ITS#8616 don't check for existing value when deleting values

[openldap] / servers / slapd / sasl.c

diff --git a/servers/slapd/sasl.c b/servers/slapd/sasl.c
index d110b8c30b8a8b73335b6c5714c33af85965a1af..509cf7769244f52e2f9da57ec8067d9f0418002a 100644 (file)
--- a/servers/slapd/sasl.c
+++ b/servers/slapd/sasl.c
@@ -1,7 +1,7 @@
 /* $OpenLDAP$ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2015 The OpenLDAP Foundation.
+ * Copyright 1998-2018 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -46,6 +46,12 @@
 #define SASL_VERSION_FULL      ((SASL_VERSION_MAJOR << 16) |\
        (SASL_VERSION_MINOR << 8) | SASL_VERSION_STEP)
 
+#if SASL_VERSION_MINOR >= 0x020119 /* 2.1.25 */
+typedef sasl_callback_ft slap_sasl_cb_ft;
+#else
+typedef int (*slap_sasl_cb_ft)();
+#endif
+
 static sasl_security_properties_t sasl_secprops;
 #elif defined( SLAP_BUILTIN_SASL )
 /*
@@ -341,8 +347,10 @@ slap_auxprop_lookup(
        }
 
        /* we don't know anything about this, ignore it */
-       if ( !conn )
-               return SASL_OK;
+       if ( !conn ) {
+               rc == LDAP_SUCCESS;
+               goto done;
+       }
 
        /* Now see what else needs to be fetched */
        for( i = 0; sl.list[i].name; i++ ) {
@@ -497,6 +505,7 @@ retry_dontUseCopy:;
                        }
                }
        }
+done:;
 #if SASL_VERSION_FULL >= 0x020118
        return rc != LDAP_SUCCESS ? SASL_FAIL : SASL_OK;
 #endif
@@ -1232,8 +1241,8 @@ int slap_sasl_init( void )
 #ifdef HAVE_CYRUS_SASL
        int rc;
        static sasl_callback_t server_callbacks[] = {
-               { SASL_CB_LOG, (sasl_callback_ft)&slap_sasl_log, NULL },
-               { SASL_CB_GETOPT, (sasl_callback_ft)&slap_sasl_getopt, NULL },
+               { SASL_CB_LOG, (slap_sasl_cb_ft)&slap_sasl_log, NULL },
+               { SASL_CB_GETOPT, (slap_sasl_cb_ft)&slap_sasl_getopt, NULL },
                { SASL_CB_LIST_END, NULL, NULL }
        };
 #endif
@@ -1384,15 +1393,15 @@ int slap_sasl_open( Connection *conn, int reopen )
                conn->c_sasl_extra = session_callbacks;
 
                session_callbacks[cb=0].id = SASL_CB_LOG;
-               session_callbacks[cb].proc = (sasl_callback_ft)&slap_sasl_log;
+               session_callbacks[cb].proc = (slap_sasl_cb_ft)&slap_sasl_log;
                session_callbacks[cb++].context = conn;
 
                session_callbacks[cb].id = SASL_CB_PROXY_POLICY;
-               session_callbacks[cb].proc = (sasl_callback_ft)&slap_sasl_authorize;
+               session_callbacks[cb].proc = (slap_sasl_cb_ft)&slap_sasl_authorize;
                session_callbacks[cb++].context = conn;
 
                session_callbacks[cb].id = SASL_CB_CANON_USER;
-               session_callbacks[cb].proc = (sasl_callback_ft)&slap_sasl_canonicalize;
+               session_callbacks[cb].proc = (slap_sasl_cb_ft)&slap_sasl_canonicalize;
                session_callbacks[cb++].context = conn;
 
                session_callbacks[cb].id = SASL_CB_LIST_END;
@@ -1635,10 +1644,15 @@ int slap_sasl_bind( Operation *op, SlapReply *rs )
                /* If we already authenticated once, must use a new context */
                if ( op->o_conn->c_sasl_done ) {
                        sasl_ssf_t ssf = 0;
+                       sasl_ssf_t *ssfp = NULL;
                        const char *authid = NULL;
-                       sasl_getprop( ctx, SASL_SSF_EXTERNAL, (void *)&ssf );
+
+                       sasl_getprop( ctx, SASL_SSF_EXTERNAL, (void *)&ssfp );
+                       if ( ssfp ) ssf = *ssfp;
+
                        sasl_getprop( ctx, SASL_AUTH_EXTERNAL, (void *)&authid );
                        if ( authid ) authid = ch_strdup( authid );
+
                        if ( ctx != op->o_conn->c_sasl_sockctx ) {
                                sasl_dispose( &ctx );
                        }
@@ -1646,8 +1660,8 @@ int slap_sasl_bind( Operation *op, SlapReply *rs )
                                
                        slap_sasl_open( op->o_conn, 1 );
                        ctx = op->o_conn->c_sasl_authctx;
+                       sasl_setprop( ctx, SASL_SSF_EXTERNAL, &ssf );
                        if ( authid ) {
-                               sasl_setprop( ctx, SASL_SSF_EXTERNAL, &ssf );
                                sasl_setprop( ctx, SASL_AUTH_EXTERNAL, authid );
                                ch_free( (char *)authid );
                        }