[Date Prev][Date Next] [Chronological] [Thread] [Top]

(ITS#7118)

To: openldap-its@OpenLDAP.org
Subject: (ITS#7118)
From: thomas@koeller.dyndns.org
Date: Mon, 2 Jan 2012 01:19:17 GMT
Auto-submitted: auto-generated (OpenLDAP-ITS)

I found that the patch I proposed actually threw out the baby with the bathwater;
rejecting all plugins is inappropriate.
So here is a revised version that only excludes the ldapdb plugin specifically:

diff -brpu openldap-2.4.28-orig/servers/slapd/sasl.c openldap-2.4.28/servers/slapd/sasl.c
--- openldap-2.4.28-orig/servers/slapd/sasl.c	2011-11-25 19:52:29.000000000 +0100
+++ openldap-2.4.28/servers/slapd/sasl.c	2012-01-02 01:48:58.000000000 +0100
@@ -67,6 +67,24 @@ char *slap_sasl_auxprops;

 #ifdef HAVE_CYRUS_SASL

+/* Do not load the ldapdb plugin */
+static int
+slap_sasl_verifyfile(
+	void *context,
+	const char *file,
+	sasl_verify_type_t type)
+{
+	int res = SASL_OK;
+
+	if (type == SASL_VRFY_PLUGIN) {
+		static const char name[] = "libldapdb.so";
+		const char * const p = strstr(file, name);
+		if (p && !strchr(p, '/'))
+			res = SASL_CONTINUE;
+	}
+	return res;
+}
+
 /* Just use our internal auxprop by default */
 static int
 slap_sasl_getopt(
@@ -1111,6 +1129,7 @@ int slap_sasl_init( void )
 	static sasl_callback_t server_callbacks[] = {
 		{ SASL_CB_LOG, &slap_sasl_log, NULL },
 		{ SASL_CB_GETOPT, &slap_sasl_getopt, NULL },
+		{ SASL_CB_VERIFYFILE, &slap_sasl_verifyfile, NULL },
 		{ SASL_CB_LIST_END, NULL, NULL }
 	};
 #endif

Prev by Date: (ITS#7119) smbldap-populate error
Next by Date: Re: (ITS#7119) smbldap-populate error
Index(es):
- Chronological
- Thread