[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#4740) SASL bind assert



Kurt@OpenLDAP.org wrote:
> At 07:51 PM 11/27/2006, Kurt D. Zeilenga wrote:
>> Spoke too soon.
>> You code appears to be sending the same requests as
>> Nessus, at least as described here:
>>  http://www.nessus.org/plugins/index.php?view=viewsrc&id=23625
>>
>> Suspect a mismatch between what you and Brian are
>> testing...
> 
> Howard, is the normalized authcDN in your testing correct?

It has a single escaped space. Here's the log with 256 characters 
instead of 1024:

 >>> slap_listener(ldap://:9011)connection_get(12)
connection_get(12): got connid=2
connection_read(12): checking for input on id=2
ber_get_next
ldap_read: want=8, got=8
   0000:  30 17 02 02 04 e7 60 11                            0.....`.
ldap_read: want=17, got=17
   0000:  02 01 03 04 00 a3 0a 04  08 43 52 41 4d 2d 4d 44 
.........CRAM-MD
   0010:  35                                                 5
ber_get_next: tag 0x30 len 23 contents:
ber_get_next
ldap_read: want=8 error=Resource temporarily unavailable
ber_get_next on fd 12 failed errno=11 (Resource temporarily unavailable)
do_bind
ber_scanf fmt ({imt) ber:
ber_scanf fmt ({m) ber:
ber_scanf fmt (}}) ber:
 >>> dnPrettyNormal: <>
<<< dnPrettyNormal: <>, <>
do_sasl_bind: dn () mech CRAM-MD5
==> sasl_bind: dn="" mech=CRAM-MD5 datalen=0
send_ldap_sasl: err=14 len=38
send_ldap_response: msgid=1255 tag=97 err=14
ber_flush: 55 bytes to sd 12
   0000:  30 35 02 02 04 e7 61 2f  0a 01 0e 04 00 04 00 87 
05....a/........
   0010:  26 3c 39 34 32 38 34 39  37 31 39 2e 37 30 35 38 
&<942849719.7058
   0020:  36 35 39 40 6d 61 6e 64  6f 6c 69 6e 2e 73 79 6d 
659@mandolin.sym
   0030:  61 73 2e 63 6f 6d 3e                               as.com>
ldap_write: want=55, written=55
   0000:  30 35 02 02 04 e7 61 2f  0a 01 0e 04 00 04 00 87 
05....a/........
   0010:  26 3c 39 34 32 38 34 39  37 31 39 2e 37 30 35 38 
&<942849719.7058
   0020:  36 35 39 40 6d 61 6e 64  6f 6c 69 6e 2e 73 79 6d 
659@mandolin.sym
   0030:  61 73 2e 63 6f 6d 3e                               as.com>
<== slap_sasl_bind: rc=14
connection_get(12)
connection_get(12): got connid=2
connection_read(12): checking for input on id=2
ber_get_next
ldap_read: want=8, got=8
   0000:  30 82 01 1f 02 02 04 e6                            0.......
ldap_read: want=283, got=283
   0000:  60 82 01 17 02 01 03 04  00 a3 82 01 0e 04 08 43 
`..............C
   0010:  52 41 4d 2d 4d 44 35 04  82 01 00 20 20 20 20 20   RAM-MD5....
   0020:  20 20 20 20 20 20 20 20  20 20 20 20 20 20 20 20
   0030:  20 20 20 20 20 20 20 20  20 20 20 20 20 20 20 20
   0040:  20 20 20 20 20 20 20 20  20 20 20 20 20 20 20 20
   0050:  20 20 20 20 20 20 20 20  20 20 20 20 20 20 20 20
   0060:  20 20 20 20 20 20 20 20  20 20 20 20 20 20 20 20
   0070:  20 20 20 20 20 20 20 20  20 20 20 20 20 20 20 20
   0080:  20 20 20 20 20 20 20 20  20 20 20 20 20 20 20 20
   0090:  20 20 20 20 20 20 20 20  20 20 20 20 20 20 20 20
   00a0:  20 20 20 20 20 20 20 20  20 20 20 20 20 20 20 20
   00b0:  20 20 20 20 20 20 20 20  20 20 20 20 20 20 20 20
   00c0:  20 20 20 20 20 20 20 20  20 20 20 20 20 20 20 20
   00d0:  20 20 20 20 20 20 20 20  20 20 20 20 20 20 20 20
   00e0:  20 20 20 20 20 20 20 20  20 20 20 20 20 20 20 20
   00f0:  20 20 20 20 20 20 20 20  20 20 20 20 20 20 20 20
   0100:  20 20 20 20 20 20 20 20  20 20 20 20 20 20 20 20
   0110:  20 20 20 20 20 20 20 20  20 20 20
ber_get_next: tag 0x30 len 287 contents:
ber_get_next
ldap_read: want=8 error=Resource temporarily unavailable
ber_get_next on fd 12 failed errno=11 (Resource temporarily unavailable)
connection_get(12)
connection_get(12): got connid=2
connection_read(12): checking for input on id=2
ber_get_next
ldap_read: want=8, got=0

ber_get_next on fd 12 failed errno=0 (Success)
connection_closing: readying conn=2 sd=12 for close
connection_close: deferring conn=2 sd=12
do_bind
ber_scanf fmt ({imt) ber:
ber_scanf fmt ({m) ber:
ber_scanf fmt (m) ber:
ber_scanf fmt (}}) ber:
 >>> dnPrettyNormal: <>
<<< dnPrettyNormal: <>, <>
do_sasl_bind: dn () mech CRAM-MD5
==> sasl_bind: dn="" mech=<continuing> datalen=256
SASL Canonicalize [conn=2]: authcid=" 
 
 
 
        "
slap_sasl_getdn: conn 2 id= 
 
 
 
[len=255]
=> ldap_dn2bv(16)
<= ldap_dn2bv(uid=\20 
 
 
 
\20,cn=CRAM-MD5,cn=auth)=0
slap_sasl_getdn: u:id converted to uid=\20 
 
 
 
           \20,cn=CRAM-MD5,cn=auth
 >>> dnNormalize: <uid=\20 
 
 
 
\20,cn=CRAM-MD5,cn=auth>
=> ldap_bv2dn(uid=\20 
 
 
 
\20,cn=CRAM-MD5,cn=auth,0)
<= ldap_bv2dn(uid=\20 
 
 
 
\20,cn=CRAM-MD5,cn=auth)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(uid=\20,cn=cram-md5,cn=auth)=0
<<< dnNormalize: <uid=\20,cn=cram-md5,cn=auth>
==>slap_sasl2dn: converting SASL name uid=\20,cn=cram-md5,cn=auth to a DN
slap_authz_regexp: converting SASL name uid=\20,cn=cram-md5,cn=auth
<==slap_sasl2dn: Converted SASL name to <nothing>
SASL Canonicalize [conn=2]: slapAuthcDN="uid=\20,cn=cram-md5,cn=auth"
SASL [conn=2] Failure: no secret in database
send_ldap_result: conn=2 op=1 p=3
send_ldap_result: err=49 matched="" text="SASL(-13): user not found: no 
secret in database"
send_ldap_response: msgid=1254 tag=97 err=49
<== slap_sasl_bind: rc=49
connection_resched: attempting closing conn=2 sd=12
connection_close: conn=2 sd=12



-- 
   -- Howard Chu
   Chief Architect, Symas Corp.  http://www.symas.com
   Director, Highland Sun        http://highlandsun.com/hyc
   OpenLDAP Core Team            http://www.openldap.org/project/