[Date Prev][Date Next] [Chronological] [Thread] [Top]
Re: Bug in slapd's acl's with SASL (ITS#2067)

To: openldap-its@OpenLDAP.org
Subject: Re: Bug in slapd's acl's with SASL (ITS#2067)
From: quanah@stanford.edu
Date: Tue, 10 Sep 2002 22:54:29 GMT
--==========05657289==========
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline



--On Wednesday, September 04, 2002 5:40 PM -0700 "Kurt D. Zeilenga"=20
<Kurt@OpenLDAP.org> wrote:

> At 02:54 PM 2002-09-04, quanah@stanford.edu wrote:
>> I tried 'by * auth' and that doesn't work either.
>
> Ah, that's a key tidbit of information.
>
> Yes. There is a bug in back_{bdb,ldbm}/attribute.c which
> requires "read" instead of "auth".  Fixed in HEAD.
>
> Kurt
>

If this helps, here is the output with debug 65535 on slapd.

slapd startup: initiated.
bdb_db_open: dc=3Dstanford,dc=3Dedu
bdb_db_open: dbenv_open(/db)
slapd starting
daemon: added 7r
daemon: added 8r
daemon: select: listen=3D7 active_threads=3D0 tvp=3DNULL
daemon: select: listen=3D8 active_threads=3D0 tvp=3DNULL
daemon: activity on 1 descriptors
daemon: new connection on 12
str2filter "(objectclass=3D*)"
put_filter: "(objectclass=3D*)"
put_filter: simple
put_simple_filter: "objectclass=3D*"
begin get_filter
PRESENT
ber_scanf fmt (m) ber:
ber_dump: buf=3D0x00140538 ptr=3D0x00140538 end=3D0x00140545 len=3D13
  0000:  87 0b 6f 62 6a 65 63 74  63 6c 61 73 73            ..objectclass=20

end get_filter 0
daemon: conn=3D0 fd=3D12 connection from IP=3D127.0.0.1:32960 =
(IP=3D0.0.0.0:389)=20
accepted.
daemon: added 12r
daemon: activity on:
daemon: select: listen=3D7 active_threads=3D0 tvp=3DNULL
daemon: select: listen=3D8 active_threads=3D0 tvp=3DNULL
daemon: activity on 1 descriptors
daemon: activity on: 12r
daemon: read activity on 12
connection_get(12)
connection_get(12): got connid=3D0
connection_read(12): checking for input on id=3D0
ber_get_next
ldap_read: want=3D9, got=3D9
  0000:  30 3e 02 01 01 63 39 04  00                        0>...c9..=20

ldap_read: want=3D55, got=3D55
  0000:  0a 01 00 0a 01 00 02 01  00 02 01 00 01 01 00 87=20
................
  0010:  0b 6f 62 6a 65 63 74 63  6c 61 73 73 30 19 04 17=20
.objectclass0...
  0020:  73 75 70 70 6f 72 74 65  64 53 41 53 4c 4d 65 63=20
supportedSASLMec
  0030:  68 61 6e 69 73 6d 73                               hanisms=20

ber_get_next: tag 0x30 len 62 contents:
ber_dump: buf=3D0x001317f8 ptr=3D0x001317f8 end=3D0x00131836 len=3D62
  0000:  02 01 01 63 39 04 00 0a  01 00 0a 01 00 02 01 00=20
...c9...........
  0010:  02 01 00 01 01 00 87 0b  6f 62 6a 65 63 74 63 6c=20
........objectcl
  0020:  61 73 73 30 19 04 17 73  75 70 70 6f 72 74 65 64=20
ass0...supported
  0030:  53 41 53 4c 4d 65 63 68  61 6e 69 73 6d 73         SASLMechanisms=20

ber_get_next
ldap_read: want=3D9 error=3DResource temporarily unavailable
do_search
ber_get_next on fd 12 failed errno=3D11 (Resource temporarily unavailable)
ber_scanf fmt ({miiiib) ber:
ber_dump: buf=3D0x001317f8 ptr=3D0x001317fb end=3D0x00131836 len=3D59
  0000:  63 39 04 00 0a 01 00 0a  01 00 02 01 00 02 01 00=20
c9..............
  0010:  01 01 00 87 0b 6f 62 6a  65 63 74 63 6c 61 73 73=20
.....objectclass
  0020:  30 19 04 17 73 75 70 70  6f 72 74 65 64 53 41 53=20
0...supportedSAS
  0030:  4c 4d 65 63 68 61 6e 69  73 6d 73                  LMechanisms=20

daemon: select: listen=3D7 active_threads=3D1 tvp=3DNULL
>>> dnPrettyNormal: <>
daemon: select: listen=3D8 active_threads=3D1 tvp=3DNULL
<<< dnPrettyNormal: <>, <>
SRCH "" 0 0    0 0 0
begin get_filter
PRESENT
ber_scanf fmt (m) ber:
ber_dump: buf=3D0x001317f8 ptr=3D0x0013180e end=3D0x00131836 len=3D40
  0000:  87 0b 6f 62 6a 65 63 74  63 6c 61 73 73 30 19 04=20
..objectclass0..
  0010:  17 73 75 70 70 6f 72 74  65 64 53 41 53 4c 4d 65=20
.supportedSASLMe
  0020:  63 68 61 6e 69 73 6d 73                            chanisms=20

end get_filter 0
    filter: (objectClass=3D*)
ber_scanf fmt ({M}}) ber:
ber_dump: buf=3D0x001317f8 ptr=3D0x0013181b end=3D0x00131836 len=3D27
  0000:  00 19 04 17 73 75 70 70  6f 72 74 65 64 53 41 53=20
....supportedSAS
  0010:  4c 4d 65 63 68 61 6e 69  73 6d 73                  LMechanisms=20

    attrs: supportedSASLMechanisms
conn=3D0 op=3D0 SRCH base=3D"" scope=3D0 filter=3D"(objectClass=3D*)"
=3D> test_filter
    PRESENT
=3D> access_allowed: search access to "" "objectClass" requested
=3D> acl_get: [1] check attr objectClass
<=3D acl_get: [1] acl  attr: objectClass
=3D> acl_mask: access to entry "", attr "objectClass" requested
=3D> acl_mask: to all values by "", (=3Dn)
<=3D check a_dn_pat: *
<=3D acl_mask: [1] applying auth(=3Dx) (stop)
<=3D acl_mask: [1] mask: auth(=3Dx)
=3D> access_allowed: search access denied by auth(=3Dx)
<=3D test_filter 50
send_ldap_result: conn=3D0 op=3D0 p=3D3
send_ldap_result: err=3D0 matched=3D"" text=3D""
send_ldap_response: msgid=3D1 tag=3D101 err=3D0
ber_flush: 14 bytes to sd 12
  0000:  30 0c 02 01 01 65 07 0a  01 00 04 00 04 00         0....e........=20

ldap_write: want=3D14, written=3D14
  0000:  30 0c 02 01 01 65 07 0a  01 00 04 00 04 00         0....e........=20

conn=3D0 op=3D0 RESULT tag=3D101 err=3D0 text=3D
daemon: activity on 1 descriptors
daemon: activity on: 12r
daemon: read activity on 12
connection_get(12)
connection_get(12): got connid=3D0
connection_read(12): checking for input on id=3D0
ber_get_next
ldap_read: want=3D9, got=3D0

ber_get_next on fd 12 failed errno=3D0 (Error 0)
connection_read(12): input error=3D-2 id=3D0, closing.
connection_closing: readying conn=3D0 sd=3D12 for close
connection_close: conn=3D0 sd=3D12
daemon: removing 12
conn=3D0 fd=3D12 closed
daemon: select: listen=3D7 active_threads=3D0 tvp=3DNULL
daemon: select: listen=3D8 active_threads=3D0 tvp=3DNULL
daemon: activity on 1 descriptors
daemon: select: listen=3D7 active_threads=3D0 tvp=3DNULL
daemon: select: listen=3D8 active_threads=3D0 tvp=3DNULL
^Cslap_sig_shutdown: signal 2
daemon: shutdown requested and initiated.
daemon: closing 7
daemon: closing 8
slapd shutdown: waiting for 0 threads to terminate
slapd shutdown: initiated
=3D=3D=3D=3D> bdb_cache_release_all
slapd shutdown: freeing system resources.
=3D=3D=3D=3D> bdb_cache_release_all
slapd stopped.




--
Quanah Gibson-Mount
Senior Systems Administrator
ITSS/TSS/Computing Systems
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html
--==========05657289==========
Content-Type: application/pgp-signature
Content-Transfer-Encoding: 7bit

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (MingW32)
Comment: For info see http://www.gnupg.org

iEYEARECAAYFAj1+eBYACgkQhgUrDcmdiouUpgCeM5uC53noDAvfLeeprrZZ9WGN
OvgAoIcq4lWRqCcGcuunOmsdyg1HgDCN
=akQT
-----END PGP SIGNATURE-----

--==========05657289==========--
Prev by Date: Re: Bug in slapd's acl's with SASL (ITS#2067)
Next by Date: krb5-kdc.schema not consistently included (ITS#2078)
Index(es):
- Chronological
- Thread