[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: io.c:710: ber_get_next: Assertion '0' failed. (ITS#3278)



 
I've done a lot of debugging and have determined the source of the
problem.  There are four connections active, one for the original
requests and one for each of the three referrals that Active Directory
generates (let's call them A, B, and C).  The sequence of events that
leads to the assertion is this:  send a bind request using A, have some
activity on B, get a response on A which completes the bind, call
ldap_pvt_sasl_install, send a request on A (without sasl I/O), receive a
response on A that can't be interpretted (ethereal showed it to be a
sasl/gss protected mesage), and eventually fall into the assertion.  The
problem is the ldap_pvt_sasl_install call which is supposed to install
the sasl I/O layer for A is actually being called for B.  

In libraries/libldap/cyrus.c ldap_int_sasl_bind() around line 827 is:

	ldap_pvt_sasl_install( ld->ld_conns->lconn_sb, ctx );

It's using the first entry in the ld_conns list of server connections
and assuming that's the right one.  Usually it is, but sometimes it's
not.  Because of the parameters being passed to the ldap_sasl_bind_s()
calls earlier in ldap_int_sasl_bind(), I determined that the connection
being used for the bind was ld->ld_defconn.  When I tried
ld->ld_defconn->lconn_sb with the call to ldap_pvt_sasl_install() the
problem went away.  

The real issue is that ldap_int_sasl_bind() needs a better way of
determining the correct connection to use when installing the sasl I/O
layer.