|
 |
dc8c34 |
From 5b66557b5f389ae4d1902121ee1076ed3587bbf9 Mon Sep 17 00:00:00 2001
|
|
|
dc8c34 |
From: "Thierry bordaz (tbordaz)" <tbordaz@redhat.com>
|
|
|
dc8c34 |
Date: Thu, 16 May 2013 15:28:47 +0200
|
|
|
dc8c34 |
Subject: [PATCH 61/99] Ticket 47361 - Empty control list causes LDAP protocol
|
|
|
dc8c34 |
error is thrown
|
|
|
dc8c34 |
|
|
|
dc8c34 |
Bug Description:
|
|
|
dc8c34 |
|
|
|
dc8c34 |
If a request contains a list of controls containing zero control, it does
|
|
|
dc8c34 |
not conform RFC http://tools.ietf.org/html/rfc4511#section-4.1.11. Then the
|
|
|
dc8c34 |
server returns a Protocol Error.
|
|
|
dc8c34 |
This is too restrictive for some applications.
|
|
|
dc8c34 |
Note: such application needs to be linked with old version of mozldap or openldap
|
|
|
dc8c34 |
because recent version skip sending empty list of controls
|
|
|
dc8c34 |
|
|
|
dc8c34 |
Fix Description:
|
|
|
dc8c34 |
The fix is to ignore this error and let the operation complete
|
|
|
dc8c34 |
|
|
|
dc8c34 |
https://fedorahosted.org/389/ticket/47361
|
|
|
dc8c34 |
|
|
|
dc8c34 |
Reviewed by: Rich Megginson (thanks Rich !)
|
|
|
dc8c34 |
|
|
|
dc8c34 |
Platforms tested: F17 (unit + acceptance vlv/proxy/managed/psearch/tls/bindcontrol)
|
|
|
dc8c34 |
|
|
|
dc8c34 |
Flag Day: no
|
|
|
dc8c34 |
|
|
|
dc8c34 |
Doc impact: no
|
|
|
dc8c34 |
(cherry picked from commit 76c87bd8c4d8b075b9615858b74f2caf7a95b2d5)
|
|
|
dc8c34 |
---
|
|
|
dc8c34 |
ldap/servers/slapd/control.c | 32 +++++++++++++++++++++-----------
|
|
|
dc8c34 |
1 file changed, 21 insertions(+), 11 deletions(-)
|
|
|
dc8c34 |
|
|
|
dc8c34 |
diff --git a/ldap/servers/slapd/control.c b/ldap/servers/slapd/control.c
|
|
|
dc8c34 |
index fc3ab9f..e614d50 100644
|
|
|
dc8c34 |
--- a/ldap/servers/slapd/control.c
|
|
|
dc8c34 |
+++ b/ldap/servers/slapd/control.c
|
|
|
dc8c34 |
@@ -354,17 +354,27 @@ get_ldapmessage_controls_ext(
|
|
|
dc8c34 |
len = -1; /* reset for next loop iter */
|
|
|
dc8c34 |
}
|
|
|
dc8c34 |
|
|
|
dc8c34 |
- if ( (tag != LBER_END_OF_SEQORSET) && (len != -1) ) {
|
|
|
dc8c34 |
- goto free_and_return;
|
|
|
dc8c34 |
- }
|
|
|
dc8c34 |
-
|
|
|
dc8c34 |
- slapi_pblock_set( pb, SLAPI_REQCONTROLS, ctrls );
|
|
|
dc8c34 |
- managedsait = slapi_control_present( ctrls,
|
|
|
dc8c34 |
- LDAP_CONTROL_MANAGEDSAIT, NULL, NULL );
|
|
|
dc8c34 |
- slapi_pblock_set( pb, SLAPI_MANAGEDSAIT, &managedsait );
|
|
|
dc8c34 |
- pwpolicy_ctrl = slapi_control_present( ctrls,
|
|
|
dc8c34 |
- LDAP_X_CONTROL_PWPOLICY_REQUEST, NULL, NULL );
|
|
|
dc8c34 |
- slapi_pblock_set( pb, SLAPI_PWPOLICY, &pwpolicy_ctrl );
|
|
|
dc8c34 |
+ if (curcontrols == 0) {
|
|
|
dc8c34 |
+ int ctrl_not_found = 0; /* means that a given control is not present in the request */
|
|
|
dc8c34 |
+
|
|
|
dc8c34 |
+ slapi_pblock_set(pb, SLAPI_REQCONTROLS, NULL);
|
|
|
dc8c34 |
+ slapi_pblock_set(pb, SLAPI_MANAGEDSAIT, &ctrl_not_found);
|
|
|
dc8c34 |
+ slapi_pblock_set(pb, SLAPI_PWPOLICY, &ctrl_not_found);
|
|
|
dc8c34 |
+ slapi_log_error(SLAPI_LOG_CONNS, "connection", "Warning: conn=%d op=%d contains an empty list of controls\n",
|
|
|
dc8c34 |
+ pb->pb_conn->c_connid, pb->pb_op->o_opid);
|
|
|
dc8c34 |
+ } else {
|
|
|
dc8c34 |
+ if ((tag != LBER_END_OF_SEQORSET) && (len != -1)) {
|
|
|
dc8c34 |
+ goto free_and_return;
|
|
|
dc8c34 |
+ }
|
|
|
dc8c34 |
+
|
|
|
dc8c34 |
+ slapi_pblock_set(pb, SLAPI_REQCONTROLS, ctrls);
|
|
|
dc8c34 |
+ managedsait = slapi_control_present(ctrls,
|
|
|
dc8c34 |
+ LDAP_CONTROL_MANAGEDSAIT, NULL, NULL);
|
|
|
dc8c34 |
+ slapi_pblock_set(pb, SLAPI_MANAGEDSAIT, &managedsait);
|
|
|
dc8c34 |
+ pwpolicy_ctrl = slapi_control_present(ctrls,
|
|
|
dc8c34 |
+ LDAP_X_CONTROL_PWPOLICY_REQUEST, NULL, NULL);
|
|
|
dc8c34 |
+ slapi_pblock_set(pb, SLAPI_PWPOLICY, &pwpolicy_ctrl);
|
|
|
dc8c34 |
+ }
|
|
|
dc8c34 |
|
|
|
dc8c34 |
if ( controlsp != NULL ) {
|
|
|
dc8c34 |
*controlsp = ctrls;
|
|
|
dc8c34 |
--
|
|
|
dc8c34 |
1.8.1.4
|
|
|
dc8c34 |
|