[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: (ITS#6475) SASL OTP and syncrepl
Hi,
I've received segmentation faults during some basic SASL OTP testing
using CVS HEAD.
Below you'll find a small patch (against HEAD) which seems to fix this
issue ...
Before the patch:
root@tingletangle:~/repos/openldap# /usr/local/openldap/bin/ldapsearch
-v -Y OTP -U test1
ldap_initialize( <DEFAULT> )
SASL/OTP authentication started
ldap_sasl_interactive_bind_s: Can't contact LDAP server (-1) (<== slapd
segfault)
After the patch has been applied:
root@tingletangle:~/repos/openldap# /usr/local/openldap/bin/ldapsearch
-v -Y OTP -U test1
ldap_initialize( <DEFAULT> )
SASL/OTP authentication started
Challenge: otp-md5 498 ti6311 ext
Please enter your one-time password: huhu
ldap_sasl_interactive_bind_s: Invalid credentials (49)
additional info: SASL(-13): authentication failure: (<== slapd
still running ;-) )
As I'm not (yet ;-)) an OTP-expert I have not tested any further because
I currently just don't know how to calculate the one-time password based
on the challenge ...
Best regards,
Daniel
Index: servers/slapd/sasl.c
===================================================================
RCS file: /repo/OpenLDAP/pkg/ldap/servers/slapd/sasl.c,v
retrieving revision 1.274
diff -u -r1.274 sasl.c
--- servers/slapd/sasl.c 15 Apr 2010 16:13:54 -0000 1.274
+++ servers/slapd/sasl.c 19 Jul 2010 19:55:11 -0000
@@ -548,7 +548,7 @@
op.o_req_ndn.bv_val = (char
*)pr[i].values[0];
}
#ifdef SLAP_AUXPROP_DONTUSECOPY
- {
+ if ( slap_dontUseCopy_propnames != NULL ) {
struct berval bv;
ber_str2bv( &pr[i].name[1], 0, 1, &bv );
for ( j = 0; !BER_BVISNULL(
&slap_dontUseCopy_propnames[ j ] ); j++ ) {