Bug 215294 - [PATCH] [RHEL4] ldapsearch subentries GSSAPI failure.
[PATCH] [RHEL4] ldapsearch subentries GSSAPI failure.
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 4
Classification: Red Hat
Component: openldap (Show other bugs)
4.4
All Linux
medium Severity medium
: ---
: ---
Assigned To: Jan Safranek
Jay Turner
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2006-11-13 05:23 EST by Jose Plans
Modified: 2015-01-07 19:15 EST (History)
2 users (show)

See Also:
Fixed In Version: RHBA-2007-0739
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-11-15 11:04:17 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
output_failure.log (311.55 KB, text/plain)
2006-11-13 05:23 EST, Jose Plans
no flags Details
sb_sasl_readwrites.patch (1.91 KB, patch)
2006-11-13 05:31 EST, Jose Plans
no flags Details | Diff

  None (edit)
Description Jose Plans 2006-11-13 05:23:45 EST
Description of problem:

When querying for subschemaSubentries using GSSAPI, ldapsearch fails reporting
"Can't contact LDAP server (-1)". All other queries work fine.

Adding more debug, we have found that the sb_sasl_read() function returns
failure as server bufer size differ and seems bigger than what the client
expects. 

--
sb_sasl_read: failed to decode packet: generic failure
ldap_read: want=8 error=Input/output error
ber_get_next failed.
ldap_perror
ldap_result: Can't contact LDAP server (-1)
--

Checking then upstream, it has been fixed and attached is the backported patch
for this release. 

Customer has confirm the fix.



Version-Release number of selected component (if applicable):
openldap 2.2.13-6.4



How reproducible:
Always.

Steps to Reproduce:
1. ldapsearch -ZZ -H ldap://ldap_server -s base -b "cn=Subschema" attributeTypes
 -Y GSSAPI
  
Actual results:
Failure (see attachment output_failure.log)

Expected results:
Success (see attachment output_success.log)

Additional info:
Fix attached.

Jose
Comment 3 Jose Plans 2006-11-13 05:31:20 EST
Created attachment 141033 [details]
sb_sasl_readwrites.patch

The most important bit of this patch is :
---
-	if ( ret <= 0 ) {
-		/* caller will retry, so clear this buffer out */
-		p->buf_out.buf_ptr = p->buf_out.buf_end;
-		return ret;
-	}
+	/* return number of bytes encoded, not written, to ensure
+	 * no byte is encoded twice (even if only sent once).
+	 */
	return len;
 }
---
Comment 5 RHEL Product and Program Management 2006-11-21 13:44:42 EST
This request was evaluated by Red Hat Product Management for inclusion in a Red
Hat Enterprise Linux maintenance release.  Product Management has requested
further review of this request by Red Hat Engineering, for potential
inclusion in a Red Hat Enterprise Linux Update release for currently deployed
products.  This request is not yet committed for inclusion in an Update
release.
Comment 8 RHEL Product and Program Management 2007-05-09 04:55:22 EDT
This request was evaluated by Red Hat Product Management for inclusion in a Red
Hat Enterprise Linux maintenance release.  Product Management has requested
further review of this request by Red Hat Engineering, for potential
inclusion in a Red Hat Enterprise Linux Update release for currently deployed
products.  This request is not yet committed for inclusion in an Update
release.
Comment 13 errata-xmlrpc 2007-11-15 11:04:17 EST
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2007-0739.html

Note You need to log in before you can comment on or make changes to this bug.