version: 2.4.46
> OS: FreeBSD 11
> URL: ftp://ftp.openldap.org/incoming/
> Submission from: (NULL) (47.208.148.239)
>
>
> When building OpenLDAP on FreeBSD where the fetch library is available, slapd
> picks up a dependency on libcom_err which shouldn't exist.
>
> This comes in from lines 934 and 944 of build/openldap.m4:
> 934 LIBS="-lfetch -lcom_err $LIBS"
> 944 ol_link_fetch="-lfetch -lcom_err"
>
> These should be updated appropriately and configure regenerated
Careful here. There may still be releases of FreeBSD that linked libfetch
against com_err, for whatever reason. You'd need to check that libfetch
exists, and then check that linking against libfetch by itself succeeds or
fails. (And if it fails, put com_err back in and try again.)
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
5 years, 5 months
