From: Kurt Zeilenga Date: Fri, 23 May 2003 00:22:15 +0000 (+0000) Subject: Fixed liblber ber_get_next trickle bug (ITS#2490) X-Git-Tag: OPENLDAP_REL_ENG_2_1_21~11 X-Git-Url: https://git.sur5r.net/?a=commitdiff_plain;h=e1948f053f2b31d3e802c23ce42fac35f8ee8613;p=openldap Fixed liblber ber_get_next trickle bug (ITS#2490) Fixed ldapsearch -p without -h bug (ITS#2532) Fixed slapd option ordering bug (ITS#2217) Removed lint Documentation Misc man page updates --- diff --git a/CHANGES b/CHANGES index 918147ec6c..078ccf6f9d 100644 --- a/CHANGES +++ b/CHANGES @@ -1,6 +1,12 @@ OpenLDAP 2.1 Change Log -OpenLDAP 2.1.20 Engineering +OpenLDAP 2.1.21 Engineering + Fixed liblber ber_get_next trickle bug (ITS#2490) + Fixed ldapsearch -p without -h bug (ITS#2532) + Fixed slapd option ordering bug (ITS#2217) + Removed lint + Documentation + Misc man page updates OpenLDAP 2.1.20 Release Fixed slapd idletimeout behavior (ITS#2374) diff --git a/clients/tools/common.c b/clients/tools/common.c index 526358d8f6..afee7fee0b 100644 --- a/clients/tools/common.c +++ b/clients/tools/common.c @@ -514,7 +514,12 @@ tool_args( int argc, char **argv ) #endif } - if( ldapuri != NULL ) { + if( ldapuri == NULL ) { + if( ldapport && ( ldaphost == NULL )) { + fprintf( stderr, "%s: -p without -h is invalid.\n", prog ); + exit( EXIT_FAILURE ); + } + } else { if( ldaphost != NULL ) { fprintf( stderr, "%s: -H incompatible with -h\n", prog ); exit( EXIT_FAILURE ); diff --git a/doc/man/man5/ldap.conf.5 b/doc/man/man5/ldap.conf.5 index 0d3d50fb83..579dbc9bf0 100644 --- a/doc/man/man5/ldap.conf.5 +++ b/doc/man/man5/ldap.conf.5 @@ -207,32 +207,11 @@ Aliases are only dereferenced when locating the base object of the search. Aliases are dereferenced both in searching and in locating the base object of the search. .SH TLS OPTIONS -If OpenLDAP is built with support for Transport Layer Security, there -are more options you can specify. -.TP -.B TLS -Specifies whether client connections should use ldaps:// by default. -This option is deprecated in favor of the -.B URI -option. Using the -.B TLS -option may break some applications. -.LP -The -.B -can be specified as one of the following keywords: -.RS -.TP -.B never -This is the default. Connections will be opened in the clear unless -TLS is explicitly specified (e.g. using an "ldaps://" URL.) -.TP -.B hard -All connections will be established with TLS. -Note that using this option effectively makes the library open every -session as an ldaps session and is incompatible with the LDAPv3 StartTLS -request. -.RE +If OpenLDAP is built with Transport Layer Security support, there +are more options you can specify. These options are used when an +.B ldaps:// URI +is selected (by default or otherwise) or when the application +negotiates TLS by issuing the LDAP Start TLS operation. .TP .B TLS_CACERT Specifies the file that contains certificates for all of the Certificate diff --git a/libraries/liblber/dtest.c b/libraries/liblber/dtest.c index 387bf6dcc1..8297d6a881 100644 --- a/libraries/liblber/dtest.c +++ b/libraries/liblber/dtest.c @@ -24,6 +24,7 @@ #include #include #include +#include #ifdef HAVE_CONSOLE_H #include @@ -73,14 +74,19 @@ main( int argc, char **argv ) return( EXIT_FAILURE ); } - tag = ber_get_next( sb, &len, ber); - if( tag == LBER_ERROR ) { + for (;;) { + tag = ber_get_next( sb, &len, ber); + if( tag != LBER_ERROR ) break; + + if( errno == EWOULDBLOCK ) continue; + if( errno == EAGAIN ) continue; + perror( "ber_get_next" ); return( EXIT_FAILURE ); } printf("decode: message tag 0x%lx and length %ld\n", - (unsigned long) tag, (long) len ); + (unsigned long) tag, (long) len ); for( s = argv[1]; *s; s++ ) { char buf[128]; diff --git a/libraries/liblber/io.c b/libraries/liblber/io.c index ed997bea93..c24ad65ba0 100644 --- a/libraries/liblber/io.c +++ b/libraries/liblber/io.c @@ -227,7 +227,12 @@ ber_flush( Sockbuf *sb, BerElement *ber, int freeit ) } while ( towrite > 0 ) { +#ifdef LBER_TRICKLE + sleep(1); + rc = ber_int_sb_write( sb, ber->ber_rwptr, 1 ); +#else rc = ber_int_sb_write( sb, ber->ber_rwptr, towrite ); +#endif if (rc<=0) { return -1; } @@ -500,10 +505,7 @@ ber_get_next( */ if (ber->ber_rwptr == NULL) { - /* XXYYZ - * dtest does like this assert. - */ - /* assert( ber->ber_buf == NULL ); */ + assert( ber->ber_buf == NULL ); ber->ber_rwptr = (char *) &ber->ber_len-1; ber->ber_ptr = ber->ber_rwptr; ber->ber_tag = 0; @@ -515,6 +517,7 @@ ber_get_next( char buf[sizeof(ber->ber_len)-1]; ber_len_t tlen = 0; + errno = 0; sblen=ber_int_sb_read( sb, ber->ber_rwptr, ((char *)&ber->ber_len + LENSIZE*2 - 1)-ber->ber_rwptr); if (sblen<=0) return LBER_DEFAULT; @@ -540,34 +543,51 @@ ber_get_next( } /* Did we run out of bytes? */ if ((char *)p == ber->ber_rwptr) { +#if defined( EWOULDBLOCK ) + errno = EWOULDBLOCK; +#elif defined( EAGAIN ) + errno = EAGAIN; +#endif return LBER_DEFAULT; } } ber->ber_tag = tag; ber->ber_ptr = (char *)p; + } - if (sblen == 1) continue; + if ( ber->ber_ptr == ber->ber_rwptr ) { +#if defined( EWOULDBLOCK ) + errno = EWOULDBLOCK; +#elif defined( EAGAIN ) + errno = EAGAIN; +#endif + return LBER_DEFAULT; } /* Now look for the length */ if (*ber->ber_ptr & 0x80) { /* multi-byte */ ber_len_t i; - int llen = *(unsigned char *)ber->ber_ptr++ & 0x7f; + unsigned char *p = (unsigned char *)ber->ber_ptr; + int llen = *p++ & 0x7f; if (llen > (int)sizeof(ber_len_t)) { errno = ERANGE; return LBER_DEFAULT; } /* Not enough bytes? */ - if (ber->ber_rwptr - ber->ber_ptr < llen) { + if (ber->ber_rwptr - (char *)p < llen) { +#if defined( EWOULDBLOCK ) + errno = EWOULDBLOCK; +#elif defined( EAGAIN ) + errno = EAGAIN; +#endif return LBER_DEFAULT; } - for (i=0; - iber_ptrber_rwptr; - i++,ber->ber_ptr++) + for (i=0; iber_ptr; + tlen |= *p++; } + ber->ber_ptr = p; } else { tlen = *(unsigned char *)ber->ber_ptr++; } @@ -645,6 +665,7 @@ ber_get_next( to_go = ber->ber_end - ber->ber_rwptr; assert( to_go > 0 ); + errno = 0; res = ber_int_sb_read( sb, ber->ber_rwptr, to_go ); if (res<=0) return LBER_DEFAULT; ber->ber_rwptr+=res; diff --git a/libraries/libldap/sasl.c b/libraries/libldap/sasl.c index 2c73abccf2..2e7a0841b7 100644 --- a/libraries/libldap/sasl.c +++ b/libraries/libldap/sasl.c @@ -76,7 +76,7 @@ ldap_sasl_bind( if( rc != LDAP_SUCCESS ) return rc; if( mechanism == LDAP_SASL_SIMPLE ) { - if( dn == NULL && cred != NULL ) { + if( dn == NULL && cred != NULL && cred->bv_len ) { /* use default binddn */ dn = ld->ld_defbinddn; } diff --git a/servers/slapd/acl.c b/servers/slapd/acl.c index b62b61c9a7..9c588a4cc9 100644 --- a/servers/slapd/acl.c +++ b/servers/slapd/acl.c @@ -221,12 +221,13 @@ access_allowed( "access_allowed: backend default %s access %s to \"%s\"\n", access2str( access ), be->be_dfltaccess >= access ? "granted" : "denied", - op->o_dn.bv_val ); + op->o_dn.bv_val ? op->o_dn.bv_val : "anonymous" ); #else Debug( LDAP_DEBUG_ACL, "=> access_allowed: backend default %s access %s to \"%s\"\n", access2str( access ), - be->be_dfltaccess >= access ? "granted" : "denied", op->o_dn.bv_val ); + be->be_dfltaccess >= access ? "granted" : "denied", + op->o_dn.bv_val ? op->o_dn.bv_val : "anonymous" ); #endif ret = be->be_dfltaccess >= access; goto done; diff --git a/servers/slapd/ad.c b/servers/slapd/ad.c index 4ed522cd2c..9a94c979e6 100644 --- a/servers/slapd/ad.c +++ b/servers/slapd/ad.c @@ -222,10 +222,10 @@ int slap_bv2ad( } else if ( rc > 0 || ( rc == 0 && (unsigned)optlen > tags[i].bv_len )) { - AC_MEMCPY( &tags[i+1], &tags[i], - (ntags-i)*sizeof(struct berval) ); - tags[i].bv_val = opt; - tags[i].bv_len = optlen; + AC_MEMCPY( &tags[i+2], &tags[i+1], + (ntags-i-1)*sizeof(struct berval) ); + tags[i+1].bv_val = opt; + tags[i+1].bv_len = optlen; goto done; } } diff --git a/tests/data/lang-out.ldif b/tests/data/lang-out.ldif index 45d1a1580f..55bef249ad 100644 --- a/tests/data/lang-out.ldif +++ b/tests/data/lang-out.ldif @@ -2,7 +2,7 @@ dn: o=University of Michigan,c=US objectClass: organization objectClass: extensibleObject o: University of Michigan -o;lang-x;lang-xx;lang-yy;lang-z;lang-y;lang-zz: University of Michigan +o;lang-x;lang-xx;lang-y;lang-yy;lang-z;lang-zz: University of Michigan name;lang-en-us: Billy Ray name;lang-en-us: Billy Bob cn;lang-en-us: Billy Ray @@ -12,7 +12,7 @@ sn: Ray dn: o=University of Michigan,c=US o: University of Michigan -o;lang-x;lang-xx;lang-yy;lang-z;lang-y;lang-zz: University of Michigan +o;lang-x;lang-xx;lang-y;lang-yy;lang-z;lang-zz: University of Michigan name;lang-en-us: Billy Ray name;lang-en-us: Billy Bob cn;lang-en-us: Billy Ray