diff options
| author | Rich Megginson <rmeggins@redhat.com> | 2005-08-29 22:11:05 +0000 |
|---|---|---|
| committer | Rich Megginson <rmeggins@redhat.com> | 2005-08-29 22:11:05 +0000 |
| commit | 5fcb395f5579d83f229fb2a28fd0b1f9dbb50fa8 (patch) | |
| tree | 8f751db8ea3ea5e63ca303b7eaf80d9a784f3be2 | |
| parent | 432badcd7891b3dad6a0156a52980e882d4967e3 (diff) | |
| download | ds-5fcb395f5579d83f229fb2a28fd0b1f9dbb50fa8.tar.gz ds-5fcb395f5579d83f229fb2a28fd0b1f9dbb50fa8.tar.xz ds-5fcb395f5579d83f229fb2a28fd0b1f9dbb50fa8.zip | |
Bug(s) fixed: 166229
Bug Description: slapd crashes during SASL authentication
Reviewed by: Noriko (Thanks!)
Branch: HEAD
Fix Description: I could not reproduce the crash. I tried several different ways - no password in entry, empty password in entry, SSHA hashed password in entry - no crashes. No useful information from the FDS bug reporter either. In fact I found that SASL Digest-MD5 was not working at all. We needed to use the SASL_AUX_PASSWORD_PROP define instead of hardcoding "userpassword" - I guess sasl is case sensitive. I also fixed some missing new lines in log messages.
Platforms tested: RHEL4
Flag Day: no
Doc impact: no
QA impact: should be covered by regular nightly and manual testing
New Tests integrated into TET: none
| -rw-r--r-- | ldap/servers/slapd/saslbind.c | 11 |
1 files changed, 8 insertions, 3 deletions
diff --git a/ldap/servers/slapd/saslbind.c b/ldap/servers/slapd/saslbind.c index af8eb6de..a38d07e7 100644 --- a/ldap/servers/slapd/saslbind.c +++ b/ldap/servers/slapd/saslbind.c @@ -136,7 +136,7 @@ static int ids_sasl_log( { switch (level) { case SASL_LOG_ERR: /* log unusual errors (default) */ - slapi_log_error(SLAPI_LOG_FATAL, "sasl", "%s", message); + slapi_log_error(SLAPI_LOG_FATAL, "sasl", "%s\n", message); break; case SASL_LOG_FAIL: /* log all authentication failures */ @@ -146,7 +146,7 @@ static int ids_sasl_log( case SASL_LOG_TRACE: /* traces of internal protocols */ case SASL_LOG_PASS: /* traces of internal protocols, including * passwords */ - LDAPDebug(LDAP_DEBUG_ANY, "sasl(%d): %s", level, message, 0); + LDAPDebug(LDAP_DEBUG_ANY, "sasl(%d): %s\n", level, message, 0); break; case SASL_LOG_NONE: /* don't log anything */ @@ -446,7 +446,12 @@ static int ids_sasl_canon_user( clear = pw; if (clear) { - if (prop_set(propctx, "userpassword", clear, -1) != 0) { + if (prop_set(propctx, SASL_AUX_PASSWORD_PROP, clear, -1) != 0) { + /* Failure is benign here because some mechanisms don't support this property */ + /*LDAPDebug(LDAP_DEBUG_TRACE, "prop_set(userpassword) failed\n", 0, 0, 0); + goto fail */ ; + } + if (prop_set(propctx, SASL_AUX_PASSWORD, clear, -1) != 0) { /* Failure is benign here because some mechanisms don't support this property */ /*LDAPDebug(LDAP_DEBUG_TRACE, "prop_set(userpassword) failed\n", 0, 0, 0); goto fail */ ; |