changed notes
changed notes changed state Open to Suspended moved from Incoming to Software Bugs
Full_Name: friedrich rechtberger Version: 2.0.15 OS: debian linux 2.2 URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (217.116.64.13) server configured with --enable-ldap=yes --with-ldap-module=static I use the server as an ldap-proxy "database ldap" with no problem until the ldap-client requests an attribute that isn't defined in the schema of the openldap-server but is replied by the answer of the back-ldap server. If this happens i see an segmentation fault.
friedrich.rechtberger@emb.magwien.gv.at wrote: > server configured with --enable-ldap=yes --with-ldap-module=static > > I use the server as an ldap-proxy "database ldap" with no problem until the > ldap-client requests an attribute that isn't defined in the schema of the > openldap-server but is replied by the answer of the back-ldap server. If this > happens i see an segmentation fault. Can you provide extra information? E.g., try to reproduce the problem with full debug on, and also provide a backtrace of the core (i.e. # gdb slapd > run -d 0 ... after failure: > bt Thanks, Pierangelo. -- Dr. Pierangelo Masarati | voice: +39 02 2399 8309 Dip. Ing. Aerospaziale | fax: +39 02 2399 8334 Politecnico di Milano | mailto:masarati@aero.polimi.it via La Masa 34, 20156 Milano, Italy | http://www.aero.polimi.it/~masarati
friedrich.rechtberger@emb.magwien.gv.at wrote: > server configured with --enable-ldap=yes --with-ldap-module=static > > I use the server as an ldap-proxy "database ldap" with no problem until the > ldap-client requests an attribute that isn't defined in the schema of the > openldap-server but is replied by the answer of the back-ldap server. If this > happens i see an segmentation fault. Forget my previous posting. It doesn't matter where the error shows up. It originates in servers/slapd/back-ldap/search.c, where there's no check for the correct retieval of the attribute description in ldap_send_entry(): > continue; > attr->a_next = 0; > attr->a_desc = NULL; > slap_str2ad(a, &attr->a_desc, &text); > attr->a_vals = ldap_get_values_len(lc->ld, e, a); > if (!attr->a_vals) > attr->a_vals = &dummy; > It has been fixed some time ago in 1.23, but not released yet. The fix reads: > continue; > attr->a_next = 0; > attr->a_desc = NULL; > if (slap_str2ad(mapped, &attr->a_desc, &text) != LDAP_SUCCESS) { > ch_free(attr); > continue; > } > attr->a_vals = ldap_get_values_len(lc->ld, e, a); > if (!attr->a_vals) { > attr->a_vals = &dummy; so the unknown attribute is stripped from the results (what if the resulting entry does not pass the schema?) Pierangelo. -- Dr. Pierangelo Masarati | voice: +39 02 2399 8309 Dip. Ing. Aerospaziale | fax: +39 02 2399 8334 Politecnico di Milano | mailto:masarati@aero.polimi.it via La Masa 34, 20156 Milano, Italy | http://www.aero.polimi.it/~masarati
At 08:10 AM 2001-10-03, masarati@aero.polimi.it wrote: >so the unknown attribute is stripped from the results One alternative is to use slap_str2undef_ad() instead of slap_str2ad(). See str2entry() for logic. >(what if the resulting entry does not pass the schema?) Nothing. Often MUST attributes are stripped from results, by ACLs or other means. It's fine (and even noted in rfc2251). Kurt
Kurt@OpenLDAP.org wrote: > > At 08:10 AM 2001-10-03, masarati@aero.polimi.it wrote: > >so the unknown attribute is stripped from the results > > One alternative is to use slap_str2undef_ad() instead > of slap_str2ad(). See str2entry() for logic. That's much cleaner. I applied it to both back-ldap and back-meta; however, I see the "undef" attributes get stripped off somewhere before being returned (even for access to * by * read on the back-ldap, so it is not an ACL problem). Is it intended? > > >(what if the resulting entry does not pass the schema?) > > Nothing. Often MUST attributes are stripped from > results, by ACLs or other means. It's fine (and even > noted in rfc2251). That makes a lot of sense. I must have missed it. Pierangelo. -- Dr. Pierangelo Masarati | voice: +39 02 2399 8309 Dip. Ing. Aerospaziale | fax: +39 02 2399 8334 Politecnico di Milano | mailto:masarati@aero.polimi.it via La Masa 34, 20156 Milano, Italy | http://www.aero.polimi.it/~masarati
At 09:04 AM 2001-10-03, Pierangelo Masarati wrote: >Kurt@OpenLDAP.org wrote: >> >> At 08:10 AM 2001-10-03, masarati@aero.polimi.it wrote: >> >so the unknown attribute is stripped from the results >> >> One alternative is to use slap_str2undef_ad() instead >> of slap_str2ad(). See str2entry() for logic. > >That's much cleaner. I applied it to both back-ldap and >back-meta; however, I see the "undef" attributes get >stripped off somewhere before being returned (even for > >access to * by * read > >on the back-ldap, so it is not an ACL problem). Is it >intended? Yes.
changed notes changed state Suspended to Test
changed notes changed state Test to Release
changed notes changed state Release to Closed
moved from Software Bugs to Archive.Software Bugs
Fixed in HEAD Fixed in re20