HI!
Something's screwed up in BER decoding of RE24 now. I get a LDAP_DECODING_ERROR but it used to work with former versions. I guess this is related to the recent changes to liblber.
Ciao, Michael.
Michael Ströder wrote:
Something's screwed up in BER decoding of RE24 now. I get a LDAP_DECODING_ERROR but it used to work with former versions. I guess this is related to the recent changes to liblber.
Find attached a client-side debug log.
Ciao, Michael.
ldap_url_parse_ext(ldap://172.16.15.10) ldap_create ldap_url_parse_ext(ldap://172.16.15.10:389/??base) ldap_sasl_bind ldap_send_initial_request ldap_new_connection 1 1 0 ldap_int_open_connection ldap_connect_to_host: TCP 172.16.15.10:389 ldap_new_socket: 3 ldap_prepare_socket: 3 ldap_connect_to_host: Trying 172.16.15.10:389 ldap_pvt_connect: fd: 3 tm: -1 async: 0 ldap_open_defconn: successful ldap_send_server_request ber_scanf fmt ({it) ber: ber_dump: buf=0x8065100 ptr=0x8065100 end=0x806510e len=14 0000: 30 0c 02 01 01 60 07 02 01 03 04 00 80 00 0....`........ ber_scanf fmt ({i) ber: ber_dump: buf=0x8065100 ptr=0x8065105 end=0x806510e len=9 0000: 60 07 02 01 03 04 00 80 00 `........ ber_flush2: 14 bytes to sd 3 0000: 30 0c 02 01 01 60 07 02 01 03 04 00 80 00 0....`........ ldap_write: want=14, written=14 0000: 30 0c 02 01 01 60 07 02 01 03 04 00 80 00 0....`........ ldap_result ld 0x805ce48 msgid 1 wait4msg ld 0x805ce48 msgid 1 (infinite timeout) wait4msg continue ld 0x805ce48 msgid 1 all 1 ** ld 0x805ce48 Connections: * host: 172.16.15.10 port: 389 (default) refcnt: 2 status: Connected last used: Wed Nov 4 09:59:32 2009
** ld 0x805ce48 Outstanding Requests: * msgid 1, origid 1, status InProgress outstanding referrals 0, parent count 0 ld 0x805ce48 request count 1 (abandoned 0) ** ld 0x805ce48 Response Queue: Empty ld 0x805ce48 response count 0 ldap_chkResponseList ld 0x805ce48 msgid 1 all 1 ldap_chkResponseList returns ld 0x805ce48 NULL ldap_int_select read1msg: ld 0x805ce48 msgid 1 all 1 ber_get_next ldap_read: want=8, got=8 0000: 30 84 00 00 00 10 02 01 0....... ldap_read: want=14, got=14 0000: 01 61 84 00 00 00 07 0a 01 00 04 00 04 00 .a............ ber_get_next: tag 0x30 len 16 contents: ber_dump: buf=0x8066240 ptr=0x8066240 end=0x8066250 len=16 0000: 02 01 01 61 84 00 00 00 07 0a 01 00 04 00 04 00 ...a............ read1msg: ld 0x805ce48 msgid 1 message type bind ber_scanf fmt ({eAA) ber: ber_dump: buf=0x8066240 ptr=0x8066243 end=0x8066250 len=13 0000: 61 84 00 00 00 07 0a 01 00 04 00 04 00 a............ read1msg: ld 0x805ce48 0 new referrals read1msg: mark request completed, ld 0x805ce48 msgid 1 request done: ld 0x805ce48 msgid 1 res_errno: 0, res_error: <>, res_matched: <> ldap_free_request (origid 1, msgid 1) ldap_parse_result ber_scanf fmt ({iAA) ber: ber_dump: buf=0x8066240 ptr=0x8066243 end=0x8066250 len=13 0000: 61 84 00 00 00 07 0a 01 00 04 00 04 00 a............ ber_scanf fmt (}) ber: ber_dump: buf=0x8066240 ptr=0x8066250 end=0x8066250 len=0
ldap_msgfree ldap_search_ext put_filter: "(objectclass=*)" put_filter: simple put_simple_filter: "objectclass=*" ldap_build_search_req ATTRS: * ldap_send_initial_request ldap_send_server_request ber_scanf fmt ({it) ber: ber_dump: buf=0x8065100 ptr=0x8065100 end=0x80651b5 len=181 0000: 30 81 b2 02 01 02 63 81 ac 04 81 8b 43 4e 3d 53 0.....c.....CN=S 0010: 65 72 76 65 72 20 43 41 20 6e 6f 2e 20 32 20 73 erver CA no. 2 s 0020: 74 72 6f 65 64 65 72 2e 63 6f 6d 2c 43 4e 3d 43 troeder.com,CN=C 0030: 65 72 74 69 66 69 63 61 74 69 6f 6e 20 41 75 74 ertification Aut 0040: 68 6f 72 69 74 69 65 73 2c 43 4e 3d 50 75 62 6c horities,CN=Publ 0050: 69 63 20 4b 65 79 20 53 65 72 76 69 63 65 73 2c ic Key Services, 0060: 43 4e 3d 53 65 72 76 69 63 65 73 2c 43 4e 3d 43 CN=Services,CN=C 0070: 6f 6e 66 69 67 75 72 61 74 69 6f 6e 2c 44 43 3d onfiguration,DC= 0080: 64 6f 6d 32 2c 44 43 3d 61 64 74 65 73 74 2c 44 dom2,DC=adtest,D 0090: 43 3d 6c 6f 63 61 6c 0a 01 00 0a 01 00 02 01 00 C=local......... 00a0: 02 01 00 01 01 00 87 0b 6f 62 6a 65 63 74 63 6c ........objectcl 00b0: 61 73 73 30 00 ass0. ber_scanf fmt ({) ber: ber_dump: buf=0x8065100 ptr=0x8065106 end=0x80651b5 len=175 0000: 63 81 ac 04 81 8b 43 4e 3d 53 65 72 76 65 72 20 c.....CN=Server 0010: 43 41 20 6e 6f 2e 20 32 20 73 74 72 6f 65 64 65 CA no. 2 stroede 0020: 72 2e 63 6f 6d 2c 43 4e 3d 43 65 72 74 69 66 69 r.com,CN=Certifi 0030: 63 61 74 69 6f 6e 20 41 75 74 68 6f 72 69 74 69 cation Authoriti 0040: 65 73 2c 43 4e 3d 50 75 62 6c 69 63 20 4b 65 79 es,CN=Public Key 0050: 20 53 65 72 76 69 63 65 73 2c 43 4e 3d 53 65 72 Services,CN=Ser 0060: 76 69 63 65 73 2c 43 4e 3d 43 6f 6e 66 69 67 75 vices,CN=Configu 0070: 72 61 74 69 6f 6e 2c 44 43 3d 64 6f 6d 32 2c 44 ration,DC=dom2,D 0080: 43 3d 61 64 74 65 73 74 2c 44 43 3d 6c 6f 63 61 C=adtest,DC=loca 0090: 6c 0a 01 00 0a 01 00 02 01 00 02 01 00 01 01 00 l............... 00a0: 87 0b 6f 62 6a 65 63 74 63 6c 61 73 73 30 00 ..objectclass0. ber_flush2: 181 bytes to sd 3 0000: 30 81 b2 02 01 02 63 81 ac 04 81 8b 43 4e 3d 53 0.....c.....CN=S 0010: 65 72 76 65 72 20 43 41 20 6e 6f 2e 20 32 20 73 erver CA no. 2 s 0020: 74 72 6f 65 64 65 72 2e 63 6f 6d 2c 43 4e 3d 43 troeder.com,CN=C 0030: 65 72 74 69 66 69 63 61 74 69 6f 6e 20 41 75 74 ertification Aut 0040: 68 6f 72 69 74 69 65 73 2c 43 4e 3d 50 75 62 6c horities,CN=Publ 0050: 69 63 20 4b 65 79 20 53 65 72 76 69 63 65 73 2c ic Key Services, 0060: 43 4e 3d 53 65 72 76 69 63 65 73 2c 43 4e 3d 43 CN=Services,CN=C 0070: 6f 6e 66 69 67 75 72 61 74 69 6f 6e 2c 44 43 3d onfiguration,DC= 0080: 64 6f 6d 32 2c 44 43 3d 61 64 74 65 73 74 2c 44 dom2,DC=adtest,D 0090: 43 3d 6c 6f 63 61 6c 0a 01 00 0a 01 00 02 01 00 C=local......... 00a0: 02 01 00 01 01 00 87 0b 6f 62 6a 65 63 74 63 6c ........objectcl 00b0: 61 73 73 30 00 ass0. ldap_write: want=181, written=181 0000: 30 81 b2 02 01 02 63 81 ac 04 81 8b 43 4e 3d 53 0.....c.....CN=S 0010: 65 72 76 65 72 20 43 41 20 6e 6f 2e 20 32 20 73 erver CA no. 2 s 0020: 74 72 6f 65 64 65 72 2e 63 6f 6d 2c 43 4e 3d 43 troeder.com,CN=C 0030: 65 72 74 69 66 69 63 61 74 69 6f 6e 20 41 75 74 ertification Aut 0040: 68 6f 72 69 74 69 65 73 2c 43 4e 3d 50 75 62 6c horities,CN=Publ 0050: 69 63 20 4b 65 79 20 53 65 72 76 69 63 65 73 2c ic Key Services, 0060: 43 4e 3d 53 65 72 76 69 63 65 73 2c 43 4e 3d 43 CN=Services,CN=C 0070: 6f 6e 66 69 67 75 72 61 74 69 6f 6e 2c 44 43 3d onfiguration,DC= 0080: 64 6f 6d 32 2c 44 43 3d 61 64 74 65 73 74 2c 44 dom2,DC=adtest,D 0090: 43 3d 6c 6f 63 61 6c 0a 01 00 0a 01 00 02 01 00 C=local......... 00a0: 02 01 00 01 01 00 87 0b 6f 62 6a 65 63 74 63 6c ........objectcl 00b0: 61 73 73 30 00 ass0. ldap_result ld 0x805ce48 msgid -1 wait4msg ld 0x805ce48 msgid -1 (infinite timeout) wait4msg continue ld 0x805ce48 msgid -1 all 0 ** ld 0x805ce48 Connections: * host: 172.16.15.10 port: 389 (default) refcnt: 2 status: Connected last used: Wed Nov 4 09:59:32 2009
** ld 0x805ce48 Outstanding Requests: * msgid 2, origid 2, status InProgress outstanding referrals 0, parent count 0 ld 0x805ce48 request count 1 (abandoned 0) ** ld 0x805ce48 Response Queue: Empty ld 0x805ce48 response count 0 ldap_chkResponseList ld 0x805ce48 msgid -1 all 0 ldap_chkResponseList returns ld 0x805ce48 NULL ldap_int_select read1msg: ld 0x805ce48 msgid -1 all 0 ber_get_next ldap_read: want=8, got=8 0000: 30 84 00 00 00 a7 02 01 0....... ldap_read: want=165, got=165 0000: 02 65 84 00 00 00 9e 0a 01 01 04 00 04 84 00 00 .e.............. 0010: 00 93 30 30 30 30 30 30 30 30 3a 20 4c 64 61 70 ..00000000: Ldap 0020: 45 72 72 3a 20 44 53 49 44 2d 30 43 30 39 30 36 Err: DSID-0C0906 0030: 32 37 2c 20 63 6f 6d 6d 65 6e 74 3a 20 49 6e 20 27, comment: In 0040: 6f 72 64 65 72 20 74 6f 20 70 65 72 66 6f 72 6d order to perform 0050: 20 74 68 69 73 20 6f 70 65 72 61 74 69 6f 6e 20 this operation 0060: 61 20 73 75 63 63 65 73 73 66 75 6c 20 62 69 6e a successful bin 0070: 64 20 6d 75 73 74 20 62 65 20 63 6f 6d 70 6c 65 d must be comple 0080: 74 65 64 20 6f 6e 20 74 68 65 20 63 6f 6e 6e 65 ted on the conne 0090: 63 74 69 6f 6e 2e 2c 20 64 61 74 61 20 30 2c 20 ction., data 0, 00a0: 76 65 63 65 00 vece. ber_get_next: tag 0x30 len 167 contents: ber_dump: buf=0x8066270 ptr=0x8066270 end=0x8066317 len=167 0000: 02 01 02 65 84 00 00 00 9e 0a 01 01 04 00 04 84 ...e............ 0010: 00 00 00 93 30 30 30 30 30 30 30 30 3a 20 4c 64 ....00000000: Ld 0020: 61 70 45 72 72 3a 20 44 53 49 44 2d 30 43 30 39 apErr: DSID-0C09 0030: 30 36 32 37 2c 20 63 6f 6d 6d 65 6e 74 3a 20 49 0627, comment: I 0040: 6e 20 6f 72 64 65 72 20 74 6f 20 70 65 72 66 6f n order to perfo 0050: 72 6d 20 74 68 69 73 20 6f 70 65 72 61 74 69 6f rm this operatio 0060: 6e 20 61 20 73 75 63 63 65 73 73 66 75 6c 20 62 n a successful b 0070: 69 6e 64 20 6d 75 73 74 20 62 65 20 63 6f 6d 70 ind must be comp 0080: 6c 65 74 65 64 20 6f 6e 20 74 68 65 20 63 6f 6e leted on the con 0090: 6e 65 63 74 69 6f 6e 2e 2c 20 64 61 74 61 20 30 nection., data 0 00a0: 2c 20 76 65 63 65 00 , vece. read1msg: ld 0x805ce48 msgid 2 message type search-result ber_scanf fmt ({eAA) ber: ber_dump: buf=0x8066270 ptr=0x8066273 end=0x8066317 len=164 0000: 65 84 00 00 00 9e 0a 01 01 04 00 04 84 00 00 00 e............... 0010: 93 30 30 30 30 30 30 30 30 3a 20 4c 64 61 70 45 .00000000: LdapE 0020: 72 72 3a 20 44 53 49 44 2d 30 43 30 39 30 36 32 rr: DSID-0C09062 0030: 37 2c 20 63 6f 6d 6d 65 6e 74 3a 20 49 6e 20 6f 7, comment: In o 0040: 72 64 65 72 20 74 6f 20 70 65 72 66 6f 72 6d 20 rder to perform 0050: 74 68 69 73 20 6f 70 65 72 61 74 69 6f 6e 20 61 this operation a 0060: 20 73 75 63 63 65 73 73 66 75 6c 20 62 69 6e 64 successful bind 0070: 20 6d 75 73 74 20 62 65 20 63 6f 6d 70 6c 65 74 must be complet 0080: 65 64 20 6f 6e 20 74 68 65 20 63 6f 6e 6e 65 63 ed on the connec 0090: 74 69 6f 6e 2e 2c 20 64 61 74 61 20 30 2c 20 76 tion., data 0, v 00a0: 65 63 65 00 ece. read1msg: ld 0x805ce48 0 new referrals read1msg: mark request completed, ld 0x805ce48 msgid 2 request done: ld 0x805ce48 msgid 2 res_errno: 0, res_error: <>, res_matched: <> ldap_free_request (origid 2, msgid 2) ldap_parse_result ber_scanf fmt ({iAA) ber: ber_dump: buf=0x8066270 ptr=0x8066273 end=0x8066317 len=164 0000: 65 84 00 00 00 9e 0a 01 01 04 00 04 84 00 00 00 e............... 0010: 93 30 30 30 30 30 30 30 30 3a 20 4c 64 61 70 45 .00000000: LdapE 0020: 72 72 3a 20 44 53 49 44 2d 30 43 30 39 30 36 32 rr: DSID-0C09062 0030: 37 2c 20 63 6f 6d 6d 65 6e 74 3a 20 49 6e 20 6f 7, comment: In o 0040: 72 64 65 72 20 74 6f 20 70 65 72 66 6f 72 6d 20 rder to perform 0050: 74 68 69 73 20 6f 70 65 72 61 74 69 6f 6e 20 61 this operation a 0060: 20 73 75 63 63 65 73 73 66 75 6c 20 62 69 6e 64 successful bind 0070: 20 6d 75 73 74 20 62 65 20 63 6f 6d 70 6c 65 74 must be complet 0080: 65 64 20 6f 6e 20 74 68 65 20 63 6f 6e 6e 65 63 ed on the connec 0090: 74 69 6f 6e 2e 2c 20 64 61 74 61 20 30 2c 20 76 tion., data 0, v 00a0: 65 63 65 00 ece. ldap_err2string ldap_parse_result: Decoding error (-4) # extended LDIF # # LDAPv3 # base <CN=Server CA no. 2 stroeder.com,CN=Certification Authorities,CN=Public Key Services,CN=Services,CN=Configuration,DC=dom2,DC=adtest,DC=local> with scope baseObject # filter: (objectclass=*) # requesting: ALL #
# search result search: 2
Michael Ströder writes:
Michael Ströder wrote:
Something's screwed up in BER decoding of RE24 now. I get a LDAP_DECODING_ERROR but it used to work with former versions.
Workaround in HEAD: liblber/decode.c rev 1.129. Please test.
It was due to ITS#6353: reject embedded NUL bytes in plain strings. AD sends the diagnosticMessage with a terminating NUL byte, as if LDAP used C strings:-( Now we accept a terminating NUL, but still reject NULs in the middle of the string.
Hallvard B Furuseth wrote:
Michael Ströder writes:
Michael Ströder wrote:
Something's screwed up in BER decoding of RE24 now. I get a LDAP_DECODING_ERROR but it used to work with former versions.
Workaround in HEAD: liblber/decode.c rev 1.129. Please test.
Recent HEAD seems to work.
Ciao, Michael.
-
Hallvard B Furuseth -
Michael Ströder