December 2020 - openldap-bugs

[Issue 9393] New: Provider a LDAP filter validation function

by openldap-its＠openldap.org

https://bugs.openldap.org/show_bug.cgi?id=9393 Issue ID: 9393 Summary: Provider a LDAP filter validation function Product: OpenLDAP Version: 2.4.56 Hardware: All OS: All Status: UNCONFIRMED Severity: normal Priority: --- Component: libraries Assignee: bugs(a)openldap.org Reporter: best(a)univention.de Target Milestone: --- In many situations I need to validate if a user submitted LDAP filter has valid syntax. It seems there is no official function to check this. Could you provide one? libraries/libldap/filter.c: ldap_pvt_put_filter() can be used as a basis. -- My current workaround is using a unconnected ldap connection and do a search with that filter. This yields a FILTER_ERROR (invalid filter) or a SERVER_DOWN error (invalid filter). See also: https://github.com/python-ldap/python-ldap/pull/272 -- You are receiving this mail because: You are on the CC list for the issue.

2 days, 13 hours

1
2
0 / 0

[Bug 9256] New: The ACLs required for SASL binding are not fully documented

by openldap-its＠openldap.org

https://bugs.openldap.org/show_bug.cgi?id=9256 Bug ID: 9256 Summary: The ACLs required for SASL binding are not fully documented Product: OpenLDAP Version: 2.5 Hardware: All OS: All Status: UNCONFIRMED Severity: normal Priority: --- Component: documentation Assignee: bugs(a)openldap.org Reporter: kop(a)karlpinc.com Target Milestone: --- Created attachment 727 --> https://bugs.openldap.org/attachment.cgi?id=727&action=edit Patch massaging the SASL binding requirement docs While some ACL requirements for SASL binding are documented, some are not. E.g, that olcAuthzRegexp requires =x on objectClass when direct DN mapping is not documented. Other requirements can be reasoned out based on the existing documentation, but this can be very difficult when unfamiliar with all the moving parts and the places they are documented. E.g. knowing that (objectClass=*) is the default filter, and that there's _always_ _some_ filter, and connecting this with ACLs required to do search-based SASL mapping. The attached patch brings all the SASL binding requirements together in one place in the docs and makes everything explicit. The word "SASL" is included, for those searching for that keyword. I, Karl O. Pinc, hereby place the following modifications to OpenLDAP Software (and only these modifications) into the public domain. Hence, these modifications may be freely used and/or redistributed for any purpose with or without attribution and/or other notice. -- You are receiving this mail because: You are on the CC list for the bug.

1 week, 2 days

1
25
0 / 0

[Issue 9343] New: Expand ppolicy policy configuration to allow URL filter

by openldap-its＠openldap.org

https://bugs.openldap.org/show_bug.cgi?id=9343 Issue ID: 9343 Summary: Expand ppolicy policy configuration to allow URL filter Product: OpenLDAP Version: 2.5 Hardware: All OS: All Status: UNCONFIRMED Severity: normal Priority: --- Component: overlays Assignee: bugs(a)openldap.org Reporter: quanah(a)openldap.org Target Milestone: --- Currently, ppolicy only supports a single global default policy, and past that any policies must be manually added to a given user entry if they are supposed to have something other than the default policy. Also, some sites want no default policy, and only a specific subset to have a policy applied to them. For both of these cases, it would be helpful if it were possible to configure a policy to apply to a set of users via a URL similar to the way we handle creating groups of users in dynlist -- You are receiving this mail because: You are on the CC list for the issue.

3 weeks, 5 days

1
8
0 / 0

[Issue 9428] New: DoS due to infinite packet processing in slapd

by openldap-its＠openldap.org

https://bugs.openldap.org/show_bug.cgi?id=9428 Issue ID: 9428 Summary: DoS due to infinite packet processing in slapd Product: OpenLDAP Version: unspecified Hardware: All OS: All Status: UNCONFIRMED Severity: normal Priority: --- Component: slapd Assignee: bugs(a)openldap.org Reporter: phasip(a)gmail.com Target Milestone: --- Processing of a packet results in the command handling thread becomming stuck in an infinite loop. After sending 32 of theese slapd doesn't respond to any new queries and consumes 100% cpu Packet 00000000: 3036 0200 7730 300b 312e 332e 362e 312e 06..w00.1.3.6.1. 00000010: 312e 3881 1030 0130 0030 3030 3030 3030 1.8..0.0.0000000 00000020: 3030 3030 3030 0030 3030 3030 3030 3030 000000.000000000 00000030: 3030 3030 3030 3030 3030 3030 3030 3030 0000000000000000 00000040: 30 0 GDB backtrace (gdb) thread 3 [Switching to thread 3 (Thread 0x7fff8aad2700 (LWP 12))] #0 0x00007ffff7eb489b in sched_yield () at ../sysdeps/unix/syscall-template.S:78 78 ../sysdeps/unix/syscall-template.S: No such file or directory. (gdb) bt #0 0x00007ffff7eb489b in sched_yield () at ../sysdeps/unix/syscall-template.S:78 #1 0x0000555555671671 in ldap_pvt_thread_yield () at thr_posix.c:249 #2 0x00005555555d9255 in cancel_extop (op=0x7fff7c001160, rs=<optimized out>) at cancel.c:143 #3 0x00005555555b449a in fe_extended (op=0x7fff7c001160, rs=0x7fff8aad1a80) at extended.c:225 #4 0x00005555555b41c2 in do_extended (op=0x7fff7c001160, rs=0x7fff8aad1a80) at extended.c:175 #5 0x0000555555583d09 in connection_operation (ctx=ctx@entry=0x7fff8aad1ba0, arg_v=0x7fff7c001160) at connection.c:1163 #6 0x0000555555584370 in connection_read_thread (ctx=0x7fff8aad1ba0, argv=0xc) at connection.c:1314 #7 0x0000555555671080 in ldap_int_thread_pool_wrapper (xpool=0x555555799240) at tpool.c:1051 #8 0x00007ffff7faa609 in start_thread (arg=<optimized out>) at pthread_create.c:477 #9 0x00007ffff7ed1293 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95 Testing: docker run --privileged -it --net=host --entrypoint gdb phasip/openldap /openldap/servers/slapd/slapd -ex 'set args -h ldap://:1389/ -d 256' -ex 'run' for i in {1..32}; do echo -en '\x30\x36\x02\x00\x77\x30\x30\x0b\x31\x2e\x33\x2e\x36\x2e\x31\x2e\x31\x2e\x38\x81\x10\x30\x01\x30\x00\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x00\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30' | timeout 1 nc localhost 1389 & done -- You are receiving this mail because: You are on the CC list for the issue.

1 month

1
5
0 / 0

[Issue 9356] New: Add list of peerSIDs to consumer cookie to reduce cross traffic

by openldap-its＠openldap.org

https://bugs.openldap.org/show_bug.cgi?id=9356 Issue ID: 9356 Summary: Add list of peerSIDs to consumer cookie to reduce cross traffic Product: OpenLDAP Version: 2.5 Hardware: All OS: All Status: UNCONFIRMED Severity: normal Priority: --- Component: slapd Assignee: bugs(a)openldap.org Reporter: quanah(a)openldap.org Target Milestone: --- If we add a list of peersids to the cookie, each consumer can tell the providers who else the consumers talk to and then the provider can omit sending updates to that consumer, originating from those peers There's some special handling needed if a connection dies If a consumer loses one of its peer connections, and after N retries is still not connected, it should send a new cookie to its remaining peers saying "here's my new peer list" with the missing one removed. Likewise, if a retry eventually connects again, it can send a new cookie again Make that peer list reset configurable in the syncrepl config stanza. This can help account for end admin knowledge that some links may be more or less stable than other ones. The idea here is that if one of your other peers can still see the missing peer, they can start routing updates to you again It should abandon all existing persist sessions and send a new sync search with the new cookie to all remaining peers For consumer side, also means adding the sid for a given provider into the syncrepl stanza to save on having to try and discover the peer sid. -- You are receiving this mail because: You are on the CC list for the issue.

1 month

1
7
0 / 0

[Bug 9200] New: 2.4 to 2.5 upgrade documentation

by openldap-its＠openldap.org

https://bugs.openldap.org/show_bug.cgi?id=9200 Bug ID: 9200 Summary: 2.4 to 2.5 upgrade documentation Product: OpenLDAP Version: 2.5 Hardware: All OS: All Status: UNCONFIRMED Severity: blocker Priority: --- Component: documentation Assignee: bugs(a)openldap.org Reporter: quanah(a)openldap.org Target Milestone: --- For the 2.5 release, we need to document the upgrade procedures for moving from OpenLDAP 2.4 to OpenLDAP 2.5. -- You are receiving this mail because: You are on the CC list for the bug.

2 months

1
20
0 / 0

[Issue 9432] New: ldap_initialize leaks memory if compiled with cyrus sasl

by openldap-its＠openldap.org

https://bugs.openldap.org/show_bug.cgi?id=9432 Issue ID: 9432 Summary: ldap_initialize leaks memory if compiled with cyrus sasl Product: OpenLDAP Version: 2.4.56 Hardware: All OS: All Status: UNCONFIRMED Severity: normal Priority: --- Component: libraries Assignee: bugs(a)openldap.org Reporter: sternenseemann(a)systemli.org Target Milestone: --- Created attachment 782 --> https://bugs.openldap.org/attachment.cgi?id=782&action=edit Code for the first two examples, compiled with -lldap -lsasl2 I have a trivial program which just connects to a LDAP server optionally using TLS and does nothing further. If I use libldap compiled with SASL support, the executable leaks memory from ldap_initialize even though I call sasl_client_done() in the end: ------------------------------------------------- valgrind --show-leak-kinds=all --leak-check=full -s ./ldapsimilarity ldaps://db.debian.org ==20383== Memcheck, a memory error detector ==20383== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al. ==20383== Using Valgrind-3.16.1 and LibVEX; rerun with -h for copyright info ==20383== Command: ./ldapsimilarity ldaps://db.debian.org ==20383== Using db.debian.org:636 ==20383== ==20383== HEAP SUMMARY: ==20383== in use at exit: 212 bytes in 3 blocks ==20383== total heap usage: 766 allocs, 763 frees, 169,881 bytes allocated ==20383== ==20383== 20 bytes in 2 blocks are indirectly lost in loss record 1 of 2 ==20383== at 0x4838753: malloc (in /nix/store/l7qvi4rjqh0b64d9pdjj8vxkwh2ibynz-valgrind-3.16.1/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==20383== by 0x56255BE: ??? ==20383== by 0x5626FC3: ??? ==20383== by 0x56272AE: ??? ==20383== by 0x56280A2: ??? ==20383== by 0x56280B7: ??? ==20383== by 0x489D20E: sasl_client_add_plugin (client.c:194) ==20383== by 0x48A8F5C: _sasl_plugin_load (dlopen.c:239) ==20383== by 0x48A9151: _sasl_load_plugins (dlopen.c:533) ==20383== by 0x489DD43: sasl_client_init (client.c:316) ==20383== by 0x485C321: ldap_int_sasl_init (cyrus.c:117) ==20383== by 0x4870D8E: ldap_int_initialize (init.c:662) ==20383== ==20383== 212 (192 direct, 20 indirect) bytes in 1 blocks are definitely lost in loss record 2 of 2 ==20383== at 0x4838753: malloc (in /nix/store/l7qvi4rjqh0b64d9pdjj8vxkwh2ibynz-valgrind-3.16.1/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==20383== by 0x56271C9: ??? ==20383== by 0x56280A2: ??? ==20383== by 0x56280B7: ??? ==20383== by 0x489D20E: sasl_client_add_plugin (client.c:194) ==20383== by 0x48A8F5C: _sasl_plugin_load (dlopen.c:239) ==20383== by 0x48A9151: _sasl_load_plugins (dlopen.c:533) ==20383== by 0x489DD43: sasl_client_init (client.c:316) ==20383== by 0x485C321: ldap_int_sasl_init (cyrus.c:117) ==20383== by 0x4870D8E: ldap_int_initialize (init.c:662) ==20383== by 0x485620D: ldap_create (open.c:109) ==20383== by 0x4856491: ldap_initialize (open.c:241) ==20383== ==20383== LEAK SUMMARY: ==20383== definitely lost: 192 bytes in 1 blocks ==20383== indirectly lost: 20 bytes in 2 blocks ==20383== possibly lost: 0 bytes in 0 blocks ==20383== still reachable: 0 bytes in 0 blocks ==20383== suppressed: 0 bytes in 0 blocks ==20383== ==20383== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 0 from 0) ------------------------------------------------- If I compile openldap without cyrus sasl the valgrind log looks like this: ------------------------------------------------- valgrind --show-leak-kinds=all --leak-check=full -s ./ldapsimilarity ldaps://db.debian.org ==20305== Memcheck, a memory error detector ==20305== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al. ==20305== Using Valgrind-3.16.1 and LibVEX; rerun with -h for copyright info ==20305== Command: ./ldapsimilarity ldaps://db.debian.org ==20305== Using db.debian.org:636 ==20305== ==20305== HEAP SUMMARY: ==20305== in use at exit: 0 bytes in 0 blocks ==20305== total heap usage: 45 allocs, 45 frees, 13,788 bytes allocated ==20305== ==20305== All heap blocks were freed -- no leaks are possible ==20305== ==20305== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 0 from 0) ------------------------------------------------- Also note that if I don't call sasl_client_done() and link specifically againt cyrus sasl for that purpose, as I never call any sasl related functions, the executable leaks over 20K. It seems like an oversight to me that ldap_unbind_ext doesn't free anything SASL related. ------------------------------------------------- valgrind --show-leak-kinds=all --leak-check=full -s ./ldapsimilarity ldaps://db.debian.org ==20410== Memcheck, a memory error detector ==20410== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al. ==20410== Using Valgrind-3.16.1 and LibVEX; rerun with -h for copyright info ==20410== Command: ./ldapsimilarity ldaps://db.debian.org ==20410== Using db.debian.org:636 ==20410== ==20410== HEAP SUMMARY: ==20410== in use at exit: 26,473 bytes in 103 blocks ==20410== total heap usage: 753 allocs, 650 frees, 154,770 bytes allocated ==20410== ==20410== 6 bytes in 1 blocks are still reachable in loss record 1 of 29 ==20410== at 0x4838753: malloc (in /nix/store/l7qvi4rjqh0b64d9pdjj8vxkwh2ibynz-valgrind-3.16.1/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==20410== by 0x4E38FD6: generic_gss_add_oid_set_member (in /nix/store/yrh78gd3swn5a0z5lal4kra42a1ybl48-libkrb5-1.18/lib/libgssapi_krb5.so.2.2) ==20410== by 0x4E47DFE: gss_add_oid_set_member (in /nix/store/yrh78gd3swn5a0z5lal4kra42a1ybl48-libkrb5-1.18/lib/libgssapi_krb5.so.2.2) ==20410== by 0x4E4746C: gss_indicate_mechs_by_attrs (in /nix/store/yrh78gd3swn5a0z5lal4kra42a1ybl48-libkrb5-1.18/lib/libgssapi_krb5.so.2.2) ==20410== by 0x5627112: gs2_indicate_mechs (gs2.c:1365) ==20410== by 0x56271AC: gs2_common_plug_init (gs2.c:573) ==20410== by 0x56280A2: gs2_client_plug_init (gs2.c:961) ==20410== by 0x56280B7: sasl_client_plug_init (gs2_init.c:41) ==20410== by 0x489D20E: sasl_client_add_plugin (client.c:194) ==20410== by 0x48A8F5C: _sasl_plugin_load (dlopen.c:239) ==20410== by 0x48A9151: _sasl_load_plugins (dlopen.c:533) ==20410== by 0x489DD43: sasl_client_init (client.c:316) ==20410== ==20410== 9 bytes in 1 blocks are still reachable in loss record 2 of 29 ==20410== at 0x4838753: malloc (in /nix/store/l7qvi4rjqh0b64d9pdjj8vxkwh2ibynz-valgrind-3.16.1/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==20410== by 0x489FCBB: _sasl_strdup (common.c:179) ==20410== by 0x489D2F1: sasl_client_add_plugin (client.c:221) ==20410== by 0x489DCAF: sasl_client_init (client.c:311) ==20410== by 0x485C321: ldap_int_sasl_init (cyrus.c:117) ==20410== by 0x4870D8E: ldap_int_initialize (init.c:662) ==20410== by 0x485620D: ldap_create (open.c:109) ==20410== by 0x4856491: ldap_initialize (open.c:241) ==20410== by 0x4013C6: run (main.c:68) ==20410== by 0x48D6DBC: (below main) (in /nix/store/1yvpgm763b3hvg8q4fzpzmflr5674x4j-glibc-2.32-10/lib/libc-2.32.so) ==20410== ==20410== 9 bytes in 1 blocks are still reachable in loss record 3 of 29 ==20410== at 0x4838753: malloc (in /nix/store/l7qvi4rjqh0b64d9pdjj8vxkwh2ibynz-valgrind-3.16.1/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==20410== by 0x4E39037: generic_gss_add_oid_set_member (in /nix/store/yrh78gd3swn5a0z5lal4kra42a1ybl48-libkrb5-1.18/lib/libgssapi_krb5.so.2.2) ==20410== by 0x4E47DFE: gss_add_oid_set_member (in /nix/store/yrh78gd3swn5a0z5lal4kra42a1ybl48-libkrb5-1.18/lib/libgssapi_krb5.so.2.2) ==20410== by 0x4E4746C: gss_indicate_mechs_by_attrs (in /nix/store/yrh78gd3swn5a0z5lal4kra42a1ybl48-libkrb5-1.18/lib/libgssapi_krb5.so.2.2) ==20410== by 0x5627112: gs2_indicate_mechs (gs2.c:1365) ==20410== by 0x56271AC: gs2_common_plug_init (gs2.c:573) ==20410== by 0x56280A2: gs2_client_plug_init (gs2.c:961) ==20410== by 0x56280B7: sasl_client_plug_init (gs2_init.c:41) ==20410== by 0x489D20E: sasl_client_add_plugin (client.c:194) ==20410== by 0x48A8F5C: _sasl_plugin_load (dlopen.c:239) ==20410== by 0x48A9151: _sasl_load_plugins (dlopen.c:533) ==20410== by 0x489DD43: sasl_client_init (client.c:316) ==20410== ==20410== 12 bytes in 1 blocks are still reachable in loss record 4 of 29 ==20410== at 0x4838753: malloc (in /nix/store/l7qvi4rjqh0b64d9pdjj8vxkwh2ibynz-valgrind-3.16.1/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==20410== by 0x48A4504: sasl_randcreate (saslutil.c:384) ==20410== by 0x48A035E: _sasl_alloc_utils (common.c:2009) ==20410== by 0x489D3A7: init_mechlist (client.c:68) ==20410== by 0x489DC96: sasl_client_init (client.c:305) ==20410== by 0x485C321: ldap_int_sasl_init (cyrus.c:117) ==20410== by 0x4870D8E: ldap_int_initialize (init.c:662) ==20410== by 0x485620D: ldap_create (open.c:109) ==20410== by 0x4856491: ldap_initialize (open.c:241) ==20410== by 0x4013C6: run (main.c:68) ==20410== by 0x48D6DBC: (below main) (in /nix/store/1yvpgm763b3hvg8q4fzpzmflr5674x4j-glibc-2.32-10/lib/libc-2.32.so) ==20410== ==20410== 12 bytes in 1 blocks are still reachable in loss record 5 of 29 ==20410== at 0x4838753: malloc (in /nix/store/l7qvi4rjqh0b64d9pdjj8vxkwh2ibynz-valgrind-3.16.1/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==20410== by 0x48A4504: sasl_randcreate (saslutil.c:384) ==20410== by 0x48A035E: _sasl_alloc_utils (common.c:2009) ==20410== by 0x48A0642: _sasl_common_init (common.c:811) ==20410== by 0x489DCBB: sasl_client_init (client.c:313) ==20410== by 0x485C321: ldap_int_sasl_init (cyrus.c:117) ==20410== by 0x4870D8E: ldap_int_initialize (init.c:662) ==20410== by 0x485620D: ldap_create (open.c:109) ==20410== by 0x4856491: ldap_initialize (open.c:241) ==20410== by 0x4013C6: run (main.c:68) ==20410== by 0x48D6DBC: (below main) (in /nix/store/1yvpgm763b3hvg8q4fzpzmflr5674x4j-glibc-2.32-10/lib/libc-2.32.so) ==20410== ==20410== 16 bytes in 1 blocks are still reachable in loss record 6 of 29 ==20410== at 0x483A9A2: calloc (in /nix/store/l7qvi4rjqh0b64d9pdjj8vxkwh2ibynz-valgrind-3.16.1/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==20410== by 0x4E38EE5: generic_gss_create_empty_oid_set (in /nix/store/yrh78gd3swn5a0z5lal4kra42a1ybl48-libkrb5-1.18/lib/libgssapi_krb5.so.2.2) ==20410== by 0x4E4723C: gss_indicate_mechs_by_attrs (in /nix/store/yrh78gd3swn5a0z5lal4kra42a1ybl48-libkrb5-1.18/lib/libgssapi_krb5.so.2.2) ==20410== by 0x5627112: gs2_indicate_mechs (gs2.c:1365) ==20410== by 0x56271AC: gs2_common_plug_init (gs2.c:573) ==20410== by 0x56280A2: gs2_client_plug_init (gs2.c:961) ==20410== by 0x56280B7: sasl_client_plug_init (gs2_init.c:41) ==20410== by 0x489D20E: sasl_client_add_plugin (client.c:194) ==20410== by 0x48A8F5C: _sasl_plugin_load (dlopen.c:239) ==20410== by 0x48A9151: _sasl_load_plugins (dlopen.c:533) ==20410== by 0x489DD43: sasl_client_init (client.c:316) ==20410== by 0x485C321: ldap_int_sasl_init (cyrus.c:117) ==20410== ==20410== 20 bytes in 2 blocks are still reachable in loss record 7 of 29 ==20410== at 0x4838753: malloc (in /nix/store/l7qvi4rjqh0b64d9pdjj8vxkwh2ibynz-valgrind-3.16.1/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==20410== by 0x56255BE: gs2_duplicate_buffer (gs2.c:1408) ==20410== by 0x5626FC3: gs2_client_plug_alloc (gs2.c:925) ==20410== by 0x56272AE: gs2_common_plug_init (gs2.c:597) ==20410== by 0x56280A2: gs2_client_plug_init (gs2.c:961) ==20410== by 0x56280B7: sasl_client_plug_init (gs2_init.c:41) ==20410== by 0x489D20E: sasl_client_add_plugin (client.c:194) ==20410== by 0x48A8F5C: _sasl_plugin_load (dlopen.c:239) ==20410== by 0x48A9151: _sasl_load_plugins (dlopen.c:533) ==20410== by 0x489DD43: sasl_client_init (client.c:316) ==20410== by 0x485C321: ldap_int_sasl_init (cyrus.c:117) ==20410== by 0x4870D8E: ldap_int_initialize (init.c:662) ==20410== ==20410== 32 bytes in 1 blocks are still reachable in loss record 8 of 29 ==20410== at 0x4838753: malloc (in /nix/store/l7qvi4rjqh0b64d9pdjj8vxkwh2ibynz-valgrind-3.16.1/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==20410== by 0x489DC72: sasl_client_init (client.c:298) ==20410== by 0x485C321: ldap_int_sasl_init (cyrus.c:117) ==20410== by 0x4870D8E: ldap_int_initialize (init.c:662) ==20410== by 0x485620D: ldap_create (open.c:109) ==20410== by 0x4856491: ldap_initialize (open.c:241) ==20410== by 0x4013C6: run (main.c:68) ==20410== by 0x48D6DBC: (below main) (in /nix/store/1yvpgm763b3hvg8q4fzpzmflr5674x4j-glibc-2.32-10/lib/libc-2.32.so) ==20410== ==20410== 32 bytes in 1 blocks are still reachable in loss record 9 of 29 ==20410== at 0x4838753: malloc (in /nix/store/l7qvi4rjqh0b64d9pdjj8vxkwh2ibynz-valgrind-3.16.1/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==20410== by 0x489D2CB: sasl_client_add_plugin (client.c:217) ==20410== by 0x489DCAF: sasl_client_init (client.c:311) ==20410== by 0x485C321: ldap_int_sasl_init (cyrus.c:117) ==20410== by 0x4870D8E: ldap_int_initialize (init.c:662) ==20410== by 0x485620D: ldap_create (open.c:109) ==20410== by 0x4856491: ldap_initialize (open.c:241) ==20410== by 0x4013C6: run (main.c:68) ==20410== by 0x48D6DBC: (below main) (in /nix/store/1yvpgm763b3hvg8q4fzpzmflr5674x4j-glibc-2.32-10/lib/libc-2.32.so) ==20410== ==20410== 32 bytes in 1 blocks are still reachable in loss record 10 of 29 ==20410== at 0x4838753: malloc (in /nix/store/l7qvi4rjqh0b64d9pdjj8vxkwh2ibynz-valgrind-3.16.1/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==20410== by 0x4E38F88: generic_gss_add_oid_set_member (in /nix/store/yrh78gd3swn5a0z5lal4kra42a1ybl48-libkrb5-1.18/lib/libgssapi_krb5.so.2.2) ==20410== by 0x4E47DFE: gss_add_oid_set_member (in /nix/store/yrh78gd3swn5a0z5lal4kra42a1ybl48-libkrb5-1.18/lib/libgssapi_krb5.so.2.2) ==20410== by 0x4E4746C: gss_indicate_mechs_by_attrs (in /nix/store/yrh78gd3swn5a0z5lal4kra42a1ybl48-libkrb5-1.18/lib/libgssapi_krb5.so.2.2) ==20410== by 0x5627112: gs2_indicate_mechs (gs2.c:1365) ==20410== by 0x56271AC: gs2_common_plug_init (gs2.c:573) ==20410== by 0x56280A2: gs2_client_plug_init (gs2.c:961) ==20410== by 0x56280B7: sasl_client_plug_init (gs2_init.c:41) ==20410== by 0x489D20E: sasl_client_add_plugin (client.c:194) ==20410== by 0x48A8F5C: _sasl_plugin_load (dlopen.c:239) ==20410== by 0x48A9151: _sasl_load_plugins (dlopen.c:533) ==20410== by 0x489DD43: sasl_client_init (client.c:316) ==20410== ==20410== 40 bytes in 1 blocks are still reachable in loss record 11 of 29 ==20410== at 0x4838753: malloc (in /nix/store/l7qvi4rjqh0b64d9pdjj8vxkwh2ibynz-valgrind-3.16.1/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==20410== by 0x55E6725: digestmd5_client_plug_init (digestmd5.c:4641) ==20410== by 0x55E67F4: sasl_client_plug_init (digestmd5_init.c:41) ==20410== by 0x489D20E: sasl_client_add_plugin (client.c:194) ==20410== by 0x48A8F5C: _sasl_plugin_load (dlopen.c:239) ==20410== by 0x48A9151: _sasl_load_plugins (dlopen.c:533) ==20410== by 0x489DD43: sasl_client_init (client.c:316) ==20410== by 0x485C321: ldap_int_sasl_init (cyrus.c:117) ==20410== by 0x4870D8E: ldap_int_initialize (init.c:662) ==20410== by 0x485620D: ldap_create (open.c:109) ==20410== by 0x4856491: ldap_initialize (open.c:241) ==20410== by 0x4013C6: run (main.c:68) ==20410== ==20410== 56 bytes in 2 blocks are still reachable in loss record 12 of 29 ==20410== at 0x4838753: malloc (in /nix/store/l7qvi4rjqh0b64d9pdjj8vxkwh2ibynz-valgrind-3.16.1/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==20410== by 0x4007613: decompose_rpath.isra.10 (in /nix/store/1yvpgm763b3hvg8q4fzpzmflr5674x4j-glibc-2.32-10/lib/ld-2.32.so) ==20410== by 0x400974B: _dl_map_object (in /nix/store/1yvpgm763b3hvg8q4fzpzmflr5674x4j-glibc-2.32-10/lib/ld-2.32.so) ==20410== by 0x400D941: openaux (in /nix/store/1yvpgm763b3hvg8q4fzpzmflr5674x4j-glibc-2.32-10/lib/ld-2.32.so) ==20410== by 0x49E1134: _dl_catch_exception (in /nix/store/1yvpgm763b3hvg8q4fzpzmflr5674x4j-glibc-2.32-10/lib/libc-2.32.so) ==20410== by 0x400DCD3: _dl_map_object_deps (in /nix/store/1yvpgm763b3hvg8q4fzpzmflr5674x4j-glibc-2.32-10/lib/ld-2.32.so) ==20410== by 0x4013ADD: dl_open_worker (in /nix/store/1yvpgm763b3hvg8q4fzpzmflr5674x4j-glibc-2.32-10/lib/ld-2.32.so) ==20410== by 0x49E1134: _dl_catch_exception (in /nix/store/1yvpgm763b3hvg8q4fzpzmflr5674x4j-glibc-2.32-10/lib/libc-2.32.so) ==20410== by 0x40135DC: _dl_open (in /nix/store/1yvpgm763b3hvg8q4fzpzmflr5674x4j-glibc-2.32-10/lib/ld-2.32.so) ==20410== by 0x4E24245: dlopen_doit (in /nix/store/1yvpgm763b3hvg8q4fzpzmflr5674x4j-glibc-2.32-10/lib/libdl-2.32.so) ==20410== by 0x49E1134: _dl_catch_exception (in /nix/store/1yvpgm763b3hvg8q4fzpzmflr5674x4j-glibc-2.32-10/lib/libc-2.32.so) ==20410== by 0x49E11CE: _dl_catch_error (in /nix/store/1yvpgm763b3hvg8q4fzpzmflr5674x4j-glibc-2.32-10/lib/libc-2.32.so) ==20410== ==20410== 72 bytes in 1 blocks are still reachable in loss record 13 of 29 ==20410== at 0x4838753: malloc (in /nix/store/l7qvi4rjqh0b64d9pdjj8vxkwh2ibynz-valgrind-3.16.1/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==20410== by 0x489FCBB: _sasl_strdup (common.c:179) ==20410== by 0x489FD84: _sasl_getpath (common.c:1598) ==20410== by 0x48A90F1: _sasl_load_plugins (dlopen.c:469) ==20410== by 0x489DD43: sasl_client_init (client.c:316) ==20410== by 0x485C321: ldap_int_sasl_init (cyrus.c:117) ==20410== by 0x4870D8E: ldap_int_initialize (init.c:662) ==20410== by 0x485620D: ldap_create (open.c:109) ==20410== by 0x4856491: ldap_initialize (open.c:241) ==20410== by 0x4013C6: run (main.c:68) ==20410== by 0x48D6DBC: (below main) (in /nix/store/1yvpgm763b3hvg8q4fzpzmflr5674x4j-glibc-2.32-10/lib/libc-2.32.so) ==20410== ==20410== 82 bytes in 12 blocks are still reachable in loss record 14 of 29 ==20410== at 0x4838753: malloc (in /nix/store/l7qvi4rjqh0b64d9pdjj8vxkwh2ibynz-valgrind-3.16.1/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==20410== by 0x489FCBB: _sasl_strdup (common.c:179) ==20410== by 0x489D2F1: sasl_client_add_plugin (client.c:221) ==20410== by 0x48A8F5C: _sasl_plugin_load (dlopen.c:239) ==20410== by 0x48A9151: _sasl_load_plugins (dlopen.c:533) ==20410== by 0x489DD43: sasl_client_init (client.c:316) ==20410== by 0x485C321: ldap_int_sasl_init (cyrus.c:117) ==20410== by 0x4870D8E: ldap_int_initialize (init.c:662) ==20410== by 0x485620D: ldap_create (open.c:109) ==20410== by 0x4856491: ldap_initialize (open.c:241) ==20410== by 0x4013C6: run (main.c:68) ==20410== by 0x48D6DBC: (below main) (in /nix/store/1yvpgm763b3hvg8q4fzpzmflr5674x4j-glibc-2.32-10/lib/libc-2.32.so) ==20410== ==20410== 112 bytes in 1 blocks are still reachable in loss record 15 of 29 ==20410== at 0x4838753: malloc (in /nix/store/l7qvi4rjqh0b64d9pdjj8vxkwh2ibynz-valgrind-3.16.1/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==20410== by 0x48A2438: _sasl_build_mechlist (common.c:2374) ==20410== by 0x489DCF0: sasl_client_init (client.c:324) ==20410== by 0x485C321: ldap_int_sasl_init (cyrus.c:117) ==20410== by 0x4870D8E: ldap_int_initialize (init.c:662) ==20410== by 0x485620D: ldap_create (open.c:109) ==20410== by 0x4856491: ldap_initialize (open.c:241) ==20410== by 0x4013C6: run (main.c:68) ==20410== by 0x48D6DBC: (below main) (in /nix/store/1yvpgm763b3hvg8q4fzpzmflr5674x4j-glibc-2.32-10/lib/libc-2.32.so) ==20410== ==20410== 147 bytes in 2 blocks are still reachable in loss record 16 of 29 ==20410== at 0x4838753: malloc (in /nix/store/l7qvi4rjqh0b64d9pdjj8vxkwh2ibynz-valgrind-3.16.1/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==20410== by 0x4006A32: open_path (in /nix/store/1yvpgm763b3hvg8q4fzpzmflr5674x4j-glibc-2.32-10/lib/ld-2.32.so) ==20410== by 0x400927B: _dl_map_object (in /nix/store/1yvpgm763b3hvg8q4fzpzmflr5674x4j-glibc-2.32-10/lib/ld-2.32.so) ==20410== by 0x400D941: openaux (in /nix/store/1yvpgm763b3hvg8q4fzpzmflr5674x4j-glibc-2.32-10/lib/ld-2.32.so) ==20410== by 0x49E1134: _dl_catch_exception (in /nix/store/1yvpgm763b3hvg8q4fzpzmflr5674x4j-glibc-2.32-10/lib/libc-2.32.so) ==20410== by 0x400DCD3: _dl_map_object_deps (in /nix/store/1yvpgm763b3hvg8q4fzpzmflr5674x4j-glibc-2.32-10/lib/ld-2.32.so) ==20410== by 0x4013ADD: dl_open_worker (in /nix/store/1yvpgm763b3hvg8q4fzpzmflr5674x4j-glibc-2.32-10/lib/ld-2.32.so) ==20410== by 0x49E1134: _dl_catch_exception (in /nix/store/1yvpgm763b3hvg8q4fzpzmflr5674x4j-glibc-2.32-10/lib/libc-2.32.so) ==20410== by 0x40135DC: _dl_open (in /nix/store/1yvpgm763b3hvg8q4fzpzmflr5674x4j-glibc-2.32-10/lib/ld-2.32.so) ==20410== by 0x4E24245: dlopen_doit (in /nix/store/1yvpgm763b3hvg8q4fzpzmflr5674x4j-glibc-2.32-10/lib/libdl-2.32.so) ==20410== by 0x49E1134: _dl_catch_exception (in /nix/store/1yvpgm763b3hvg8q4fzpzmflr5674x4j-glibc-2.32-10/lib/libc-2.32.so) ==20410== by 0x49E11CE: _dl_catch_error (in /nix/store/1yvpgm763b3hvg8q4fzpzmflr5674x4j-glibc-2.32-10/lib/libc-2.32.so) ==20410== ==20410== 147 bytes in 2 blocks are still reachable in loss record 17 of 29 ==20410== at 0x4838753: malloc (in /nix/store/l7qvi4rjqh0b64d9pdjj8vxkwh2ibynz-valgrind-3.16.1/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==20410== by 0x400BB28: _dl_new_object (in /nix/store/1yvpgm763b3hvg8q4fzpzmflr5674x4j-glibc-2.32-10/lib/ld-2.32.so) ==20410== by 0x4007BF5: _dl_map_object_from_fd (in /nix/store/1yvpgm763b3hvg8q4fzpzmflr5674x4j-glibc-2.32-10/lib/ld-2.32.so) ==20410== by 0x4009096: _dl_map_object (in /nix/store/1yvpgm763b3hvg8q4fzpzmflr5674x4j-glibc-2.32-10/lib/ld-2.32.so) ==20410== by 0x400D941: openaux (in /nix/store/1yvpgm763b3hvg8q4fzpzmflr5674x4j-glibc-2.32-10/lib/ld-2.32.so) ==20410== by 0x49E1134: _dl_catch_exception (in /nix/store/1yvpgm763b3hvg8q4fzpzmflr5674x4j-glibc-2.32-10/lib/libc-2.32.so) ==20410== by 0x400DCD3: _dl_map_object_deps (in /nix/store/1yvpgm763b3hvg8q4fzpzmflr5674x4j-glibc-2.32-10/lib/ld-2.32.so) ==20410== by 0x4013ADD: dl_open_worker (in /nix/store/1yvpgm763b3hvg8q4fzpzmflr5674x4j-glibc-2.32-10/lib/ld-2.32.so) ==20410== by 0x49E1134: _dl_catch_exception (in /nix/store/1yvpgm763b3hvg8q4fzpzmflr5674x4j-glibc-2.32-10/lib/libc-2.32.so) ==20410== by 0x40135DC: _dl_open (in /nix/store/1yvpgm763b3hvg8q4fzpzmflr5674x4j-glibc-2.32-10/lib/ld-2.32.so) ==20410== by 0x4E24245: dlopen_doit (in /nix/store/1yvpgm763b3hvg8q4fzpzmflr5674x4j-glibc-2.32-10/lib/libdl-2.32.so) ==20410== by 0x49E1134: _dl_catch_exception (in /nix/store/1yvpgm763b3hvg8q4fzpzmflr5674x4j-glibc-2.32-10/lib/libc-2.32.so) ==20410== ==20410== 160 bytes in 10 blocks are still reachable in loss record 18 of 29 ==20410== at 0x4838753: malloc (in /nix/store/l7qvi4rjqh0b64d9pdjj8vxkwh2ibynz-valgrind-3.16.1/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==20410== by 0x48A8FDD: _sasl_get_plugin (dlopen.c:379) ==20410== by 0x48A930D: _sasl_load_plugins (dlopen.c:527) ==20410== by 0x489DD43: sasl_client_init (client.c:316) ==20410== by 0x485C321: ldap_int_sasl_init (cyrus.c:117) ==20410== by 0x4870D8E: ldap_int_initialize (init.c:662) ==20410== by 0x485620D: ldap_create (open.c:109) ==20410== by 0x4856491: ldap_initialize (open.c:241) ==20410== by 0x4013C6: run (main.c:68) ==20410== by 0x48D6DBC: (below main) (in /nix/store/1yvpgm763b3hvg8q4fzpzmflr5674x4j-glibc-2.32-10/lib/libc-2.32.so) ==20410== ==20410== 192 bytes in 1 blocks are still reachable in loss record 19 of 29 ==20410== at 0x4838753: malloc (in /nix/store/l7qvi4rjqh0b64d9pdjj8vxkwh2ibynz-valgrind-3.16.1/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==20410== by 0x56271C9: gs2_common_plug_init (gs2.c:577) ==20410== by 0x56280A2: gs2_client_plug_init (gs2.c:961) ==20410== by 0x56280B7: sasl_client_plug_init (gs2_init.c:41) ==20410== by 0x489D20E: sasl_client_add_plugin (client.c:194) ==20410== by 0x48A8F5C: _sasl_plugin_load (dlopen.c:239) ==20410== by 0x48A9151: _sasl_load_plugins (dlopen.c:533) ==20410== by 0x489DD43: sasl_client_init (client.c:316) ==20410== by 0x485C321: ldap_int_sasl_init (cyrus.c:117) ==20410== by 0x4870D8E: ldap_int_initialize (init.c:662) ==20410== by 0x485620D: ldap_create (open.c:109) ==20410== by 0x4856491: ldap_initialize (open.c:241) ==20410== ==20410== 384 bytes in 12 blocks are still reachable in loss record 20 of 29 ==20410== at 0x4838753: malloc (in /nix/store/l7qvi4rjqh0b64d9pdjj8vxkwh2ibynz-valgrind-3.16.1/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==20410== by 0x489D2CB: sasl_client_add_plugin (client.c:217) ==20410== by 0x48A8F5C: _sasl_plugin_load (dlopen.c:239) ==20410== by 0x48A9151: _sasl_load_plugins (dlopen.c:533) ==20410== by 0x489DD43: sasl_client_init (client.c:316) ==20410== by 0x485C321: ldap_int_sasl_init (cyrus.c:117) ==20410== by 0x4870D8E: ldap_int_initialize (init.c:662) ==20410== by 0x485620D: ldap_create (open.c:109) ==20410== by 0x4856491: ldap_initialize (open.c:241) ==20410== by 0x4013C6: run (main.c:68) ==20410== by 0x48D6DBC: (below main) (in /nix/store/1yvpgm763b3hvg8q4fzpzmflr5674x4j-glibc-2.32-10/lib/libc-2.32.so) ==20410== ==20410== 392 bytes in 1 blocks are still reachable in loss record 21 of 29 ==20410== at 0x4838753: malloc (in /nix/store/l7qvi4rjqh0b64d9pdjj8vxkwh2ibynz-valgrind-3.16.1/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==20410== by 0x48A0345: _sasl_alloc_utils (common.c:2003) ==20410== by 0x489D3A7: init_mechlist (client.c:68) ==20410== by 0x489DC96: sasl_client_init (client.c:305) ==20410== by 0x485C321: ldap_int_sasl_init (cyrus.c:117) ==20410== by 0x4870D8E: ldap_int_initialize (init.c:662) ==20410== by 0x485620D: ldap_create (open.c:109) ==20410== by 0x4856491: ldap_initialize (open.c:241) ==20410== by 0x4013C6: run (main.c:68) ==20410== by 0x48D6DBC: (below main) (in /nix/store/1yvpgm763b3hvg8q4fzpzmflr5674x4j-glibc-2.32-10/lib/libc-2.32.so) ==20410== ==20410== 392 bytes in 1 blocks are still reachable in loss record 22 of 29 ==20410== at 0x4838753: malloc (in /nix/store/l7qvi4rjqh0b64d9pdjj8vxkwh2ibynz-valgrind-3.16.1/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==20410== by 0x48A0345: _sasl_alloc_utils (common.c:2003) ==20410== by 0x48A0642: _sasl_common_init (common.c:811) ==20410== by 0x489DCBB: sasl_client_init (client.c:313) ==20410== by 0x485C321: ldap_int_sasl_init (cyrus.c:117) ==20410== by 0x4870D8E: ldap_int_initialize (init.c:662) ==20410== by 0x485620D: ldap_create (open.c:109) ==20410== by 0x4856491: ldap_initialize (open.c:241) ==20410== by 0x4013C6: run (main.c:68) ==20410== by 0x48D6DBC: (below main) (in /nix/store/1yvpgm763b3hvg8q4fzpzmflr5674x4j-glibc-2.32-10/lib/libc-2.32.so) ==20410== ==20410== 870 bytes in 10 blocks are still reachable in loss record 23 of 29 ==20410== at 0x4838753: malloc (in /nix/store/l7qvi4rjqh0b64d9pdjj8vxkwh2ibynz-valgrind-3.16.1/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==20410== by 0x401C3CA: strdup (in /nix/store/1yvpgm763b3hvg8q4fzpzmflr5674x4j-glibc-2.32-10/lib/ld-2.32.so) ==20410== by 0x4009019: _dl_map_object (in /nix/store/1yvpgm763b3hvg8q4fzpzmflr5674x4j-glibc-2.32-10/lib/ld-2.32.so) ==20410== by 0x4013A75: dl_open_worker (in /nix/store/1yvpgm763b3hvg8q4fzpzmflr5674x4j-glibc-2.32-10/lib/ld-2.32.so) ==20410== by 0x49E1134: _dl_catch_exception (in /nix/store/1yvpgm763b3hvg8q4fzpzmflr5674x4j-glibc-2.32-10/lib/libc-2.32.so) ==20410== by 0x40135DC: _dl_open (in /nix/store/1yvpgm763b3hvg8q4fzpzmflr5674x4j-glibc-2.32-10/lib/ld-2.32.so) ==20410== by 0x4E24245: dlopen_doit (in /nix/store/1yvpgm763b3hvg8q4fzpzmflr5674x4j-glibc-2.32-10/lib/libdl-2.32.so) ==20410== by 0x49E1134: _dl_catch_exception (in /nix/store/1yvpgm763b3hvg8q4fzpzmflr5674x4j-glibc-2.32-10/lib/libc-2.32.so) ==20410== by 0x49E11CE: _dl_catch_error (in /nix/store/1yvpgm763b3hvg8q4fzpzmflr5674x4j-glibc-2.32-10/lib/libc-2.32.so) ==20410== by 0x4E248F4: _dlerror_run (in /nix/store/1yvpgm763b3hvg8q4fzpzmflr5674x4j-glibc-2.32-10/lib/libdl-2.32.so) ==20410== by 0x4E242C5: dlopen@@GLIBC_2.2.5 (in /nix/store/1yvpgm763b3hvg8q4fzpzmflr5674x4j-glibc-2.32-10/lib/libdl-2.32.so) ==20410== by 0x48A8FF2: _sasl_get_plugin (dlopen.c:382) ==20410== ==20410== 870 bytes in 10 blocks are still reachable in loss record 24 of 29 ==20410== at 0x4838753: malloc (in /nix/store/l7qvi4rjqh0b64d9pdjj8vxkwh2ibynz-valgrind-3.16.1/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==20410== by 0x400BB28: _dl_new_object (in /nix/store/1yvpgm763b3hvg8q4fzpzmflr5674x4j-glibc-2.32-10/lib/ld-2.32.so) ==20410== by 0x4007BF5: _dl_map_object_from_fd (in /nix/store/1yvpgm763b3hvg8q4fzpzmflr5674x4j-glibc-2.32-10/lib/ld-2.32.so) ==20410== by 0x4009096: _dl_map_object (in /nix/store/1yvpgm763b3hvg8q4fzpzmflr5674x4j-glibc-2.32-10/lib/ld-2.32.so) ==20410== by 0x4013A75: dl_open_worker (in /nix/store/1yvpgm763b3hvg8q4fzpzmflr5674x4j-glibc-2.32-10/lib/ld-2.32.so) ==20410== by 0x49E1134: _dl_catch_exception (in /nix/store/1yvpgm763b3hvg8q4fzpzmflr5674x4j-glibc-2.32-10/lib/libc-2.32.so) ==20410== by 0x40135DC: _dl_open (in /nix/store/1yvpgm763b3hvg8q4fzpzmflr5674x4j-glibc-2.32-10/lib/ld-2.32.so) ==20410== by 0x4E24245: dlopen_doit (in /nix/store/1yvpgm763b3hvg8q4fzpzmflr5674x4j-glibc-2.32-10/lib/libdl-2.32.so) ==20410== by 0x49E1134: _dl_catch_exception (in /nix/store/1yvpgm763b3hvg8q4fzpzmflr5674x4j-glibc-2.32-10/lib/libc-2.32.so) ==20410== by 0x49E11CE: _dl_catch_error (in /nix/store/1yvpgm763b3hvg8q4fzpzmflr5674x4j-glibc-2.32-10/lib/libc-2.32.so) ==20410== by 0x4E248F4: _dlerror_run (in /nix/store/1yvpgm763b3hvg8q4fzpzmflr5674x4j-glibc-2.32-10/lib/libdl-2.32.so) ==20410== by 0x4E242C5: dlopen@@GLIBC_2.2.5 (in /nix/store/1yvpgm763b3hvg8q4fzpzmflr5674x4j-glibc-2.32-10/lib/libdl-2.32.so) ==20410== ==20410== 880 bytes in 1 blocks are still reachable in loss record 25 of 29 ==20410== at 0x4838753: malloc (in /nix/store/l7qvi4rjqh0b64d9pdjj8vxkwh2ibynz-valgrind-3.16.1/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==20410== by 0x55E6779: digestmd5_client_plug_init (digestmd5.c:4654) ==20410== by 0x55E67F4: sasl_client_plug_init (digestmd5_init.c:41) ==20410== by 0x489D20E: sasl_client_add_plugin (client.c:194) ==20410== by 0x48A8F5C: _sasl_plugin_load (dlopen.c:239) ==20410== by 0x48A9151: _sasl_load_plugins (dlopen.c:533) ==20410== by 0x489DD43: sasl_client_init (client.c:316) ==20410== by 0x485C321: ldap_int_sasl_init (cyrus.c:117) ==20410== by 0x4870D8E: ldap_int_initialize (init.c:662) ==20410== by 0x485620D: ldap_create (open.c:109) ==20410== by 0x4856491: ldap_initialize (open.c:241) ==20410== by 0x4013C6: run (main.c:68) ==20410== ==20410== 2,280 bytes in 12 blocks are still reachable in loss record 26 of 29 ==20410== at 0x483A9A2: calloc (in /nix/store/l7qvi4rjqh0b64d9pdjj8vxkwh2ibynz-valgrind-3.16.1/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==20410== by 0x40112AC: _dl_check_map_versions (in /nix/store/1yvpgm763b3hvg8q4fzpzmflr5674x4j-glibc-2.32-10/lib/ld-2.32.so) ==20410== by 0x4013B25: dl_open_worker (in /nix/store/1yvpgm763b3hvg8q4fzpzmflr5674x4j-glibc-2.32-10/lib/ld-2.32.so) ==20410== by 0x49E1134: _dl_catch_exception (in /nix/store/1yvpgm763b3hvg8q4fzpzmflr5674x4j-glibc-2.32-10/lib/libc-2.32.so) ==20410== by 0x40135DC: _dl_open (in /nix/store/1yvpgm763b3hvg8q4fzpzmflr5674x4j-glibc-2.32-10/lib/ld-2.32.so) ==20410== by 0x4E24245: dlopen_doit (in /nix/store/1yvpgm763b3hvg8q4fzpzmflr5674x4j-glibc-2.32-10/lib/libdl-2.32.so) ==20410== by 0x49E1134: _dl_catch_exception (in /nix/store/1yvpgm763b3hvg8q4fzpzmflr5674x4j-glibc-2.32-10/lib/libc-2.32.so) ==20410== by 0x49E11CE: _dl_catch_error (in /nix/store/1yvpgm763b3hvg8q4fzpzmflr5674x4j-glibc-2.32-10/lib/libc-2.32.so) ==20410== by 0x4E248F4: _dlerror_run (in /nix/store/1yvpgm763b3hvg8q4fzpzmflr5674x4j-glibc-2.32-10/lib/libdl-2.32.so) ==20410== by 0x4E242C5: dlopen@@GLIBC_2.2.5 (in /nix/store/1yvpgm763b3hvg8q4fzpzmflr5674x4j-glibc-2.32-10/lib/libdl-2.32.so) ==20410== by 0x48A8FF2: _sasl_get_plugin (dlopen.c:382) ==20410== by 0x48A930D: _sasl_load_plugins (dlopen.c:527) ==20410== ==20410== 2,395 bytes in 2 blocks are still reachable in loss record 27 of 29 ==20410== at 0x483A9A2: calloc (in /nix/store/l7qvi4rjqh0b64d9pdjj8vxkwh2ibynz-valgrind-3.16.1/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==20410== by 0x400B922: _dl_new_object (in /nix/store/1yvpgm763b3hvg8q4fzpzmflr5674x4j-glibc-2.32-10/lib/ld-2.32.so) ==20410== by 0x4007BF5: _dl_map_object_from_fd (in /nix/store/1yvpgm763b3hvg8q4fzpzmflr5674x4j-glibc-2.32-10/lib/ld-2.32.so) ==20410== by 0x4009096: _dl_map_object (in /nix/store/1yvpgm763b3hvg8q4fzpzmflr5674x4j-glibc-2.32-10/lib/ld-2.32.so) ==20410== by 0x400D941: openaux (in /nix/store/1yvpgm763b3hvg8q4fzpzmflr5674x4j-glibc-2.32-10/lib/ld-2.32.so) ==20410== by 0x49E1134: _dl_catch_exception (in /nix/store/1yvpgm763b3hvg8q4fzpzmflr5674x4j-glibc-2.32-10/lib/libc-2.32.so) ==20410== by 0x400DCD3: _dl_map_object_deps (in /nix/store/1yvpgm763b3hvg8q4fzpzmflr5674x4j-glibc-2.32-10/lib/ld-2.32.so) ==20410== by 0x4013ADD: dl_open_worker (in /nix/store/1yvpgm763b3hvg8q4fzpzmflr5674x4j-glibc-2.32-10/lib/ld-2.32.so) ==20410== by 0x49E1134: _dl_catch_exception (in /nix/store/1yvpgm763b3hvg8q4fzpzmflr5674x4j-glibc-2.32-10/lib/libc-2.32.so) ==20410== by 0x40135DC: _dl_open (in /nix/store/1yvpgm763b3hvg8q4fzpzmflr5674x4j-glibc-2.32-10/lib/ld-2.32.so) ==20410== by 0x4E24245: dlopen_doit (in /nix/store/1yvpgm763b3hvg8q4fzpzmflr5674x4j-glibc-2.32-10/lib/libdl-2.32.so) ==20410== by 0x49E1134: _dl_catch_exception (in /nix/store/1yvpgm763b3hvg8q4fzpzmflr5674x4j-glibc-2.32-10/lib/libc-2.32.so) ==20410== ==20410== 4,112 bytes in 1 blocks are still reachable in loss record 28 of 29 ==20410== at 0x4838753: malloc (in /nix/store/l7qvi4rjqh0b64d9pdjj8vxkwh2ibynz-valgrind-3.16.1/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==20410== by 0x489B76E: sasl_canonuser_add_plugin (canonusr.c:335) ==20410== by 0x48A060E: _sasl_common_init (common.c:816) ==20410== by 0x489DCBB: sasl_client_init (client.c:313) ==20410== by 0x485C321: ldap_int_sasl_init (cyrus.c:117) ==20410== by 0x4870D8E: ldap_int_initialize (init.c:662) ==20410== by 0x485620D: ldap_create (open.c:109) ==20410== by 0x4856491: ldap_initialize (open.c:241) ==20410== by 0x4013C6: run (main.c:68) ==20410== by 0x48D6DBC: (below main) (in /nix/store/1yvpgm763b3hvg8q4fzpzmflr5674x4j-glibc-2.32-10/lib/libc-2.32.so) ==20410== ==20410== 12,710 bytes in 10 blocks are still reachable in loss record 29 of 29 ==20410== at 0x483A9A2: calloc (in /nix/store/l7qvi4rjqh0b64d9pdjj8vxkwh2ibynz-valgrind-3.16.1/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==20410== by 0x400B922: _dl_new_object (in /nix/store/1yvpgm763b3hvg8q4fzpzmflr5674x4j-glibc-2.32-10/lib/ld-2.32.so) ==20410== by 0x4007BF5: _dl_map_object_from_fd (in /nix/store/1yvpgm763b3hvg8q4fzpzmflr5674x4j-glibc-2.32-10/lib/ld-2.32.so) ==20410== by 0x4009096: _dl_map_object (in /nix/store/1yvpgm763b3hvg8q4fzpzmflr5674x4j-glibc-2.32-10/lib/ld-2.32.so) ==20410== by 0x4013A75: dl_open_worker (in /nix/store/1yvpgm763b3hvg8q4fzpzmflr5674x4j-glibc-2.32-10/lib/ld-2.32.so) ==20410== by 0x49E1134: _dl_catch_exception (in /nix/store/1yvpgm763b3hvg8q4fzpzmflr5674x4j-glibc-2.32-10/lib/libc-2.32.so) ==20410== by 0x40135DC: _dl_open (in /nix/store/1yvpgm763b3hvg8q4fzpzmflr5674x4j-glibc-2.32-10/lib/ld-2.32.so) ==20410== by 0x4E24245: dlopen_doit (in /nix/store/1yvpgm763b3hvg8q4fzpzmflr5674x4j-glibc-2.32-10/lib/libdl-2.32.so) ==20410== by 0x49E1134: _dl_catch_exception (in /nix/store/1yvpgm763b3hvg8q4fzpzmflr5674x4j-glibc-2.32-10/lib/libc-2.32.so) ==20410== by 0x49E11CE: _dl_catch_error (in /nix/store/1yvpgm763b3hvg8q4fzpzmflr5674x4j-glibc-2.32-10/lib/libc-2.32.so) ==20410== by 0x4E248F4: _dlerror_run (in /nix/store/1yvpgm763b3hvg8q4fzpzmflr5674x4j-glibc-2.32-10/lib/libdl-2.32.so) ==20410== by 0x4E242C5: dlopen@@GLIBC_2.2.5 (in /nix/store/1yvpgm763b3hvg8q4fzpzmflr5674x4j-glibc-2.32-10/lib/libdl-2.32.so) ==20410== ==20410== LEAK SUMMARY: ==20410== definitely lost: 0 bytes in 0 blocks ==20410== indirectly lost: 0 bytes in 0 blocks ==20410== possibly lost: 0 bytes in 0 blocks ==20410== still reachable: 26,473 bytes in 103 blocks ==20410== suppressed: 0 bytes in 0 blocks ==20410== ==20410== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 0 from 0) ------------------------------------------------- I'm using the NixOS package for openldap 2.4.56 for which you can find the build process here: https://github.com/NixOS/nixpkgs/blob/master/pkgs/development/libraries/o.... The code for my executable is attached. -- You are receiving this mail because: You are on the CC list for the issue.

2 months, 2 weeks

1
4
0 / 0

[Bug 9220] New: Rewrite Bind and Exop result handling

by openldap-its＠openldap.org

https://bugs.openldap.org/show_bug.cgi?id=9220 Bug ID: 9220 Summary: Rewrite Bind and Exop result handling Product: OpenLDAP Version: 2.5 Hardware: All OS: All Status: UNCONFIRMED Severity: normal Priority: --- Component: slapd Assignee: bugs(a)openldap.org Reporter: quanah(a)openldap.org Target Milestone: --- Bind and Exop result handling needs a rewrite so it is no longer a special case for overlays. -- You are receiving this mail because: You are on the CC list for the bug.

2 months, 3 weeks

1
6
0 / 0

[Bug 9204] New: slapo-constraint allows anyone to apply Relax control

by openldap-its＠openldap.org

https://bugs.openldap.org/show_bug.cgi?id=9204 Bug ID: 9204 Summary: slapo-constraint allows anyone to apply Relax control Product: OpenLDAP Version: 2.4.49 Hardware: All OS: All Status: UNCONFIRMED Severity: normal Priority: --- Component: overlays Assignee: bugs(a)openldap.org Reporter: ryan(a)openldap.org Target Milestone: --- slapo-constraint doesn't limit who can use the Relax control, beyond the global limits applied by slapd. In practice, for many modifications this means any configured constraints are advisory only. In my opinion this should be considered a bug, in design if not implementation. I expect many admins would not read the man page closely enough to realize the behaviour does technically adhere to the letter of what's written there. Either slapd should require manage privileges for the Relax control globally, or slapo-constraint should perform a check for manage privilege itself, like slapo-unique does. Quoting ando in https://bugs.openldap.org/show_bug.cgi?id=5705#c4: > Well, a user with "manage" privileges on related data could bypass > constraints enforced by slapo-constraint(5) by using the "relax" > control. The rationale is that a user with manage privileges could be > able to repair an entry that needs to violate a constraint for good > reasons. Note that the user: > > - must have enough privileges to do it (manage) > > - must inform the DSA that intends to violate the constraint (by using > the control) but such privileges are currently not being required. -- You are receiving this mail because: You are on the CC list for the bug.

3 months

1
10
0 / 0

[Bug 9211] New: Relax control is not consistently access-restricted

by openldap-its＠openldap.org

https://bugs.openldap.org/show_bug.cgi?id=9211 Bug ID: 9211 Summary: Relax control is not consistently access-restricted Product: OpenLDAP Version: 2.4.49 Hardware: All OS: All Status: UNCONFIRMED Severity: normal Priority: --- Component: slapd Assignee: bugs(a)openldap.org Reporter: ryan(a)openldap.org Target Milestone: --- The following operations can be performed by anyone having 'write' access (not even 'manage') using the Relax control: - modifying/replacing structural objectClass - adding/modifying OBSOLETE attributes Some operations are correctly restricted: - adding/modifying NO-USER-MODIFICATION attributes marked as manageable (Modification of non-conformant objects doesn't appear to be implemented at all.) In the absence of ACLs for controls, I'm of the opinion that all use of the Relax control should require manage access. The Relax draft clearly and repeatedly discusses its use cases in terms of directory _administrators_ temporarily relaxing constraints in order to accomplish a specific task. -- You are receiving this mail because: You are on the CC list for the bug.

3 months

1
11
0 / 0

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

openldap-bugs December 2020