[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
latest server/slapd/sasl.c bug
Hi,
This is from the latest cvs code as of today. In servers/slapd/sasl.c's
slap_sasl_getdn call (line #137), there is a check for realm. If the
sasl_getprop on SASL_REALM returns anything other than SASL_OK, then
bail out at this point.
/* Username strings */
len1 = strlen( ",cn=auth" );
if( !strncasecmp( dn, "u:", 2 ) ) {
len += strlen( "dn:uid=" ) + len1;
/* Figure out how much data we have for the dn */
rc = sasl_getprop( ctx, SASL_REALM, (void **)&c );
if( rc != SASL_OK ) {
#ifdef NEW_LOGGING
LDAP_LOG(( "sasl", LDAP_LEVEL_ERR,
"slap_sasl_getdn: getprop(REALM) failed.\n" ));
#else
Debug(LDAP_DEBUG_TRACE,
"getdn: getprop(REALM) failed!\n", 0,0,0);
#endif
ch_free( dn );
*dnptr = NULL;
return( LDAP_OPERATIONS_ERROR );
}
In cyrus-sasl-1.5.24's lib/common.c where sasl_getprop is defined,
around line 360,
case SASL_REALM:
if (! conn->oparams.realm)
result = SASL_NOTDONE;
else
*(char **)pvalue = conn->oparams.realm;
If realm exists, return it or else return SASL_NOTDONE. Since
slap_sasl_dn is checking for SASL_OK, if there is no realm then it
fails. I bumped into this problem because I am using GSSAPI.
thanks
mei