[Fedora-directory-commits] ldapserver/ldap/servers/slapd util.c, 1.26, 1.27
Richard Allen Megginson
rmeggins at fedoraproject.org
Tue Jan 13 22:24:18 UTC 2009
- Previous message (by thread): [Fedora-directory-commits] ldapserver/ldap/servers/slapd ssl.c, 1.21, 1.22
- Next message (by thread): [Fedora-directory-commits] ldapserver/ldap/servers/plugins/replication repl5.h, 1.13, 1.14 repl_globals.c, 1.7, 1.8 windows_inc_protocol.c, 1.18, 1.19 windows_private.c, 1.22, 1.23 windowsrepl.h, 1.17, 1.18
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: rmeggins
Update of /cvs/dirsec/ldapserver/ldap/servers/slapd
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv24442/ldapserver/ldap/servers/slapd
Modified Files:
util.c
Log Message:
Resolves: bug 479313
Bug Description: Server to Server SASL - DIGEST/MD5 - Can not Stop server
Reviewed by: nhosoi (Thanks!)
Fix Description: Using ldap_set_option with LDAP_OPT_X_SASL_SECPROPS is not thread safe. ldap_set_option acquires the OPTION lock, but using LDAP_OPT_X_SASL_SECPROPS just calls return rather than calling break to exit the switch and unlock the lock. A mozilla bug has been filed https://bugzilla.mozilla.org/show_bug.cgi?id=473438. The fix is to use LDAP_OPT_X_SASL_SSF_MAX.
Platforms tested: RHEL5
Flag Day: no
Doc impact: no
Index: util.c
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/util.c,v
retrieving revision 1.26
retrieving revision 1.27
diff -u -r1.26 -r1.27
--- util.c 9 Jan 2009 21:30:56 -0000 1.26
+++ util.c 13 Jan 2009 22:24:15 -0000 1.27
@@ -1105,6 +1105,7 @@
return slapi_ldap_init_ext(NULL, ldaphost, ldapport, secure, shared, NULL);
}
+#include <sasl.h>
/*
* Does the correct bind operation simple/sasl/cert depending
* on the arguments passed in. If the user specified to use
@@ -1258,7 +1259,8 @@
} else {
/* a SASL mech - set the sasl ssf to 0 if using TLS/SSL */
if (secure) {
- ldap_set_option(ld, LDAP_OPT_X_SASL_SECPROPS, "maxssf=0");
+ sasl_ssf_t max_ssf = 0;
+ ldap_set_option(ld, LDAP_OPT_X_SASL_SSF_MAX, &max_ssf);
}
rc = slapd_ldap_sasl_interactive_bind(ld, bindid, creds, mech,
serverctrls, returnedctrls,
@@ -1282,7 +1284,6 @@
/* the following implements the client side of sasl bind, for LDAP server
-> LDAP server SASL */
-#include <sasl.h>
typedef struct {
char *mech;
- Previous message (by thread): [Fedora-directory-commits] ldapserver/ldap/servers/slapd ssl.c, 1.21, 1.22
- Next message (by thread): [Fedora-directory-commits] ldapserver/ldap/servers/plugins/replication repl5.h, 1.13, 1.14 repl_globals.c, 1.7, 1.8 windows_inc_protocol.c, 1.18, 1.19 windows_private.c, 1.22, 1.23 windowsrepl.h, 1.17, 1.18
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the Fedora-directory-commits
mailing list