Discussion:
str2result() and slapd-sock
Michael Ströder
2015-09-24 18:07:04 UTC
Permalink
HI!

I'm trying to find out why slapd-socks always outputs all lines returned by
the external sock listeners with comment "unknown" although everything seems
to work correctly.

----------------------------- snip -----------------------------
5603fc08 conn=1000 op=1 BIND dn="uid=ÀöÌÄÖÜß,ou=realdb,dc=example,dc=org"
method=128
5603fc08 str2result (msgid: 2
code: 49
matched: uid=ÀöÌÄÖÜß,ou=realdb,dc=example,dc=org
info: You loose! (wrong password)

) unknown
5603fc08 str2result (
) unknown
5603fc08 conn=1000 op=1 RESULT tag=97 err=49 text= You loose! (wrong password)
----------------------------- snip -----------------------------

The (correct) Python string returned by the listener was:

'RESULT\nmsgid: 2\ncode: 49\nmatched:
uid=\xc3\xa4\xc3\xb6\xc3\xbc\xc3\x84\xc3\x96\xc3\x9c\xc3\x9f,ou=realdb,dc=example,dc=org\ninfo:
You loose! (wrong password)\n\n'

I tried to understand what's going on in str2result()
(in file servers/slapd/result.c) but failed.

AFAICS in slapd-sock(5) the external listener should always return a line with
"code: <digit>" after the "RESULT" line. But to me it seems that the function
would return with rc=0 if there's only a single "RESULT" line (due to break in
line 1674).

And I also can't see why the else clause in 1727 is reached.
I wonder whether slapd-sock is confused by the two trailing line feeds.

Ciao, Michael.
Michael Ströder
2015-09-24 18:41:03 UTC
Permalink
Post by Michael Ströder
I'm trying to find out why slapd-socks always outputs all lines returned by
the external sock listeners with comment "unknown" although everything seems
to work correctly.
----------------------------- snip -----------------------------
5603fc08 conn=1000 op=1 BIND dn="uid=ÀöÌÄÖÜß,ou=realdb,dc=example,dc=org"
method=128
5603fc08 str2result (msgid: 2
code: 49
matched: uid=ÀöÌÄÖÜß,ou=realdb,dc=example,dc=org
info: You loose! (wrong password)
) unknown
5603fc08 str2result (
) unknown
5603fc08 conn=1000 op=1 RESULT tag=97 err=49 text= You loose! (wrong password)
----------------------------- snip -----------------------------
You loose! (wrong password)\n\n'
I tried to understand what's going on in str2result()
(in file servers/slapd/result.c) but failed.
AFAICS in slapd-sock(5) the external listener should always return a line with
"code: <digit>" after the "RESULT" line. But to me it seems that the function
would return with rc=0 if there's only a single "RESULT" line (due to break in
line 1674).
And I also can't see why the else clause in 1727 is reached.
I wonder whether slapd-sock is confused by the two trailing line feeds.
AFAICT the else statement with the debug statement is hit because the
"RESULT\n" line is not really consumed before the while loop (line 1671) and
that results in this wrong output. s is still at the beginning of "RESULT\n"
line when entering the while loop.

Is that correct?

Ciao, Michael.
Michael Ströder
2015-09-24 21:08:29 UTC
Permalink
Post by Michael Ströder
Post by Michael Ströder
I'm trying to find out why slapd-socks always outputs all lines returned by
the external sock listeners with comment "unknown" although everything seems
to work correctly.
----------------------------- snip -----------------------------
5603fc08 conn=1000 op=1 BIND dn="uid=ÀöÌÄÖÜß,ou=realdb,dc=example,dc=org"
method=128
5603fc08 str2result (msgid: 2
code: 49
matched: uid=ÀöÌÄÖÜß,ou=realdb,dc=example,dc=org
info: You loose! (wrong password)
) unknown
5603fc08 str2result (
) unknown
5603fc08 conn=1000 op=1 RESULT tag=97 err=49 text= You loose! (wrong password)
----------------------------- snip -----------------------------
You loose! (wrong password)\n\n'
I tried to understand what's going on in str2result()
(in file servers/slapd/result.c) but failed.
AFAICS in slapd-sock(5) the external listener should always return a line with
"code: <digit>" after the "RESULT" line. But to me it seems that the function
would return with rc=0 if there's only a single "RESULT" line (due to break in
line 1674).
And I also can't see why the else clause in 1727 is reached.
I wonder whether slapd-sock is confused by the two trailing line feeds.
AFAICT the else statement with the debug statement is hit because the
"RESULT\n" line is not really consumed before the while loop (line 1671) and
that results in this wrong output. s is still at the beginning of "RESULT\n"
line when entering the while loop.
Forgot to note that the info and matched fields returned to the LDAP client
have an extra preceding space probably the one after the colon:

=> LDAPError - INVALID_CREDENTIALS: {'info': ' You loose! (wrong password)',
'matched': '
uid=\xc3\xa4\xc3\xb6\xc3\xbc\xc3\x84\xc3\x96\xc3\x9c\xc3\x9f,ou=realdb,dc=example,dc=org',
'desc': 'Invalid credentials'}

Leaving away result line with "msgid:" and the trailing line feed is slightly
better but results in slapd output "socket connect(sockdb-listener) failed".
Also it does not match the spec in slapd-sock(5).

The Python result string is:
'RESULT\ncode: 49\nmatched:
uid=\xc3\xa4\xc3\xb6\xc3\xbc\xc3\x84\xc3\x96\xc3\x9c\xc3\x9f,ou=realdb,dc=example,dc=org\ninfo:
You loose! (wrong password)'

Ciao, Michael.

Loading...