[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#7271) Don't clobber SASL_NOCANON in clients/tools/common.c

To: openldap-its@OpenLDAP.org
Subject: Re: (ITS#7271) Don't clobber SASL_NOCANON in clients/tools/common.c
From: hyc@symas.com
Date: Wed, 30 May 2012 13:15:28 GMT
Auto-submitted: auto-generated (OpenLDAP-ITS)

wking@tremily.us wrote:
> Full_Name: W. Trevor King
> Version: git commit 22bf5188
> OS: Gentoo
> URL: http://blog.tremily.us/posts/LDAP/tool-nocanon.patch
> Submission from: (NULL) (72.68.88.202)
>
>
> The ldap.conf SASL_NOCANON configuration option (or LDAPSASL_NOCANON environment
> variable) should set the default behaviour for OpenLDAP tools such as
> ldapwhoami.  This configuration option should allow users to use the tools
> without having to use the matching command line option (-N).  Unfortunately, the
> current code sets the option to true/false after only querying the command line
> option.
>
> I'm linking to a patch that looks at the current value of the option first, and
> if it's true, skips processing the command line option (which would either be a
> redundant -N keeping the option true, or an absence of -N which implies the user
> wants to use the configured value (true)).
>
> Another approach would be to set the initial value of nocanon to UNINITIALIZED
> (-1?).  Command line arguments could set nocanon to 1 (true, -N) or false (0,
> --canon?).  Then we would only call ldap_set_option if nocanon was not
> UNINITIALIZED.
>
> I can work up a patch using this second approach if people prefer.  If so, let
> me know if you want me to define UNINITIALIZED, or to just use -1.
>
> I didn't check, but I would not be surprised if this same clobbering occurred
> for other command line options.

The only other boolean command line option is referrals, which is deprecated 
and has been undocumented for years. Not worth bothering over.

Ideally the command line option should have been able to set this explicitly 
to both true and false, to allow complete control over the option. But I'm not 
particularly concerned either way. Since the option currently can only be set 
to true, it would be sufficient to just check for nocanon != 0 before calling 
ldap_set_option.

-- 
   -- Howard Chu
   CTO, Symas Corp.           http://www.symas.com
   Director, Highland Sun     http://highlandsun.com/hyc/
   Chief Architect, OpenLDAP  http://www.openldap.org/project/

Prev by Date: Re: (ITS#7270) Double free in ldap_int_initialize
Next by Date: Re: (ITS#7276) [PATCH] MozNSS: allow CA certdb together with PEM CA bundle file
Index(es):
- Chronological
- Thread