On Feb 11, 2010, at 9:10 AM, Forrest Cahoon wrote: > I sent this to the list yesterday, but I never saw it show up in the > archives. Now I've subscribed and am resending to see if that works. > Sorry if this is a duplicate.
I did not see it yesterday. > I'm porting some code from our old system to a new one, and I > encountered this bug with Authen::SASL 2.13 which was resolved by > downgrading to 2.12. I suspect this was caused by this change http://github.com/gbarr/perl-authen-sasl/commit/c636a0603732b031d9274e123dd4900749d8d5d9 I do not know much about EXTERNAL, but what happens if we revert client_step to what it was ? Can you also turn on debug with $ldap->debug(15); so we can see what responses the server is returning as this should not loop. Graham. > > I'm afraid I don't know that much about SASL (or LDAP), but I did cut > this down to as close to a "hello world" version as I could. > > Here's my code (with some names changed to protect the innocent): > > > use strict; > use Net::LDAP; > use Authen::SASL; > > my $ldap = Net::LDAP->new( > 'ldaps://my.ldap.server', > version => 3, > verify => 'require', > clientcert => '/path/to/my/client/cert', > clientkey => '/path/to/my/client/key', > cafile => '/path/to/my/cafile', > timeout => 10, > ); > > die "no Net::LDAP: $!\n" unless $ldap; > > my $sasl = Authen::SASL->new( > mechanism => 'EXTERNAL', > callback => { user => '' }, > debug => 13, > ); > > alarm(10); # for Devel::SimpleTrace > > my $result = $ldap->bind( "sn=msiScripts,dc=DTC", sasl => $sasl ); > > if ( $result->code ) { > die "bind with sasl failed: " . $result->error; > } > > print "success!\n"; > > __END__ > > > Using Authen::SASL 2.13, running this code with -wMDevel::SimpleTrace > gives the following stack trace when the alarm times out: > > Deep recursion on subroutine "Net::LDAP::_sendmesg" > at > Net::LDAP::_sendmesg(/usr/local/lib/perl5/site_perl/5.10.1/Net/LDAP/Bind.pm > line 64, <DATA>:275) > at > Net::LDAP::Bind::decode(/usr/local/lib/perl5/site_perl/5.10.1/Net/LDAP/Bind.pm:64) > at > Net::LDAP::process(/usr/local/lib/perl5/site_perl/5.10.1/Net/LDAP.pm:865) > at > Net::LDAP::sync(/usr/local/lib/perl5/site_perl/5.10.1/Net/LDAP.pm:760) > at > Net::LDAP::_sendmesg(/usr/local/lib/perl5/site_perl/5.10.1/Net/LDAP.pm:813) > at > Net::LDAP::Bind::decode(/usr/local/lib/perl5/site_perl/5.10.1/Net/LDAP/Bind.pm:64) > at > Net::LDAP::process(/usr/local/lib/perl5/site_perl/5.10.1/Net/LDAP.pm:865) > at > Net::LDAP::sync(/usr/local/lib/perl5/site_perl/5.10.1/Net/LDAP.pm:760) > at > Net::LDAP::_sendmesg(/usr/local/lib/perl5/site_perl/5.10.1/Net/LDAP.pm:813) > > [ ... many, many, many, many, many iterations of the same loop omitted ... ] > > at > Net::LDAP::Bind::decode(/usr/local/lib/perl5/site_perl/5.10.1/Net/LDAP/Bind.pm:64) > at > Net::LDAP::process(/usr/local/lib/perl5/site_perl/5.10.1/Net/LDAP.pm:865) > at > Net::LDAP::sync(/usr/local/lib/perl5/site_perl/5.10.1/Net/LDAP.pm:760) > at > Net::LDAP::_sendmesg(/usr/local/lib/perl5/site_perl/5.10.1/Net/LDAP.pm:813) > at > Net::LDAP::bind(/usr/local/lib/perl5/site_perl/5.10.1/Net/LDAP.pm:422) > at main::(ldaptest.pl:25) > > When I downgraded to Authen::SASL 2.12, I got a "success!" message > (yay!) but I also got an interesting stack trace from > Devel::Simpletrace: > > Use of uninitialized value in numeric gt (>) > at > Authen::SASL::Perl::securesocket(/usr/local/lib/perl5/site_perl/5.10.1/Authen/SASL/Perl.pm > line 130, <DATA>:275) > at > Net::LDAP::Bind::decode(/usr/local/lib/perl5/site_perl/5.10.1/Net/LDAP/Bind.pm:39) > at > Net::LDAP::process(/usr/local/lib/perl5/site_perl/5.10.1/Net/LDAP.pm:865) > at > Net::LDAP::sync(/usr/local/lib/perl5/site_perl/5.10.1/Net/LDAP.pm:760) > at > Net::LDAP::_sendmesg(/usr/local/lib/perl5/site_perl/5.10.1/Net/LDAP.pm:813) > at > Net::LDAP::Bind::decode(/usr/local/lib/perl5/site_perl/5.10.1/Net/LDAP/Bind.pm:64) > at > Net::LDAP::process(/usr/local/lib/perl5/site_perl/5.10.1/Net/LDAP.pm:865) > at > Net::LDAP::sync(/usr/local/lib/perl5/site_perl/5.10.1/Net/LDAP.pm:760) > at > Net::LDAP::_sendmesg(/usr/local/lib/perl5/site_perl/5.10.1/Net/LDAP.pm:813) > at > Net::LDAP::bind(/usr/local/lib/perl5/site_perl/5.10.1/Net/LDAP.pm:422) > at main::(ldaptest.pl:25) > success! > > Perhaps the changes in 2.13 included a bad fix for the nonfatal error > shown for 2.12 here? > > Forrest Cahoon >
