Kurt(a)OpenLDAP.org wrote:
At 07:51 PM 11/27/2006, Kurt D. Zeilenga wrote:
> Spoke too soon.
> You code appears to be sending the same requests as
> Nessus, at least as described here:
>
http://www.nessus.org/plugins/index.php?view=viewsrc&id=23625
>
> Suspect a mismatch between what you and Brian are
> testing...
Howard, is the normalized authcDN in your testing correct?
It has a single escaped space. Here's the log with 256 characters
instead of 1024:
>> slap_listener(ldap://:9011)connection_get(12)
connection_get(12): got connid=2
connection_read(12): checking for input on id=2
ber_get_next
ldap_read: want=8, got=8
0000: 30 17 02 02 04 e7 60 11 0.....`.
ldap_read: want=17, got=17
0000: 02 01 03 04 00 a3 0a 04 08 43 52 41 4d 2d 4d 44
.........CRAM-MD
0010: 35 5
ber_get_next: tag 0x30 len 23 contents:
ber_get_next
ldap_read: want=8 error=Resource temporarily unavailable
ber_get_next on fd 12 failed errno=11 (Resource temporarily unavailable)
do_bind
ber_scanf fmt ({imt) ber:
ber_scanf fmt ({m) ber:
ber_scanf fmt (}}) ber:
>> dnPrettyNormal: <>
<<< dnPrettyNormal:
<>, <>
do_sasl_bind: dn () mech CRAM-MD5
==> sasl_bind: dn="" mech=CRAM-MD5 datalen=0
send_ldap_sasl: err=14 len=38
send_ldap_response: msgid=1255 tag=97 err=14
ber_flush: 55 bytes to sd 12
0000: 30 35 02 02 04 e7 61 2f 0a 01 0e 04 00 04 00 87
05....a/........
0010: 26 3c 39 34 32 38 34 39 37 31 39 2e 37 30 35 38
&<942849719.7058
0020: 36 35 39 40 6d 61 6e 64 6f 6c 69 6e 2e 73 79 6d
659(a)mandolin.sym
0030: 61 73 2e 63 6f 6d 3e as.com>
ldap_write: want=55, written=55
0000: 30 35 02 02 04 e7 61 2f 0a 01 0e 04 00 04 00 87
05....a/........
0010: 26 3c 39 34 32 38 34 39 37 31 39 2e 37 30 35 38
&<942849719.7058
0020: 36 35 39 40 6d 61 6e 64 6f 6c 69 6e 2e 73 79 6d
659(a)mandolin.sym
0030: 61 73 2e 63 6f 6d 3e as.com>
<== slap_sasl_bind: rc=14
connection_get(12)
connection_get(12): got connid=2
connection_read(12): checking for input on id=2
ber_get_next
ldap_read: want=8, got=8
0000: 30 82 01 1f 02 02 04 e6 0.......
ldap_read: want=283, got=283
0000: 60 82 01 17 02 01 03 04 00 a3 82 01 0e 04 08 43
`..............C
0010: 52 41 4d 2d 4d 44 35 04 82 01 00 20 20 20 20 20 RAM-MD5....
0020: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
0030: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
0040: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
0050: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
0060: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
0070: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
0080: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
0090: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
00a0: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
00b0: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
00c0: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
00d0: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
00e0: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
00f0: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
0100: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
0110: 20 20 20 20 20 20 20 20 20 20 20
ber_get_next: tag 0x30 len 287 contents:
ber_get_next
ldap_read: want=8 error=Resource temporarily unavailable
ber_get_next on fd 12 failed errno=11 (Resource temporarily unavailable)
connection_get(12)
connection_get(12): got connid=2
connection_read(12): checking for input on id=2
ber_get_next
ldap_read: want=8, got=0
ber_get_next on fd 12 failed errno=0 (Success)
connection_closing: readying conn=2 sd=12 for close
connection_close: deferring conn=2 sd=12
do_bind
ber_scanf fmt ({imt) ber:
ber_scanf fmt ({m) ber:
ber_scanf fmt (m) ber:
ber_scanf fmt (}}) ber:
>> dnPrettyNormal: <>
<<< dnPrettyNormal:
<>, <>
do_sasl_bind: dn () mech CRAM-MD5
==> sasl_bind: dn="" mech=<continuing> datalen=256
SASL Canonicalize [conn=2]: authcid="
"
slap_sasl_getdn: conn 2 id=
[len=255]
=> ldap_dn2bv(16)
<= ldap_dn2bv(uid=\20
\20,cn=CRAM-MD5,cn=auth)=0
slap_sasl_getdn: u:id converted to uid=\20
\20,cn=CRAM-MD5,cn=auth
>> dnNormalize: <uid=\20
\20,cn=CRAM-MD5,cn=auth>
=> ldap_bv2dn(uid=\20
\20,cn=CRAM-MD5,cn=auth,0)
<= ldap_bv2dn(uid=\20
\20,cn=CRAM-MD5,cn=auth)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(uid=\20,cn=cram-md5,cn=auth)=0
<<< dnNormalize: <uid=\20,cn=cram-md5,cn=auth>
==>slap_sasl2dn: converting SASL name uid=\20,cn=cram-md5,cn=auth to a DN
slap_authz_regexp: converting SASL name uid=\20,cn=cram-md5,cn=auth
<==slap_sasl2dn: Converted SASL name to <nothing>
SASL Canonicalize [conn=2]: slapAuthcDN="uid=\20,cn=cram-md5,cn=auth"
SASL [conn=2] Failure: no secret in database
send_ldap_result: conn=2 op=1 p=3
send_ldap_result: err=49 matched="" text="SASL(-13): user not found: no
secret in database"
send_ldap_response: msgid=1254 tag=97 err=49
<== slap_sasl_bind: rc=49
connection_resched: attempting closing conn=2 sd=12
connection_close: conn=2 sd=12
--
-- Howard Chu
Chief Architect, Symas Corp.
http://www.symas.com
Director, Highland Sun
http://highlandsun.com/hyc
OpenLDAP Core Team
http://www.openldap.org/project/