[Fedora-directory-commits] ldapserver/ldap/servers/slapd saslbind.c, 1.9, 1.9.2.1

Richard Allen Megginson (rmeggins) fedora-directory-commits at redhat.com
Mon Aug 29 22:06:50 UTC 2005


Author: rmeggins

Update of /cvs/dirsec/ldapserver/ldap/servers/slapd
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv11994/ldapserver/ldap/servers/slapd

Modified Files:
      Tag: Directory71RtmBranch
	saslbind.c 
Log Message:
Bug(s) fixed: 166229
Bug Description: slapd crashes during SASL authentication
Reviewed by: Noriko (Thanks!)
Branch: Directory71RtmBranch
Fix Description: I could not reproduce the crash.  I tried several different ways - no password in entry, empty password in entry, SSHA hashed password in entry - no crashes.  No useful information from the FDS bug reporter either.  In fact I found that SASL Digest-MD5 was not working at all.  We needed to use the SASL_AUX_PASSWORD_PROP define instead of hardcoding "userpassword" - I guess sasl is case sensitive.  I also fixed some missing new lines in log messages.
Platforms tested: RHEL4
Flag Day: no
Doc impact: no
QA impact: should be covered by regular nightly and manual testing
New Tests integrated into TET: none



Index: saslbind.c
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/saslbind.c,v
retrieving revision 1.9
retrieving revision 1.9.2.1
diff -u -r1.9 -r1.9.2.1
--- saslbind.c	19 Apr 2005 22:07:37 -0000	1.9
+++ saslbind.c	29 Aug 2005 22:06:25 -0000	1.9.2.1
@@ -136,7 +136,7 @@
 {
     switch (level) {
     case SASL_LOG_ERR:          /* log unusual errors (default) */
-    slapi_log_error(SLAPI_LOG_FATAL, "sasl", "%s", message);
+    slapi_log_error(SLAPI_LOG_FATAL, "sasl", "%s\n", message);
     break;
 
     case SASL_LOG_FAIL:         /* log all authentication failures */
@@ -146,7 +146,7 @@
     case SASL_LOG_TRACE:        /* traces of internal protocols */
     case SASL_LOG_PASS:         /* traces of internal protocols, including
                                  * passwords */
-        LDAPDebug(LDAP_DEBUG_ANY, "sasl(%d): %s", level, message, 0);
+        LDAPDebug(LDAP_DEBUG_ANY, "sasl(%d): %s\n", level, message, 0);
         break;
 
     case SASL_LOG_NONE:         /* don't log anything */
@@ -446,7 +446,12 @@
 
     clear = pw;
     if (clear) {
-        if (prop_set(propctx, "userpassword", clear, -1) != 0) {
+        if (prop_set(propctx, SASL_AUX_PASSWORD_PROP, clear, -1) != 0) {
+            /* Failure is benign here because some mechanisms don't support this property */
+            /*LDAPDebug(LDAP_DEBUG_TRACE, "prop_set(userpassword) failed\n", 0, 0, 0);
+            goto fail */ ;
+        }
+        if (prop_set(propctx, SASL_AUX_PASSWORD, clear, -1) != 0) {
             /* Failure is benign here because some mechanisms don't support this property */
             /*LDAPDebug(LDAP_DEBUG_TRACE, "prop_set(userpassword) failed\n", 0, 0, 0);
             goto fail */ ;




More information about the Fedora-directory-commits mailing list