[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
security layers with gssapi or starttls cause ldapsearch to hang (ITS#3124)
Full_Name: Norbert Klasen
Version: head
OS: SuSE Linux 8.1
URL: ftp://ftp.openldap.org/incoming/norbert-klasen-20040501-w2k3-gssapi-maxssf1-msgid4-search-entry-result.pcap
Submission from: (NULL) (80.140.232.66)
Hi,
an ldapsearch against an Active Directoy or eDirectoy hangs after receiving
search-result if security layers (either GSSAPI and StartTLS) are enabled. This
is with cyrus-sasl 2.0.18, heimdal 0.6.1 and openssl 0.9.6g.
0x4027be0e in select () from /lib/i686/libc.so.6
(gdb) bt
#0 0x4027be0e in select () from /lib/i686/libc.so.6
#1 0x400436fc in __JCR_LIST__ () from
/home/norbert/openldap/lib/libldap-2-devel.so.0
#2 0x4001d874 in wait4msg (ld=0x8055340, msgid=-1, all=0, timeout=0x0,
result=0xbfffd404) at result.c:329
#3 0x4001d463 in ldap_result (ld=0x8055340, msgid=-1, all=0, timeout=0x0,
result=0xbfffd404) at result.c:126
#4 0x0804b954 in dosearch (ld=0x8055340, base=0x8054688 "", scope=0,
filtpatt=0x0,
value=0x805a1e0 "\004", attrs=0xbffff590, attrsonly=0, sctrls=0x0,
cctrls=0x0,
timeout=0x0, sizelimit=-1) at ldapsearch.c:958
#5 0x0804b119 in main (argc=0, argv=0xbffff564) at ldapsearch.c:819
#6 0x401ce4c2 in __libc_start_main () from /lib/i686/libc.so.6
> ldapsearch -h thinkpad.ad.local -s base -b "" -Y GSSAPI -d -1 1.1
[...]
SASL username: norbert@AD.LOCAL
SASL SSF: 1
SASL installing layers
ldap_pvt_sasl_install
# extended LDIF
#
# LDAPv3
# base <> with scope baseObject
# filter: (objectclass=*)
# requesting: 1.1
#
ldap_search_ext
put_filter: "(objectclass=*)"
put_filter: simple
put_simple_filter: "objectclass=*"
ldap_send_initial_request
ldap_send_server_request
ber_flush: 44 bytes to sd 3
0000: 30 2a 02 01 04 63 25 04 00 0a 01 00 0a 01 00 02 0*...c%.........
0010: 01 00 02 01 00 01 01 00 87 0b 6f 62 6a 65 63 74 ..........object
0020: 63 6c 61 73 73 30 05 04 03 31 2e 31 class0...1.1
sasl_write: want=94, written=94
0000: 00 00 00 5a 60 58 06 09 2a 86 48 86 f7 12 01 02 ...Z`X..*.H.....
0010: 02 02 01 11 00 ff ff ff ff 87 f7 2f 4a 03 2e 99 .........../J...
0020: fd 44 51 51 1d 0d be 3b 46 a6 bd 79 28 ce dd 34 .DQQ...;F..y(..4
0030: ba 30 2a 02 01 04 63 25 04 00 0a 01 00 0a 01 00 .0*...c%........
0040: 02 01 00 02 01 00 01 01 00 87 0b 6f 62 6a 65 63 ...........objec
0050: 74 63 6c 61 73 73 30 05 04 03 31 2e 31 01 tclass0...1.1.
ldap_write: want=44, written=44
0000: 30 2a 02 01 04 63 25 04 00 0a 01 00 0a 01 00 02 0*...c%.........
0010: 01 00 02 01 00 01 01 00 87 0b 6f 62 6a 65 63 74 ..........object
0020: 63 6c 61 73 73 30 05 04 03 31 2e 31 class0...1.1
ldap_result msgid -1
ldap_chkResponseList for msgid=-1, all=0
ldap_chkResponseList returns NULL
wait4msg (infinite timeout), msgid -1
wait4msg continue, msgid -1, all 0
** Connections:
* host: thinkpad.ad.local port: 389 (default)
refcnt: 2 status: Connected
last used: Sat May 1 12:44:49 2004
** Outstanding Requests:
* msgid 4, origid 4, status InProgress
outstanding referrals 0, parent count 0
** Response Queue:
Empty
ldap_chkResponseList for msgid=-1, all=0
ldap_chkResponseList returns NULL
ldap_int_select
read1msg: msgid -1, all 0
ber_get_next
sasl_read: want=4, got=4
0000: 00 00 00 5b ...[
sasl_read: want=91, got=91
0000: 60 59 06 09 2a 86 48 86 f7 12 01 02 02 02 01 11 `Y..*.H.........
0010: 00 ff ff ff ff 4d 2b 23 0e 5c 16 36 7a 8a 89 88 .....M+#.\.6z...
0020: 6b a4 55 00 00 6a 50 d9 c8 22 6e 35 48 30 84 00 k.U..jP.."n5H0..
0030: 00 00 11 02 01 04 64 84 00 00 00 08 04 00 30 84 ......d.......0.
0040: 00 00 00 00 30 84 00 00 00 10 02 01 04 65 84 00 ....0........e..
0050: 00 00 07 0a 01 00 04 00 04 00 01 ...........
ldap_read: want=8, got=8
0000: 30 84 00 00 00 11 02 01 0.......
ldap_read: want=15, got=15
0000: 04 64 84 00 00 00 08 04 00 30 84 00 00 00 00 .d.......0.....
ber_get_next: tag 0x30 len 17 contents:
ber_dump: buf=0x080554c0 ptr=0x080554c0 end=0x080554d1 len=17
0000: 02 01 04 64 84 00 00 00 08 04 00 30 84 00 00 00 ...d.......0....
0010: 00 .
ldap_read: message type search-entry msgid 4, original id 4
ldap_get_dn_ber
ber_scanf fmt ({ml{) ber:
ber_dump: buf=0x080554c0 ptr=0x080554c3 end=0x080554d1 len=14
0000: 64 84 00 00 00 08 04 00 30 84 00 00 00 00 d.......0.....
ldap_dn2ufn
ldap_dn_normalize
=> ldap_bv2dn(,0)
=> ldap_dn2bv(64)
#
dn:
ber_scanf fmt ({xx) ber:
ber_dump: buf=0x080554c0 ptr=0x080554c3 end=0x080554d1 len=14
0000: 64 84 00 00 00 08 04 00 00 84 00 00 00 00 d.............
ldap_get_attribute_ber
ldap_msgfree
ldap_result msgid -1
ldap_chkResponseList for msgid=-1, all=0
ldap_chkResponseList returns NULL
wait4msg (infinite timeout), msgid -1
wait4msg continue, msgid -1, all 0
** Connections:
* host: thinkpad.ad.local port: 389 (default)
refcnt: 2 status: Connected
last used: Sat May 1 12:44:49 2004
** Outstanding Requests:
* msgid 4, origid 4, status InProgress
outstanding referrals 0, parent count 0
** Response Queue:
Empty
ldap_chkResponseList for msgid=-1, all=0
ldap_chkResponseList returns NULL
read1msg: msgid -1, all 0
ber_get_next
ldap_read: want=8, got=8
0000: 30 84 00 00 00 10 02 01 0.......
ldap_read: want=14, got=14
0000: 04 65 84 00 00 00 07 0a 01 00 04 00 04 00 .e............
ber_get_next: tag 0x30 len 16 contents:
ber_dump: buf=0x080554c0 ptr=0x080554c0 end=0x080554d0 len=16
0000: 02 01 04 65 84 00 00 00 07 0a 01 00 04 00 04 00 ...e............
ldap_read: message type search-result msgid 4, original id 4
ber_scanf fmt ({iaa) ber:
ber_dump: buf=0x080554c0 ptr=0x080554c3 end=0x080554d0 len=13
0000: 65 84 00 00 00 07 0a 01 00 04 00 04 00 e............
read1msg: 0 new referrals
read1msg: mark request completed, id = 4
request 4 done
res_errno: 0, res_error: <>, res_matched: <>
ldap_free_request (origid 4, msgid 4)
ldap_free_connection
ldap_free_connection: refcnt 1
ldap_int_select