Fixed slapd ACL group DN crash (ITS#2467)
Fixed slapd substring normalization bug (ITS#2468)
Fixed back-bdb search filter empty value bug (ITS#2453)
- Fixed ldappasswd -y support
+ Fixed SASL interactive free bug (ITS#2423)
+ Fixed liblber multi-value decode bug (ITS#2458)
+ Fixed liblber over read bug (ITS#2465)
+ Fixed ldappasswd -y support (ITS#2441)
OpenLDAP 2.1.17 Release
Fixed libldap_r thread pool context bug (ITS#2404)
sasl_mech, NULL, NULL,
sasl_flags, lutil_sasl_interact, defaults );
+ lutil_sasl_freedefs( defaults );
if( rc != LDAP_SUCCESS ) {
ldap_perror( ld, "ldap_sasl_interactive_bind_s" );
exit( EXIT_FAILURE );
{
if (ber_skip_tag( b->ber, &len ) == LBER_DEFAULT) break;
b->ber->ber_ptr += len;
+ b->ber->ber_tag = *(unsigned char *)b->ber->ber_ptr;
}
}
}
while (ber->ber_rwptr > (char *)&ber->ber_tag && ber->ber_rwptr <
- (char *)&ber->ber_len + LENSIZE*2) {
+ (char *)&ber->ber_len + LENSIZE*2 -1) {
ber_slen_t sblen;
char buf[sizeof(ber->ber_len)-1];
ber_len_t tlen = 0;
sblen=ber_int_sb_read( sb, ber->ber_rwptr,
- ((char *)&ber->ber_len + LENSIZE*2)-ber->ber_rwptr);
+ ((char *)&ber->ber_len + LENSIZE*2 - 1)-ber->ber_rwptr);
if (sblen<=0) return LBER_DEFAULT;
ber->ber_rwptr += sblen;
tag = *p++;
if ((tag & LBER_BIG_TAG_MASK) == LBER_BIG_TAG_MASK) {
ber_len_t i;
- for (i=1; (char *)p<ber->ber_rwptr; i++,p++) {
+ for (i=1; (char *)p<ber->ber_rwptr; i++) {
tag <<= 8;
- tag |= *p;
- if (!(*p & LBER_MORE_TAG_MASK))
+ tag |= *p++;
+ if (!(tag & LBER_MORE_TAG_MASK))
break;
/* Is the tag too big? */
if (i == sizeof(ber_tag_t)-1) {
if ((char *)p == ber->ber_rwptr) {
return LBER_DEFAULT;
}
- p++;
}
ber->ber_tag = tag;
ber->ber_ptr = (char *)p;
sasl_ssf_t *ssf = NULL;
sasl_conn_t *ctx;
sasl_interact_t *prompts = NULL;
- const void *promptresult = NULL;
unsigned credlen;
struct berval ccred;
ber_socket_t sd;
&credlen,
&mech );
- /* Cyrus SASL library doesn't initialize the prompt result pointer */
- if( promptresult == NULL && prompts != NULL ) prompts->result = NULL;
-
if( pmech == NULL && mech != NULL ) {
pmech = mech;
if( !interact ) break;
res = (interact)( ld, flags, defaults, prompts );
- /* keep a pointer to the prompt result so we can free it
- * after Cyrus SASL has consumed the prompts.
- */
- promptresult = prompts->result;
-
if( res != LDAP_SUCCESS ) break;
}
} while ( saslrc == SASL_INTERACT );
(SASL_CONST char **)&ccred.bv_val,
&credlen );
- /* SASL library doesn't initialize the prompt result pointer */
- if( promptresult == NULL && prompts != NULL ) prompts->result = NULL;
-
#ifdef NEW_LOGGING
LDAP_LOG ( TRANSPORT, DETAIL1,
"ldap_int_sasl_bind: sasl_client_step: %d\n", saslrc,0,0 );
int res;
if( !interact ) break;
res = (interact)( ld, flags, defaults, prompts );
-
- /* keep a pointer to the prompt result so we can free it
- * after Cyrus SASL has consumed the prompts.
- */
- promptresult = prompts->result;
-
if( res != LDAP_SUCCESS ) break;
}
} while ( saslrc == SASL_INTERACT );
}
done:
- /* free the last prompt result */
- LDAP_FREE((void*)promptresult);
return rc;
}
char *authcid;
char *passwd;
char *authzid;
+ char **resps;
+ int nresps;
} lutilSASLdefaults;
+void
+lutil_sasl_freedefs(
+ void *defaults )
+{
+ lutilSASLdefaults *defs = defaults;
+
+ if (defs->mech) ber_memfree(defs->mech);
+ if (defs->realm) ber_memfree(defs->realm);
+ if (defs->authcid) ber_memfree(defs->authcid);
+ if (defs->passwd) ber_memfree(defs->passwd);
+ if (defs->authzid) ber_memfree(defs->authzid);
+ if (defs->resps) ldap_charray_free(defs->resps);
+
+ ber_memfree(defs);
+}
+
void *
lutil_sasl_defaults(
LDAP *ld,
if( defaults == NULL ) return NULL;
- defaults->mech = mech;
- defaults->realm = realm;
- defaults->authcid = authcid;
- defaults->passwd = passwd;
- defaults->authzid = authzid;
+ defaults->mech = mech ? ber_strdup(mech) : NULL;
+ defaults->realm = realm ? ber_strdup(realm) : NULL;
+ defaults->authcid = authcid ? ber_strdup(authcid) : NULL;
+ defaults->passwd = passwd ? ber_strdup(passwd) : NULL;
+ defaults->authzid = authzid ? ber_strdup(authzid) : NULL;
if( defaults->mech == NULL ) {
ldap_get_option( ld, LDAP_OPT_X_SASL_MECH, &defaults->mech );
if( defaults->authzid == NULL ) {
ldap_get_option( ld, LDAP_OPT_X_SASL_AUTHZID, &defaults->authzid );
}
+ defaults->resps = NULL;
+ defaults->nresps = 0;
return defaults;
}
if( interact->len > 0 ) {
/* duplicate */
char *p = (char *)interact->result;
- interact->result = strdup( p );
+ ldap_charray_add(&defaults->resps, interact->result);
+ interact->result = defaults->resps[defaults->nresps++];
/* zap */
memset( p, '\0', interact->len );
} else {
use_default:
/* input must be empty */
- interact->result = strdup( (dflt && *dflt) ? dflt : "" );
- interact->len = interact->result
- ? strlen( interact->result ) : 0;
- }
-
- if( defaults && defaults->passwd && interact->id == SASL_CB_PASS ) {
- /* zap password after first use */
- memset( defaults->passwd, '\0', strlen(defaults->passwd) );
- defaults->passwd = NULL;
+ interact->result = (dflt && *dflt) ? dflt : "";
+ interact->len = strlen( interact->result );
}
return LDAP_SUCCESS;
{
sasl_interact_t *interact = in;
- if( interact->result ) {
- /* we have results from a previous interaction */
- free( (void *)interact->result );
- interact->result = NULL;
- }
-
if( ld == NULL ) return LDAP_PARAM_ERROR;
if( flags == LDAP_SASL_INTERACTIVE ) {
projects / thirdparty / openldap.git / commitdiff
