[Date Prev][Date Next] [Chronological] [Thread] [Top]

bug in referral handling of do_extended() in slapd's extended.c



hi all!

i posted this issue to openldap-software a week ago, but haven't
received an answer yet. so i began to debug and search myself and
discovered a bug in slapd's handling of LDAP_REQ_EXTENDED requests.

i came across this issue, when i tried to change an entry's userpassword
attribute with ldappasswd. by mistake i ran ldappasswd with a slave
slapd as host argument. instead of sending an LDAP_REFERRAL error code
to the client, the slave slapd dies.

debugging of version 2.0.21 showed that slapd exits in function
send_ldap_response() in result.c on line 289:

			if ( ref != NULL ) {
				assert( err == LDAP_REFERRAL );
				rc = ber_printf( ber, "t{V}",
					LDAP_TAG_REFERRAL, ref );
			} else {
289				assert( err != LDAP_REFERRAL );
			}

so, ref is NULL, although the error code is LDAP_REFERRAL.

i tracked the error back to the function do_extended() in extended.c,
where i came across these lines of code:

151	rc = (ext->ext_main)( conn, op,
		reqoid, reqdata,
		&rspoid, &rspdata, &rspctrls, &text, &refs );

	if( rc != SLAPD_ABANDON ) {
		if (rc == LDAP_REFERRAL) {
157			refs = default_referral;
		}

		send_ldap_extended( conn, op, rc, NULL, text, refs,
			rspoid, rspdata, rspctrls );
	}

in line 151, do_extended() calls (ext->ext_main), in this case
passwd_extop() in passwd.c. passwd_extop() correctly returns error code
LDAP_REFERRAL, but, although passwd_extop() sets the refs variable to
the in slapd.conf configured referral, do_extended() resets refs to
default_referral in line 157, thus causing the assertion on line 289 in
result.c to fail.

the attached patch file is against openldap-2.0.21 and changes line 157
to:

                if (rc == LDAP_REFERRAL) {
157                        refs ? refs : default_referral;
                }

with this patch applied, the recompiled slave slapd correctly answers an
ldappasswd request with LDAP_REFERRAL.

regards,
tom.

-- 

Thomas Hager                  | "Microsoft is not the answer.
Technical Product Development |  Microsoft is the question.
thomas.hager@1012surf.net     |  NO is the answer."
http://www.telering.at        |          Erik Naggum.

Attachment: openldap-slapd-do_extended.patch.gz
Description: GNU Zip compressed data

Attachment: signature.asc
Description: This is a digitally signed message part