[Fedora-directory-commits] ldapserver/ldap/servers/slapd saslbind.c, 1.9, 1.9.2.1
Richard Allen Megginson (rmeggins)
fedora-directory-commits at redhat.com
Mon Aug 29 22:06:50 UTC 2005
Author: rmeggins
Update of /cvs/dirsec/ldapserver/ldap/servers/slapd
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv11994/ldapserver/ldap/servers/slapd
Modified Files:
Tag: Directory71RtmBranch
saslbind.c
Log Message:
Bug(s) fixed: 166229
Bug Description: slapd crashes during SASL authentication
Reviewed by: Noriko (Thanks!)
Branch: Directory71RtmBranch
Fix Description: I could not reproduce the crash. I tried several different ways - no password in entry, empty password in entry, SSHA hashed password in entry - no crashes. No useful information from the FDS bug reporter either. In fact I found that SASL Digest-MD5 was not working at all. We needed to use the SASL_AUX_PASSWORD_PROP define instead of hardcoding "userpassword" - I guess sasl is case sensitive. I also fixed some missing new lines in log messages.
Platforms tested: RHEL4
Flag Day: no
Doc impact: no
QA impact: should be covered by regular nightly and manual testing
New Tests integrated into TET: none
Index: saslbind.c
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/saslbind.c,v
retrieving revision 1.9
retrieving revision 1.9.2.1
diff -u -r1.9 -r1.9.2.1
--- saslbind.c 19 Apr 2005 22:07:37 -0000 1.9
+++ saslbind.c 29 Aug 2005 22:06:25 -0000 1.9.2.1
@@ -136,7 +136,7 @@
{
switch (level) {
case SASL_LOG_ERR: /* log unusual errors (default) */
- slapi_log_error(SLAPI_LOG_FATAL, "sasl", "%s", message);
+ slapi_log_error(SLAPI_LOG_FATAL, "sasl", "%s\n", message);
break;
case SASL_LOG_FAIL: /* log all authentication failures */
@@ -146,7 +146,7 @@
case SASL_LOG_TRACE: /* traces of internal protocols */
case SASL_LOG_PASS: /* traces of internal protocols, including
* passwords */
- LDAPDebug(LDAP_DEBUG_ANY, "sasl(%d): %s", level, message, 0);
+ LDAPDebug(LDAP_DEBUG_ANY, "sasl(%d): %s\n", level, message, 0);
break;
case SASL_LOG_NONE: /* don't log anything */
@@ -446,7 +446,12 @@
clear = pw;
if (clear) {
- if (prop_set(propctx, "userpassword", clear, -1) != 0) {
+ if (prop_set(propctx, SASL_AUX_PASSWORD_PROP, clear, -1) != 0) {
+ /* Failure is benign here because some mechanisms don't support this property */
+ /*LDAPDebug(LDAP_DEBUG_TRACE, "prop_set(userpassword) failed\n", 0, 0, 0);
+ goto fail */ ;
+ }
+ if (prop_set(propctx, SASL_AUX_PASSWORD, clear, -1) != 0) {
/* Failure is benign here because some mechanisms don't support this property */
/*LDAPDebug(LDAP_DEBUG_TRACE, "prop_set(userpassword) failed\n", 0, 0, 0);
goto fail */ ;
More information about the Fedora-directory-commits
mailing list