diff options
author | Rich Megginson <rmeggins@redhat.com> | 2009-01-13 22:24:15 +0000 |
---|---|---|
committer | Rich Megginson <rmeggins@redhat.com> | 2009-01-13 22:24:15 +0000 |
commit | d7d5d7f0ed55f5edbfa10a5911e8cbf44084e7ae (patch) | |
tree | 8274c35a7dc3b42932fe3822708a87aedb853fbd | |
parent | 2969601f66e79313c1d4a424c759352f75e35181 (diff) | |
download | ds-d7d5d7f0ed55f5edbfa10a5911e8cbf44084e7ae.tar.gz ds-d7d5d7f0ed55f5edbfa10a5911e8cbf44084e7ae.tar.xz ds-d7d5d7f0ed55f5edbfa10a5911e8cbf44084e7ae.zip |
Resolves: bug 479313
Bug Description: Server to Server SASL - DIGEST/MD5 - Can not Stop server
Reviewed by: nhosoi (Thanks!)
Fix Description: Using ldap_set_option with LDAP_OPT_X_SASL_SECPROPS is not thread safe. ldap_set_option acquires the OPTION lock, but using LDAP_OPT_X_SASL_SECPROPS just calls return rather than calling break to exit the switch and unlock the lock. A mozilla bug has been filed https://bugzilla.mozilla.org/show_bug.cgi?id=473438. The fix is to use LDAP_OPT_X_SASL_SSF_MAX.
Platforms tested: RHEL5
Flag Day: no
Doc impact: no
-rw-r--r-- | ldap/servers/slapd/util.c | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/ldap/servers/slapd/util.c b/ldap/servers/slapd/util.c index 8e4876e9..79df75be 100644 --- a/ldap/servers/slapd/util.c +++ b/ldap/servers/slapd/util.c @@ -1105,6 +1105,7 @@ slapi_ldap_init( char *ldaphost, int ldapport, int secure, int shared ) return slapi_ldap_init_ext(NULL, ldaphost, ldapport, secure, shared, NULL); } +#include <sasl.h> /* * Does the correct bind operation simple/sasl/cert depending * on the arguments passed in. If the user specified to use @@ -1258,7 +1259,8 @@ slapi_ldap_bind( } else { /* a SASL mech - set the sasl ssf to 0 if using TLS/SSL */ if (secure) { - ldap_set_option(ld, LDAP_OPT_X_SASL_SECPROPS, "maxssf=0"); + sasl_ssf_t max_ssf = 0; + ldap_set_option(ld, LDAP_OPT_X_SASL_SSF_MAX, &max_ssf); } rc = slapd_ldap_sasl_interactive_bind(ld, bindid, creds, mech, serverctrls, returnedctrls, @@ -1282,7 +1284,6 @@ done: /* the following implements the client side of sasl bind, for LDAP server -> LDAP server SASL */ -#include <sasl.h> typedef struct { char *mech; |