/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2005 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
Attribute *a;
const char *text;
int rc, i;
- slap_callback *tmp = op->o_callback;
- lookup_info *sl = tmp->sc_private;
+ lookup_info *sl = (lookup_info *)op->o_callback->sc_private;
if (rs->sr_type != REP_SEARCH) return 0;
for ( bv = a->a_vals; bv->bv_val; bv++ ) {
/* ITS#3846 don't give hashed passwords to SASL */
if ( ad == slap_schema.si_ad_userPassword &&
- bv->bv_val[0] == '{' ) {
- rc = lutil_passwd_scheme( bv->bv_val );
- if ( rc ) {
+ bv->bv_val[0] == '{' /*}*/ )
+ {
+ if ( lutil_passwd_scheme( bv->bv_val ) ) {
/* If it's not a recognized scheme, just assume it's
* a cleartext password that happened to include brackets.
*
* past the scheme name, skip this value.
*/
#ifdef SLAPD_CLEARTEXT
- if ( !strncasecmp( bv->bv_val, sc_cleartext.bv_val,
- sc_cleartext.bv_len )) {
+ if ( !ber_bvstrcasecmp( bv, &sc_cleartext ) ) {
struct berval cbv;
cbv.bv_len = bv->bv_len - sc_cleartext.bv_len;
- if ( cbv.bv_len ) {
+ if ( cbv.bv_len > 0 ) {
cbv.bv_val = bv->bv_val + sc_cleartext.bv_len;
sl->sparams->utils->prop_set( sl->sparams->propctx,
sl->list[i].name, cbv.bv_val, cbv.bv_len );
SlapReply rs = {REP_RESULT};
op.o_hdr = conn->c_sasl_bindop->o_hdr;
op.o_tag = LDAP_REQ_SEARCH;
+ op.o_dn = conn->c_ndn;
op.o_ndn = conn->c_ndn;
op.o_callback = &cb;
slap_op_time( &op.o_time, &op.o_tincr );
}
*modtail = NULL;
- rc = slap_mods_check( modlist, &text, textbuf, textlen, NULL );
+ rc = slap_mods_check( &op, modlist, &text, textbuf, textlen, NULL );
if ( rc == LDAP_SUCCESS ) {
rc = slap_mods_no_user_mod_check( &op, modlist,
{
Connection *conn = (Connection *)context;
struct propctx *props = sasl_auxprop_getctx( sconn );
- struct propval auxvals[ SLAP_SASL_PROP_COUNT ] = { 0 };
+ struct propval auxvals[ SLAP_SASL_PROP_COUNT ] = { { 0 } };
struct berval dn;
int rc, which;
const char *names[2];
* (SLAP_SASL_PROP_COUNT - 1) because we skip "conn",
* + 1 for NULL termination?
*/
- struct propval auxvals[ SLAP_SASL_PROP_COUNT ] = { 0 };
+ struct propval auxvals[ SLAP_SASL_PROP_COUNT ] = { { 0 } };
struct berval authcDN, authzDN = BER_BVNULL;
int rc;
return 0;
}
+#if SASL_VERSION_MAJOR >= 2
+static char *
+slap_sasl_peer2ipport( struct berval *peer )
+{
+ int isv6 = 0;
+ char *ipport,
+ *p = &peer->bv_val[ STRLENOF( "IP=" ) ];
+ ber_len_t plen = peer->bv_len - STRLENOF( "IP=" );
+
+ /* IPv6? */
+ if ( p[0] == '[' ) {
+ isv6 = 1;
+ plen--;
+ }
+ ipport = ch_strdup( &p[isv6] );
+
+ /* Convert IPv6/IPv4 addresses to address;port syntax. */
+ p = strrchr( ipport, ':' );
+ if ( p != NULL ) {
+ *p = ';';
+ if ( isv6 ) {
+ assert( p[-1] == ']' );
+ AC_MEMCPY( &p[-1], p, plen - ( p - ipport ) + 1 );
+ }
+
+ } else if ( isv6 ) {
+ /* trim ']' */
+ plen--;
+ assert( p[plen] == ']' );
+ p[plen] = '\0';
+ }
+
+ return ipport;
+}
+#endif
+
int slap_sasl_open( Connection *conn, int reopen )
{
int sc = LDAP_SUCCESS;
conn->c_sasl_layers = 0;
- if( global_host == NULL ) {
- global_host = ldap_pvt_get_fqdn( NULL );
- }
-
/* create new SASL context */
#if SASL_VERSION_MAJOR >= 2
if ( conn->c_sock_name.bv_len != 0 &&
- strncmp( conn->c_sock_name.bv_val, "IP=", 3 ) == 0) {
- char *p;
-
- iplocalport = ch_strdup( conn->c_sock_name.bv_val + 3 );
- /* Convert IPv6 addresses to address;port syntax. */
- p = strrchr( iplocalport, ' ' );
- /* Convert IPv4 addresses to address;port syntax. */
- if ( p == NULL ) p = strchr( iplocalport, ':' );
- if ( p != NULL ) {
- *p = ';';
- }
+ strncmp( conn->c_sock_name.bv_val, "IP=", STRLENOF( "IP=" ) ) == 0 )
+ {
+ iplocalport = slap_sasl_peer2ipport( &conn->c_sock_name );
}
+
if ( conn->c_peer_name.bv_len != 0 &&
- strncmp( conn->c_peer_name.bv_val, "IP=", 3 ) == 0) {
- char *p;
-
- ipremoteport = ch_strdup( conn->c_peer_name.bv_val + 3 );
- /* Convert IPv6 addresses to address;port syntax. */
- p = strrchr( ipremoteport, ' ' );
- /* Convert IPv4 addresses to address;port syntax. */
- if ( p == NULL ) p = strchr( ipremoteport, ':' );
- if ( p != NULL ) {
- *p = ';';
- }
+ strncmp( conn->c_peer_name.bv_val, "IP=", STRLENOF( "IP=" ) ) == 0 )
+ {
+ ipremoteport = slap_sasl_peer2ipport( &conn->c_peer_name );
}
+
sc = sasl_server_new( "ldap", global_host, global_realm,
iplocalport, ipremoteport, session_callbacks, SASL_SUCCESS_DATA, &ctx );
if ( iplocalport != NULL ) {
assert( ber_bvcmp( &slap_EXOP_MODIFY_PASSWD, &op->ore_reqoid ) == 0 );
rs->sr_err = sasl_getprop( op->o_conn->c_sasl_authctx, SASL_USERNAME,
- (SASL_CONST void **)&id.bv_val );
+ (SASL_CONST void **)(char *)&id.bv_val );
if( rs->sr_err != SASL_OK ) {
rs->sr_text = "unable to retrieve SASL username";