Plug leak

[openldap] / servers / slapd / sasl.c

diff --git a/servers/slapd/sasl.c b/servers/slapd/sasl.c
index 9018185dcff5525941c0ff5bf25dce2a85e3570c..0b3288d2c44f779c68da6321e2578cac7a6f3231 100644 (file)
--- a/servers/slapd/sasl.c
+++ b/servers/slapd/sasl.c
@@ -326,7 +326,7 @@ slap_auxprop_lookup(
 
                cb.sc_private = &sl;
 
-               op.o_bd = select_backend( &op.o_req_ndn, 0, 1 );
+               op.o_bd = select_backend( &op.o_req_ndn, 1 );
 
                if ( op.o_bd ) {
                        /* For rootdn, see if we can use the rootpw */
@@ -440,7 +440,7 @@ slap_auxprop_store(
        }
        if (!conn || !op.o_req_ndn.bv_val) return SASL_BADPARAM;
 
-       op.o_bd = select_backend( &op.o_req_ndn, 0, 1 );
+       op.o_bd = select_backend( &op.o_req_ndn, 1 );
 
        if ( !op.o_bd || !op.o_bd->be_modify ) return SASL_FAIL;
                
@@ -455,6 +455,7 @@ slap_auxprop_store(
                mod->sml_op = LDAP_MOD_REPLACE;
                mod->sml_flags = 0;
                ber_str2bv( pr[i].name, 0, 0, &mod->sml_type );
+               mod->sml_numvals = pr[i].nvalues;
                mod->sml_values = (struct berval *)ch_malloc( (pr[i].nvalues + 1) *
                        sizeof(struct berval));
                for (j=0; j<pr[i].nvalues; j++) {
@@ -610,6 +611,7 @@ slap_sasl_canonicalize(
         */
        if ( flags == SASL_CU_AUTHID && !auxvals[SLAP_SASL_PROP_AUTHZ].values ) {
                conn->c_sasl_dn.bv_val = (char *) in;
+               conn->c_sasl_dn.bv_len = 0;
        } else if ( flags == SASL_CU_AUTHZID && conn->c_sasl_dn.bv_val ) {
                rc = strcmp( in, conn->c_sasl_dn.bv_val );
                conn->c_sasl_dn.bv_val = NULL;
@@ -624,13 +626,13 @@ slap_sasl_canonicalize(
        if ( rc != LDAP_SUCCESS ) {
                sasl_seterror( sconn, 0, ldap_err2string( rc ) );
                return SASL_NOAUTHZ;
-       }               
+       }
 
        names[0] = slap_propnames[which];
        names[1] = NULL;
 
        prop_set( props, names[0], (char *)&dn, sizeof( dn ) );
-               
+
        Debug( LDAP_DEBUG_ARGS, "SASL Canonicalize [conn=%ld]: %s=\"%s\"\n",
                conn ? conn->c_connid : -1, names[0]+1,
                dn.bv_val ? dn.bv_val : "<EMPTY>" );
@@ -721,9 +723,9 @@ slap_sasl_authorize(
 ok:
        if (conn->c_sasl_bindop) {
                Statslog( LDAP_DEBUG_STATS,
-                       "conn=%lu op=%lu BIND authcid=\"%s\" authzid=\"%s\"\n",
-                       conn->c_connid, conn->c_sasl_bindop->o_opid, 
-                       auth_identity, requested_user, 0);
+                       "%s BIND authcid=\"%s\" authzid=\"%s\"\n",
+                       conn->c_sasl_bindop->o_log_prefix, 
+                       auth_identity, requested_user, 0, 0 );
        }
 
        Debug( LDAP_DEBUG_TRACE, "SASL Authorize [conn=%ld]: "
@@ -825,9 +827,9 @@ ok:
 
        if ( conn->c_sasl_bindop ) {
                Statslog( LDAP_DEBUG_STATS,
-                       "conn=%lu op=%lu BIND authcid=\"%s\" authzid=\"%s\"\n",
-                       conn->c_connid, conn->c_sasl_bindop->o_opid, 
-                       authcid, authzid ? authzid : "", 0);
+                       "%s BIND authcid=\"%s\" authzid=\"%s\"\n",
+                       conn->c_sasl_bindop->o_log_prefix, 
+                       authcid, authzid ? authzid : "", 0, 0 );
        }
 
        *errstr = NULL;
@@ -1092,12 +1094,12 @@ slapd_rw_apply( void *private, const char *filter, struct berval *val )
        int rc;
 
        thrctx = ldap_pvt_thread_pool_context();
-       op = (Operation *)&opbuf;
-       connection_fake_init2( &conn, op, thrctx, 0 );
+       connection_fake_init2( &conn, &opbuf, thrctx, 0 );
+       op = &opbuf.ob_op;
 
        op->o_tag = LDAP_REQ_SEARCH;
        op->o_req_dn = op->o_req_ndn = sl->base;
-       op->o_bd = select_backend( &op->o_req_ndn, 0, 1 );
+       op->o_bd = select_backend( &op->o_req_ndn, 1 );
        if ( !op->o_bd ) {
                return REWRITE_ERR;
        }
@@ -1209,8 +1211,8 @@ int slap_sasl_init( void )
                sprintf( version, "%u.%d.%d", (unsigned)rc >> 24, (rc >> 16) & 0xff,
                        rc & 0xffff );
                Debug( LDAP_DEBUG_ANY, "slap_sasl_init: SASL library version mismatch:"
-                       " expected " SASL_VERSION_STRING ","
-                       " got %s\n", version, 0, 0 );
+                       " expected %s, got %s\n",
+                       SASL_VERSION_STRING, version, 0 );
                return -1;
        }
 #endif
@@ -1446,12 +1448,13 @@ int slap_sasl_external(
 #if SASL_VERSION_MAJOR >= 2
        int sc;
        sasl_conn_t *ctx = conn->c_sasl_authctx;
+       sasl_ssf_t sasl_ssf = ssf;
 
        if ( ctx == NULL ) {
                return LDAP_UNAVAILABLE;
        }
 
-       sc = sasl_setprop( ctx, SASL_SSF_EXTERNAL, &ssf );
+       sc = sasl_setprop( ctx, SASL_SSF_EXTERNAL, &sasl_ssf );
 
        if ( sc != SASL_OK ) {
                return LDAP_OTHER;
@@ -1620,7 +1623,7 @@ int slap_sasl_bind( Operation *op, SlapReply *rs )
        if ( !op->o_conn->c_sasl_bind_in_progress ) {
                /* If we already authenticated once, must use a new context */
                if ( op->o_conn->c_sasl_done ) {
-                       slap_ssf_t ssf = 0;
+                       sasl_ssf_t ssf = 0;
                        const char *authid = NULL;
 #if SASL_VERSION_MAJOR >= 2
                        sasl_getprop( ctx, SASL_SSF_EXTERNAL, (void *)&ssf );
@@ -1710,6 +1713,9 @@ int slap_sasl_bind( Operation *op, SlapReply *rs )
                send_ldap_sasl( op, rs );
 
        } else {
+               if ( op->o_conn->c_sasl_dn.bv_len )
+                       ch_free( op->o_conn->c_sasl_dn.bv_val );
+               BER_BVZERO( &op->o_conn->c_sasl_dn );
 #if SASL_VERSION_MAJOR >= 2
                rs->sr_text = sasl_errdetail( ctx );
 #endif