openldap-bugs July 2021

openldap-bugs@openldap.org

1 participants
263 discussions

[Issue 6138] Bad Cancel/Abandon/"internal abandon"/Syncprov interactions
by openldap-its＠openldap.org 27 Jul '21

27 Jul '21

https://bugs.openldap.org/show_bug.cgi?id=6138 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- See Also| |https://bugs.openldap.org/s | |how_bug.cgi?id=9220 -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 6138] Bad Cancel/Abandon/"internal abandon"/Syncprov interactions
by openldap-its＠openldap.org 27 Jul '21

27 Jul '21

https://bugs.openldap.org/show_bug.cgi?id=6138 --- Comment #9 from Howard Chu <hyc(a)openldap.org> --- (In reply to Hallvard Furuseth from comment #2) > back-ldap:extended.c also does "suppress response, it has been sent", > but does it by returning and setting rs->sr_err = SLAPD_ABANDON. Might > break assumptions somewhere that SLAPD_ABANDON implies o_abandon was > set. And I guess the hack fails if the operation gets cancelled. Now fixed to always let the frontend handle responses. But this is still awkward, and will need to be revisited again for ITS#9220. > ======================================================================== > > I think these are the Operation states related to Cancel and Abandon: > > op->o_abandon is set for these - could extend to multiple values: > A) Operation Abandoned/Cancelled by client. > B) Operation implicitly abandoned by client. (Bind or lost connection) > C) Operation abandoned by server. (It wants to close the connection) > D) Suppress response - a duplicate of the operation will proceed. (syncprov) > E) Suppress response - final send_ldap_response() was done. (retcode overlay) > > rs->sr_err == SLAPD_ABANDON if: > F) The backend obeyed o_abandon. (Cancel op, if any, will succeed) > G=E) Suppress response - final send_ldap_response() was done. (back-ldap) D, E, and G will no longer occur. > op->o_cancel packs these states/values: > H) The o_abandon is due to a Cancel. > I) Cancel operation wants a result, cancelled op must set it and wait. > J) Result is available to the Cancel operation. > K) Result. (LDAP result code, or SLAP_CANCEL_ACK for success) > L) Cancel operation has fetched result, cancelled operation can proceed. > > States that fit in none of the above, or poorly so: > > M) Operation must not be waited for, e.g. by Cancel. > Operation is itself waiting for others, e.g. cn=config update. > > N) Operation invisible to Abandon/Cancel/internal abandon. > msgID reusable due to result sent to client. Also case D (syncprov)? > > Fix by removing the op from op->o_conn->c_ops? Or does that just > move the problem around? Would need to do something to o_conn to > prevent connection_close() from doing connection_destroy(). > > O) Operation result has been committed, do not abandon. ITS#6059. > > But o_abandon can be set while trying to commit, unless this flag is > set before trying - in which case we can't abandon an operation which > is failing to commit, which may be when it's most relevant. > > Could reset o_abandon, if anyone can keep straight the consequences. > Or replace the 'if ( op->o_abandon )' tests with some macro call. > Still, interactions with other states could be a problem. > > About the o_abandon values above: > > B can be treated like A, I think. > C differs in that Cancel/Abandon(operation) should not say "already > abandoned" since the client doen't know about the abandon. > Could be solved with a vague error message. > > D-E differ in that o_abandon gets set even though the backends' > cancel/abandon handlers were not called. Unsure of the effects of that. > > D Syncprov duplicating a Persistent Search operation. > Handled similar to a server-initiated abandon? Except if the > operation cannot be "invisible to Abandon/Cancel" above it must remain > possible to Abandon/Cancel it. > > E Suppress response - response has been sent: > Set when exiting slap_send_ldap_result() & co? > > Handled similar to a server-initiated abandon? > At the time slap_send_ldap_result() is called again, the operation > may have set up things which need to be cleaned up in the normal way. > Yet it has already gone through that function once, doing callbacks > etc. Must "final response" code be prepared to be called twice? > > Beyond that, the main problem would be code which transitions to one > state to another, it needs to handle the other cases. > > -- > Hallvard -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 8890] adapt to 64-bit time_t on systems with 32-bit long
by openldap-its＠openldap.org 27 Jul '21

27 Jul '21

https://bugs.openldap.org/show_bug.cgi?id=8890 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Summary|Adapt timet to 64-bit long |adapt to 64-bit time_t on | |systems with 32-bit long -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 6138] Bad Cancel/Abandon/"internal abandon"/Syncprov interactions
by openldap-its＠openldap.org 27 Jul '21

27 Jul '21

https://bugs.openldap.org/show_bug.cgi?id=6138 --- Comment #8 from Quanah Gibson-Mount <quanah(a)openldap.org> --- https://git.openldap.org/openldap/openldap/-/merge_requests/365 -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 6138] Bad Cancel/Abandon/"internal abandon"/Syncprov interactions
by openldap-its＠openldap.org 27 Jul '21

27 Jul '21

https://bugs.openldap.org/show_bug.cgi?id=6138 Howard Chu <hyc(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|UNCONFIRMED |IN_PROGRESS Ever confirmed|0 |1 --- Comment #7 from Howard Chu <hyc(a)openldap.org> --- (In reply to Hallvard Furuseth from comment #0) > Full_Name: Hallvard B Furuseth > Version: HEAD > OS: > URL: > Submission from: (NULL) (129.240.6.233) > Submitted by: hallvard > > > Might make this a tracking issue for Cancel/Abandon problems. > And/or copy some to separate ITSes, but they all seem interconnected: > > > Cancel(abandoned operation)-requests are not rejected. Thus slapd > sets o_cancel and turns an active Abandon into a Cancel. Presumably > that can confuse Cancel/Abandon handlers, like that in Syncprov. > > Similarly, Abandon(abandoned/cancelled operation) is not ignored. > connection_abandon() re-abandons abandoned/cancelled operations too. Both of the above checks are now uncommented / enabled. > However Syncprov:RefreshAndPersist abuses op->o_abandon: It sets it to > mean "Suppress the response. A copy of this operation will send it." > So if Cancel(op with o_abandon!=0) is fixed to respond protocolError > "already abandoned", presumably that breaks Cancel(RefreshAndPersist). > > I'm not touching it with a flagpole - I don't know syncprov. Help? syncprov has been changed to use the new SLAPD_ASYNCOP returncode so it no longer needs to muck with this. > Overlay retcode does something similar - sends a response and then sets > o_abandon. I can't see any reason why this is needed. It's been there since the initial commit but I'm removing it. Any return code != SLAP_CB_CONTINUE already prevents the frontend from sending its own response so there's no reason to set this here. > Cancel/Abandon can in any case fail by targeting the wrong operation > though: A connection can have multiple messages with the same IDs when > the response is sent and the client reuses the message ID, before the > old operation in slapd can clean up and finish. > > syncprov_op_abandon() identifies messages by (connid, msgid). Can > multiple messages with the same ID break that, or more importantly, > break what gets sent/written with syncrepl? Sounds like bad practice in clients, but should still be safe. The messages are queued in order, so only the first matching message will be abandoned. Presumably the first incoming abandon request can only refer to the first queued operation of that ID. > Anyway, the current code needs an o_abandon value which means "suppress > response". Or maybe "abandoned, except as far as future Abandon and > Cancel operations are concerned". Syncprov and Retcode need to handle > the various possible orderings of Cancel/Abandon vs Suppress, including > when they forward o_abandon from one operation to another. I haven't > looked too closely at that code either. Mooted by use of SLAPD_ASYNCOP returncode. -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 5555] authzTo ACL check for wrong principal
by openldap-its＠openldap.org 26 Jul '21

26 Jul '21

https://bugs.openldap.org/show_bug.cgi?id=5555 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Resolution|FIXED |TEST -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 5555] authzTo ACL check for wrong principal
by openldap-its＠openldap.org 26 Jul '21

26 Jul '21

https://bugs.openldap.org/show_bug.cgi?id=5555 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Resolution|--- |FIXED Status|IN_PROGRESS |RESOLVED --- Comment #18 from Quanah Gibson-Mount <quanah(a)openldap.org> --- Commits: • 73e7034d by andrew.findlay(a)skills-1st.co.uk at 2021-07-26T22:02:55+00:00 ITS#5555 - Correct documentation for SASL AuthzTo Check -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 8890] Adapt timet to 64-bit long
by openldap-its＠openldap.org 26 Jul '21

26 Jul '21

https://bugs.openldap.org/show_bug.cgi?id=8890 --- Comment #14 from tg(a)debian.org <tg(a)debian.org> --- The bug is mistitled. It should be “adapt to 64-bit time_t on systems with 32-bit long”, which has become a fairly standard setup in the last 15 years and will become even more so in the next… less than 17 years, I suppose. -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 8742] slapd.conf/slapd-config divergence
by openldap-its＠openldap.org 26 Jul '21

26 Jul '21

https://bugs.openldap.org/show_bug.cgi?id=8742 --- Comment #3 from Quanah Gibson-Mount <quanah(a)openldap.org> --- Commits: • cb5ba678 by Quanah Gibson-Mount at 2021-07-26T16:36:26+00:00 ITS#8742 - More for bringing slapd.conf.5 and slapd-config.5 in sync -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 9593] New: excessive null check in set_chase()
by openldap-its＠openldap.org 26 Jul '21

26 Jul '21

https://bugs.openldap.org/show_bug.cgi?id=9593 Issue ID: 9593 Summary: excessive null check in set_chase() Product: OpenLDAP Version: unspecified Hardware: All OS: All Status: UNCONFIRMED Severity: normal Priority: --- Component: slapd Assignee: bugs(a)openldap.org Reporter: grapvar(a)gmail.com Target Milestone: --- Looks like slap_set_join( cp, nset, '|', vals ) can't return null, so return value at line 411 should be treated like one at line 402: servers/slapd/sets.c:399, set_chase(): for ( i = 0; !BER_BVISNULL( &set[ i ] ); i++ ) { vals = gatherer( cp, &set[ i ], desc ); if ( vals != NULL ) { /*402: */ nset = slap_set_join( cp, nset, '|', vals ); } } ber_bvarray_free_x( set, cp->set_op->o_tmpmemctx ); if ( closure ) { for ( i = 0; !BER_BVISNULL( &nset[ i ] ); i++ ) { vals = gatherer( cp, &nset[ i ], desc ); if ( vals != NULL ) { /*411: */ nset = slap_set_join( cp, nset, '|', vals ); if ( nset == NULL ) { break; } } } } diff --git a/servers/slapd/sets.c b/servers/slapd/sets.c index fc7b72c8b..17a6ec2c1 100644 --- a/servers/slapd/sets.c +++ b/servers/slapd/sets.c @@ -409,9 +409,6 @@ set_chase( SLAP_SET_GATHER gatherer, vals = gatherer( cp, &nset[ i ], desc ); if ( vals != NULL ) { nset = slap_set_join( cp, nset, '|', vals ); - if ( nset == NULL ) { - break; - } If I'm wrong, return value at line 402 must be checked for null. -- You are receiving this mail because: You are on the CC list for the issue.

1 3

← Newer
1
...
8
9
10
11
12
13
14
...
27
Older →

Jump to page:

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

openldap-bugs July 2021