[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: str2result() and slapd-sock

To: "OpenLDAP-devel@openldap.org" <openldap-devel@OpenLDAP.org>
Subject: Re: str2result() and slapd-sock
From: Michael Ströder <michael@stroeder.com>
Date: Thu, 24 Sep 2015 23:08:29 +0200
In-reply-to: <560443BF.6050305@stroeder.com>
References: <56043BC8.9080601@stroeder.com> <560443BF.6050305@stroeder.com>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 SeaMonkey/2.35

Michael Ströder wrote:
> Michael Ströder wrote:
>> I'm trying to find out why slapd-socks always outputs all lines returned by
>> the external sock listeners with comment "unknown" although everything seems
>> to work correctly.
>>
>> ----------------------------- snip -----------------------------
>> 5603fc08 conn=1000 op=1 BIND dn="uid=äöüÄÖÜß,ou=realdb,dc=example,dc=org"
>> method=128
>> 5603fc08 str2result (msgid: 2
>> code: 49
>> matched: uid=äöüÄÖÜß,ou=realdb,dc=example,dc=org
>> info: You loose! (wrong password)
>>
>> ) unknown
>> 5603fc08 str2result (
>> ) unknown
>> 5603fc08 conn=1000 op=1 RESULT tag=97 err=49 text= You loose! (wrong password)
>> ----------------------------- snip -----------------------------
>>
>> The (correct) Python string returned by the listener was:
>>
>> 'RESULT\nmsgid: 2\ncode: 49\nmatched:
>> uid=\xc3\xa4\xc3\xb6\xc3\xbc\xc3\x84\xc3\x96\xc3\x9c\xc3\x9f,ou=realdb,dc=example,dc=org\ninfo:
>> You loose! (wrong password)\n\n'
>>
>> I tried to understand what's going on in str2result()
>> (in file servers/slapd/result.c) but failed.
>>
>> AFAICS in slapd-sock(5) the external listener should always return a line with
>> "code: <digit>" after the "RESULT" line. But to me it seems that the function
>> would return with rc=0 if there's only a single "RESULT" line (due to break in
>> line 1674).
>>
>> And I also can't see why the else clause in 1727 is reached.
>> I wonder whether slapd-sock is confused by the two trailing line feeds.
> 
> AFAICT the else statement with the debug statement is hit because the
> "RESULT\n" line is not really consumed before the while loop (line 1671) and
> that results in this wrong output. s is still at the beginning of "RESULT\n"
> line when entering the while loop.

Forgot to note that the info and matched fields returned to the LDAP client
have an extra preceding space probably the one after the colon:

=> LDAPError - INVALID_CREDENTIALS: {'info': ' You loose! (wrong password)',
'matched': '
uid=\xc3\xa4\xc3\xb6\xc3\xbc\xc3\x84\xc3\x96\xc3\x9c\xc3\x9f,ou=realdb,dc=example,dc=org',
'desc': 'Invalid credentials'}

Leaving away result line with "msgid:" and the trailing line feed is slightly
better but results in slapd output "socket connect(sockdb-listener) failed".
Also it does not match the spec in slapd-sock(5).

The Python result string is:
'RESULT\ncode: 49\nmatched:
uid=\xc3\xa4\xc3\xb6\xc3\xbc\xc3\x84\xc3\x96\xc3\x9c\xc3\x9f,ou=realdb,dc=example,dc=org\ninfo:
You loose! (wrong password)'

Ciao, Michael.

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

References:
- str2result() and slapd-sock
  - From: Michael Ströder <michael@stroeder.com>
- Re: str2result() and slapd-sock
  - From: Michael Ströder <michael@stroeder.com>

Prev by Date: Re: str2result() and slapd-sock
Index(es):
- Chronological
- Thread