[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: SASL interoperability fix (ITS#2994)

To: openldap-its@OpenLDAP.org
Subject: Re: SASL interoperability fix (ITS#2994)
From: Kurt@OpenLDAP.org
Date: Thu, 4 Mar 2004 04:40:58 GMT

I believe this change will cause breakage in other cases.
A server returning data of any length (including zero)
is distinct case from a server returning no data.

Kurt

At 07:50 AM 3/4/2004, lukeh@padl.com wrote:
>Full_Name: Luke Howard
>Version: HEAD
>OS: Linux
>URL: ftp://ftp.openldap.org/incoming/
>Submission from: (NULL) (165.228.130.11)
>
>
>Some SASL clients require that serverSaslCreds be provided when the last token
>returned by the server is zero length. Presently OpenLDAP omits
>serverSaslCreds.
>
>(This is obviously only an issue for mechanisms such as GSSAPI that return a
>zero length token on the last leg of the authentication.)
>
>The following patch fixes this:
>
>cvs server: Diffing .
>Index: sasl.c
>===================================================================
>RCS file: /repo/OpenLDAP/pkg/ldap/servers/slapd/sasl.c,v
>retrieving revision 1.165.2.12
>diff -u -r1.165.2.12 sasl.c
>--- sasl.c      17 Jan 2004 19:32:20 -0000      1.165.2.12
>+++ sasl.c      3 Mar 2004 22:42:27 -0000
>@@ -1625,7 +1625,7 @@
>                }
> 
>                /* Must send response using old security layer */
>-               if (response.bv_len) rs->sr_sasldata = &response;
>+               rs->sr_sasldata = &response;
>                send_ldap_sasl( op, rs );
> 
>                /* Now dispose of the old security layer.

Prev by Date: RE: Invalid free() in syncrepl (ITS#2995)
Next by Date: Re: SASL interoperability fix (ITS#2994)
Index(es):
- Chronological
- Thread