openldap-bugs

openldap-bugs@openldap.org

1 participants
20967 discussions

Re: (ITS#7042) [PATCH] allow unsetting of tls_* options for syncrepl
by patrick＠monnerat.net 21 Oct '17

21 Oct '17

This is a multi-part message in MIME format. --------------19DA99C0CC1B00C741A26BE6 Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 7bit On 10/19/2017 05:07 PM, Quanah Gibson-Mount wrote: > Hi Patrick, Hi Quanah, Thanks for your directives and future action. > > What we need is for you to simply reply to this ITS with your IPR > statement, and the patch attached. This will allow us to include it. > Here they are: I, Patrick Monnerat, hereby place the following modifications to OpenLDAP Software (and only these modifications) into the public domain. Hence, these modifications may be freely used and/or redistributed for any purpose with or without attribution and/or other notice. Patrick --------------19DA99C0CC1B00C741A26BE6 Content-Type: text/x-patch; name="0001-Allow-unsetting-of-tls_-syncrepl-options.patch" Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename*0="0001-Allow-unsetting-of-tls_-syncrepl-options.patch" >From 167330b0cfe3f45351c0ebdce3545c1347e9029b Mon Sep 17 00:00:00 2001 From: Patrick Monnerat <patrick(a)monnerat.net> Date: Sat, 21 Oct 2017 16:35:32 +0100 Subject: [PATCH] Allow unsetting of tls_* syncrepl options. This can be done by setting them to an empty string value. ITS: #7042 --- libraries/libldap/tls2.c | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/libraries/libldap/tls2.c b/libraries/libldap/tls2.c index 04db612..7e1b17b 100644 --- a/libraries/libldap/tls2.c +++ b/libraries/libldap/tls2.c @@ -836,31 +836,31 @@ ldap_pvt_tls_set_option( LDAP *ld, int option, void *arg ) return 0; case LDAP_OPT_X_TLS_CACERTFILE: if ( lo->ldo_tls_cacertfile ) LDAP_FREE( lo->ldo_tls_cacertfile ); - lo->ldo_tls_cacertfile = arg ? LDAP_STRDUP( (char *) arg ) : NULL; + lo->ldo_tls_cacertfile = (arg && *(char *)arg) ? LDAP_STRDUP( (char *) arg ) : NULL; return 0; case LDAP_OPT_X_TLS_CACERTDIR: if ( lo->ldo_tls_cacertdir ) LDAP_FREE( lo->ldo_tls_cacertdir ); - lo->ldo_tls_cacertdir = arg ? LDAP_STRDUP( (char *) arg ) : NULL; + lo->ldo_tls_cacertdir = (arg && *(char *)arg) ? LDAP_STRDUP( (char *) arg ) : NULL; return 0; case LDAP_OPT_X_TLS_CERTFILE: if ( lo->ldo_tls_certfile ) LDAP_FREE( lo->ldo_tls_certfile ); - lo->ldo_tls_certfile = arg ? LDAP_STRDUP( (char *) arg ) : NULL; + lo->ldo_tls_certfile = (arg && *(char *)arg) ? LDAP_STRDUP( (char *) arg ) : NULL; return 0; case LDAP_OPT_X_TLS_KEYFILE: if ( lo->ldo_tls_keyfile ) LDAP_FREE( lo->ldo_tls_keyfile ); - lo->ldo_tls_keyfile = arg ? LDAP_STRDUP( (char *) arg ) : NULL; + lo->ldo_tls_keyfile = (arg && *(char *)arg) ? LDAP_STRDUP( (char *) arg ) : NULL; return 0; case LDAP_OPT_X_TLS_DHFILE: if ( lo->ldo_tls_dhfile ) LDAP_FREE( lo->ldo_tls_dhfile ); - lo->ldo_tls_dhfile = arg ? LDAP_STRDUP( (char *) arg ) : NULL; + lo->ldo_tls_dhfile = (arg && *(char *)arg) ? LDAP_STRDUP( (char *) arg ) : NULL; return 0; case LDAP_OPT_X_TLS_ECNAME: if ( lo->ldo_tls_ecname ) LDAP_FREE( lo->ldo_tls_ecname ); - lo->ldo_tls_ecname = arg ? LDAP_STRDUP( (char *) arg ) : NULL; + lo->ldo_tls_ecname = (arg && *(char *)arg) ? LDAP_STRDUP( (char *) arg ) : NULL; return 0; case LDAP_OPT_X_TLS_CRLFILE: /* GnuTLS only */ if ( lo->ldo_tls_crlfile ) LDAP_FREE( lo->ldo_tls_crlfile ); - lo->ldo_tls_crlfile = arg ? LDAP_STRDUP( (char *) arg ) : NULL; + lo->ldo_tls_crlfile = (arg && *(char *)arg) ? LDAP_STRDUP( (char *) arg ) : NULL; return 0; case LDAP_OPT_X_TLS_REQUIRE_CERT: if ( !arg ) return -1; @@ -888,7 +888,7 @@ ldap_pvt_tls_set_option( LDAP *ld, int option, void *arg ) #endif case LDAP_OPT_X_TLS_CIPHER_SUITE: if ( lo->ldo_tls_ciphersuite ) LDAP_FREE( lo->ldo_tls_ciphersuite ); - lo->ldo_tls_ciphersuite = arg ? LDAP_STRDUP( (char *) arg ) : NULL; + lo->ldo_tls_ciphersuite = (arg && *(char *)arg) ? LDAP_STRDUP( (char *) arg ) : NULL; return 0; case LDAP_OPT_X_TLS_PROTOCOL_MIN: @@ -899,7 +899,7 @@ ldap_pvt_tls_set_option( LDAP *ld, int option, void *arg ) if ( ld != NULL ) return -1; if ( lo->ldo_tls_randfile ) LDAP_FREE (lo->ldo_tls_randfile ); - lo->ldo_tls_randfile = arg ? LDAP_STRDUP( (char *) arg ) : NULL; + lo->ldo_tls_randfile = (arg && *(char *)arg) ? LDAP_STRDUP( (char *) arg ) : NULL; break; case LDAP_OPT_X_TLS_NEWCTX: if ( !arg ) return -1; -- 2.5.5 --------------19DA99C0CC1B00C741A26BE6--

1 0

(ITS#8759) mixed overlay nops & memberof cause segfault
by zhixu.liu＠gmail.com 20 Oct '17

20 Oct '17

Full_Name: Z. Liu Version: 2.4.44 OS: Gentoo URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (221.218.169.84) if we enable overlay nops & memberof together, then doing a member MODDN operation, slapd will segfault and exit immediately. Example operation: dn: uid=test,ou=People,dc=example,dc=dc=com changetype: moddn newrdn: uid=chenln deleteoldrdn: 1 newsuperior: ou=Leave,dc=example,dc=com The reason is: in servers/slapd/overlays/memberof.c, function memberof_value_modify define mod/values/nvalues in the stack, which will be passed to other overlays, nops will try to free them if no attribute is changed.

1 0

(ITS#8758) New Mirror in the Netherlands
by mirror＠koddos.net 19 Oct '17

19 Oct '17

Full_Name: Martin Version: OS: URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (109.123.96.17) Hello, We wish to create a new public mirror in the Netherlands for OpenLDAP. Is there any server we can use for rsync? Regards, Martin

1 0

Re: (ITS#7042) [PATCH] allow unsetting of tls_* options for syncrepl
by quanah＠symas.com 19 Oct '17

19 Oct '17

Hi Patrick, What we need is for you to simply reply to this ITS with your IPR statement, and the patch attached. This will allow us to include it. IPR guidelines are here: <https://www.openldap.org/devel/contributing.html#notice> Thanks, Quanah -- Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: <http://www.symas.com>

1 0

Re: (ITS#8671) Declare ldap_init_fd() in ldap.h to help external consumers
by quanah＠symas.com 19 Oct '17

19 Oct '17

--On Thursday, October 19, 2017 10:20 AM +0300 Alexander Bokovoy <abokovoy(a)redhat.com> wrote: > Hi Quanah, > > On ti, 12 syys 2017, Quanah Gibson-Mount wrote: >> Hi Alexander, >> >> Your submission appears to be missing an IPR statement as noted at >> <https://www.openldap.org/devel/contributing.html#notice>. This is >> required for your submission to be evaluated. Please add an IPR at >> your earliest convenience. > Attached is a re-based patch set since there were changes in git master > in last month or so that affected the same area. > > There are two patches: one for git master, one for 2.4 branch. Since > there is no functional change in the code, I'd like to see the 2.4 > version in an upcoming release as that would greatly help Samba. > > I'm also including an IPR notice below: > > Red Hat, Inc. hereby place the following modifications to OpenLDAP > Software (and only these modifications) into the public domain. > Hence, these modifications may be freely used and/or redistributed > for any purpose with or without attribution and/or other notice. Thanks very much! I'll get this into my scratch repo for review. --Quanah -- Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: <http://www.symas.com>

1 0

(ITS#8757) RFE: let slapd MMR instances vote primary master
by michael＠stroeder.com 19 Oct '17

19 Oct '17

Full_Name: Michael Str.der Version: OS: URL: Submission from: (NULL) (217.145.44.194) In some situations having a "primary" master would be very useful (e.g. where to assign numeric IDs). The providers connected with MMR could try to vote a primary master with the raft algorithm: https://raft.github.io/ Ideally it should be visible in cn=monitor whether a provider replica is the current primary master. Let's discuss this at LDAPcon dinner this evening... ;-)

1 0

Re: (ITS#8671) Declare ldap_init_fd() in ldap.h to help external consumers
by abokovoy＠redhat.com 18 Oct '17

18 Oct '17

--cWoXeonUoKmBZSoM Content-Type: text/plain; charset=us-ascii; format=flowed Content-Disposition: inline Hi Quanah, On ti, 12 syys 2017, Quanah Gibson-Mount wrote: >Hi Alexander, > >Your submission appears to be missing an IPR statement as noted at ><https://www.openldap.org/devel/contributing.html#notice>. This is >required for your submission to be evaluated. Please add an IPR at >your earliest convenience. Attached is a re-based patch set since there were changes in git master in last month or so that affected the same area. There are two patches: one for git master, one for 2.4 branch. Since there is no functional change in the code, I'd like to see the 2.4 version in an upcoming release as that would greatly help Samba. I'm also including an IPR notice below: Red Hat, Inc. hereby place the following modifications to OpenLDAP Software (and only these modifications) into the public domain. Hence, these modifications may be freely used and/or redistributed for any purpose with or without attribution and/or other notice. Regards, -- / Alexander Bokovoy --cWoXeonUoKmBZSoM Content-Type: text/plain; charset=us-ascii Content-Disposition: attachment; filename="abokovoy-master-ldap_init_fd-move-ldap_init_fd-definition-to-ldap.h.patch" Content-Transfer-Encoding: quoted-printable =46rom 7abe0a2be015d8c169e5d25078a91adaaa4d799f Mon Sep 17 00:00:00 2001 =46rom: Alexander Bokovoy <abokovoy(a)redhat.com> Date: Mon, 5 Jun 2017 14:43:58 +0300 Subject: [PATCH] ldap_init_fd: move ldap_init_fd() definition to ldap.h While OpenLDAP team position is that all code in OpenLDAP source distribution can be used by users, most distributions do not ship ldap_pvt.h as part of openldap-devel (sub)package. Move ldap_init_fd() to ldap.h to facilitate external users who have a need to integrate OpenLDAP with their own event loop processing. --- doc/man/man3/ldap_open.3 | 5 +---- include/ldap.h | 7 +++++++ include/ldap_pvt.h | 2 -- 3 files changed, 8 insertions(+), 6 deletions(-) diff --git a/doc/man/man3/ldap_open.3 b/doc/man/man3/ldap_open.3 index 66b0b98f8..ac2c13a86 100644 --- a/doc/man/man3/ldap_open.3 +++ b/doc/man/man3/ldap_open.3 @@ -3,7 +3,7 @@ .\" Copyright 1998-2017 The OpenLDAP Foundation All Rights Reserved. .\" Copying restrictions apply. See COPYRIGHT/LICENSE. .SH NAME -ldap_init, ldap_initialize, ldap_open \- Initialize the LDAP library and o= pen a connection to an LDAP server +ldap_init, ldap_initialize, ldap_open, ldap_init_fd \- Initialize the LDAP= library and open a connection to an LDAP server .SH LIBRARY OpenLDAP LDAP (libldap, \-lldap) .SH SYNOPSIS @@ -50,9 +50,6 @@ LDAPURLDesc **url; void *params; .LP .ft B -#include <ldap_pvt.h> -.LP -.ft B int ldap_init_fd(fd, proto, uri, ldp) .ft ber_socket_t fd; diff --git a/include/ldap.h b/include/ldap.h index e3f292dba..46de9ecf1 100644 --- a/include/ldap.h +++ b/include/ldap.h @@ -1551,6 +1551,13 @@ ldap_dup LDAP_P(( LDAP_F( int ) ldap_connect( LDAP *ld ); =20 +LDAP_F (int) +ldap_init_fd LDAP_P(( + ber_socket_t fd, + int proto, + LDAP_CONST char *url, + LDAP **ldp )); + /* * in tls.c */ diff --git a/include/ldap_pvt.h b/include/ldap_pvt.h index f1d93ac37..49f674ce5 100644 --- a/include/ldap_pvt.h +++ b/include/ldap_pvt.h @@ -344,8 +344,6 @@ ldap_get_message_ber LDAP_P(( /* open */ LDAP_F (int) ldap_open_internal_connection LDAP_P(( struct ldap **ldp, ber_socket_t *fdp )); -LDAP_F (int) ldap_init_fd LDAP_P(( - ber_socket_t fd, int proto, LDAP_CONST char *url, struct ldap **ldp )); =20 /* sasl.c */ LDAP_F (int) ldap_pvt_sasl_generic_install LDAP_P(( Sockbuf *sb, --=20 2.13.6 --cWoXeonUoKmBZSoM Content-Type: text/plain; charset=us-ascii Content-Disposition: attachment; filename="abokovoy-v2.4-ldap_init_fd-move-ldap_init_fd-definition-to-ldap.h.patch" Content-Transfer-Encoding: quoted-printable =46rom f03eb7efe69d0a929e85df4cb5b4f47c7017e0d4 Mon Sep 17 00:00:00 2001 =46rom: Alexander Bokovoy <abokovoy(a)redhat.com> Date: Mon, 5 Jun 2017 14:43:58 +0300 Subject: [PATCH] ldap_init_fd: move ldap_init_fd() definition to ldap.h While OpenLDAP team position is that all code in OpenLDAP source distribution can be used by users, most distributions do not ship ldap_pvt.h as part of openldap-devel (sub)package. Move ldap_init_fd() to ldap.h to facilitate external users who have a need to integrate OpenLDAP with their own event loop processing. --- doc/man/man3/ldap_open.3 | 5 +---- include/ldap.h | 7 +++++++ include/ldap_pvt.h | 2 -- 3 files changed, 8 insertions(+), 6 deletions(-) diff --git a/doc/man/man3/ldap_open.3 b/doc/man/man3/ldap_open.3 index 1d5e2b5e2..4f980f2cb 100644 --- a/doc/man/man3/ldap_open.3 +++ b/doc/man/man3/ldap_open.3 @@ -3,7 +3,7 @@ .\" Copyright 1998-2017 The OpenLDAP Foundation All Rights Reserved. .\" Copying restrictions apply. See COPYRIGHT/LICENSE. .SH NAME -ldap_init, ldap_initialize, ldap_open \- Initialize the LDAP library and o= pen a connection to an LDAP server +ldap_init, ldap_initialize, ldap_open, ldap_init_fd \- Initialize the LDAP= library and open a connection to an LDAP server .SH LIBRARY OpenLDAP LDAP (libldap, \-lldap) .SH SYNOPSIS @@ -45,9 +45,6 @@ LDAPURLDesc **url; void *params; .LP .ft B -#include <ldap_pvt.h> -.LP -.ft B int ldap_init_fd(fd, proto, uri, ldp) .ft ber_socket_t fd; diff --git a/include/ldap.h b/include/ldap.h index db6869da8..b39d985dc 100644 --- a/include/ldap.h +++ b/include/ldap.h @@ -1526,6 +1526,13 @@ LDAP_F( LDAP * ) ldap_dup LDAP_P(( LDAP *old )); =20 +LDAP_F (int) +ldap_init_fd LDAP_P(( + ber_socket_t fd, + int proto, + LDAP_CONST char *url, + LDAP **ldp )); + /* * in tls.c */ diff --git a/include/ldap_pvt.h b/include/ldap_pvt.h index ce53cf157..bf09d6c4c 100644 --- a/include/ldap_pvt.h +++ b/include/ldap_pvt.h @@ -333,8 +333,6 @@ ldap_get_message_ber LDAP_P(( /* open */ LDAP_F (int) ldap_open_internal_connection LDAP_P(( struct ldap **ldp, ber_socket_t *fdp )); -LDAP_F (int) ldap_init_fd LDAP_P(( - ber_socket_t fd, int proto, LDAP_CONST char *url, struct ldap **ldp )); =20 /* sasl.c */ LDAP_F (int) ldap_pvt_sasl_generic_install LDAP_P(( Sockbuf *sb, --=20 2.13.6 --cWoXeonUoKmBZSoM--

1 0

(ITS#8756) assertion in mdb_page_dirty() due to loose pages
by h.b.furuseth＠usit.uio.no 18 Oct '17

18 Oct '17

Full_Name: Hallvard B Furuseth Version: mdb.master, bb8502f08800a44a6b91a94d6478aa7101c4cc77 OS: URL: Submission from: (NULL) (193.71.61.52) Submitted by: hallvard Described here with a fix, and with discussion in the thread: http://www.openldap.org/lists/openldap-devel/201710/msg00019.html "Inside freelist_save() the mt_loose_pages could be merged into the mt_free_pgs. http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=blob;f=libraries/… But at this point all loose_pages also still present in the mt_u.dirty_list. On the next loop inside freelist_save() a one more page could be requested, and page_alloc() could return a page which is already in the mt_u.dirty_list. In this case mdb_mid2l_insert() will return -1." We could catch and handle the error when WRITEMAP is not in use. Another fix is for freelist_save() to quit messing with loose pages and just reserve room for them, like it does for me_pghead. In LMDB 1.0, we'll have more options.

1 0

Re: (ITS#8376)
by christian.kornacker＠gmail.com 15 Oct '17

15 Oct '17

The attached file is derived from OpenLDAP Software. All of the modifications to OpenLDAP Software represented in the following patch(es) were developed by SUSE Linux GmbH. SUSE Linux GmbH has not assigned rights and/or interest in this work to any party. I, Christian Kornacker am authorized by SUSE Linux GmbH, my employer, to release this work under the following terms. SUSE Linux GmbH hereby places the referenced modifications to OpenLDAP Software (and only these modifications) into the public domain. Hence, these modifications may be freely used and/or redistributed for any purpose with or without attribution and/or other notice.

1 0

(ITS#8755) invalid file descriptor when closing tls connection
by info＠christianknueppel.de 12 Oct '17

12 Oct '17

Full_Name: Christian Knueppel Version: 2.4.45 OS: Ubuntu 16.04.3 LTS URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (141.12.132.220) I currently developing on a c software which is using Openldap with TLS authentication. My software is working fine, but when i test it with valgrind, i always get an invalid file descriptor when closing the connection. Here is the stacktrace from valgrind: ==17517== Warning: invalid file descriptor -1 in syscall write() ==17517== at 0x4E4A4BD: ??? (syscall-template.S:84) ==17517== by 0x61BF5E7: sb_debug_write (in /usr/lib/x86_64-linux-gnu/liblber-2.4.so.2.10.5) ==17517== by 0x7261644: _gnutls_writev_emu (gnutls_buffers.c:447) ==17517== by 0x7261644: _gnutls_writev (gnutls_buffers.c:505) ==17517== by 0x7261644: _gnutls_io_write_flush (gnutls_buffers.c:699) ==17517== by 0x725BDFF: _gnutls_send_tlen_int (gnutls_record.c:464) ==17517== by 0x727E0D7: _gnutls_send_int (gnutls_record.h:43) ==17517== by 0x727E0D7: gnutls_alert_send (gnutls_alert.c:165) ==17517== by 0x725DCD8: gnutls_bye (gnutls_record.c:289) ==17517== by 0x5F9F181: tlsg_sb_close (in /usr/lib/x86_64-linux-gnu/libldap_r-2.4.so.2.10.5) ==17517== by 0x61C07B1: ber_int_sb_close (in /usr/lib/x86_64-linux-gnu/liblber-2.4.so.2.10.5) ==17517== by 0x61C08A3: ber_sockbuf_free (in /usr/lib/x86_64-linux-gnu/liblber-2.4.so.2.10.5) ==17517== by 0x5F815CD: ldap_ld_free (in /usr/lib/x86_64-linux-gnu/libldap_r-2.4.so.2.10.5) ==17517== by 0x41618F: ldap_close_handle (ldap_connection.c:481) --> In function ldap_close_handle i call ldap_unbind_ext_s(ld, NULL, NULL). The connection is built with ldap_initialize(&ld, config.ldap_url) and ldap_start_tls_s(ld, NULL, NULL). Options set with ldap_set_option() are LDAP_OPT_X_TLS_REQUIRE_CERT to 2 (LDAP_OPT_X_TLS_DEMAND) and LDAP_OPT_X_TLS_CACERTFILE are set to all SSL CA-Certificates (/etc/ssl/certs/ca-certificates.crt). I run the ldap_unbind_ext_s command (for test purpose) shortly after the start_tls command is finished. When i use ldap_sasl_interactive_bind_s with DIGEST-MD5 instead of ldap_start_tls_s, the warning doesn't appear. When i use both, tls and sasl, the warning also appears. My computer running on Ubuntu 16.04.3 LTS (uname: 4.4.0-97-generic x86_64) with libldap-2.4-2 (2.4.42+dfsg-2ubuntu3.2) and libgnutls30 (3.4.10-4ubuntu1.4). I also tested it with the newest Ubuntu Artful Aardvark and the newest openldap (2.4.45+dfsg-1ubuntu1) and gnutls(3.5.8-6ubuntu3) release, but it didn't has any effect in my case. I also tryed to compiled openldap against openssl to see, if it might be a gnutls bug, but the invalid file descriptor occurs again. The lower valgrind stacktrace is done with openldap 2.4.45 and openssl 1.0.2g on the newest Artful Aardvark 17.10. ==2638== Warning: invalid file descriptor -1 in syscall write() ==2638== at 0x4E4DCC0: write (write.c:26) ==2638== by 0x61C6E87: sb_debug_write (sockbuf.c:854) ==2638== by 0x5FAAB4A: tlso_bio_write.part.8 (tls_o.c:790) ==2638== by 0x516B94A: BIO_write (bio_lib.c:243) ==2638== by 0x5B20C61: ssl3_write_pending (s3_pkt.c:1105) ==2638== by 0x5B22E82: ssl3_dispatch_alert (s3_pkt.c:1733) ==2638== by 0x5B1EAE6: ssl3_shutdown (s3_lib.c:4372) ==2638== by 0x5FAA749: tlso_sb_close (tls_o.c:899) ==2638== by 0x61C7D8A: ber_int_sb_close (sockbuf.c:383) ==2638== by 0x61C7E73: ber_sockbuf_free (sockbuf.c:74) ==2638== by 0x5F8D006: ldap_ld_free (unbind.c:134) ==2638== by 0x1277B7: ldap_close_handle (ldap_connection.c:481)

1 0

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

openldap-bugs