[Fedora-directory-commits] ldapserver/ldap/servers/slapd saslbind.c, 1.9.2.1, 1.9.2.2

Richard Allen Megginson (rmeggins) fedora-directory-commits at redhat.com
Thu Nov 3 15:36:27 UTC 2005


Author: rmeggins

Update of /cvs/dirsec/ldapserver/ldap/servers/slapd
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv18860

Modified Files:
      Tag: Directory71RtmBranch
	saslbind.c 
Log Message:
Bug(s) fixed: 166229, 166081
Bug Description: slapd crashes during SASL authentication
Reviewed by: Noriko (Thanks!)
Branch: HEAD and Directory71RtmBranch
Fix Description: When we build cyrus-sasl on RHEL, we tell it to use 
berkeley db for its sasldb database.  It uses whatever version of 
berkeley db is installed in the system.  On RHEL3, this is usually 
libdb-4.1.  However, at runtime, slapd uses 4.2, leading to conflicts.  
This doesn't happen on RHEL4 because it already has 4.2 on it.  The db 
is used to lookup auxiliary properties (auxprop) related to the user, 
such as password or whatever.  This happens in sasl after the user is 
looked up.  In our server, the way we use it, we don't care about these 
auxprops, or we get them in another way.  If you don't tell sasl which 
auxprop plugin you want to use, it tries to use all of them, which means 
it will attempt to use the sasldb plugin, which will lead to the crash.  
The solution is to add our own auxprop plugin which is just a dummy that 
does nothing, and tell sasl to use our plugin.
Platforms tested: RHEL3, RHEL4
Flag Day: no
Doc impact: no



Index: saslbind.c
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/saslbind.c,v
retrieving revision 1.9.2.1
retrieving revision 1.9.2.2
diff -u -r1.9.2.1 -r1.9.2.2
--- saslbind.c	29 Aug 2005 22:06:25 -0000	1.9.2.1
+++ saslbind.c	3 Nov 2005 15:36:19 -0000	1.9.2.2
@@ -95,6 +95,56 @@
  * sasl library callbacks
  */
 
+/*
+ * We've added this auxprop stuff as a workaround for RHDS bug 166229
+ * and FDS bug 166081.  The problem is that sasldb is configured and
+ * enabled by default, but we don't want or need to use it.  What
+ * happens after canon_user is that sasl looks up any auxiliary
+ * properties of that user.  If you don't tell sasl which auxprop
+ * plug-in to use, it tries all of them, including sasldb.  In order
+ * to avoid this, we create a "dummy" auxprop plug-in with the name
+ * "iDS" and tell sasl to use this plug-in for auxprop lookups.
+ * The reason we don't need auxprops is because when we grab the user's
+ * entry from the internal database, at the same time we get any other
+ * properties we need - it's more efficient that way.
+ */
+static void ids_auxprop_lookup(void *glob_context __attribute__((unused)),
+				  sasl_server_params_t *sparams __attribute__((unused)),
+				  unsigned flags __attribute__((unused)),
+				  const char *user __attribute__((unused)),
+				  unsigned ulen __attribute__((unused))) 
+{
+    /* do nothing - we don't need auxprops - we just do this to avoid
+       sasldb_auxprop_lookup */
+}
+
+static sasl_auxprop_plug_t ids_auxprop_plugin = {
+    0,           		/* Features */
+    0,           		/* spare */
+    NULL,        		/* glob_context */
+    NULL,        		/* auxprop_free */
+    ids_auxprop_lookup,	/* auxprop_lookup */
+    "iDS",			/* name */
+    NULL	/* auxprop_store */
+};
+
+int ids_auxprop_plug_init(const sasl_utils_t *utils __attribute__((unused)),
+                          int max_version,
+                          int *out_version,
+                          sasl_auxprop_plug_t **plug,
+                          const char *plugname __attribute__((unused))) 
+{
+    if(!out_version || !plug) return SASL_BADPARAM;
+
+    if(max_version < SASL_AUXPROP_PLUG_VERSION) return SASL_BADVERS;
+    
+    *out_version = SASL_AUXPROP_PLUG_VERSION;
+
+    *plug = &ids_auxprop_plugin;
+
+    return SASL_OK;
+}
+
 static int ids_sasl_getopt(
     void *context, 
     const char *plugin_name,
@@ -121,6 +171,8 @@
         if (LDAPDebugLevelIsSet(LDAP_DEBUG_TRACE)) {
             *result = "6"; /* SASL_LOG_TRACE */
         }
+    } else if (strcasecmp(option, "auxprop_plugin") == 0) {
+        *result = "iDS";
     }
 
     if (*result) *len = strlen(*result);
@@ -576,6 +628,8 @@
 #endif
 #endif
 
+    result = sasl_auxprop_add_plugin("iDS", ids_auxprop_plug_init);
+
     LDAPDebug( LDAP_DEBUG_TRACE, "<= ids_sasl_init\n", 0, 0, 0 );
 
     return result;




More information about the Fedora-directory-commits mailing list