Skip to content

Server control responses get eaten after a NULL character in the berval #28

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
phillipod opened this issue May 11, 2015 · 1 comment
Closed

Server control responses get eaten after a NULL character in the berval #28

phillipod opened this issue May 11, 2015 · 1 comment
Assignees
@phillipod
Labels
bug
Milestone
3.0.4

Comments

@phillipod
Copy link
Collaborator

This is gonna be a long comment, so I'll present the data in this comment and move to a second comment.

This code...

print "===== Server Side Sort and Virtual List View\n";

use Convert::ASN1;
use Devel::Hexdump 'xd';
use Data::Dumper;

print " + Loading ASN for SortKeyList, SortResult, VirtualListViewRequest, VirtualListViewResponse\n";

my $asn = Convert::ASN1->new;
$asn->prepare(<<ASN) or die "prepare: ", $asn->error;
  SortKey ::= SEQUENCE {
    attributeType   OCTET STRING,
    orderingRule    [0] OCTET STRING OPTIONAL,
    reverseOrder    [1] BOOLEAN
  }

  SortKeyList ::= SEQUENCE OF SortKey

  SortResult ::= SEQUENCE {
    sortResult  ENUMERATED,
    attributeType [0] OCTET STRING OPTIONAL
  }

  VirtualListViewRequest ::= SEQUENCE {
    beforeCount    INTEGER,
    afterCount     INTEGER,
    target       CHOICE {
      byOffset        [0] SEQUENCE {
        offset          INTEGER,
        contentCount    INTEGER
      },
      greaterThanOrEqual [1] OCTET STRING
    },
    contextID OCTET STRING OPTIONAL
  }

  VirtualListViewResponse ::= SEQUENCE {
    targetPosition    INTEGER,
    contentCount     INTEGER,
    virtualListViewResult ENUMERATED,
    contextID OCTET STRING OPTIONAL
  }

ASN

print " + Constructing Server Side Sort control\n";
my $sss = $asn->find('SortKeyList');
my $sss_response = $asn->find('SortResult');
my $sss_berval = $sss->encode([{attributeType => 'sn', 'orderingRule' => '2.5.13.3', reverseOrder => 1}]) or die $asn->error;
my $sss_ctrl = $ld->create_control(
  -oid => '1.2.840.113556.1.4.473',
  -berval => $sss_berval,
);

print "sss ctrl berval = \n";
print xd $sss_berval;

print " + Constructing Virtual List View control\n";
my $vlv = $asn->find('VirtualListViewRequest');
my $vlv_response = $asn->find('VirtualListViewResponse');
my $vlv_berval = $vlv->encode(beforeCount => 1, afterCount => 3, target => { byOffset => { offset => 1, contentCount => 0 } }) or die $asn->error;;
my $vlv_ctrl = $ld->create_control(
  -oid => '2.16.840.1.113730.3.4.9',
  -berval => $vlv_berval,
);

print "vlv ctrl berval = \n";
print xd $vlv_berval;


print " + Searching for results\n";
my $search_s_result = $ld->search_s(
  -basedn => "dc=example,dc=com",
  -scope => LDAP_SCOPE_SUBTREE,
  -filter => "(sn=*)",
  -sctrls => [$sss_ctrl, $vlv_ctrl]);

if ($search_s_result != LDAP_SUCCESS) {
  print " - Fail\n";
  print $ld->errstring . "\n";
}

print " + Parsing first entry\n";


my $entry = $ld->first_entry();

my %search_s_response = $ld->parse_result();
print "result = ";
print Dumper(\%search_s_response);

print " + Reading result-scope server response controls\n";

my @response_sctrls = @{$search_s_response{'serverctrls'}};

foreach my $response_sctrl (@response_sctrls) {
  my $oid = $ld->get_control_oid($response_sctrl);
  my $berval = $ld->get_control_berval($response_sctrl);
  my $isCritical = $ld->get_control_critical($response_sctrl);

  my $result;

  print " + Response control $response_sctrl [" . $oid . "]\n";
  print "berval = \n";
  print xd $berval;

  if ($oid eq "1.2.840.113556.1.4.474") {
    print " + Parsing SSS response berval\n";

    $result = $sss_response->decode($berval) || warn $sss_response->error;

  } elsif ($oid eq "2.16.840.1.113730.3.4.10") {
    print " + Parsing VLV response berval\n";

    $result = $vlv_response->decode($berval) || warn $vlv_response->error;
  }

  #print Dumper($result);

}

print " + Search results\n";
for ( ; $entry; $entry = $ld->next_entry) {
  print "dn: " . $ld->get_dn() . "\n";
}

Produces

===== Server Side Sort and Virtual List View
 + Loading ASN for SortKeyList, SortResult, VirtualListViewRequest, VirtualListViewResponse
 + Constructing Server Side Sort control
sss ctrl berval =
[0000]   30 13 30 11  04 02 73 6E  80 08 32 2E  35 2E 31 33   0.0. ..sn ..2. 5.13
[0010]   2E 33 81 01  FF                                      .3.. .
 + Constructing Virtual List View control
vlv ctrl berval =
[0000]   30 0E 02 01  01 02 01 03  A0 06 02 01  01 02 01 00   0... .... .... ....
 + Searching for results
 + Parsing first entry
result = {
  'matcheddn' => undef,
  'referrals' => [],
  'errmsg' => undef,
  'serverctrls' => [
                     22959920,
                     22271136
                   ],
  'errcode' => 0
}
 + Reading result-scope server response controls
 + Response control 22959920 [1.2.840.113556.1.4.474]
berval =
[0000]   30 03 0A 01                                          0...
 + Parsing SSS response berval
decode error at /usr/share/perl5/Convert/ASN1/_decode.pm line 64.
 + Response control 22271136 [2.16.840.1.113730.3.4.10]
berval =
[0000]   30 14 02 01  01 02 02 7E  B0 0A 01                   0... ...~ ...
 + Parsing VLV response berval
decode error at /usr/share/perl5/Convert/ASN1/_decode.pm line 64.
 + Search results
dn: cn=Test User,ou=Users,dc=example,dc=com
dn: cn=Ani Odey,ou=Users,dc=example,dc=com
dn: cn=Vevelyn Odette,ou=Users,dc=example,dc=com
dn: cn=Donyetta Odett,ou=Users,dc=example,dc=com

Wireshark output for same PDU

    LDAPMessage searchResDone(2) success [4 results]
        messageID: 2
        protocolOp: searchResDone (5)
            searchResDone
                resultCode: success (0)
                matchedDN:
                errorMessage:
        controls: 2 items
            Control
                SortResult
                    sortResult: success (0)
            Control
                controlValue: 301402010102027eb00a01000408403a877c677f0000
@phillipod
Copy link
Collaborator Author

For both the SSS and VLV controls, note the decode errors when parsing the responses for the berval. Also notice the hexdump of the berval immediately above.

Compare to the output from wireshark.

Looking at how serverctrls are returned to the caller from ldap_parse_result()..

// transfer returned controls to the perl code
if( serverctrls != NULL ) {
   for( i = 0; serverctrls[i] != NULL; i++ )
      av_push(serverctrls_av, newSViv((IV)serverctrls[i]));
}

So this seems to be building the serverctrls array, by taking a pointer to the returned serverctrl from the C SDK's ldap_parse_result(). Nothing funky going on here.

Heading on towards ldap_control_berval:

char *
ldap_control_berval(control)
    LDAPControl * control
    CODE:
    {
        RETVAL = control->ldctl_value.bv_val;
    }
    OUTPUT:
    RETVAL

So the return type is "char *" and it definitely doesn't reference the length. Probably will want to make this a PV with length return.

@phillipod phillipod added the bug label May 11, 2015
@phillipod phillipod added this to the 3.0.4 milestone May 11, 2015
@phillipod phillipod self-assigned this May 11, 2015
quanah added a commit that referenced this issue May 12, 2015
@quanah
Merge pull request #29 from phillipod/ldap_control_berval_chomps_berv…
8aa9f1a 
…als_with_nulls

 - Fixes #28: Server control responses get eaten after a NULL character in the berval
@phillipod phillipod mentioned this issue Nov 30, 2015
Closed
rra pushed a commit to whm/libnet-ldapapi-perl that referenced this issue Dec 25, 2020
@whm
libnet-ldapapi-perl (3.0.4-1) unstable; urgency=medium
6835b5f 
  * New upstream release.
  * Fix undef comparison
  * Misc variable initializations to quiet warnings
  * Fixed sasl mechanisms initializtion
  * Examples cleanup
  * LDAPv3 extended operation support
  * New developer mode test suite
  * Fixed quanah/net-ldapapi#3: ldap_set_rebind_proc XS being called with
    invalid arguments from set_rebind_proc
  * Fixed quanah/net-ldapapi#6: ldap_sasl_bind has wrong prototype in
    LDAPapi.xs
  * Fixed quanah/net-ldapapi#8: search_s() clobbers ATTRS parameter
  * Fixed quanah/net-ldapapi#11: result() blocking when called with output
    from rename()
  * Fixed quanah/net-ldapapi#20: ldap_result() doesn't honour passed
    timeout value
  * Fixed quanah/net-ldapapi#21: ldap_set_option(LDAP_OPT_TIMEOUT, 1) on
    OpenLDAP returns -1
  * Fixed quanah/net-ldapapi#28: Server control responses get eaten after
    a NULL character in the berval
  * Fixed quanah/net-ldapapi#30: ldap_search_ext() and ldap_search_ext_s()
    segfault when used with timeout
  * Fixed quanah/net-ldapapi#31: ldap_result() and ldap_url_search_st()
    timeout parameters have a granularity of 1 second
  * Fixed quanah/net-ldapapi#40: Server control requests get eaten after a
    NULL character in the berval
  * Correct merge problem with POD error.
  * Update standards version to 3.9.8 (no changes required).

[dgit import package libnet-ldapapi-perl 3.0.4-1]
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@phillipod phillipod

Labels
bug
Projects
None yet
Milestone
3.0.4
Development

No branches or pull requests
1 participant
@phillipod