cannot assert la_private == NULL on free

[openldap] / libraries / libldap / kbind.c

diff --git a/libraries/libldap/kbind.c b/libraries/libldap/kbind.c
index 2831226ed8cde851a96525d06931cfd6cbff263e..1da20d716fe55209204b20a251188ba53d162f55 100644 (file)
--- a/libraries/libldap/kbind.c
+++ b/libraries/libldap/kbind.c
@@ -1,32 +1,51 @@
+/* $OpenLDAP$ */
 /*
+ * Copyright 1998-2000 The OpenLDAP Foundation, All Rights Reserved.
+ * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
+ */
+/*  Portions
  *  Copyright (c) 1993 Regents of the University of Michigan.
  *  All rights reserved.
  *
  *  kbind.c
  */
 
-#include "portable.h"
-
-#ifndef lint 
-static char copyright[] = "@(#) Copyright (c) 1993 Regents of the University of Michigan.\nAll rights reserved.\n";
+/*
+ *     BindRequest ::= SEQUENCE {
+ *             version         INTEGER,
+ *             name            DistinguishedName,       -- who
+ *             authentication  CHOICE {
+ *                     simple          [0] OCTET STRING -- passwd
+#ifdef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND
+ *                     krbv42ldap      [1] OCTET STRING
+ *                     krbv42dsa       [2] OCTET STRING
 #endif
+ *                     sasl            [3] SaslCredentials     -- LDAPv3
+ *             }
+ *     }
+ *
+ *     BindResponse ::= SEQUENCE {
+ *             COMPONENTS OF LDAPResult,
+ *             serverSaslCreds         OCTET STRING OPTIONAL -- LDAPv3
+ *     }
+ *
+ */
 
-#ifdef HAVE_KERBEROS
+#include "portable.h"
+
+#ifdef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND
 
 #include <stdio.h>
-#include <stdlib.h>
+#include <ac/stdlib.h>
 
 #include <ac/krb.h>
 #include <ac/socket.h>
 #include <ac/string.h>
 #include <ac/time.h>
 
-#include "lber.h"
-#include "ldap.h"
 #include "ldap-int.h"
 
 
-
 /*
  * ldap_kerberos_bind1 - initiate a bind to the ldap server using
  * kerberos authentication.  The dn is supplied.  It is assumed the user
@@ -38,31 +57,20 @@ static char copyright[] = "@(#) Copyright (c) 1993 Regents of the University of
  *     ldap_kerberos_bind1( ld, "cn=manager, o=university of michigan, c=us" )
  */
 int
-ldap_kerberos_bind1( LDAP *ld, char *dn )
+ldap_kerberos_bind1( LDAP *ld, LDAP_CONST char *dn )
 {
        BerElement      *ber;
        char            *cred;
-       int             rc, credlen;
-       char            *ldap_get_kerberosv4_credentials();
-#ifdef STR_TRANSLATION
-       int             str_translation_on;
-#endif /* STR_TRANSLATION */
-
-       /*
-        * The bind request looks like this:
-        *      BindRequest ::= SEQUENCE {
-        *              version         INTEGER,
-        *              name            DistinguishedName,
-        *              authentication  CHOICE {
-        *                      krbv42ldap      [1] OCTET STRING
-        *                      krbv42dsa       [2] OCTET STRING
-        *              }
-        *      }
-        * all wrapped up in an LDAPMessage sequence.
-        */
+       int             rc;
+       ber_len_t credlen;
 
        Debug( LDAP_DEBUG_TRACE, "ldap_kerberos_bind1\n", 0, 0, 0 );
 
+       if( ld->ld_version > LDAP_VERSION2 ) {
+               ld->ld_errno = LDAP_NOT_SUPPORTED;
+               return -1;
+       }
+
        if ( dn == NULL )
                dn = "";
 
@@ -72,36 +80,23 @@ ldap_kerberos_bind1( LDAP *ld, char *dn )
        }
 
        /* create a message to send */
-       if ( (ber = ldap_alloc_ber_with_options( ld )) == NULLBER ) {
-               free( cred );
+       if ( (ber = ldap_alloc_ber_with_options( ld )) == NULL ) {
+               LDAP_FREE( cred );
                return( -1 );
        }
 
-#ifdef STR_TRANSLATION
-       if (( str_translation_on = (( ber->ber_options &
-           LBER_TRANSLATE_STRINGS ) != 0 ))) { /* turn translation off */
-               ber->ber_options &= ~LBER_TRANSLATE_STRINGS;
-       }
-#endif /* STR_TRANSLATION */
-
        /* fill it in */
-       rc = ber_printf( ber, "{it{isto}}", ++ld->ld_msgid, LDAP_REQ_BIND,
+       rc = ber_printf( ber, "{it{istoN}N}", ++ld->ld_msgid, LDAP_REQ_BIND,
            ld->ld_version, dn, LDAP_AUTH_KRBV41, cred, credlen );
 
-#ifdef STR_TRANSLATION
-       if ( str_translation_on ) {     /* restore translation */
-               ber->ber_options |= LBER_TRANSLATE_STRINGS;
-       }
-#endif /* STR_TRANSLATION */
-
        if ( rc == -1 ) {
-               free( cred );
+               LDAP_FREE( cred );
                ber_free( ber, 1 );
                ld->ld_errno = LDAP_ENCODING_ERROR;
                return( -1 );
        }
 
-       free( cred );
+       LDAP_FREE( cred );
 
 #ifndef LDAP_NOCACHE
        if ( ld->ld_cache != NULL ) {
@@ -114,7 +109,7 @@ ldap_kerberos_bind1( LDAP *ld, char *dn )
 }
 
 int
-ldap_kerberos_bind1_s( LDAP *ld, char *dn )
+ldap_kerberos_bind1_s( LDAP *ld, LDAP_CONST char *dn )
 {
        int             msgid;
        LDAPMessage     *res;
@@ -145,18 +140,20 @@ ldap_kerberos_bind1_s( LDAP *ld, char *dn )
  *     ldap_kerberos_bind2( ld, "cn=manager, o=university of michigan, c=us" )
  */
 int
-ldap_kerberos_bind2( LDAP *ld, char *dn )
+ldap_kerberos_bind2( LDAP *ld, LDAP_CONST char *dn )
 {
        BerElement      *ber;
        char            *cred;
-       int             rc, credlen;
-       char            *ldap_get_kerberosv4_credentials();
-#ifdef STR_TRANSLATION
-       int             str_translation_on;
-#endif /* STR_TRANSLATION */
+       int             rc;
+       ber_len_t credlen;
 
        Debug( LDAP_DEBUG_TRACE, "ldap_kerberos_bind2\n", 0, 0, 0 );
 
+       if( ld->ld_version > LDAP_VERSION2 ) {
+               ld->ld_errno = LDAP_NOT_SUPPORTED;
+               return -1;
+       }
+
        if ( dn == NULL )
                dn = "";
 
@@ -166,30 +163,17 @@ ldap_kerberos_bind2( LDAP *ld, char *dn )
        }
 
        /* create a message to send */
-       if ( (ber = ldap_alloc_ber_with_options( ld )) == NULLBER ) {
-               free( cred );
+       if ( (ber = ldap_alloc_ber_with_options( ld )) == NULL ) {
+               LDAP_FREE( cred );
                return( -1 );
        }
 
-#ifdef STR_TRANSLATION
-       if (( str_translation_on = (( ber->ber_options &
-           LBER_TRANSLATE_STRINGS ) != 0 ))) { /* turn translation off */
-               ber->ber_options &= ~LBER_TRANSLATE_STRINGS;
-       }
-#endif /* STR_TRANSLATION */
-
        /* fill it in */
-       rc = ber_printf( ber, "{it{isto}}", ++ld->ld_msgid, LDAP_REQ_BIND,
+       rc = ber_printf( ber, "{it{istoN}N}", ++ld->ld_msgid, LDAP_REQ_BIND,
            ld->ld_version, dn, LDAP_AUTH_KRBV42, cred, credlen );
 
 
-#ifdef STR_TRANSLATION
-       if ( str_translation_on ) {     /* restore translation */
-               ber->ber_options |= LBER_TRANSLATE_STRINGS;
-       }
-#endif /* STR_TRANSLATION */
-
-       free( cred );
+       LDAP_FREE( cred );
 
        if ( rc == -1 ) {
                ber_free( ber, 1 );
@@ -203,7 +187,7 @@ ldap_kerberos_bind2( LDAP *ld, char *dn )
 
 /* synchronous bind to DSA using kerberos */
 int
-ldap_kerberos_bind2_s( LDAP *ld, char *dn )
+ldap_kerberos_bind2_s( LDAP *ld, LDAP_CONST char *dn )
 {
        int             msgid;
        LDAPMessage     *res;
@@ -225,7 +209,7 @@ ldap_kerberos_bind2_s( LDAP *ld, char *dn )
 
 /* synchronous bind to ldap and DSA using kerberos */
 int
-ldap_kerberos_bind_s( LDAP *ld, char *dn )
+ldap_kerberos_bind_s( LDAP *ld, LDAP_CONST char *dn )
 {
        int     err;
 
@@ -246,7 +230,11 @@ ldap_kerberos_bind_s( LDAP *ld, char *dn )
  */
 
 char *
-ldap_get_kerberosv4_credentials( LDAP *ld, char *who, char *service, int *len )
+ldap_get_kerberosv4_credentials(
+       LDAP *ld,
+       LDAP_CONST char *who,
+       LDAP_CONST char *service,
+       ber_len_t *len )
 {
        KTEXT_ST        ktxt;
        int             err;
@@ -255,39 +243,40 @@ ldap_get_kerberosv4_credentials( LDAP *ld, char *who, char *service, int *len )
        Debug( LDAP_DEBUG_TRACE, "ldap_get_kerberosv4_credentials\n", 0, 0, 0 );
 
        if ( (err = krb_get_tf_realm( tkt_string(), realm )) != KSUCCESS ) {
-#ifdef LDAP_LIBUI
-               fprintf( stderr, "krb_get_tf_realm failed (%s)\n",
-                   krb_err_txt[err] );
-#endif /* LDAP_LIBUI */
-               ld->ld_errno = LDAP_INVALID_CREDENTIALS;
+               Debug( LDAP_DEBUG_ANY, "ldap_get_kerberosv4_credentials: "
+                       "krb_get_tf_realm failed: %s\n", krb_err_txt[err], 0, 0 );
+               ld->ld_errno = LDAP_AUTH_UNKNOWN;
                return( NULL );
        }
 
-#ifdef LDAP_REFERRALS
+       if ( ber_sockbuf_ctrl( ld->ld_sb, LBER_SB_OPT_GET_FD, NULL ) == -1 ) {
+               /* not connected yet */
+               int rc = ldap_open_defconn( ld );
+
+               if( rc < 0 ) return NULL;
+       }
+
        krbinstance = ld->ld_defconn->lconn_krbinstance;
-#else /* LDAP_REFERRALS */
-       krbinstance = ld->ld_host;
-#endif /* LDAP_REFERRALS */
 
        if ( (err = krb_mk_req( &ktxt, service, krbinstance, realm, 0 ))
-           != KSUCCESS ) {
-#ifdef LDAP_LIBUI
-               fprintf( stderr, "krb_mk_req failed (%s)\n", krb_err_txt[err] );
-#endif /* LDAP_LIBUI */
-               ld->ld_errno = LDAP_INVALID_CREDENTIALS;
+           != KSUCCESS )
+       {
+               Debug( LDAP_DEBUG_ANY, "ldap_get_kerberosv4_credentials: "
+                       "krb_mk_req failed (%s)\n", krb_err_txt[err], 0, 0 );
+               ld->ld_errno = LDAP_AUTH_UNKNOWN;
                return( NULL );
        }
 
-       if ( ( cred = malloc( ktxt.length )) == NULL ) {
+       if ( ( cred = LDAP_MALLOC( ktxt.length )) == NULL ) {
                ld->ld_errno = LDAP_NO_MEMORY;
                return( NULL );
        }
 
        *len = ktxt.length;
-       memcpy( cred, ktxt.dat, ktxt.length );
+       AC_MEMCPY( cred, ktxt.dat, ktxt.length );
 
        return( cred );
 }
 
 #endif /* !AUTHMAN */
-#endif /* HAVE_KERBEROS */
+#endif /* LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND */