OpenLDAP
Up to top level
Build   Contrib   Development   Documentation   Historical   Incoming   Software Bugs   Software Enhancements   Web  

Logged in as guest

Viewing Incoming/8788
Full headers

From: quanah@openldap.org
Subject: slapd-pcache undef not compatible with mdb
Compose comment
Download message
State:
0 replies:
1 followups: 1

Major security issue: yes  no

Notes:

Notification:


Date: Mon, 11 Dec 2017 15:02:05 +0000
From: quanah@openldap.org
To: openldap-its@OpenLDAP.org
Subject: slapd-pcache undef not compatible with mdb
Full_Name: Quanah Gibson-Mount
Version: 2.4.45
OS: N/A
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (47.208.148.239)


The pcache backend to slapd has the option for attr sets to note if an attribute
that being cached is not defined in the local schema by prefixing it with
"undef:", such as "undef:myattr".  While this functionality works fine when
pcache is using back-bdb or back-hdb, it does not work with back-mdb.  In the
case where back-mdb is used, an error will be logged if the hidden "pcaache"
loglevel is used, but it will still attempt to answer queries (it will return no
results, but with a success return code).


At a minimum, the documentation needs to be updated to note this feature
incompatibility.  It would be additionally useful if either slapd would refuse
to start if undef was used on top of back-mdb, or pcache would log an error that
it could not answer the result from the cache, and fall back to doing a direct
lookup.

Followup 1

Download message
Subject: Re: (ITS#8788) slapd-pcache undef not compatible with mdb
To: quanah@openldap.org, openldap-its@OpenLDAP.org
From: Howard Chu <hyc@symas.com>
Date: Mon, 11 Dec 2017 17:15:32 +0000
quanah@openldap.org wrote:
> Full_Name: Quanah Gibson-Mount
> Version: 2.4.45
> OS: N/A
> URL: ftp://ftp.openldap.org/incoming/
> Submission from: (NULL) (47.208.148.239)
> 
> 
> The pcache backend to slapd has the option for attr sets to note if an
attribute
> that being cached is not defined in the local schema by prefixing it with
> "undef:", such as "undef:myattr".  While this functionality works fine when
> pcache is using back-bdb or back-hdb, it does not work with back-mdb.  In
the
> case where back-mdb is used, an error will be logged if the hidden
"pcaache"
> loglevel is used, but it will still attempt to answer queries (it will
return no
> results, but with a success return code).

pcache uses slap_bv2tmp_ad() to register undef attributes. It looks like 
there's a bug here in that it doesn't initialize ad->ad_index. (bv2undef 
initializes this to zero.) Of course, that still doesn't change the fact that 
back-mdb requires schema to be fully defined.

> At a minimum, the documentation needs to be updated to note this feature
> incompatibility.  It would be additionally useful if either slapd would
refuse
> to start if undef was used on top of back-mdb, or pcache would log an error
that
> it could not answer the result from the cache, and fall back to doing a
direct
> lookup.

-- 
   -- Howard Chu
   CTO, Symas Corp.           http://www.symas.com
   Director, Highland Sun     http://highlandsun.com/hyc/
   Chief Architect, OpenLDAP  http://www.openldap.org/project/


Up to top level
Build   Contrib   Development   Documentation   Historical   Incoming   Software Bugs   Software Enhancements   Web  

Logged in as guest


The OpenLDAP Issue Tracking System uses a hacked version of JitterBug

______________
© Copyright 2013, OpenLDAP Foundation, info@OpenLDAP.org