OpenLDAP
Up to top level
Build   Contrib   Development   Documentation   Historical   Incoming   Software Bugs   Software Enhancements   Web  

Logged in as guest

Viewing Software Enhancements/8714
Full headers

From: michael@stroeder.com
Subject: RFE: Sendout EXTENDED operation message in back-sock
Compose comment
Download message
State:
0 replies:
12 followups: 1 2 3 4 5 6 7 8 9 10 11 12

Major security issue: yes  no

Notes:

Notification:


Date: Fri, 18 Aug 2017 15:28:29 +0000
From: michael@stroeder.com
To: openldap-its@OpenLDAP.org
Subject: RFE: Sendout EXTENDED operation message in back-sock
Full_Name: Michael Str.der
Version: master / RE24
OS: irrelevant
URL: 
Submission from: (NULL) (213.240.182.101)


back-sock should also send extended operations to external listener.

Patch will follow.

Followup 1

Download message
Subject: Re: (ITS#8714) RFE: Sendout EXTENDED operation message in back-sock
From: =?UTF-8?Q?Michael_Str=c3=b6der?= <michael@stroeder.com>
To: openldap-its@OpenLDAP.org
Date: Fri, 18 Aug 2017 18:58:51 +0200
This is a multi-part message in MIME format.
--------------4BA376E6A3936AB8C247B47A
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

The attached patch file is derived from OpenLDAP Software. All of the
modifications to
OpenLDAP Software represented in the following patch(es) were developed by
Michael
Str..der <michael@stroeder.com>. I have not assigned rights and/or
interest in this work
to any party.

I, Michael Str..der, hereby place the following modifications to OpenLDAP
Software (and
only these modifications) into the public domain. Hence, these modifications may
be
freely used and/or redistributed for any purpose with or without attribution
and/or other
notice.

This patch can also be found here:

ftp://ftp.openldap.org/incoming/0001-ITS-8714-Send-out-EXTENDED-operation-message-from-back-sock.patch

--------------4BA376E6A3936AB8C247B47A
Content-Type: text/x-patch;
 name="0001-ITS-8714-Send-out-EXTENDED-operation-message-from-back-sock.patch"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: attachment;
 filename*0="0001-ITS-8714-Send-out-EXTENDED-operation-message-from-back-";
 filename*1="sock.patch"

=46rom 732c5646e0a03be8b58e52527b25742f0495807e Mon Sep 17 00:00:00 2001
From: =3D?UTF-8?q?Michael=3D20Str=3DC3=3DB6der?=3D <michael@stroeder.com>=

Date: Fri, 18 Aug 2017 18:47:41 +0200
Subject: [PATCH] ITS#8714 Send out EXTENDED operation message from back-s=
ock
 to external program

---
 doc/man/man5/slapd-sock.5            | 19 +++++++++++-
 servers/slapd/back-sock/Makefile.in  |  4 +--
 servers/slapd/back-sock/config.c     | 12 ++++++--
 servers/slapd/back-sock/extended.c   | 58 ++++++++++++++++++++++++++++++=
++++++
 servers/slapd/back-sock/init.c       |  2 +-
 servers/slapd/back-sock/proto-sock.h |  2 ++
 6 files changed, 91 insertions(+), 6 deletions(-)
 create mode 100644 servers/slapd/back-sock/extended.c

diff --git a/doc/man/man5/slapd-sock.5 b/doc/man/man5/slapd-sock.5
index 1ac4f7fdd..0c4fc3fdd 100644
--- a/doc/man/man5/slapd-sock.5
+++ b/doc/man/man5/slapd-sock.5
@@ -49,7 +49,7 @@ be sent and from which replies are received.
=20
 When used as an overlay, these additional directives are defined:
 .TP
-.B sockops	[ bind | unbind | search | compare | modify | modrdn | add | =
delete ]*
+.B sockops	[ bind | unbind | search | compare | modify | modrdn | add | =
delete | extended ]*
 Specify which request types to send to the external program. The default=
 is
 empty (no requests are sent).
 .TP
@@ -115,6 +115,18 @@ dn: <DN>
 .PP
 .RS
 .nf
+EXTENDED
+msgid: <message id>
+<repeat { "suffix:" <database suffix DN> }>
+oid: <OID>
+valuelen: <length of <value>>
+value: <credentials>
+<blank line>
+.fi
+.RE
+.PP
+.RS
+.nf
 MODIFY
 msgid: <message id>
 <repeat { "suffix:" <database suffix DN> }>
@@ -292,6 +304,11 @@ access to the
 pseudo_attribute of the searchBase;
 .B search (=3Ds)
 access to the attributes and values used in the filter is not checked.
+.LP
+The
+.B extended
+operation does not require any access special rights.
+The external program has to implement any sort of access control.
=20
 .SH EXAMPLE
 There is an example script in the slapd/back\-sock/ directory
diff --git a/servers/slapd/back-sock/Makefile.in b/servers/slapd/back-soc=
k/Makefile.in
index 3e527e545..efb916246 100644
--- a/servers/slapd/back-sock/Makefile.in
+++ b/servers/slapd/back-sock/Makefile.in
@@ -18,9 +18,9 @@
 ## in OpenLDAP Software.
=20
 SRCS	=3D init.c config.c opensock.c search.c bind.c unbind.c add.c \
-		delete.c modify.c modrdn.c compare.c result.c
+		delete.c modify.c modrdn.c compare.c result.c extended.c
 OBJS	=3D init.lo config.lo opensock.lo search.lo bind.lo unbind.lo add.l=
o \
-		delete.lo modify.lo modrdn.lo compare.lo result.lo
+		delete.lo modify.lo modrdn.lo compare.lo result.lo extended.lo
=20
 LDAP_INCDIR=3D ../../../include      =20
 LDAP_LIBDIR=3D ../../../libraries
diff --git a/servers/slapd/back-sock/config.c b/servers/slapd/back-sock/c=
onfig.c
index dc3f1365c..2dcf68bf6 100644
--- a/servers/slapd/back-sock/config.c
+++ b/servers/slapd/back-sock/config.c
@@ -106,6 +106,7 @@ static ConfigOCs osocs[] =3D {
 #define SOCK_OP_MODRDN	0x020
 #define SOCK_OP_ADD		0x040
 #define SOCK_OP_DELETE	0x080
+#define SOCK_OP_EXTENDED	0x100
=20
 #define SOCK_REP_RESULT	0x001
 #define SOCK_REP_SEARCH	0x002
@@ -127,6 +128,7 @@ static slap_verbmasks ov_ops[] =3D {
 	{ BER_BVC("modrdn"), SOCK_OP_MODRDN },
 	{ BER_BVC("add"), SOCK_OP_ADD },
 	{ BER_BVC("delete"), SOCK_OP_DELETE },
+	{ BER_BVC("extended"), SOCK_OP_EXTENDED },
 	{ BER_BVNULL, 0 }
 };
=20
@@ -249,7 +251,9 @@ static BI_op_bind *sockfuncs[] =3D {
 	sock_back_modify,
 	sock_back_modrdn,
 	sock_back_add,
-	sock_back_delete
+	sock_back_delete,
+	0,                    /* abandon not supported */
+	sock_back_extended
 };
=20
 static const int sockopflags[] =3D {
@@ -260,7 +264,9 @@ static const int sockopflags[] =3D {
 	SOCK_OP_MOD

Message of length 8687 truncated


Followup 2

Download message
Subject: Re: (ITS#8714) RFE: Sendout EXTENDED operation message in back-sock
To: michael@stroeder.com, openldap-its@OpenLDAP.org
From: Howard Chu <hyc@symas.com>
Date: Fri, 25 Aug 2017 16:57:16 +0100
michael@stroeder.com wrote:
> +	/* write out the request to the extended process */
> +	fprintf( fp, "EXTENDED\n" );
> +	fprintf( fp, "msgid: %ld\n", (long) op->o_msgid );
> +	sock_print_conn( fp, op->o_conn, si );
> +	sock_print_suffixes( fp, op->o_bd );
> +	fprintf( fp, "oid: %s\n", op->ore_reqoid.bv_val );
> +  if (op->ore_reqdata) {
> +		fprintf( fp, "valuelen: %lu\n", op->ore_reqdata->bv_len );
> +		fprintf( fp, "value: %s\n", op->ore_reqdata->bv_val );
> +	}
> +	fprintf( fp, "\n" );

This isn't safe. The reqdata is binary, not a nul-terminated C string. I 
suppose you could hex or base64-encode it instead.

-- 
   -- Howard Chu
   CTO, Symas Corp.           http://www.symas.com
   Director, Highland Sun     http://highlandsun.com/hyc/
   Chief Architect, OpenLDAP  http://www.openldap.org/project/



Followup 3

Download message
From: =?UTF-8?Q?Michael_Str=c3=b6der?= <michael@stroeder.com>
Subject: Re: (ITS#8714) RFE: Sendout EXTENDED operation message in back-sock
To: Howard Chu <hyc@symas.com>, openldap-its@OpenLDAP.org
Date: Sun, 27 Aug 2017 13:33:34 +0200
Howard Chu wrote:
> michael@stroeder.com wrote:
>> +    /* write out the request to the extended process */
>> +    fprintf( fp, "EXTENDED\n" );
>> +    fprintf( fp, "msgid: %ld\n", (long) op->o_msgid );
>> +    sock_print_conn( fp, op->o_conn, si );
>> +    sock_print_suffixes( fp, op->o_bd );
>> +    fprintf( fp, "oid: %s\n", op->ore_reqoid.bv_val );
>> +  if (op->ore_reqdata) {
>> +        fprintf( fp, "valuelen: %lu\n", op->ore_reqdata->bv_len
);
>> +        fprintf( fp, "value: %s\n", op->ore_reqdata->bv_val );
>> +    }
>> +    fprintf( fp, "\n" );
> 
> This isn't safe. The reqdata is binary, not a nul-terminated C string. I
suppose you
> could hex or base64-encode it instead.

Frankly I don't understand.

I considered using base64 but I wanted to stick to what's already done in
back-sock.

See openldap/servers/slapd/back-sock/bind.c for the password value which is also
an
arbitrary OctetString:

	/* write out the request to the bind process */
[..]
	fprintf( fp, "credlen: %lu\n", op->oq_bind.rb_cred.bv_len );
	fprintf( fp, "cred: %s\n", op->oq_bind.rb_cred.bv_val ); /* XXX */
	fprintf( fp, "\n" );

The above should also work with null-bytes, shoudn't it?

Ciao, Michael.



Followup 4

Download message
Subject: Re: (ITS#8714) RFE: Sendout EXTENDED operation message in back-sock
To: =?UTF-8?Q?Michael_Str=c3=b6der?= <michael@stroeder.com>,
 openldap-its@OpenLDAP.org
From: Howard Chu <hyc@symas.com>
Date: Sun, 27 Aug 2017 15:37:16 +0100
Michael Str=C3=B6der wrote:
> Howard Chu wrote:
>> michael@stroeder.com wrote:
>>> +    /* write out the request to the extended process */
>>> +    fprintf( fp, "EXTENDED\n" );
>>> +    fprintf( fp, "msgid: %ld\n", (long) op->o_msgid );
>>> +    sock_print_conn( fp, op->o_conn, si );
>>> +    sock_print_suffixes( fp, op->o_bd );
>>> +    fprintf( fp, "oid: %s\n", op->ore_reqoid.bv_val );
>>> +  if (op->ore_reqdata) {
>>> +        fprintf( fp, "valuelen: %lu\n",
op->ore_reqdata->bv_len );
>>> +        fprintf( fp, "value: %s\n", op->ore_reqdata->bv_val
);
>>> +    }
>>> +    fprintf( fp, "\n" );
>>
>> This isn't safe. The reqdata is binary, not a nul-terminated C string.=
 I suppose you
>> could hex or base64-encode it instead.
>=20
> Frankly I don't understand.
>=20
> I considered using base64 but I wanted to stick to what's already done =
in back-sock.
>=20
> See openldap/servers/slapd/back-sock/bind.c for the password value whic=
h is also an
> arbitrary OctetString:
>=20
> 	/* write out the request to the bind process */
> [..]
> 	fprintf( fp, "credlen: %lu\n", op->oq_bind.rb_cred.bv_len );
> 	fprintf( fp, "cred: %s\n", op->oq_bind.rb_cred.bv_val ); /* XXX */
> 	fprintf( fp, "\n" );
>=20
> The above should also work with null-bytes, shoudn't it?

No, it's a bug. Probably a benign bug because it's difficult for users to=
=20
create passwords with embedded NULs.

--=20
   -- Howard Chu
   CTO, Symas Corp.           http://www.symas.com
   Director, Highland Sun     http://highlandsun.com/hyc/
   Chief Architect, OpenLDAP  http://www.openldap.org/project/



Followup 5

Download message
From: =?UTF-8?Q?Michael_Str=c3=b6der?= <michael@stroeder.com>
Subject: (ITS#8714)
To: openldap-its@openldap.org
Date: Tue, 5 Sep 2017 15:43:27 +0200
This is a multi-part message in MIME format.
--------------E329EF3D834E0A798BAC2EBC
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit

Find attached a new patch which base64-encoded the extended
operation request value before sending it to the socket.

You can also download patch file here:

https://www.stroeder.com/temp/0001-ITS-8714-Send-out-EXTENDED-operation-message-from-back-sock_rev2.patch

Ciao, Michael.



--------------E329EF3D834E0A798BAC2EBC
Content-Type: text/x-patch;
 name="0001-ITS-8714-Send-out-EXTENDED-operation-message-from-back-sock_rev2.patch"
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
 filename*0="0001-ITS-8714-Send-out-EXTENDED-operation-message-from-back-";
 filename*1="sock_rev2.patch"

From 7e584ffc4235f7e120b69acbd0b41cac9fe47ba3 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Michael=20Str=C3=B6der?= <michael@stroeder.com>
Date: Tue, 5 Sep 2017 15:30:28 +0200
Subject: [PATCH] ITS#8714 Send out EXTENDED operation message from back-sock

---
 doc/man/man5/slapd-sock.5            | 19 ++++++++++++++++++-
 servers/slapd/back-sock/Makefile.in  |  4 ++--
 servers/slapd/back-sock/config.c     | 12 ++++++++++--
 servers/slapd/back-sock/init.c       |  2 +-
 servers/slapd/back-sock/proto-sock.h |  2 ++
 5 files changed, 33 insertions(+), 6 deletions(-)

diff --git a/doc/man/man5/slapd-sock.5 b/doc/man/man5/slapd-sock.5
index 1ac4f7fdd..b2fb21cc1 100644
--- a/doc/man/man5/slapd-sock.5
+++ b/doc/man/man5/slapd-sock.5
@@ -49,7 +49,7 @@ be sent and from which replies are received.
 
 When used as an overlay, these additional directives are defined:
 .TP
-.B sockops	[ bind | unbind | search | compare | modify | modrdn | add | delete
]*
+.B sockops	[ bind | unbind | search | compare | modify | modrdn | add | delete
| extended ]*
 Specify which request types to send to the external program. The default is
 empty (no requests are sent).
 .TP
@@ -115,6 +115,18 @@ dn: <DN>
 .PP
 .RS
 .nf
+EXTENDED
+msgid: <message id>
+<repeat { "suffix:" <database suffix DN> }>
+oid: <OID>
+valuelen: <length of <value>>
+value: <value>
+<blank line>
+.fi
+.RE
+.PP
+.RS
+.nf
 MODIFY
 msgid: <message id>
 <repeat { "suffix:" <database suffix DN> }>
@@ -292,6 +304,11 @@ access to the
 pseudo_attribute of the searchBase;
 .B search (=s)
 access to the attributes and values used in the filter is not checked.
+.LP
+The
+.B extended
+operation does not require any access special rights.
+The external program has to implement any sort of access control.
 
 .SH EXAMPLE
 There is an example script in the slapd/back\-sock/ directory
diff --git a/servers/slapd/back-sock/Makefile.in
b/servers/slapd/back-sock/Makefile.in
index 3e527e545..efb916246 100644
--- a/servers/slapd/back-sock/Makefile.in
+++ b/servers/slapd/back-sock/Makefile.in
@@ -18,9 +18,9 @@
 ## in OpenLDAP Software.
 
 SRCS	= init.c config.c opensock.c search.c bind.c unbind.c add.c \
-		delete.c modify.c modrdn.c compare.c result.c
+		delete.c modify.c modrdn.c compare.c result.c extended.c
 OBJS	= init.lo config.lo opensock.lo search.lo bind.lo unbind.lo add.lo \
-		delete.lo modify.lo modrdn.lo compare.lo result.lo
+		delete.lo modify.lo modrdn.lo compare.lo result.lo extended.lo
 
 LDAP_INCDIR= ../../../include       
 LDAP_LIBDIR= ../../../libraries
diff --git a/servers/slapd/back-sock/config.c b/servers/slapd/back-sock/config.c
index dc3f1365c..2dcf68bf6 100644
--- a/servers/slapd/back-sock/config.c
+++ b/servers/slapd/back-sock/config.c
@@ -106,6 +106,7 @@ static ConfigOCs osocs[] = {
 #define SOCK_OP_MODRDN	0x020
 #define SOCK_OP_ADD		0x040
 #define SOCK_OP_DELETE	0x080
+#define SOCK_OP_EXTENDED	0x100
 
 #define SOCK_REP_RESULT	0x001
 #define SOCK_REP_SEARCH	0x002
@@ -127,6 +128,7 @@ static slap_verbmasks ov_ops[] = {
 	{ BER_BVC("modrdn"), SOCK_OP_MODRDN },
 	{ BER_BVC("add"), SOCK_OP_ADD },
 	{ BER_BVC("delete"), SOCK_OP_DELETE },
+	{ BER_BVC("extended"), SOCK_OP_EXTENDED },
 	{ BER_BVNULL, 0 }
 };
 
@@ -249,7 +251,9 @@ static BI_op_bind *sockfuncs[] = {
 	sock_back_modify,
 	sock_back_modrdn,
 	sock_back_add,
-	sock_back_delete
+	sock_back_delete,
+	0,                    /* abandon not supported */
+	sock_back_extended
 };
 
 static const int sockopflags[] = {
@@ -260,7 +264,9 @@ static const int sockopflags[] = {
 	SOCK_OP_MODIFY,
 	SOCK_OP_MODRDN,
 	SOCK_OP_ADD,
-	SOCK_OP_DELETE
+	SOCK_OP_DELETE,
+	0,                    /* abandon not supported */
+	SOCK_OP_EXTENDED
 };
 
 static int sock_over_op(
@@ -283,6 +289,7 @@ static int sock_over_op(
 	case LDAP_REQ_MODRDN:	which = op_modrdn; break;
 	case LDAP_REQ_ADD:	which = op_add; break;
 	case LDAP_REQ_DELETE:	which = op_delete; break;
+	case LDAP_REQ_EXTENDED:	which = op_extended; break;
 	default:
 		return SLAP_CB_CONTINUE;
 	}
@@ -365,6 +372,7 @@ sock_over_setup()
 	sockover.on_bi.bi_op_modrdn = sock_over_op;
 	sockover.on_bi.bi_op_add = sock_over_op;
 	sockover.on_bi.bi_op_

Message of length 6060 truncated


Followup 6

Download message
Subject: Re: (ITS#8714)
To: michael@stroeder.com, openldap-its@OpenLDAP.org
From: Howard Chu <hyc@symas.com>
Date: Tue, 5 Sep 2017 14:48:08 +0100
michael@stroeder.com wrote:
> This is a multi-part message in MIME format.
> --------------E329EF3D834E0A798BAC2EBC
> Content-Type: text/plain; charset=UTF-8; format=flowed
> Content-Transfer-Encoding: 7bit
> 
> Find attached a new patch which base64-encoded the extended
> operation request value before sending it to the socket.
> 
> You can also download patch file here:

Your patch is missing extended.c


-- 
   -- Howard Chu
   CTO, Symas Corp.           http://www.symas.com
   Director, Highland Sun     http://highlandsun.com/hyc/
   Chief Architect, OpenLDAP  http://www.openldap.org/project/



Followup 7

Download message
Subject: Re: (ITS#8714)
To: Howard Chu <hyc@symas.com>, openldap-its@OpenLDAP.org
From: =?UTF-8?Q?Michael_Str=c3=b6der?= <michael@stroeder.com>
Date: Tue, 5 Sep 2017 15:56:05 +0200
This is a cryptographically signed message in MIME format.

--------------ms020207030808080005010306
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: quoted-printable

Howard Chu wrote:
> Your patch is missing extended.c

Aargh! Corrected herein:

https://www.stroeder.com/temp/0001-ITS-8714-Send-out-EXTENDED-operation-m=
essage-from-back-sock_rev3.patch

Ciao, Michael.


--------------ms020207030808080005010306
Content-Type: application/pkcs7-signature; name="smime.p7s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="smime.p7s"
Content-Description: S/MIME Cryptographic Signature

MIAGCSqGSIb3DQEHAqCAMIACAQExDzANBglghkgBZQMEAgEFADCABgkqhkiG9w0BBwEAAKCC
CucwggT9MIID5aADAgECAhBFRleVrRF8X5GwbV0tcLCgMA0GCSqGSIb3DQEBCwUAMHUxCzAJ
BgNVBAYTAklMMRYwFAYDVQQKEw1TdGFydENvbSBMdGQuMSkwJwYDVQQLEyBTdGFydENvbSBD
ZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTEjMCEGA1UEAxMaU3RhcnRDb20gQ2xhc3MgMSBDbGll
bnQgQ0EwHhcNMTYwOTE2MDcxNjUxWhcNMTkxMjE2MDcxNjUxWjBEMR0wGwYDVQQDDBRtaWNo
YWVsQHN0cm9lZGVyLmNvbTEjMCEGCSqGSIb3DQEJARYUbWljaGFlbEBzdHJvZWRlci5jb20w
ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQChMBt5jtuLXsNQ5U7rBbZit8sknIwz
hfaousT3d/fssQ6qZwe9l1yklILSXVMqI7/bxbiqcd3zrz+imdSlZPrFBHGfh04DZHCfss2F
RwSswGejqP1qE3hPvZi96wFfOMqenpN+pSXqNJ1OPBCJ8a+8ZEioFKoEj3HkCCXjbmezAgms
FuA7aFE9BfjJ2eQKw8B9G8X1FjvOTinYSZ2F+qHpKgywl4HTx0dMnYy+Pwu4DDIHkEaVH+uj
K1/ed76WUEH51mX9m2Xu0onfQlSM3me6EvAAZiIDsCEbF9WttRuJbpfCFo0m2uW7BBugS7EG
Jro1nRSQVnpJyTFgHb5EGMVVAgMBAAGjggG4MIIBtDAOBgNVHQ8BAf8EBAMCBLAwHQYDVR0l
BBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMEMAkGA1UdEwQCMAAwHQYDVR0OBBYEFFh1801TSuxT
Nltnv9rOjrZzUUgNMB8GA1UdIwQYMBaAFCSBbDlhvkkPj7cbRivJKLUnSG1oMG8GCCsGAQUF
BwEBBGMwYTAkBggrBgEFBQcwAYYYaHR0cDovL29jc3Auc3RhcnRzc2wuY29tMDkGCCsGAQUF
BzAChi1odHRwOi8vYWlhLnN0YXJ0c3NsLmNvbS9jZXJ0cy9zY2EuY2xpZW50MS5jcnQwOAYD
VR0fBDEwLzAtoCugKYYnaHR0cDovL2NybC5zdGFydHNzbC5jb20vc2NhLWNsaWVudDEuY3Js
MB8GA1UdEQQYMBaBFG1pY2hhZWxAc3Ryb2VkZXIuY29tMCMGA1UdEgQcMBqGGGh0dHA6Ly93
d3cuc3RhcnRzc2wuY29tLzBHBgNVHSAEQDA+MDwGCysGAQQBgbU3AQIFMC0wKwYIKwYBBQUH
AgEWH2h0dHBzOi8vd3d3LnN0YXJ0c3NsLmNvbS9wb2xpY3kwDQYJKoZIhvcNAQELBQADggEB
AKiJ9wpjJeHdEzHDZyqmhn4cHcRj9Ag7ZQK0meq1N3oQ9M1YeVge6vZe20LXojgXsNUQGLSt
1lW2s7fABkL9CF+/RtWznHxlp4YpWX/RgbHBo3uXKNA5JUOjbxQ2+1b1jaTp/FUrSIISAxgd
RpeYAODJ0db1x8Q+l66DtIVjj7ktWISdJWE2Opn4QnaRwdj6n35Rul4S2ikUsmxtGrHLpjRR
XJqbsGa0RZdJyUKlZ2ZRAoRz4jKHOogQcig937sR5Ut2pGOhrScEhgARY2c8Gs2olRTL3pue
mE4vjY0g1Nwr9RzeFwMuasiFh4yD34i6jIRfoNzuLPgydjsJ0grw0akwggXiMIIDyqADAgEC
AhBrp4p9CteI1lEK+Vnk57ThMA0GCSqGSIb3DQEBCwUAMH0xCzAJBgNVBAYTAklMMRYwFAYD
VQQKEw1TdGFydENvbSBMdGQuMSswKQYDVQQLEyJTZWN1cmUgRGlnaXRhbCBDZXJ0aWZpY2F0
ZSBTaWduaW5nMSkwJwYDVQQDEyBTdGFydENvbSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAe
Fw0xNTEyMTYwMTAwMDVaFw0zMDEyMTYwMTAwMDVaMHUxCzAJBgNVBAYTAklMMRYwFAYDVQQK
Ew1TdGFydENvbSBMdGQuMSkwJwYDVQQLEyBTdGFydENvbSBDZXJ0aWZpY2F0aW9uIEF1dGhv
cml0eTEjMCEGA1UEAxMaU3RhcnRDb20gQ2xhc3MgMSBDbGllbnQgQ0EwggEiMA0GCSqGSIb3
DQEBAQUAA4IBDwAwggEKAoIBAQC9fdr3w6J9g/Zbgv3bW1+uHht1wLUZr5gkrLtXedg17Ake
fMyUGwrQdvwObhajcVmnKVxhrUwkZPXRAwZZosRHfEIi5FH7x6SV/8Sp5lZEuiMnvMFG2MzL
A84J6Ws5T4NfXZ0qn4TPgnr3X2vPVS51M7Ua9nIJgn8jvTra4eyyQzxvuA/GZwKg7VQfDCmC
S+kICslYYWgXOMt2xlsSslxLce0CGWRsT8EpMyt1iDflSjXZIsE7m1uTyHaKZspMLyIyz6my
Su8j8BWWHpChNNeTrFuhVfrOAyDPFJVUvKZCLKBhibTLloyy+LatoWELrjdI4a8StZY8+dIR
9t4APXGzAgMBAAGjggFkMIIBYDAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0lBBYwFAYIKwYBBQUH
AwIGCCsGAQUFBwMEMBIGA1UdEwEB/wQIMAYBAf8CAQAwMgYDVR0fBCswKTAnoCWgI4YhaHR0
cDovL2NybC5zdGFydHNzbC5jb20vc2ZzY2EuY3JsMGYGCCsGAQUFBwEBBFowWDAkBggrBgEF
BQcwAYYYaHR0cDovL29jc3Auc3RhcnRzc2wuY29tMDAGCCsGAQUFBzAChiRodHRwOi8vYWlh
LnN0YXJ0c3NsLmNvbS9jZXJ0cy9jYS5jcnQwHQYDVR0OBBYEFCSBbDlhvkkPj7cbRivJKLUn
SG1oMB8GA1UdIwQYMBaAFE4L7xqkQFulF2mHMMo0aEPQQa7yMD8GA1UdIAQ4MDYwNAYEVR0g
ADAsMCoGCCsGAQUFBwIBFh5odHRwOi8vd3d3LnN0YXJ0c3NsLmNvbS9wb2xpY3kwDQYJKoZI
hvcNAQELBQADggIBAIvj94fsAYuErQ8BAluc4SMnIwS9NPBwAm5SH9uh2NCXTq7im61g7F1L
IiNI/+wq37fUuaMbz4g7VarKQTgf8ubs0p7NZWcIe7Bvem2AWaXBsxsaRTYw5kG3DN8pd1hS
EUuFoTa7DmNeFe8tiK1BrL3rbA/m48jp4AiFXgvxprJrW7izsyetOrRHPbkW4Y07v29MdhaP
v3u1JELyszXqOzjIYo4sWlC8iDQXwgSW/ntvWy2n4LuiaozlCfXl149tKeqvwlvrla2Yklue
/quWp9j9ou4T/OY0CXMuY+B8wNK0ohd2D4ShgFlMSjzAFRoHGKF81snTr2d1A7Ew02oF6UQy
CkC2aNNsK5cWOojBar5c7HplX9aHYUCZouxIeU28SONJAxnATgR4cJ2jrpmYSz/kliUJ46S6
UpVDo/ebn9c6PaM/XtDYCCaM/7XX6wc3s++sbQ7CtCn1Ax7df6ufQbwyO0V+oFa9H0KAsjHM
zcwk3EV2B2NLatidKE/m7G+rB9m+FlVgIiSp0mGlg43QO9Kh1+JqvTCIzv2bJJkmPMLQJNuK
KwHNL8F4GGp6jbAV+WL+LDeGfVcq8DHS3LrD+xyYEXQBiqZEdiPVOMxLDSUCXsDO0uCWpaNQ
8j6y6S9p0xE/Ga0peVLadVHhqf9nXqKaxnr358VgfrxzUIrvOaOjMYIDzDCCA8gCAQEwgYkw
dTELMAkGA1UEBhMCSUwxFjAUBgNVBAoTDVN0YXJ0Q29tIEx0ZC4xKTAnBgNVBAsTIFN0YXJ0
Q29tIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MSMwIQYDVQQDExpTdGFydENvbSBDbGFzcyAx
IENsaWVudCBDQQIQRUZXla0RfF+RsG1dLXCwoDANBglghkgBZQMEAgEFAKCCAhMwGAYJKoZI
hvcNAQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG9w0BCQUxDxcNMTcwOTA1MTM1NjA1WjAvBgkq
hkiG9w0BCQQxIgQg8GCP1w5NtTSxcpwIYyPNKa+KPNyCIiZ5C20j5QlpXN0wbAYJKoZIhvcN
AQkPMV8wXTALBglghkgBZQMEASowCwYJYIZIAWUDBAECMAoGCCqGSIb3DQMHMA4GCCqGSIb3
DQMCAgIAgDANBggqhkiG9w0DAgIBQDAHBgUrDgMCB

Message of length 5875 truncated


Followup 8

Download message
Subject: Re: (ITS#8714)
To: =?UTF-8?Q?Michael_Str=c3=b6der?= <michael@stroeder.com>,
 openldap-its@OpenLDAP.org
From: Howard Chu <hyc@symas.com>
Date: Tue, 5 Sep 2017 15:46:54 +0100
Michael Str=C3=B6der wrote:
> Howard Chu wrote:
>> Your patch is missing extended.c
>=20
> Aargh! Corrected herein:
>=20
> https://www.stroeder.com/temp/0001-ITS-8714-Send-out-EXTENDED-operation=
-message-from-back-sock_rev3.patch=20

There's a weird indent at extended.c:50 or so, the if() statement.

Would be better to use op->o_tmpalloc instead of ber_memalloc since you'r=
e=20
immediately freeing the buffer again anyway.

I can fix those here if you don't care.

--=20
   -- Howard Chu
   CTO, Symas Corp.           http://www.symas.com
   Director, Highland Sun     http://highlandsun.com/hyc/
   Chief Architect, OpenLDAP  http://www.openldap.org/project/



Followup 9

Download message
Subject: Re: (ITS#8714)
To: hyc@symas.com, openldap-its@OpenLDAP.org
From: =?UTF-8?Q?Michael_Str=c3=b6der?= <michael@stroeder.com>
Date: Tue, 5 Sep 2017 16:58:15 +0200
hyc@symas.com wrote:
> There's a weird indent at extended.c:50 or so, the if()
> statement.
>
> Would be better to use op->o_tmpalloc instead of ber_memalloc
> since you'r= e=20 immediately freeing the buffer again anyway.
>
> I can fix those here if you don't care.

Yes, I'd highly appreciate if you simply adjust it to your coding 
style.

One additional point:
Currently the external program is not able to produce a custom 
extended operation response. Mainly it should always return 
CONTINUE or an error response. I wanted to make this limitation 
clear in the man-page but was unsure about the appropriate section.

Ciao, Michael.



Followup 10

Download message
Subject: Re: (ITS#8714)
To: =?UTF-8?Q?Michael_Str=c3=b6der?= <michael@stroeder.com>,
 openldap-its@OpenLDAP.org
From: Howard Chu <hyc@symas.com>
Date: Tue, 5 Sep 2017 16:10:42 +0100
Michael Str=C3=B6der wrote:
> hyc@symas.com wrote:
>> There's a weird indent at extended.c:50 or so, the if()
>> statement.
>>
>> Would be better to use op->o_tmpalloc instead of ber_memalloc
>> since you'r=3D e=3D20 immediately freeing the buffer again anyway.
>>
>> I can fix those here if you don't care.
>=20
> Yes, I'd highly appreciate if you simply adjust it to your coding style=
.
>=20
> One additional point:
> Currently the external program is not able to produce a custom extended=
=20
> operation response. Mainly it should always return CONTINUE or an error=
=20
> response. I wanted to make this limitation clear in the man-page but wa=
s=20
> unsure about the appropriate section.

You could add a LIMITATIONS section, as slapd-monitor.5 and slapd-shell.5=
=20
does. The manpage now needs an update to note that the exop value is base=
64=20
encoded. Also, since it is encoded, I don't believe it's necessary to=20
explicitly send the valuelen.

--=20
   -- Howard Chu
   CTO, Symas Corp.           http://www.symas.com
   Director, Highland Sun     http://highlandsun.com/hyc/
   Chief Architect, OpenLDAP  http://www.openldap.org/project/



Followup 11

Download message
Subject: Re: (ITS#8714)
To: Howard Chu <hyc@symas.com>, openldap-its@OpenLDAP.org
From: =?UTF-8?Q?Michael_Str=c3=b6der?= <michael@stroeder.com>
Date: Tue, 5 Sep 2017 17:13:27 +0200
Howard Chu wrote:
> You could add a LIMITATIONS section, as slapd-monitor.5 and
> slapd-shell.5 does. The manpage now needs an update to note that
> the exop value is base64 encoded. Also, since it is encoded, I
> don't believe it's necessary to explicitly send the valuelen.

Ah, yes. Forgot to update the message format in the man-page.

If you don't mind I just produce another follow-up patch for the 
man-page.

Ok?

Ciao, Michael.



Followup 12

Download message
Subject: Re: (ITS#8714)
From: =?UTF-8?Q?Michael_Str=c3=b6der?= <michael@stroeder.com>
To: openldap-its@OpenLDAP.org
Date: Wed, 6 Sep 2017 00:26:06 +0200
michael@stroeder.com wrote:
> If you don't mind I just produce another follow-up patch for the
> man-page.

Find this man-page patch here:

https://www.stroeder.com/temp/0001-ITS-8714-man-page-corrections-regarding-EXTENDED-ope.patch

Ciao, Michael.


Up to top level
Build   Contrib   Development   Documentation   Historical   Incoming   Software Bugs   Software Enhancements   Web  

Logged in as guest


The OpenLDAP Issue Tracking System uses a hacked version of JitterBug

______________
© Copyright 2013, OpenLDAP Foundation, info@OpenLDAP.org