On Wed, Mar 30, 2022 at 05:00:19PM +0200, Martijn van Duren wrote:
> On Tue, 2022-03-29 at 20:43 +0100, Raf Czlonka wrote:
> > > Synopsis: ldap(1) search doesn't seem to working properly
> > > Category: system
> > > Environment:
> > System : OpenBSD 7.1
> > Details : OpenBSD 7.1-beta (GENERIC.MP) #444: Sun Mar 27 11:33:24
> > MDT 2022
> >
> > [email protected]:/usr/src/sys/arch/amd64/compile/GENERIC.MP
> >
> > Architecture: OpenBSD.amd64
> > Machine : amd64
> > > Description:
> > ldap(1) search seems broken - doesn't show the attribute
> > which has been explicitly requested
> > > How-To-Repeat:
> > $ ldap search -b 'ou=users,dc=debian,dc=org' -H db.debian.org -Z uid |
> > grep ^uid | wc -l
> > 0
> >
> > Only dn is shown, not uid, as expected.
> > > Fix:
> > This has been reported last year on misc@[0]; then martijn@
> > moved it to tech@[1] and sent a diff, with a follow-up
> > January[2].
> >
> > After a very quick test - essentially the same command as
> > above - it seems like the proposed diff fixes the issue:
> >
> > $ /usr/obj/usr.bin/ldap/ldap search -b 'ou=users,dc=debian,dc=org' -H
> > db.debian.org -Z uid | grep ^uid | wc -l
> > 2240
> >
> > [0] https://marc.info/?l=openbsd-misc&m=163618291218790&w=2
> > [1] https://marc.info/?l=openbsd-tech&m=163636158613557&w=2
> > [2] https://marc.info/?l=openbsd-tech&m=164121477527625&w=2
> >
> > Regards,
> >
> > Raf
> >
>
> Anyone willing to OK this before release?
> As stated in my original mail, this should also be applied to
> libexec/login_ldap and usr.sbin/ypldap
So this code wants to parse a PartialAttribute which is
SEQUENCE { AttributeDescription, SET OF value AttributeValue }
So it makes sense to not overscan beyond what the function needs.
OK claudio@
> Index: aldap.c
> ===================================================================
> RCS file: /cvs/src/usr.bin/ldap/aldap.c,v
> retrieving revision 1.9
> diff -u -p -r1.9 aldap.c
> --- aldap.c 24 Oct 2019 12:39:26 -0000 1.9
> +++ aldap.c 30 Mar 2022 14:58:05 -0000
> @@ -580,15 +580,15 @@ int
> aldap_first_attr(struct aldap_message *msg, char **outkey,
> struct aldap_stringset **outvalues)
> {
> - struct ber_element *b, *c;
> + struct ber_element *b;
> char *key;
> struct aldap_stringset *ret;
>
> if (msg->body.search.attrs == NULL)
> goto fail;
>
> - if (ober_scanf_elements(msg->body.search.attrs, "{s(e)}e",
> - &key, &b, &c) != 0)
> + if (ober_scanf_elements(msg->body.search.attrs, "{s(e)}",
> + &key, &b) != 0)
> goto fail;
>
> msg->body.search.iter = msg->body.search.attrs->be_next;
> @@ -610,7 +610,7 @@ int
> aldap_next_attr(struct aldap_message *msg, char **outkey,
> struct aldap_stringset **outvalues)
> {
> - struct ber_element *a, *b;
> + struct ber_element *a;
> char *key;
> struct aldap_stringset *ret;
>
> @@ -622,8 +622,7 @@ aldap_next_attr(struct aldap_message *ms
> if (ober_get_eoc(msg->body.search.iter) == 0)
> goto notfound;
>
> - if (ober_scanf_elements(msg->body.search.iter, "{s(e)}e", &key, &a, &b)
> - != 0)
> + if (ober_scanf_elements(msg->body.search.iter, "{s(e)}", &key, &a) != 0)
> goto fail;
>
> msg->body.search.iter = msg->body.search.iter->be_next;
>
--
:wq Claudio
