/* we're done, no need to step */
if( scred ) {
/* but we got additional data? */
- Debug( LDAP_DEBUG_TRACE,
- "ldap_int_sasl_bind: rc=%d sasl=%d len=%ld\n",
- rc, saslrc, scred ? scred->bv_len : -1 );
-
- ber_bvfree( scred );
- rc = ld->ld_errno = LDAP_LOCAL_ERROR;
- goto done;
+#define KLUDGE_FOR_MSAD
+#ifdef KLUDGE_FOR_MSAD
+ /*
+ * MSAD provides empty additional data in violation of LDAP
+ * technical specifications. As no existing SASL mechanism
+ * allows empty data with an outcome message, just ignore it
+ * for now. Hopefully MS will fix their bug before someone
+ * defines a mechanism with possibly empty additional data.
+ */
+ if( scred->bv_len == 0 ) {
+ Debug( LDAP_DEBUG_ANY,
+ "ldap_int_sasl_bind: ignoring "
+ " bogus empty data provided with SASL outcome message.\n",
+ rc, saslrc, scred->bv_len );
+ ber_bvfree( scred );
+ } else
+#endif
+ {
+ Debug( LDAP_DEBUG_TRACE,
+ "ldap_int_sasl_bind: rc=%d sasl=%d len=%ld\n",
+ rc, saslrc, scred->bv_len );
+ rc = ld->ld_errno = LDAP_LOCAL_ERROR;
+ ber_bvfree( scred );
+ goto done;
+ }
}
break;
}
}
if( ssf && *ssf ) {
- if( flags != LDAP_SASL_QUIET ) {
- fprintf( stderr, "SASL installing layers\n" );
- }
if ( ld->ld_defconn->lconn_sasl_sockctx ) {
oldctx = ld->ld_defconn->lconn_sasl_sockctx;
sasl_dispose( &oldctx );
}
ldap_pvt_sasl_install( ld->ld_defconn->lconn_sb, ctx );
ld->ld_defconn->lconn_sasl_sockctx = ctx;
+
+ if( flags != LDAP_SASL_QUIET ) {
+ fprintf( stderr, "SASL data security layer installed.\n" );
+ }
}
}
ld->ld_defconn->lconn_sasl_authctx = ctx;
sasl_security_properties_t *secprops )
{
int i, j, l;
- char **props = ldap_str2charray( in, "," );
+ char **props;
unsigned sflags = 0;
int got_sflags = 0;
sasl_ssf_t max_ssf = 0;
unsigned maxbufsize = 0;
int got_maxbufsize = 0;
- if( props == NULL || secprops == NULL ) {
+ if( secprops == NULL ) {
+ return LDAP_PARAM_ERROR;
+ }
+ props = ldap_str2charray( in, "," );
+ if( props == NULL ) {
return LDAP_PARAM_ERROR;
}
if ( sprops[j].ival ) {
unsigned v;
char *next = NULL;
- if ( !isdigit( props[i][sprops[j].key.bv_len] )) continue;
+ if ( !isdigit( (unsigned char)props[i][sprops[j].key.bv_len] ))
+ continue;
v = strtoul( &props[i][sprops[j].key.bv_len], &next, 10 );
if ( next == &props[i][sprops[j].key.bv_len] || next[0] != '\0' ) continue;
switch( sprops[j].ival ) {
break;
}
if ( BER_BVISNULL( &sprops[j].key )) {
+ ldap_charray_free( props );
return LDAP_NOT_SUPPORTED;
}
}
int
ldap_int_sasl_set_option( LDAP *ld, int option, void *arg )
{
- if ( ld == NULL )
+ if ( ld == NULL || arg == NULL )
return -1;
switch ( option ) {