[Date Prev][Date Next] [Chronological] [Thread] [Top]

fixes for SASL KERBEROS_V4 mechanism (ITS#829)



Full_Name: Karsten Kuenne
Version: 2.0.6
OS: Solaris 7
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (131.169.137.215)


The KERBEROS_V4 SASL mechanism needs the local and remote IP address to be set
with
sasl_setprop in order to work. The following patch fixes it:

*** ./libraries/libldap/cyrus.c.orig    Wed Oct 11 19:58:00 2000
--- ./libraries/libldap/cyrus.c Thu Oct 12 00:07:29 2000
***************
*** 386,391 ****
--- 386,394 ----
  {
        int rc;
        sasl_conn_t *ctx;
+       ber_socket_t            sd;
+       struct sockaddr_in sinloc, sinrem;
+       socklen_t socklen;
  
        sasl_callback_t *session_callbacks =
                ber_memcalloc( 2, sizeof( sasl_callback_t ) );
***************
*** 420,425 ****
--- 423,452 ----
  
        lc->lconn_sasl_ctx = ctx;
  
+       ber_sockbuf_ctrl( ld->ld_sb, LBER_SB_OPT_GET_FD, &sd );
+       socklen = sizeof(sinloc);
+       rc = getsockname(sd, (struct sockaddr *)&sinloc, &socklen);
+       if (rc == -1) {
+               ld->ld_errno = errno;
+               return rc;
+       }
+       rc = sasl_setprop(ctx, SASL_IP_LOCAL, &sinloc);
+       if ( rc != SASL_OK ) {
+               ld->ld_errno = sasl_err2ldap( rc );
+               return ld->ld_errno;
+       }
+       socklen = sizeof(sinrem);
+       rc = getpeername(sd, (struct sockaddr *)&sinrem, &socklen);
+       if (rc == -1) {
+               ld->ld_errno = errno;
+               return rc;
+       }
+       rc = sasl_setprop(ctx, SASL_IP_REMOTE, &sinrem);
+       if ( rc != SASL_OK ) {
+               ld->ld_errno = sasl_err2ldap( rc );
+               return ld->ld_errno;
+       }
+ 
        if( ssf ) {
                sasl_external_properties_t extprops;
                memset(&extprops, 0L, sizeof(extprops));
*** ./servers/slapd/sasl.c.orig Wed Oct 11 18:51:14 2000
--- ./servers/slapd/sasl.c      Thu Oct 12 00:08:01 2000
***************
*** 221,226 ****
--- 221,229 ----
  #ifdef HAVE_CYRUS_SASL
        sasl_conn_t *ctx = NULL;
        sasl_callback_t *session_callbacks;
+       ber_socket_t sd;
+       struct sockaddr_in sinloc, sinrem;
+       socklen_t socklen;
  
        assert( conn->c_sasl_context == NULL );
        assert( conn->c_sasl_extra == NULL );
***************
*** 259,264 ****
--- 262,290 ----
  
        conn->c_sasl_context = ctx;
  
+       ber_sockbuf_ctrl( conn->c_sb, LBER_SB_OPT_GET_FD, &sd );
+         socklen = sizeof(sinloc);
+         sc = getsockname(sd, (struct sockaddr *)&sinloc, &socklen);
+         if (sc == -1) {
+                 return sc;
+         }
+         sc = sasl_setprop(ctx, SASL_IP_LOCAL, &sinloc);
+         if ( sc != SASL_OK ) {
+                 sc = slap_sasl_err2ldap( sc );
+                 return sc;
+         }
+ 
+         socklen = sizeof(sinrem);
+         sc = getpeername(sd, (struct sockaddr *)&sinrem, &socklen);
+         if (sc == -1) {
+                 return sc;
+         }
+         sc = sasl_setprop(ctx, SASL_IP_REMOTE, &sinrem);
+         if ( sc != SASL_OK ) {
+                 sc = slap_sasl_err2ldap( sc );
+                 return sc;
+         }
+ 
        if( sc == SASL_OK ) {
                sc = sasl_setprop( ctx,
                        SASL_SEC_PROPS, &sasl_secprops );


I tested that GSSAPI is still working with these changes applied but I didn't
test
whether it affects other mechanisms (it shouldn't).

Karsten.