(ITS#8059) In client code, set option LDAP_OPT_DEBUG_LEVEL LDAP_DEBUG_ANY does not set option. - openldap-bugs

16 Feb 2015


      Full_Name: Peter John Driscoll
Version: openldap-2.4.40
OS: Linux
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (203.3.133.17)
Set this option does not turn on debugging.
#define LDAP_DEBUG_ANY          0xffff 
    const int optionValue = LDAP_DEBUG_ANY;
    CHECK_RESULT(ldap_set_option(m_ld, LDAP_OPT_DEBUG_LEVEL, &optionValue),
"ldap_set_option debug level");
Calling ldap_get_option confirms the change. But in  libraries/libldap/sbind.c
int
ldap_simple_bind_s( LDAP *ld, LDAP_CONST char *dn, LDAP_CONST char *passwd )
The call,
    Debug( LDAP_DEBUG_TRACE, "ldap_simple_bind_s\n", 0, 0, 0 );
Does not log any debug information, because ldap_debug does not returns 0
instead of 0xFFFF. Debug is defined,
#define Debug( level, fmt, arg1, arg2, arg3 ) \
    	Log3( (level), 0, (fmt), (arg1), (arg2), (arg3) )
#define Log3( level, severity, fmt, arg1, arg2, arg3 ) \
    do { \
    	if ( ldap_debug & (level) ) \
        		lutil_debug( ldap_debug, (level), (fmt), (arg1), (arg2), (arg3) ); \
    } while ( 0 )
#define ldap_debug	((LDAP_INT_GLOBAL_OPT())->ldo_debug)
The option is set in,  libraries/libldap/options.c
int
ldap_set_option(
        LDAP    *ld,
        int             option,
        LDAP_CONST void *invalue)
starts with
lo = LDAP_INT_GLOBAL_OPT();
but a few lines down,
if(ld != NULL) {
                assert( LDAP_VALID( ld ) );
if( !LDAP_VALID( ld ) ) {
                        return LDAP_OPT_ERROR;
                }
lo = &ld->ld_options;
        }
This code breaks the logic so that the option is not set in the right place. So
later in the method,
        case LDAP_OPT_DEBUG_LEVEL:
                lo->ldo_debug = * (const int *) invalue;
                rc = LDAP_OPT_SUCCESS;
                break;
is writing to the wrong place, because lo != LDAP_INT_GLOBAL_OPT()
FYI my methods, doing the calling is,
void NovaLdap::Connect()
{
    NovaString ldaps = "ldap://";
    if (m_SSL)
    {
        ldaps = "ldaps://";
    }
    NovaString server = ldaps + m_IpAddress + ":" + ToNovaString(m_IpPort);
    JOURNAL(SECURITYSERVER,DTL) << "Security Server : Connect " << server <<
endl;
#ifdef _WIN32
    m_ld = ldap_sslinit((LDAP_PCHAR) m_IpAddress.data(), m_IpPort, m_SSL);
#else
    CHECK_RESULT(ldap_initialize(&m_ld, server), "ldap_initialize(\2"22 + server
+ "")");
#endif
    JOURNAL(SECURITYSERVER,DTL) << "Security Server : Connected - OK " << endl;
    if (!m_ld)
    {
        JOURNAL(SECURITYSERVER,DTL) << "Security Server : Connect - NULL LD " <<
endl;D0D
        throw NovaError(ISSFactory::Error_LDAP_INIT_NULL);
    }
    JOURNAL(SECURITYSERVER,DTL) << "Security Server : Connect - set option" <<
endl;
    int myVersion =LDAP_VERSION3;
    CHECK_RESULT(ldap_set_option(m_ld, LDAP_OPT_PROTOCOL_VERSION, &myVersion),
"ldap_set_option version");
    //CHECK_RESULT(ldap_set_option(m_ld, LDAP_OPT_TLS, &reqcert),
"ldap_set_option TLS requires certificate");
#ifdef LDAP_OPT_DEBUG_LEVEL
    const int optionValue = LDAP_DEBUG_ANY;
    CHECK_RESULT(ldap_set_option(m_ld, LDAP_OPT_DEBUG_LEVEL, &optionValue),
"ldap_set_option debug level");
int optionValueReturned = 0;
    CHECK_RESULT(ldap_get_option(m_ld, LDAP_OPT_DEBUG_LEVEL,
&optionValueReturned), "ldap_set_option debug level");
    JOURNAL(SECURITYSERVER,DTL) << "Security Server : Set debug level: " <<
optionValueReturned << endl;
#endif
#ifdef LDAP_OPT_CONNECT_ASYNC
   ldap_set_option( m_ld, LDAP_OPT_CONNECT_ASYNC, LDAP_OPT_OFF );
#endif
   ldap_set_option(m_ld, LDAP_OPT_REFERRALS, LDAP_OPT_OFF );
   ldap_set_option(m_ld, LDAP_OPT_RESTART, LDAP_OPT_ON );
   JOURNAL(SECURITYSERVER,DTL) << "Security Server : Connect - OK " << endl;
#ifdef _WIN32
    CHECK_RESULT(ldap_connect(m_ld, NULL), "ldap_connect");
#endif
    if (m_StartTLS)
    {
        JOURNAL(SECURITYSERVER,DTL) << "Security Server : Connect - Start TLS"
<< endl;
#ifdef _WIN32
        CHECK_RESULT(ldap_start_tls_s(m_ld, NULL, NULL, NULL, NULL),
"ldap_start_tls_s");
// WINLDAPAPI ULONG LDAPAPI ldap_start_tls_sA (
//     IN   PLDAP          ExternalHandle,
//     OUT  PULONG         ServerReturnValue,
//     OUT  LDAPMessage    **result,
//     IN   PLDAPControlA  *ServerControls,
//     IN   PLDAPControlA  *ClientControls
// );
#else
        CHECK_RESULT(ldap_start_tls(m_ld, NULL, NULL, NULL),
"ldap_start_tls_s");
#endif
    }
}
void NovaLdap::CheckConnection()
{
    JOURNAL(SECURITYSERVER,DTL) << "NovaLdap::CheckConnection: Checking
connection" << endl;
    Connect();
    // See if can bind to the DN.
    if (!m_ServiceAccountUsername.isNull())
    {
        JOURNAL(SECURITYSERVER,DTL) << "Security Server :
GetDistinguishedNameForUserName Service service login " <<
m_ServiceAccountUsername << endl;
        puts("Security Server : GetDistinguishedNameForUserName Service service
login\n");
        LDAP_RESULT result = ldap_simple_bind_s(m_ld, (LDAP_PCHAR)
m_ServiceAccountUsername.data(), (LDAP_PCHAR) m_ServiceAccountPassword.data());
        if (result != (LDAP_RESULT) LDAP_SUCCESS)
        {
            NovaString errorMessage(ldap_err2string(result));
            throw NovaError(ISSFactory::Error_LDAP_FAILURE, "bind as service
user: ", errorMessage);
            char sevLevel;
        }
        ldap_unbind(m_ld);
    }
    JOURNAL(SECURITYSERVER,DTL) << "NovaLdap::ececkConnection: Success" <<
endl;
}