asserts and manadatory build instructions (was ITS#8240)
by Michael Ströder
hyc(a)symas.com wrote in ITS#8240:
> Our patch response was too hasty. There is no OpenLDAP bug here, the real
> issue is production binaries being built with asserts enabled instead of
> compiling with -DNDEBUG. That's an issue for packagers and distros to resolve.
> Closing this ITS, not an OpenLDAP bug.
Maybe I missed something. But this is the first time I've heard about -DNDEBUG
being mandatory when compiling binary packages for production use. Does it
have other effects?
And what are general rules for assert statements in OpenLDAP code?
In my own (Python) code assert statements are supposed to be only triggered if
something goes wrong *internally* (type issues etc.). If somebody manages to
trigger an assert statement with invalid input from "outside" I always
consider this to be a serious bug revealing insufficient error handling even
though e.g. web2ldap just logs the exception but won't crash. YMMV, but please
clarify.
I also wonder whether there are more mandatory rules for building packages and
where I can find them.
Please don't get me wrong: My inquiry is in good faith to avoid unnecessary
ITS based on misunderstanding.
Ciao, Michael.
1 year, 11 months
ITS#8654 - Option for LDAP client to bind to a local address
by Daniel Le
Hello,
In reference to the enhancement request ITS#865, please comment on the following to add support for binding a local IP address to client socket. This is just an outline of changes for one local address. I am not sure whether a list of local addresses is necessary. If it is, then a new function, similarly to ldap_url_parsehosts, may be written to parse the list of local addresses and store them into a linked list. In my use case, only one IPv4 or IPv6 local address is used for binding.
- Modify ldap.h and ldap_set_option to handle the new option LDAP_OPT_LOCAL_ADDRESS.
Should it be named LDAP_OPT_CLIENT_ADDRESS, LDAP_OPT_SOCKET_BIND_ADDRESS...?
- Modify struct ldapoptions in ldap-int.h to add element "char *ldo_local_address" to hold client local address when ldap_set_option(LDAP_OPT_LOCAL_ADDRESS...) is executed.
This can char pointer can point to an IPv4 address or IPv6 address.
- ldap_connect_to_host() in os-ip.c
After the connection socket is created (ldap_int_socket) and before it is connected (ldap_pvt_connect), extract the local IP address.
If local address family (AF_INET/ AF_INET6) matches the one of the host, bind socket to the local address.
Regards,
Daniel
6 years, 3 months
Re: Status of ldap_init_fd and LDAP_PROTO_EXT?
by Howard Chu
Volker Lendecke wrote:
> Hi!
>
> What's the status of those two? They are mentioned in the manpages of
> for example Debian Jessie and FreeBSD 11 (maybe from ports?), but the
> manpage explicitly says you have to #include <ldap_pvt.h>, which is
> not shipped.
>
> What's the reason of them being in ldap_pvt.h? Are they supposed to
> change in the future? The function is now more than 10 years old,
> without too much change in that decade.
Generally, <ldap.h> was only supposed to export the "official" LDAP API and
anything that was specific to OpenLDAP's implementation was stashed in
<ldap_pvt.h> as non-standard features. I suppose the distinction is somewhat
meaningless these days since the last LDAP API RFC was only valid for LDAPv2
and a version for LDAPv3 was never approved. At this point, OpenLDAP's API is
the de facto standard. As clumsy as it may be...
>
> Not being able to fully asynchronously connect to a server was my main
> reason to start my own little ldap library a few years ago, so I think
> this can be useful code :-)
Talk to your distro folks about shipping the files then. The Project's policy
is that we do source releases exclusively, and everything contained in a
source release is intended for end-users to read and use. That is, again, the
point of open source. It would also help if end-users read the scripts in the
test suite and used them as examples of how to setup various configurations.
>
> Thanks, Volker
>
>
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
6 years, 3 months
RE: ITS#8654 - Option for LDAP client to bind to a local address
by Quanah Gibson-Mount
--On Tuesday, May 23, 2017 4:18 PM +0000 Daniel Le <daniel.le(a)exfo.com>
wrote:
> Since the ITS#4707 patch was not merged into 2.4 and is subject to
> additional modification to handle a list of local addresses, perhaps it
> makes sense to leverage from what was done in 2.3 and write a new patch
> for 2.4 (i.e. no merge)?
All work should be done against OpenLDAP master rather than a release branch
> Regarding multiple local IP addresses, I can think of a scenario where
> the desired local network interface has an IPv4 address and an IPv6
> address, then the one which has the same address family as the server's
> is chosen at the time of socket binding, but how to match a client IP
> address with a server host address when there are multiple IPv4 and/or
> IPv6 local addresses?
Curious, does telnet -b handle this currently?
> Daniel
>
> -----Original Message-----
> From: Daniel Le
> Sent: Monday, May 22, 2017 5:17 PM
> To: 'Howard Chu' <hyc(a)symas.com>; Quanah Gibson-Mount <quanah(a)symas.com>;
> 'openldap-devel(a)openldap.org' <openldap-devel(a)openldap.org> Subject: RE:
> ITS#8654 - Option for LDAP client to bind to a local address
>
> From what I can see, ldap_init_fd() only allows the setting of
> UDP/TCP/IPC protocol type and server's URI.
>
> Will the ITS#4707 patch
> (ftp://ftp.openldap.org/incoming/openldap-2.3.27-bindaddr.patch.txt) be
> merged into 2.4?
>
> And since this patch only handles one IP address, further change will be
> necessary to support a list of IP addresses.
>
> Daniel
>
> -----Original Message-----
> From: Howard Chu [mailto:hyc@symas.com]
> Sent: Monday, May 22, 2017 2:49 PM
> To: Quanah Gibson-Mount <quanah(a)symas.com>; Daniel Le
> <daniel.le(a)exfo.com>; 'openldap-devel(a)openldap.org'
> <openldap-devel(a)openldap.org> Subject: Re: ITS#8654 - Option for LDAP
> client to bind to a local address
>
> Quanah Gibson-Mount wrote:
>> --On Monday, May 22, 2017 7:28 PM +0000 Daniel Le <daniel.le(a)exfo.com>
>> wrote:
>>
>>> I tumbled into the following ITS#4707 thread:
>>> Patch: option to bind client socket to an address
>>> https://www.openldap.org/lists/openldap-bugs/200610/threads.html#0004
>>> 7
>>>
>>> Wasn't this patch integrated into OpenLDAP 2.3.X? I couldn't see it
>>> in the 2.4.44 code base.
>>
>> The notes say it was added for 2.4, but that apparently is incorrect.
>>
>> "new API added in HEAD/RE24"
>
> The notes say *a* new API was added to 2.4, not necessarily *this* one.
> And that is true, we added ldap_init_fd() which lets the caller setup
> their socket any way they please.
>
> commit 1f635b8bcfaaac666005a88a5620e9798c9565e1
>
> --
> -- Howard Chu
> CTO, Symas Corp. http://www.symas.com
> Director, Highland Sun http://highlandsun.com/hyc/
> Chief Architect, OpenLDAP http://www.openldap.org/project/
--
Quanah Gibson-Mount
Product Architect
Symas Corporation
Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
<http://www.symas.com>
6 years, 4 months
Re: ITS#8654 - Option for LDAP client to bind to a local address
by Howard Chu
Daniel Le wrote:
> Hello,
>
> In reference to the enhancement request ITS#865, please comment on the following to add support for binding a local IP address to client socket. This is just an outline of changes for one local address. I am not sure whether a list of local addresses is necessary. If it is, then a new function, similarly to ldap_url_parsehosts, may be written to parse the list of local addresses and store them into a linked list. In my use case, only one IPv4 or IPv6 local address is used for binding.
As I commented in the ITS, since there is no existing IETF spec for this
option, and since there is an existing implementation in Microsoft's API, we
should copy the Microsoft API behavior, to maintain source level compatibility
and make app developers' lives easier.
Since they support a list of IP addresses, so should we.
>
> - Modify ldap.h and ldap_set_option to handle the new option LDAP_OPT_LOCAL_ADDRESS.
> Should it be named LDAP_OPT_CLIENT_ADDRESS, LDAP_OPT_SOCKET_BIND_ADDRESS...?
>
> - Modify struct ldapoptions in ldap-int.h to add element "char *ldo_local_address" to hold client local address when ldap_set_option(LDAP_OPT_LOCAL_ADDRESS...) is executed.
> This can char pointer can point to an IPv4 address or IPv6 address.
>
> - ldap_connect_to_host() in os-ip.c
> After the connection socket is created (ldap_int_socket) and before it is connected (ldap_pvt_connect), extract the local IP address.
> If local address family (AF_INET/ AF_INET6) matches the one of the host, bind socket to the local address.
>
> Regards,
> Daniel
>
>
>
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
6 years, 4 months