--- libraries/libldap/sasl.c 2003/01/21 16:31:55 1.47
+++ libraries/libldap/sasl.c 2006/01/03 22:16:09 1.58.2.4
@@ -1,7 +1,19 @@
-/* $OpenLDAP: pkg/ldap/libraries/libldap/sasl.c,v 1.46 2003/01/03 19:20:51 kurt Exp $ */
-/*
- * Copyright 1998-2003 The OpenLDAP Foundation, All Rights Reserved.
- * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
+/* $OpenLDAP: pkg/ldap/libraries/libldap/sasl.c,v 1.58.2.3 2005/11/14 18:06:06 kurt Exp $ */
+/* This work is part of OpenLDAP Software .
+ *
+ * Copyright 1998-2006 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * .
+ */
+/* Portions Copyright (C) The Internet Society (1997)
+ * ASN.1 fragments are from RFC 2251; see RFC for full legal notices.
*/
/*
@@ -60,12 +72,9 @@ ldap_sasl_bind(
{
BerElement *ber;
int rc;
+ ber_int_t id;
-#ifdef NEW_LOGGING
- LDAP_LOG ( TRANSPORT, ENTRY, "ldap_sasl_bind\n", 0, 0, 0 );
-#else
Debug( LDAP_DEBUG_TRACE, "ldap_sasl_bind\n", 0, 0, 0 );
-#endif
assert( ld != NULL );
assert( LDAP_VALID( ld ) );
@@ -76,7 +85,7 @@ ldap_sasl_bind(
if( rc != LDAP_SUCCESS ) return rc;
if( mechanism == LDAP_SASL_SIMPLE ) {
- if( dn == NULL && cred != NULL ) {
+ if( dn == NULL && cred != NULL && cred->bv_len ) {
/* use default binddn */
dn = ld->ld_defbinddn;
}
@@ -98,24 +107,25 @@ ldap_sasl_bind(
assert( LBER_VALID( ber ) );
+ LDAP_NEXT_MSGID( ld, id );
if( mechanism == LDAP_SASL_SIMPLE ) {
/* simple bind */
rc = ber_printf( ber, "{it{istON}" /*}*/,
- ++ld->ld_msgid, LDAP_REQ_BIND,
+ id, LDAP_REQ_BIND,
ld->ld_version, dn, LDAP_AUTH_SIMPLE,
cred );
} else if ( cred == NULL || cred->bv_val == NULL ) {
- /* SASL bind w/o creditials */
+ /* SASL bind w/o credentials */
rc = ber_printf( ber, "{it{ist{sN}N}" /*}*/,
- ++ld->ld_msgid, LDAP_REQ_BIND,
+ id, LDAP_REQ_BIND,
ld->ld_version, dn, LDAP_AUTH_SASL,
mechanism );
} else {
- /* SASL bind w/ creditials */
+ /* SASL bind w/ credentials */
rc = ber_printf( ber, "{it{ist{sON}N}" /*}*/,
- ++ld->ld_msgid, LDAP_REQ_BIND,
+ id, LDAP_REQ_BIND,
ld->ld_version, dn, LDAP_AUTH_SASL,
mechanism, cred );
}
@@ -138,14 +148,9 @@ ldap_sasl_bind(
return ld->ld_errno;
}
-#ifndef LDAP_NOCACHE
- if ( ld->ld_cache != NULL ) {
- ldap_flush_cache( ld );
- }
-#endif /* !LDAP_NOCACHE */
/* send the message */
- *msgidp = ldap_send_initial_request( ld, LDAP_REQ_BIND, dn, ber );
+ *msgidp = ldap_send_initial_request( ld, LDAP_REQ_BIND, dn, ber, id );
if(*msgidp < 0)
return ld->ld_errno;
@@ -168,11 +173,7 @@ ldap_sasl_bind_s(
LDAPMessage *result;
struct berval *scredp = NULL;
-#ifdef NEW_LOGGING
- LDAP_LOG ( TRANSPORT, ENTRY, "ldap_sasl_bind_s\n", 0, 0, 0 );
-#else
Debug( LDAP_DEBUG_TRACE, "ldap_sasl_bind_s\n", 0, 0, 0 );
-#endif
/* do a quick !LDAPv3 check... ldap_sasl_bind will do the rest. */
if( servercredp != NULL ) {
@@ -254,11 +255,7 @@ ldap_parse_sasl_bind_result(
ber_tag_t tag;
BerElement *ber;
-#ifdef NEW_LOGGING
- LDAP_LOG ( TRANSPORT, ENTRY, "ldap_parse_sasl_bind_result\n", 0, 0, 0 );
-#else
Debug( LDAP_DEBUG_TRACE, "ldap_parse_sasl_bind_result\n", 0, 0, 0 );
-#endif
assert( ld != NULL );
assert( LDAP_VALID( ld ) );
@@ -297,8 +294,13 @@ ldap_parse_sasl_bind_result(
}
if ( ld->ld_version < LDAP_VERSION2 ) {
+#ifdef LDAP_NULL_IS_NULL
+ tag = ber_scanf( ber, "{iA}",
+ &errcode, &ld->ld_error );
+#else /* ! LDAP_NULL_IS_NULL */
tag = ber_scanf( ber, "{ia}",
&errcode, &ld->ld_error );
+#endif /* ! LDAP_NULL_IS_NULL */
if( tag == LBER_ERROR ) {
ber_free( ber, 0 );
@@ -309,8 +311,13 @@ ldap_parse_sasl_bind_result(
} else {
ber_len_t len;
- tag = ber_scanf( ber, "{iaa" /*}*/,
+#ifdef LDAP_NULL_IS_NULL
+ tag = ber_scanf( ber, "{eAA" /*}*/,
+ &errcode, &ld->ld_matched, &ld->ld_error );
+#else /* ! LDAP_NULL_IS_NULL */
+ tag = ber_scanf( ber, "{eaa" /*}*/,
&errcode, &ld->ld_matched, &ld->ld_error );
+#endif /* ! LDAP_NULL_IS_NULL */
if( tag == LBER_ERROR ) {
ber_free( ber, 0 );
@@ -367,11 +374,7 @@ ldap_pvt_sasl_getmechs ( LDAP *ld, char
char **values, *mechlist;
int rc;
-#ifdef NEW_LOGGING
- LDAP_LOG ( TRANSPORT, ENTRY, "ldap_pvt_sasl_getmech\n", 0, 0, 0 );
-#else
Debug( LDAP_DEBUG_TRACE, "ldap_pvt_sasl_getmech\n", 0, 0, 0 );
-#endif
rc = ldap_search_s( ld, "", LDAP_SCOPE_BASE,
NULL, attrs, 0, &res );
@@ -432,6 +435,7 @@ ldap_sasl_interactive_bind_s(
void *defaults )
{
int rc;
+ char *smechs = NULL;
#if defined( LDAP_R_COMPILE ) && defined( HAVE_CYRUS_SASL )
ldap_pvt_thread_mutex_lock( &ldap_int_sasl_mutex );
@@ -442,40 +446,34 @@ ldap_sasl_interactive_bind_s(
* ask all the time. No, we don't ever actually bind, but I'll
* let the final bind handler take care of saving the cdn.
*/
- rc = ldap_simple_bind(ld, dn, NULL);
- return rc < 0 ? rc : 0;
+ rc = ldap_simple_bind( ld, dn, NULL );
+ rc = rc < 0 ? rc : 0;
+ goto done;
} else
#endif
- if( mechs == NULL || *mechs == '\0' ) {
- char *smechs;
+#ifdef HAVE_CYRUS_SASL
+ if( mechs == NULL || *mechs == '\0' ) {
+ mechs = ld->ld_options.ldo_def_sasl_mech;
+ }
+#endif
+
+ if( mechs == NULL || *mechs == '\0' ) {
rc = ldap_pvt_sasl_getmechs( ld, &smechs );
-
if( rc != LDAP_SUCCESS ) {
goto done;
}
-#ifdef NEW_LOGGING
- LDAP_LOG ( TRANSPORT, DETAIL1,
- "ldap_interactive_sasl_bind_s: server supports: %s\n",
- smechs, 0, 0 );
-#else
Debug( LDAP_DEBUG_TRACE,
- "ldap_interactive_sasl_bind_s: server supports: %s\n",
+ "ldap_sasl_interactive_bind_s: server supports: %s\n",
smechs, 0, 0 );
-#endif
mechs = smechs;
} else {
-#ifdef NEW_LOGGING
- LDAP_LOG ( TRANSPORT, DETAIL1,
- "ldap_interactive_sasl_bind_s: user selected: %s\n", mechs, 0, 0 );
-#else
Debug( LDAP_DEBUG_TRACE,
- "ldap_interactive_sasl_bind_s: user selected: %s\n",
+ "ldap_sasl_interactive_bind_s: user selected: %s\n",
mechs, 0, 0 );
-#endif
}
rc = ldap_int_sasl_bind( ld, dn, mechs,
@@ -486,6 +484,7 @@ done:
#if defined( LDAP_R_COMPILE ) && defined( HAVE_CYRUS_SASL )
ldap_pvt_thread_mutex_unlock( &ldap_int_sasl_mutex );
#endif
+ if ( smechs ) LDAP_FREE( smechs );
return rc;
}