httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "David Jones" <oscare...@gmail.com>
Subject Re: util_ldap.c use of hardcoded sizelimit on ldap_search_ext_s causing error
Date Mon, 12 Mar 2007 19:47:51 GMT
Here is the full patch.

Note there are 2 missing defines for z/OS that are added to apr_ldap.h.in.
As there is some intersection with the IBM Tivoli hits from Eric Covener's
Jan 11th post in the m4 file, I have
restricted the grep of ldap.h for the IBM string to only if host=os390.
Tivoli does set the LDAP_VENDOR_NAME, but z/OS
does not. As I'm checking the entire header not just the vendor name define
I want to make sure I don't find the string unintentionally.


Index: apr-util/build/apu-conf.m4
===================================================================
--- apr-util/build/apu-conf.m4    (revision 516457)
+++ apr-util/build/apu-conf.m4    (working copy)
@@ -219,6 +219,7 @@
 apu_has_ldap_microsoft="0"
 apu_has_ldap_netscape="0"
 apu_has_ldap_mozilla="0"
+apu_has_ldap_zos="0"
 apu_has_ldap_other="0"

 AC_ARG_WITH(ldap-include,[  --with-ldap-include=path  path to ldap include
files with trailing slash])
@@ -320,6 +321,15 @@
                                            apr_cv_ldap_toolkit="Mozilla"])
         fi
         if test "x$apr_cv_ldap_toolkit" = "x"; then
+          case "$host" in
+          *-ibm-os390)
+            AC_EGREP_CPP([IBM], [$lber_h
+                                 $ldap_h], [apu_has_ldap_zos="1"
+                                            apr_cv_ldap_toolkit="zOS"])
+            ;;
+          esac
+        fi
+        if test "x$apr_cv_ldap_toolkit" = "x"; then
           apu_has_ldap_other="1"
           apr_cv_ldap_toolkit="unknown"
         fi
@@ -348,6 +358,7 @@
 AC_SUBST(apu_has_ldap_microsoft)
 AC_SUBST(apu_has_ldap_netscape)
 AC_SUBST(apu_has_ldap_mozilla)
+AC_SUBST(apu_has_ldap_zos)
 AC_SUBST(apu_has_ldap_other)

 ])


Index: apr-util/include/apr_ldap.h.in
===================================================================
--- apr-util/include/apr_ldap.h.in    (revision 516557)
+++ apr-util/include/apr_ldap.h.in    (working copy)
@@ -40,6 +40,7 @@
 #define APR_HAS_MOZILLA_LDAPSDK   @apu_has_ldap_mozilla@
 #define APR_HAS_OPENLDAP_LDAPSDK  @apu_has_ldap_openldap@
 #define APR_HAS_MICROSOFT_LDAPSDK @apu_has_ldap_microsoft@
+#define APR_HAS_ZOS_LDAPSDK       @apu_has_ldap_zos@
 #define APR_HAS_OTHER_LDAPSDK     @apu_has_ldap_other@


@@ -93,7 +94,30 @@
 #define LDAPS_PORT 636  /* ldaps:/// default LDAP over TLS port */
 #endif

+/*
+ * For ldap function calls that input a size limit on the number of
returned elements
+ * Some SDKs do not have the define for LDAP_DEFAULT_LIMIT (-1) or
LDAP_NO_LIMIT (0)
+ */
+#if APR_HAS_ZOS_LDAPSDK
+#define APR_LDAP_SIZELIMIT LDAP_NO_LIMIT
+#else
+#ifdef LDAP_DEFAULT_LIMIT
+#define APR_LDAP_SIZELIMIT LDAP_DEFAULT_LIMIT
+#else
+#define APR_LDAP_SIZELIMIT -1 /* equivalent to LDAP_DEFAULT_LIMIT */
+#endif
+#endif

+/*
+ * z/OS is missing some defines
+ */
+#ifndef LDAP_VERSION_MAX
+#define LDAP_VERSION_MAX  LDAP_VERSION
+#endif
+#ifdef APR_HAS_ZOS_LDAPSDK
+#define LDAP_VENDOR_NAME "IBM z/OS"
+#endif
+
 /* Note: Macros defining const casting has been removed in APR v1.0,
  * pending real support for LDAP v2.0 toolkits.
  *
Index: modules/ldap/util_ldap.c
===================================================================
--- modules/ldap/util_ldap.c    (revision 510991)
+++ modules/ldap/util_ldap.c    (working copy)
@@ -52,8 +52,11 @@
 #define LDAP_CA_TYPE_BASE64             2
 #define LDAP_CA_TYPE_CERT7_DB           3

-#ifndef LDAP_NO_LIMIT
-#define LDAP_NO_LIMIT -1
+/* Default define for ldap functions that need a SIZELIMIT but
+ * do not have the define
+ */
+#ifndef APR_LDAP_SIZELIMIT
+#define APR_LDAP_SIZELIMIT -1
 #endif

 module AP_MODULE_DECLARE_DATA ldap_module;
@@ -660,7 +663,7 @@
     /* search for reqdn */
     if ((result = ldap_search_ext_s(ldc->ldap, (char *)reqdn,
LDAP_SCOPE_BASE,
                                     "(objectclass=*)", NULL, 1,
-                                    NULL, NULL, NULL, LDAP_NO_LIMIT, &res))
+                                    NULL, NULL, NULL, APR_LDAP_SIZELIMIT,
&res))
             == LDAP_SERVER_DOWN)
     {
         ldc->reason = "DN Comparison ldap_search_ext_s() "
@@ -938,7 +941,7 @@
     if ((result = ldap_search_ext_s(ldc->ldap,
                                     (char *)basedn, scope,
                                     (char *)filter, attrs, 0,
-                                    NULL, NULL, NULL, LDAP_NO_LIMIT, &res))
+                                    NULL, NULL, NULL, APR_LDAP_SIZELIMIT,
&res))
             == LDAP_SERVER_DOWN)
     {
         ldc->reason = "ldap_search_ext_s() for user failed with server
down";
@@ -1178,7 +1181,7 @@
     if ((result = ldap_search_ext_s(ldc->ldap,
                                     (char *)basedn, scope,
                                     (char *)filter, attrs, 0,
-                                    NULL, NULL, NULL, LDAP_NO_LIMIT, &res))
+                                    NULL, NULL, NULL, APR_LDAP_SIZELIMIT,
&res))
             == LDAP_SERVER_DOWN)
     {
         ldc->reason = "ldap_search_ext_s() for user failed with server
down";



On 3/8/07, Brad Nicholes <bnicholes@novell.com> wrote:
>
> Please submit a complete patch against trunk for the apr-util code that
> includes the ZOS define.  This should include the makefile magic that
> defines APR_HAS_ZOS_LDAPSDK as well.  Also include a patch for util_ldap.c
> that will define APR_LDAP_SIZELIMIT if the version of apr-util does not
> include the #define.
>
> Brad
>
> >>> On Wed, Mar 7, 2007 at  8:36 AM, in message
> <3ce0569d0703070736h2a221c2ese79fdadab5ef400c@mail.gmail.com>, "David
> Jones"
> <oscaremma@gmail.com> wrote:
> > Patch to commit if no further comments.
> > Note that it does not have the ZOS define yet, and does not synch apr-
> util
> > with httpd.
> >   to avoid synch problems i could add to util_ldap:
> > #ifndef APR_LDAP_SIZELIMIT
> > #define APR_LDAP_SIZELIMIT - 1
> > #endif
> >
> >
> >
> > Index: modules/ldap/util_ldap.c
> > ==============================
> >>
> >> =====================================
> >> ---  modules/ldap/util_ldap.c    (revision 510991)
> >> +++ modules/ldap/util_ldap.c    (working copy)
> >> @@ - 52,9 +52,6 @@
> >>  #define LDAP_CA_TYPE_BASE64             2
> >>  #define LDAP_CA_TYPE_CERT7_DB           3
> >>
> >> - #ifndef LDAP_NO_LIMIT
> >> - #define LDAP_NO_LIMIT - 1
> >> - #endif
> >>
> >>  module AP_MODULE_DECLARE_DATA ldap_module;
> >>
> >> @@ - 660,7 +657,7 @@
> >>      /* search for reqdn */
> >>      if ((result = ldap_search_ext_s(ldc- >ldap, (char *)reqdn,
> >> LDAP_SCOPE_BASE,
> >>                                      "(objectclass=*)", NULL, 1,
> >> -                                     NULL, NULL, NULL, LDAP_NO_LIMIT,
> >> &res))
> >> +                                    NULL, NULL, NULL,
> APR_LDAP_SIZELIMIT,
> >> &res))
> >>              == LDAP_SERVER_DOWN)
> >>      {
> >>          ldc- >reason = "DN Comparison ldap_search_ext_s() "
> >> @@ - 938,7 +935,7 @@
> >>      if ((result = ldap_search_ext_s(ldc- >ldap,
> >>                                      (char *)basedn, scope,
> >>                                      (char *)filter, attrs, 0,
> >> -                                     NULL, NULL, NULL, LDAP_NO_LIMIT,
> >> &res))
> >> +                                    NULL, NULL, NULL,
> APR_LDAP_SIZELIMIT,
> >> &res))
> >>              == LDAP_SERVER_DOWN)
> >>      {
> >>          ldc- >reason = "ldap_search_ext_s() for user failed with
> server
> >> down";
> >> @@ - 1178,7 +1175,7 @@
> >>      if ((result = ldap_search_ext_s(ldc- >ldap,
> >>                                      (char *)basedn, scope,
> >>                                      (char *)filter, attrs, 0,
> >> -                                     NULL, NULL, NULL, LDAP_NO_LIMIT,
> >> &res))
> >> +                                    NULL, NULL, NULL,
> APR_LDAP_SIZELIMIT,
> >> &res))
> >>              == LDAP_SERVER_DOWN)
> >>      {
> >>          ldc- >reason = "ldap_search_ext_s() for user failed with
> server
> >> down";
> >> Index: apr- util/include/apr_ldap.h.in
> >> ===================================================================
> >> ---  apr- util/include/apr_ldap.h.in    (revision 515593)
> >> +++ apr- util/include/apr_ldap.h.in    (working copy)
> >> @@ - 93,6 +93,15 @@
> >>  #define LDAPS_PORT 636  /* ldaps:/// default LDAP over TLS port */
> >>  #endif
> >>
> >> +/*
> >> + * For ldap function calls that input a size limit on the number of
> >> returned entries.
> >> + * Some SDKs do not have the define for LDAP_DEFAULT_LIMIT (- 1) or
> >> LDAP_NO_LIMIT (0)
> >> + */
> >> +#ifdef LDAP_DEFAULT_LIMIT
> >> +#define APR_LDAP_SIZELIMIT LDAP_DEFAULT_LIMIT
> >> +#else
> >> +#define APR_LDAP_SIZELIMIT - 1 /* equivalent to LDAP_DEFAULT_LIMIT */
> >> +#endif
> >>
> >>  /* Note: Macros defining const casting has been removed in APR v1.0,
> >>   * pending real support for LDAP v2.0 toolkits.
> >
> >
> >
> > On 3/2/07, Brad Nicholes <BNICHOLES@novell.com> wrote:
> >>
> >> Looks good, I think I like your first suggestion better, putting the
> >> #ifdef in apr_ldap.h.in.  This seems a little more straight forward
> rather
> >> than hiding the value in configure.
> >>
> >> Brad
> >>
> >> >>> On 3/1/2007 at 7:07 PM, in message
> >> <3ce0569d0703011807g15dcba1eq20bb20c57df6774b@mail.gmail.com>, "David
> >> Jones"
> >> <oscaremma@gmail.com> wrote:
> >> > How about:
> >> > changes to apr_ldap.h.in:
> >> > #define APR_HAS_ZOS_LDAPSDK       @apu_has_ldap_zos@
> >> >
> >> > #if APR_LDAP_HAS_ZOS_LDAPSDK
> >> > #define APR_LDAP_SIZELIMIT  LDAP_NO_LIMIT
> >> > #else
> >> > #ifdef LDAP_DEFAULT_LIMIT
> >> > #define APR_LDAP_SIZELIMIT LDAP_DEFAULT_LIMIT
> >> > #else
> >> > #define APR_LDAP_SIZELIMIT - 1 /* equivalent to LDAP_DEFAULT_LIMIT */
> >> > #endif
> >> > #endif
> >> >
> >> >
> >> > This part of  the util_ldap.c patch at the bottom could allow
> >> util_ldap.c to
> >> > compile regardless of apr- util level, but would not typically commit
> it?
> >> > +#ifndef APR_LDAP_SIZELIMIT
> >> > +#define APR_LDAP_SIZELIMIT - 1
> >> >  #endif
> >> >
> >> >
> >> >
> >> > Or could add info to apu- conf.m4 for each SDK, eliminating the need
> for
> >> the
> >> > ZOS specific #if (would just need #define APR_LDAP_SIZELIMIT
> >> > @apu_ldap_sizelimit)
> >> > (If get any input from other SDKs then could replace its  - 1 with
> >> > LDAP_DEFAULT_LIMIT or LDAP_NO_LIMIT as i did for z/OS)
> >> >
> >> > Index: apu- conf.m4
> >> > ===================================================================
> >> > RCS file: /m0xa/cvs/phoenix/2.2.4/srclib/apr- util/build/apu- conf.m4
> ,v
> >> > retrieving revision 1.2
> >> > diff - u - d - b - r1.2 apu- conf.m4
> >> > ---  apu- conf.m4 12 Feb 2007 18:19:20 - 0000      1.2
> >> > +++ apu- conf.m4 1 Mar 2007 20:07:26 - 0000
> >> >
> >> > @@ - 267,10 +273,13 @@
> >> >  apu_has_ldap_sslinit="0"
> >> >  apu_has_ldapssl_install_routines="0"
> >> >  apu_has_ldap_openldap="0"
> >> >  +apu_has_ldap_sizelimit="0"
> >> > @@ - 354,42 +363,57 @@
> >> >            AC_EGREP_CPP([OpenLDAP], [$lber_h
> >> >                         $ldap_h
> >> >                         LDAP_VENDOR_NAME], [apu_has_ldap_openldap="1"
> >> > +                                           apu_ldap_sizelimit="- 1"
> >> >
> >> apr_cv_ldap_toolkit="OpenLDAP"])
> >> >          fi
> >> >          if test "x$apr_cv_ldap_toolkit" = "x"; then
> >> >            AC_EGREP_CPP([Sun Microsystems Inc.], [$lber_h
> >> >                         $ldap_h
> >> >                         LDAP_VENDOR_NAME], [apu_has_ldap_solaris="1"
> >> > +                                           apu_ldap_sizelimit="- 1"
> >> >
> >> apr_cv_ldap_toolkit="Solaris"])
> >> >          fi
> >> >          if test "x$apr_cv_ldap_toolkit" = "x"; then
> >> >            AC_EGREP_CPP([Novell], [$lber_h
> >> >                         $ldap_h
> >> >                         LDAP_VENDOR_NAME], [apu_has_ldap_novell="1"
> >> > +                                           apu_ldap_sizelimit="- 1"
> >> >
> >> apr_cv_ldap_toolkit="Novell"])
> >> >          fi
> >> >          if test "x$apr_cv_ldap_toolkit" = "x"; then
> >> >            AC_EGREP_CPP([Microsoft Corporation.], [$lber_h
> >> >                         $ldap_h
> >> >                         LDAP_VENDOR_NAME],
> [apu_has_ldap_microsoft="1"
> >> > +                                           apu_ldap_sizelimit="- 1"
> >> >
> >> > apr_cv_ldap_toolkit="Microsoft"])
> >> >          fi
> >> >          if test "x$apr_cv_ldap_toolkit" = "x"; then
> >> >            AC_EGREP_CPP([Netscape Communications Corp.], [$lber_h
> >> >                         $ldap_h
> >> >                         LDAP_VENDOR_NAME], [apu_has_ldap_netscape="1"
> >> > +                                           apu_ldap_sizelimit="- 1"
> >> >
> >> apr_cv_ldap_toolkit="Netscape"])
> >> >          fi
> >> >          if test "x$apr_cv_ldap_toolkit" = "x"; then
> >> >            AC_EGREP_CPP([mozilla.org], [$lber_h
> >> >                         $ldap_h
> >> >                         LDAP_VENDOR_NAME], [apu_has_ldap_mozilla="1"
> >> > +                                           apu_ldap_sizelimit="- 1"
> >> >
> >> apr_cv_ldap_toolkit="Mozilla"])
> >> >          fi
> >> >          if test "x$apr_cv_ldap_toolkit" = "x"; then
> >> > +          AC_EGREP_CPP([IBM], [$lber_h
> >> > +                       $ldap_h
> >> > +                       LDAP_VENDOR_NAME], [apu_has_ldap_zos="1"
> >> > +
> >> > apu_ldap_sizelimit="LDAP_NO_LIMIT"
> >> > +
> apr_cv_ldap_toolkit="ZOS"])
> >> > +        fi
> >> > +        if test "x$apr_cv_ldap_toolkit" = "x"; then
> >> >            apu_has_ldap_other="1"
> >> > +          apu_ldap_sizelimit="- 1"
> >> >            apr_cv_ldap_toolkit="unknown"
> >> >          fi
> >> > +
> >> >        ])
> >> >      fi
> >> >
> >> > @@ - 398,15 +422,20 @@
> >> >      LIBS=$save_libs
> >> >    ])
> >> >
> >> > +AC_SUBST(apu_ldap_sizelimit)
> >> >  AC_SUBST(ldap_h)
> >> >  AC_SUBST(lber_h)
> >> >  AC_SUBST(ldap_ssl_h)
> >> >
> >> > @@ - 415,6 +444,7 @@
> >> >  AC_SUBST(apu_has_ldap_microsoft)
> >> >  AC_SUBST(apu_has_ldap_netscape)
> >> >  AC_SUBST(apu_has_ldap_mozilla)
> >> > +AC_SUBST(apu_has_ldap_zos)
> >> >  AC_SUBST(apu_has_ldap_other)
> >> >
> >> >  ])
> >> >
> >> >
> >> >
> >> >
> >> > And finally this same either way except for the question on #ifndef
> >> > APR_LDAP_SIZELIMIT
> >> > Index: util_ldap.c
> >> > ===================================================================
> >> > RCS file: /m0xa/cvs/phoenix/2.2.4/modules/ldap/util_ldap.c,v
> >> > retrieving revision 1.3
> >> > diff - u - d - b - r1.3 util_ldap.c
> >> > ---  util_ldap.c 15 Feb 2007 18:55:41 - 0000      1.3
> >> > +++ util_ldap.c 1 Mar 2007 20:19:39 - 0000
> >> > @@ - 45,15 +45,8 @@
> >> >  #include "unixd.h"
> >> >  #endif
> >> >
> >> > - #ifndef LDAP_NO_LIMIT
> >> > - #define LDAP_NO_LIMIT - 1
> >> > +#ifndef APR_LDAP_SIZELIMIT
> >> > +#define APR_LDAP_SIZELIMIT - 1
> >> >  #endif
> >> >
> >> >  module AP_MODULE_DECLARE_DATA ldap_module;
> >> > @@ - 681,7 +681,7 @@
> >> >      /* search for reqdn */
> >> >      if ((result = ldap_search_ext_s(ldc- >ldap, (char *)reqdn,
> >> > LDAP_SCOPE_BASE,
> >> >                                      "(objectclass=*)", NULL, 1,
> >> > -                                     NULL, NULL, NULL,
> LDAP_NO_LIMIT,
> >> &res))
> >> > +                                    NULL, NULL, NULL,
> >> APR_LDAP_SIZELIMIT,
> >> > &res))
> >> >              == LDAP_SERVER_DOWN)
> >> >      {
> >> >          ldc- >reason = "DN Comparison ldap_search_ext_s() "
> >> > @@ - 960,13 +961,14 @@
> >> >      if ((result = ldap_search_ext_s(ldc- >ldap,
> >> >                                      (char *)basedn, scope,
> >> >                                      (char *)filter, attrs, 0,
> >> > -                                     NULL, NULL, NULL,
> LDAP_NO_LIMIT,
> >> &res))
> >> > +                                    NULL, NULL, NULL,
> >> APR_LDAP_SIZELIMIT,
> >> > &res))
> >> >              == LDAP_SERVER_DOWN)
> >> >      {
> >> >          ldc- >reason = "ldap_search_ext_s() for user failed with
> server
> >> > down";
> >> >
> >> > @@ - 1200,14 +1202,14 @@
> >> >      if ((result = ldap_search_ext_s(ldc- >ldap,
> >> >                                      (char *)basedn, scope,
> >> >                                      (char *)filter, attrs, 0,
> >> > -                                     NULL, NULL, NULL,
> LDAP_NO_LIMIT,
> >> &res))
> >> > +                                    NULL, NULL, NULL,
> >> APR_LDAP_SIZELIMIT,
> >> > &res))
> >> >              == LDAP_SERVER_DOWN)
> >> >      {
> >> >          ldc- >reason = "ldap_search_ext_s() for user failed with
> server
> >> > down"
> >>
> >>
> >>
>
>
>

Mime
View raw message