httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "William A. Rowe, Jr." <wr...@rowe-clan.net>
Subject Re: svn commit: r265755 - in /apr/apr-util/trunk/ldap: apr_ldap_init.c apr_ldap_option.c
Date Thu, 01 Sep 2005 18:12:15 GMT
FYI this totally borked any 2.1.7 candidate (built on Win32
with the psdk layered atop the vc98, using zlib 1.2.3, final
OpenSSL 0.9.8, apr and apr-util 1.2.1 and apr-iconv 1.0.2).

If you are familiar with linking on Win32, you are probably
aware that some modules are linked by name (e.g. our httpd
application in 2.0) and some are linked by ordinal (including
older 1.3 builds).

An MS .lib file to bind to a .dll is simply a bunch of stubs
and .dll index information.  It turns out the lib that shipped
with Visual C was horribly corrupt with respect to the version
of c:\windows\system32\wldap32.dll shipped with Windows 2000.

Have a look at the bindings that are created, when comparing
our modules to what they map to in wldap32.dll on W2k (note
that I used depends.exe, a utility shipped with every version
of visual studio)... the numbers below are the 'ordinals'...

apr-util.so:
022 ldap_err2string
136 ldap_get_option      ** PSDK binding
138 ldap_get_paged_count ** VC98 binding
143 ldap_init            ** PSDK binding
145 ldap_initW           ** VC98 binding
211 ldap_set_option      ** PSDK binding
213 ldap_simple_bindA    ** VC98 binding
330 ldap_start_tls_s     ** PSDK binding (VC98 .lib build fails)
                         << not found in wldap32.dll(!)
331 ldap_stop_tls_s      ** PSDK binding (VC98 .lib build fails)
                         << not found in wldap32.dll(!)

It turns out that we defined APR_HAS_LDAP_START_TLS_S as 0
by default for the win32 build.  But we never tested this
flag in apr_ldap_option.c - and that entry point is present
in the platform sdk.  But this ordinal doesn't exist, nor
does the function exist, apparently, in wldap32.dll on this
Windows 2000 box.  The user will immediately hit the error

  'httpd.exe - can't load module'

when trying to start - because httpd.exe is bound to aprutil-1.dll,
which is bound to this non-existant entry point in wldap32.dll.

And it gets worse in mod_ldap.so ....

mod_ldap.so:
 22 ldap_err2string
 26 ldap_first_entry
 30 ldap_get_dn
 34 ldap_get_values
 36 ldap_count_entries
 38 ldap_value_free
 41 ldap_msgfree
 46 ldap_unbind_s
 52 ldap_compare_s
 60 ldap_simple_bind_s
136 ldap_get_option      ** PSDK binding
138 ldap_get_paged_count ** VC98 binding
143 ldap_init            ** PSDK binding
145 ldap_initW           ** VC98 binding
195 ldap_search_ext_s    ** PSDK binding
200 ldap_memfree
203 ldap_search_ext_sW   ** VC98 binding
211 ldap_set_option      ** PSDK binding
213 ldap_simple_bindA    ** VC98 binding

You can see that the VC98 bindings are totally borked, the
wldap32.lib shipped in Visual C 98 just didn't correspond
to any modern wldap32.dll file.

So... we have to

 * respect APR_HAS_LDAP_START_TLS_S.  If the user wants to
   toggle it, because they have an unusually modern wldap32.dll
   with those start_tls/stop_tls functions, jolly for them.
   But by default for our distro; no.

 * respect APR_HAS_LDAP_SSLINIT, which is already defined to 1
   on Windows.  We made the exception for APR_HAS_LDAPSSL_INIT
   based on the Netware SDK (ick) so even that init path now
   respects APR_HAS_LDAPSSL_INIT as well.

 * Test how portable (win98? nt?) the ldap_sslinit() is across
   the wldap32.dll files.  Also find out if older flavors of
   wldap32.dll actually use those 'bogus' ldap entry points.

All of this boils down to libaprutil-1.dll.  In the previous
0.9 generation, we never actually *linked* to the ldap dll
until we build mod_ldap/mod_auth_ldap.  If the symbols were
borked, there was no harm until the user tried to use ldap.

It is possible to use our dynamic function mapping logic,
the way we bind to the Unicode functions in APR, to actually
bring in the wldap32.dll symbols by name, and even test the
features on the fly.  That's another project, perhaps for
someone else eager to continue the fight ... Bookmark this
post for reference before you go into battle :)

In the meantime, this should probably get most users running
on Win32, and after 2.1.8 (beta, perhaps :) we can find out
how many Win32 users are still impacted by the wldap32.dll
issues and inconsistencies.

Bill

At 12:01 PM 9/1/2005, wrowe@apache.org wrote:
>Author: wrowe
>Date: Thu Sep  1 10:01:49 2005
>New Revision: 265755
>
>URL: http://svn.apache.org/viewcvs?rev=265755&view=rev
>Log:
>
>  Correct the use-case checking to determine our ldap[ssl]_[ssl]init()
>  choice.  This isn't platform specific, it must be based on our
>  apu_ldap.h configuration choices, APR_HAS_LDAP_SSLINIT and 
>  APR_HAS_LDAPSSL_INIT are already flagged correctly on Netware, Win32.
>
>  And follow the APR_HAS_LDAP_START_TLS_S election on Win32, because
>  the platform SDK exports a binding to ordinals 330/331 for start/stop
>  TLS, but these entry points are missing on Windows 2000 Pro SP4, and
>  likely many other flavors of WLDAP32.DLL.  
>
>  Note that the WLDAP32.DLL is bound by ordinals, not by fn names, so
>  VC98 for example provides an invalid wldap32.lib with the wrong
>  ordinal numbers.  Only use the platform SDK, and use depends.exe to
>  ensure that the elected functions are correct.  One good thing; the
>  VC98 flavor is an LDAPv2 toolkit, while the PSDK is an LDAPv3 which
>  passes the #ifndef/#error backstop.  So it's unlikely a user will
>  bind to the wrong wldap32.lib if the LIB and INCLUDES paths on their
>  configuration keeps the VC and PSDK paths in the same order relative
>  to the other envvar.
>
>Modified:
>    apr/apr-util/trunk/ldap/apr_ldap_init.c
>    apr/apr-util/trunk/ldap/apr_ldap_option.c
>
>Modified: apr/apr-util/trunk/ldap/apr_ldap_init.c
>URL: http://svn.apache.org/viewcvs/apr/apr-util/trunk/ldap/apr_ldap_init.c?rev=265755&r1=265754&r2=265755&view=diff
>==============================================================================
>--- apr/apr-util/trunk/ldap/apr_ldap_init.c (original)
>+++ apr/apr-util/trunk/ldap/apr_ldap_init.c Thu Sep  1 10:01:49 2005
>@@ -145,8 +145,10 @@
>     apr_ldap_err_t *result = (apr_ldap_err_t *)apr_pcalloc(pool, sizeof(apr_ldap_err_t));
>     *result_err = result;
> 
>-#if APR_HAS_NOVELL_LDAPSDK
>+#if APR_HAS_LDAPSSL_INIT
>     *ldap = ldapssl_init(hostname, portno, 0);
>+#elif APR_HAS_LDAP_SSLINIT
>+    *ldap = ldap_sslinit((char *)hostname, portno, 0);
> #else
>     *ldap = ldap_init((char *)hostname, portno);
> #endif
>
>Modified: apr/apr-util/trunk/ldap/apr_ldap_option.c
>URL: http://svn.apache.org/viewcvs/apr/apr-util/trunk/ldap/apr_ldap_option.c?rev=265755&r1=265754&r2=265755&view=diff
>==============================================================================
>--- apr/apr-util/trunk/ldap/apr_ldap_option.c (original)
>+++ apr/apr-util/trunk/ldap/apr_ldap_option.c Thu Sep  1 10:01:49 2005
>@@ -304,6 +304,7 @@
>             result->msg = ldap_err2string(result->rc);
>         }
>     }
>+#if APR_HAS_LDAP_START_TLS_S
>     else if (tls == APR_LDAP_STARTTLS) {
>         result->rc = ldap_start_tls_s(ldap, NULL, NULL, NULL, NULL);
>         if (result->rc != LDAP_SUCCESS) {
>@@ -318,6 +319,7 @@
>             result->msg = ldap_err2string(result->rc);
>         }
>     }
>+#endif
> #endif
> 
> #if APR_HAS_OTHER_LDAPSDK



Mime
View raw message