[Fedora-directory-commits] ldapserver/ldap/servers/slapd control.c, 1.8, 1.9 proto-slap.h, 1.45, 1.46 unbind.c, 1.7, 1.8
Richard Allen Megginson
rmeggins at fedoraproject.org
Fri Feb 27 17:04:35 UTC 2009
Author: rmeggins
Update of /cvs/dirsec/ldapserver/ldap/servers/slapd
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv25133/ldapserver/ldap/servers/slapd
Modified Files:
control.c proto-slap.h unbind.c
Log Message:
Resolves: bug 450575
Bug Description: unbind or abandon with unsupported critical controls does not close connection
Reviewed by: nkinder (Thanks!)
Fix Description: When an unbind request is received that has controls marked as critical, and we do not support those controls, we must treat them as non-critical controls and continue processing.
Platforms tested: RHEL4, RHEL5
Flag Day: no
Doc impact: no
Index: control.c
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/control.c,v
retrieving revision 1.8
retrieving revision 1.9
diff -u -r1.8 -r1.9
--- control.c 5 Aug 2008 20:26:22 -0000 1.8
+++ control.c 27 Feb 2009 17:04:32 -0000 1.9
@@ -183,12 +183,16 @@
return (0);
}
-
+/*
+ * RFC 4511 section 4.1.11. Controls says that the UnbindRequest
+ * MUST ignore the criticality field of controls
+ */
int
-get_ldapmessage_controls(
+get_ldapmessage_controls_ext(
Slapi_PBlock *pb,
BerElement *ber,
- LDAPControl ***controlsp /* can be NULL if no need to return */
+ LDAPControl ***controlsp, /* can be NULL if no need to return */
+ int ignore_criticality /* some requests must ignore criticality */
)
{
LDAPControl **ctrls, *new;
@@ -294,6 +298,10 @@
/* absent is synonomous with FALSE */
new->ldctl_iscritical = 0;
}
+ /* if we are ignoring criticality, treat as FALSE */
+ if (ignore_criticality) {
+ new->ldctl_iscritical = 0;
+ }
/*
* return an appropriate error if this control is marked
@@ -380,6 +388,15 @@
return( rc );
}
+int
+get_ldapmessage_controls(
+ Slapi_PBlock *pb,
+ BerElement *ber,
+ LDAPControl ***controlsp /* can be NULL if no need to return */
+)
+{
+ return get_ldapmessage_controls_ext(pb, ber, controlsp, 0 /* do not ignore criticality */);
+}
int
slapi_control_present( LDAPControl **controls, char *oid, struct berval **val, int *iscritical )
Index: proto-slap.h
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/proto-slap.h,v
retrieving revision 1.45
retrieving revision 1.46
diff -u -r1.45 -r1.46
--- proto-slap.h 21 Jan 2009 00:00:32 -0000 1.45
+++ proto-slap.h 27 Feb 2009 17:04:32 -0000 1.46
@@ -494,6 +494,8 @@
void init_controls( void );
int get_ldapmessage_controls( Slapi_PBlock *pb, BerElement *ber,
LDAPControl ***controls );
+int get_ldapmessage_controls_ext( Slapi_PBlock *pb, BerElement *ber,
+ LDAPControl ***controls, int ignore_criticality );
int write_controls( BerElement *ber, LDAPControl **ctrls );
void add_control( LDAPControl ***ctrlsp, LDAPControl *newctrl );
Index: unbind.c
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/unbind.c,v
retrieving revision 1.7
retrieving revision 1.8
diff -u -r1.7 -r1.8
--- unbind.c 5 Dec 2008 22:41:53 -0000 1.7
+++ unbind.c 27 Feb 2009 17:04:32 -0000 1.8
@@ -68,6 +68,7 @@
Slapi_Operation *operation;
BerElement *ber;
int err;
+ int ignore_criticality = 1;
LDAPDebug( LDAP_DEBUG_TRACE, "do_unbind\n", 0, 0, 0 );
@@ -90,8 +91,10 @@
* in LDAPv3 there can be optional control extensions on
* the end of an LDAPMessage. we need to read them in and
* pass them to the backend.
+ * RFC 4511 section 4.1.11. Controls says that the UnbindRequest
+ * MUST ignore the criticality field of controls
*/
- if ( (err = get_ldapmessage_controls( pb, ber, NULL )) != 0 ) {
+ if ( (err = get_ldapmessage_controls_ext( pb, ber, NULL, ignore_criticality )) != 0 ) {
slapi_log_access( LDAP_DEBUG_STATS, "conn=%" NSPRIu64 " op=%d UNBIND,"
" error processing controls - error %d (%s)\n",
pb->pb_conn->c_connid, operation->o_opid,
More information about the Fedora-directory-commits
mailing list