Bug 215294 - [PATCH] [RHEL4] ldapsearch subentries GSSAPI failure.
Summary: [PATCH] [RHEL4] ldapsearch subentries GSSAPI failure.
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 4
Classification: Red Hat
Component: openldap
Version: 4.4
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
: ---
Assignee: Jan Safranek
QA Contact: Jay Turner
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2006-11-13 10:23 UTC by Jose Plans
Modified: 2018-10-19 20:31 UTC (History)
2 users (show)

Fixed In Version: RHBA-2007-0739
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2007-11-15 16:04:17 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)
output_failure.log (311.55 KB, text/plain)
2006-11-13 10:23 UTC, Jose Plans 		no flags Details
sb_sasl_readwrites.patch (1.91 KB, patch)
2006-11-13 10:31 UTC, Jose Plans 		no flags Details | Diff
View All


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2007:0739 0 normal SHIPPED_LIVE openldap bug fix update 2007-11-14 17:01:29 UTC

Description Jose Plans 2006-11-13 10:23:45 UTC 
Description of problem:

When querying for subschemaSubentries using GSSAPI, ldapsearch fails reporting
"Can't contact LDAP server (-1)". All other queries work fine.

Adding more debug, we have found that the sb_sasl_read() function returns
failure as server bufer size differ and seems bigger than what the client
expects. 

--
sb_sasl_read: failed to decode packet: generic failure
ldap_read: want=8 error=Input/output error
ber_get_next failed.
ldap_perror
ldap_result: Can't contact LDAP server (-1)
--

Checking then upstream, it has been fixed and attached is the backported patch
for this release. 

Customer has confirm the fix.



Version-Release number of selected component (if applicable):
openldap 2.2.13-6.4



How reproducible:
Always.

Steps to Reproduce:
1. ldapsearch -ZZ -H ldap://ldap_server -s base -b "cn=Subschema" attributeTypes
 -Y GSSAPI
  
Actual results:
Failure (see attachment output_failure.log)

Expected results:
Success (see attachment output_success.log)

Additional info:
Fix attached.

Jose
Comment 3 Jose Plans 2006-11-13 10:31:20 UTC 
Created attachment 141033 [details]
sb_sasl_readwrites.patch

The most important bit of this patch is :
---
-	if ( ret <= 0 ) {
-		/* caller will retry, so clear this buffer out */
-		p->buf_out.buf_ptr = p->buf_out.buf_end;
-		return ret;
-	}
+	/* return number of bytes encoded, not written, to ensure
+	 * no byte is encoded twice (even if only sent once).
+	 */
	return len;
 }
---
Comment 5 RHEL Program Management 2006-11-21 18:44:42 UTC 
This request was evaluated by Red Hat Product Management for inclusion in a Red
Hat Enterprise Linux maintenance release.  Product Management has requested
further review of this request by Red Hat Engineering, for potential
inclusion in a Red Hat Enterprise Linux Update release for currently deployed
products.  This request is not yet committed for inclusion in an Update
release.
Comment 8 RHEL Program Management 2007-05-09 08:55:22 UTC 
This request was evaluated by Red Hat Product Management for inclusion in a Red
Hat Enterprise Linux maintenance release.  Product Management has requested
further review of this request by Red Hat Engineering, for potential
inclusion in a Red Hat Enterprise Linux Update release for currently deployed
products.  This request is not yet committed for inclusion in an Update
release.
Comment 13 errata-xmlrpc 2007-11-15 16:04:17 UTC 
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2007-0739.html
Note You need to log in before you can comment on or make changes to this bug.