[Fedora-directory-commits] ldapserver/ldap/servers/slapd util.c, 1.26, 1.27

[Richard Allen Megginson]

Author: rmeggins

Update of /cvs/dirsec/ldapserver/ldap/servers/slapd
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv24442/ldapserver/ldap/servers/slapd

Modified Files:
	util.c 
Log Message:
Resolves: bug 479313
Bug Description: Server to Server SASL - DIGEST/MD5 - Can not Stop server
Reviewed by: nhosoi (Thanks!)
Fix Description: Using ldap_set_option with LDAP_OPT_X_SASL_SECPROPS is not thread safe.  ldap_set_option acquires the OPTION lock, but using LDAP_OPT_X_SASL_SECPROPS just calls return rather than calling break to exit the switch and unlock the lock.  A mozilla bug has been filed https://bugzilla.mozilla.org/show_bug.cgi?id=473438.  The fix is to use LDAP_OPT_X_SASL_SSF_MAX.
Platforms tested: RHEL5
Flag Day: no
Doc impact: no



Index: util.c
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/util.c,v
retrieving revision 1.26
retrieving revision 1.27
diff -u -r1.26 -r1.27
--- util.c	9 Jan 2009 21:30:56 -0000	1.26
+++ util.c	13 Jan 2009 22:24:15 -0000	1.27
@@ -1105,6 +1105,7 @@
     return slapi_ldap_init_ext(NULL, ldaphost, ldapport, secure, shared, NULL);
 }
 
+#include <sasl.h>
 /*
  * Does the correct bind operation simple/sasl/cert depending
  * on the arguments passed in.  If the user specified to use
@@ -1258,7 +1259,8 @@
     } else {
 	/* a SASL mech - set the sasl ssf to 0 if using TLS/SSL */
 	if (secure) {
-	    ldap_set_option(ld, LDAP_OPT_X_SASL_SECPROPS, "maxssf=0");
+	    sasl_ssf_t max_ssf = 0;
+	    ldap_set_option(ld, LDAP_OPT_X_SASL_SSF_MAX, &max_ssf);
 	}
 	rc = slapd_ldap_sasl_interactive_bind(ld, bindid, creds, mech,
 					      serverctrls, returnedctrls,
@@ -1282,7 +1284,6 @@
 
 /* the following implements the client side of sasl bind, for LDAP server
    -> LDAP server SASL */
-#include <sasl.h>
 
 typedef struct {
     char *mech;