[Date Prev][Date Next] [Chronological] [Thread] [Top]

latest server/slapd/sasl.c bug



Hi,

 This is from the latest cvs code as of today. In servers/slapd/sasl.c's
slap_sasl_getdn call (line #137), there is a check for realm. If the 
sasl_getprop on SASL_REALM returns anything other than SASL_OK, then 
bail out at this point. 

	/* Username strings */
	len1  = strlen( ",cn=auth" );
	if( !strncasecmp( dn, "u:", 2 ) ) {
		len += strlen( "dn:uid=" ) + len1;

		/* Figure out how much data we have for the dn */
		rc = sasl_getprop( ctx,	SASL_REALM, (void **)&c );
		if( rc != SASL_OK ) {
#ifdef NEW_LOGGING
			LDAP_LOG(( "sasl", LDAP_LEVEL_ERR,
				   "slap_sasl_getdn: getprop(REALM) failed.\n" ));
#else
			Debug(LDAP_DEBUG_TRACE,
				"getdn: getprop(REALM) failed!\n", 0,0,0);
#endif
			ch_free( dn );
			*dnptr = NULL;
			return( LDAP_OPERATIONS_ERROR );
		}


  In cyrus-sasl-1.5.24's lib/common.c where sasl_getprop is defined,
around line 360,

    case SASL_REALM:
      if (! conn->oparams.realm)
        result = SASL_NOTDONE;
      else
        *(char **)pvalue = conn->oparams.realm;

  If realm exists, return it or else return SASL_NOTDONE. Since 
slap_sasl_dn is checking for SASL_OK, if there is no realm then it 
fails. I bumped into this problem because I am using GSSAPI. 


thanks

mei