[Freeipa-devel] [PATCH] 0055 Add error condition handling to SASL bind callback in ipasam module

[Sumit Bose]

On Wed, Jun 27, 2012 at 05:29:07PM +0300, Alexander Bokovoy wrote:
> Hi,
> 
> attached patch adds comprehensive error condition handling to SASL bind
> callback in ipasam module. The callback is doing keytab-based auth
> against FreeIPA LDAP server and original version lacked error checks on
> purpose.

The patch is working find, but I would like to ask you to consider the
following two changes:

diff --git a/daemons/ipa-sam/ipa_sam.c b/daemons/ipa-sam/ipa_sam.c
index e41cb96..5e9f63d 100644
--- a/daemons/ipa-sam/ipa_sam.c
+++ b/daemons/ipa-sam/ipa_sam.c
@@ -3166,6 +3166,8 @@ static int bind_callback(LDAP *ldap_struct, struct
smbldap_state *ldap_state, vo
        struct ipasam_sasl_interact_priv data;
        int ret;
 
+        memset(&data, 0, sizeof(struct ipasam_sasl_interact_priv));
+
        data.name = (const char*)ipasam_principal;
        if (data.name == NULL) {
                DEBUG(0, ("bind_callback: ipasam:principal is not set,
cannot use GSSAPI bind\n"));
@@ -3309,8 +3311,7 @@ static NTSTATUS pdb_init_ipasam(struct pdb_methods
**pdb_method,
                              &ldap_state->smbldap_state);
                if (NT_STATUS_IS_OK(status)) {
                        ldap_state->smbldap_state->bind_callback =
bind_callback;
-                       ldap_state->smbldap_state->bind_callback_data = 
-                                               (void*)lp_parm_const_string(-1,
                                                "ipasam", "principal",
NULL);
+                       ldap_state->smbldap_state->bind_callback_data =
service_principal;
                }
bye,
Sumit
 
> 
> Now it is time to fix the purpose. :)
> 
> -- 
> / Alexander Bokovoy