Mailing List Archive: exim: dev

[Bug 1375] Rebinding to existing ldap-connection with starttls

Index | Next | Previous | View Threaded

miroch.alexander at gmail

Aug 2, 2013, 2:23 AM

Post #1 of 6 (32 views)
Permalink

[Bug 1375] Rebinding to existing ldap-connection with starttls

------- You are receiving this mail because: -------
You are on the CC list for the bug.

http://bugs.exim.org/show_bug.cgi?id=1375

--- Comment #1 from Alexander Miroch <miroch.alexander [at] gmail> 2013-08-02 10:23:43 ---
Update:
My guess about ldap_start_tls_s() was right.
I wrote a patch (workaround) that solves the problem for me

--- exim-4.80.1/src/lookups/ldap.c 2012-10-25 07:37:38.000000000 +0400
+++ exim-4.80/src/lookups/ldap.c 2013-08-01 17:08:28.281636173 +0400
@@ -82,6 +82,7 @@
BOOL bound;
int port;
LDAP *ld;
+ int is_start_tls_called;
} LDAP_CONNECTION;

static LDAP_CONNECTION *ldap_connections = NULL;
@@ -493,6 +494,7 @@
lcp->port = port;
lcp->ld = ld;
lcp->next = ldap_connections;
+ lcp->is_start_tls_called = 0;
ldap_connections = lcp;
}

@@ -521,7 +523,7 @@
(lcp->bound)? "re-" : "", user, password);
#ifdef LDAP_OPT_X_TLS
/* The Oracle LDAP libraries (LDAP_LIB_TYPE=SOLARIS) don't support this: */
- if (eldap_start_tls)
+ if (eldap_start_tls && !lcp->is_start_tls_called)
{
if ( (rc = ldap_start_tls_s(lcp->ld, NULL, NULL)) != LDAP_SUCCESS) {
*errmsg = string_sprintf("failed to initiate TLS processing on an
"
@@ -529,6 +531,8 @@
" %s", host, porttext, rc, ldap_err2string(rc));
goto RETURN_ERROR;
}
+
+ lcp->is_start_tls_called = 1;
}
#endif
if ((msgid = ldap_bind(lcp->ld, CS user, CS password, LDAP_AUTH_SIMPLE))

--
Configure bugmail: http://bugs.exim.org/userprefs.cgi?tab=email

--
## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##

tlyons at ivenue

Aug 6, 2013, 9:11 AM

Post #2 of 6 (20 views)
Permalink

Re: [Bug 1375] Rebinding to existing ldap-connection with starttls [In reply to]

On Fri, Aug 2, 2013 at 2:23 AM, Alexander Miroch
<miroch.alexander [at] gmail> wrote:
> http://bugs.exim.org/show_bug.cgi?id=1375
> + int is_start_tls_called;
> + lcp->is_start_tls_called = 0;
> - if (eldap_start_tls)
> + if (eldap_start_tls && !lcp->is_start_tls_called)
> +
> + lcp->is_start_tls_called = 1;

Does anybody have any comment on this? I've converted his patch to
use BOOL instead of int. It builds with no errors, but I don't have
an infrastructure to test it. If Alexander and then commit it if
there are no objections. The diff looks like this:

diff --git a/src/src/lookups/ldap.c b/src/src/lookups/ldap.c
index 40345ba..d9d7e3d 100644
--- a/src/src/lookups/ldap.c
+++ b/src/src/lookups/ldap.c
@@ -82,6 +82,7 @@ typedef struct ldap_connection {
BOOL bound;
int port;
LDAP *ld;
+ BOOL is_start_tls_called;
} LDAP_CONNECTION;

static LDAP_CONNECTION *ldap_connections = NULL;
@@ -493,6 +494,7 @@ if (lcp == NULL)
lcp->port = port;
lcp->ld = ld;
lcp->next = ldap_connections;
+ lcp->is_start_tls_called = FALSE;
ldap_connections = lcp;
}

@@ -519,7 +521,7 @@ if (!lcp->bound ||
{
DEBUG(D_lookup) debug_printf("%sbinding with user=%s password=%s\n",
(lcp->bound)? "re-" : "", user, password);
- if (eldap_start_tls)
+ if (eldap_start_tls && !lcp->is_start_tls_called)
{
#if defined(LDAP_OPT_X_TLS) && !defined(LDAP_LIB_SOLARIS)
/* The Oracle LDAP libraries (LDAP_LIB_TYPE=SOLARIS) don't support this.
@@ -533,6 +535,7 @@ if (!lcp->bound ||
" %s", host, porttext, rc, ldap_err2string(rc));
goto RETURN_ERROR;
}
+ lcp->is_start_tls_called = TRUE;
#else
DEBUG(D_lookup)
debug_printf("TLS initiation not supported with this Exim and
your LDAP library.\n");

...Todd
--
The total budget at all receivers for solving senders' problems is $0.
If you want them to accept your mail and manage it the way you want,
send it the way the spec says to. --John Levine

--
## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##

tlyons at ivenue

Aug 6, 2013, 9:11 AM

Post #3 of 6 (20 views)
Permalink

[Bug 1375] Rebinding to existing ldap-connection with starttls [In reply to]

------- You are receiving this mail because: -------
You are on the CC list for the bug.

http://bugs.exim.org/show_bug.cgi?id=1375

--- Comment #2 from Todd Lyons <tlyons [at] ivenue> 2013-08-06 17:11:35 ---
On Fri, Aug 2, 2013 at 2:23 AM, Alexander Miroch
<miroch.alexander [at] gmail> wrote:
> http://bugs.exim.org/show_bug.cgi?id=1375
> + int is_start_tls_called;
> + lcp->is_start_tls_called = 0;
> - if (eldap_start_tls)
> + if (eldap_start_tls && !lcp->is_start_tls_called)
> +
> + lcp->is_start_tls_called = 1;

Does anybody have any comment on this? I've converted his patch to
use BOOL instead of int. It builds with no errors, but I don't have
an infrastructure to test it. If Alexander and then commit it if
there are no objections. The diff looks like this:

diff --git a/src/src/lookups/ldap.c b/src/src/lookups/ldap.c
index 40345ba..d9d7e3d 100644
--- a/src/src/lookups/ldap.c
+++ b/src/src/lookups/ldap.c
@@ -82,6 +82,7 @@ typedef struct ldap_connection {
BOOL bound;
int port;
LDAP *ld;
+ BOOL is_start_tls_called;
} LDAP_CONNECTION;

static LDAP_CONNECTION *ldap_connections = NULL;
@@ -493,6 +494,7 @@ if (lcp == NULL)
lcp->port = port;
lcp->ld = ld;
lcp->next = ldap_connections;
+ lcp->is_start_tls_called = FALSE;
ldap_connections = lcp;
}

@@ -519,7 +521,7 @@ if (!lcp->bound ||
{
DEBUG(D_lookup) debug_printf("%sbinding with user=%s password=%s\n",
(lcp->bound)? "re-" : "", user, password);
- if (eldap_start_tls)
+ if (eldap_start_tls && !lcp->is_start_tls_called)
{
#if defined(LDAP_OPT_X_TLS) && !defined(LDAP_LIB_SOLARIS)
/* The Oracle LDAP libraries (LDAP_LIB_TYPE=SOLARIS) don't support this.
@@ -533,6 +535,7 @@ if (!lcp->bound ||
" %s", host, porttext, rc, ldap_err2string(rc));
goto RETURN_ERROR;
}
+ lcp->is_start_tls_called = TRUE;
#else
DEBUG(D_lookup)
debug_printf("TLS initiation not supported with this Exim and
your LDAP library.\n");

...Todd

--
Configure bugmail: http://bugs.exim.org/userprefs.cgi?tab=email

--
## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##

tlyons at ivenue

Aug 6, 2013, 9:15 AM

Post #4 of 6 (20 views)
Permalink

Re: [Bug 1375] Rebinding to existing ldap-connection with starttls [In reply to]

On Tue, Aug 6, 2013 at 9:11 AM, Todd Lyons <tlyons [at] ivenue> wrote:
> use BOOL instead of int. It builds with no errors, but I don't have
> an infrastructure to test it. If Alexander and then commit it if

Ugh, I meant:

If Alexander can convert his patch to use BOOL instead of int and then
try it on his system, we will get real-world live testing. The patch
as shown in my prior email, won't apply cleanly because of some
additions 6 weeks ago by Phil, and Alexander is running stock 4.80.1.

...Todd
--
The total budget at all receivers for solving senders' problems is $0.
If you want them to accept your mail and manage it the way you want,
send it the way the spec says to. --John Levine

--
## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##

pdp at exim

Aug 6, 2013, 2:47 PM

Post #5 of 6 (16 views)
Permalink

Re: [Bug 1375] Rebinding to existing ldap-connection with starttls [In reply to]

On 2013-08-06 at 09:11 -0700, Todd Lyons wrote:
> Does anybody have any comment on this?

Superficially, it looked sane and I liked the reasoning, but I've only
read the patch and not perused the source to confirm where it applies
and that it's sufficient.

-Phil

--
## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##

pdp at exim

Aug 6, 2013, 2:48 PM

Post #6 of 6 (16 views)
Permalink

[Bug 1375] Rebinding to existing ldap-connection with starttls [In reply to]

------- You are receiving this mail because: -------
You are on the CC list for the bug.

http://bugs.exim.org/show_bug.cgi?id=1375

--- Comment #3 from Phil Pennock <pdp [at] exim> 2013-08-06 22:47:59 ---
On 2013-08-06 at 09:11 -0700, Todd Lyons wrote:
> Does anybody have any comment on this?

Superficially, it looked sane and I liked the reasoning, but I've only
read the patch and not perused the source to confirm where it applies
and that it's sufficient.

-Phil

--
Configure bugmail: http://bugs.exim.org/userprefs.cgi?tab=email

--
## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##

Index | Next | Previous | View Threaded

Interested in having your list archived? Contact Gossamer Threads