X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=servers%2Fslapd%2Fsasl.c;h=7ae580a32cdb7a7357836f62200a6542df1e0640;hb=434c306cbefeafe40f638ed3df93d630c996f9e5;hp=b47a528ae64d30ed4384a8158e0db9836d306d3f;hpb=f6eacdbbc56be65dc1080ae2527b96399c24418d;p=openldap

diff --git a/servers/slapd/sasl.c b/servers/slapd/sasl.c
index b47a528ae6..7ae580a32c 100644
--- a/servers/slapd/sasl.c
+++ b/servers/slapd/sasl.c
@@ -1,7 +1,7 @@
 /* $OpenLDAP$ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2014 The OpenLDAP Foundation.
+ * Copyright 1998-2017 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -46,6 +46,12 @@
 #define SASL_VERSION_FULL	((SASL_VERSION_MAJOR << 16) |\
 	(SASL_VERSION_MINOR << 8) | SASL_VERSION_STEP)
 
+#if SASL_VERSION_MINOR >= 0x020119 /* 2.1.25 */
+typedef sasl_callback_ft slap_sasl_cb_ft;
+#else
+typedef int (*slap_sasl_cb_ft)();
+#endif
+
 static sasl_security_properties_t sasl_secprops;
 #elif defined( SLAP_BUILTIN_SASL )
 /*
@@ -340,6 +346,12 @@ slap_auxprop_lookup(
 		}
 	}
 
+	/* we don't know anything about this, ignore it */
+	if ( !conn ) {
+		rc == LDAP_SUCCESS;
+		goto done;
+	}
+
 	/* Now see what else needs to be fetched */
 	for( i = 0; sl.list[i].name; i++ ) {
 		const char *name = sl.list[i].name;
@@ -493,6 +505,7 @@ retry_dontUseCopy:;
 			}
 		}
 	}
+done:;
 #if SASL_VERSION_FULL >= 0x020118
 	return rc != LDAP_SUCCESS ? SASL_FAIL : SASL_OK;
 #endif
@@ -1228,8 +1241,8 @@ int slap_sasl_init( void )
 #ifdef HAVE_CYRUS_SASL
 	int rc;
 	static sasl_callback_t server_callbacks[] = {
-		{ SASL_CB_LOG, &slap_sasl_log, NULL },
-		{ SASL_CB_GETOPT, &slap_sasl_getopt, NULL },
+		{ SASL_CB_LOG, (slap_sasl_cb_ft)&slap_sasl_log, NULL },
+		{ SASL_CB_GETOPT, (slap_sasl_cb_ft)&slap_sasl_getopt, NULL },
 		{ SASL_CB_LIST_END, NULL, NULL }
 	};
 #endif
@@ -1380,15 +1393,15 @@ int slap_sasl_open( Connection *conn, int reopen )
 		conn->c_sasl_extra = session_callbacks;
 
 		session_callbacks[cb=0].id = SASL_CB_LOG;
-		session_callbacks[cb].proc = &slap_sasl_log;
+		session_callbacks[cb].proc = (slap_sasl_cb_ft)&slap_sasl_log;
 		session_callbacks[cb++].context = conn;
 
 		session_callbacks[cb].id = SASL_CB_PROXY_POLICY;
-		session_callbacks[cb].proc = &slap_sasl_authorize;
+		session_callbacks[cb].proc = (slap_sasl_cb_ft)&slap_sasl_authorize;
 		session_callbacks[cb++].context = conn;
 
 		session_callbacks[cb].id = SASL_CB_CANON_USER;
-		session_callbacks[cb].proc = &slap_sasl_canonicalize;
+		session_callbacks[cb].proc = (slap_sasl_cb_ft)&slap_sasl_canonicalize;
 		session_callbacks[cb++].context = conn;
 
 		session_callbacks[cb].id = SASL_CB_LIST_END;
@@ -1511,7 +1524,7 @@ int slap_sasl_cbinding( Connection *conn, struct berval *cbv )
 	cb->critical = 0;
 	cb->data = (char *)(cb+1);
 	cb->len = cbv->bv_len;
-	memcpy( cb->data, cbv->bv_val, cbv->bv_len );
+	memcpy( (void *)cb->data, cbv->bv_val, cbv->bv_len );
 	sasl_setprop( conn->c_sasl_authctx, SASL_CHANNEL_BINDING, cb );
 	conn->c_sasl_cbind = cb;
 #endif
@@ -1631,10 +1644,15 @@ int slap_sasl_bind( Operation *op, SlapReply *rs )
 		/* If we already authenticated once, must use a new context */
 		if ( op->o_conn->c_sasl_done ) {
 			sasl_ssf_t ssf = 0;
+			sasl_ssf_t *ssfp = NULL;
 			const char *authid = NULL;
-			sasl_getprop( ctx, SASL_SSF_EXTERNAL, (void *)&ssf );
+
+			sasl_getprop( ctx, SASL_SSF_EXTERNAL, (void *)&ssfp );
+			if ( ssfp ) ssf = *ssfp;
+
 			sasl_getprop( ctx, SASL_AUTH_EXTERNAL, (void *)&authid );
 			if ( authid ) authid = ch_strdup( authid );
+
 			if ( ctx != op->o_conn->c_sasl_sockctx ) {
 				sasl_dispose( &ctx );
 			}
@@ -1642,8 +1660,8 @@ int slap_sasl_bind( Operation *op, SlapReply *rs )
 				
 			slap_sasl_open( op->o_conn, 1 );
 			ctx = op->o_conn->c_sasl_authctx;
+			sasl_setprop( ctx, SASL_SSF_EXTERNAL, &ssf );
 			if ( authid ) {
-				sasl_setprop( ctx, SASL_SSF_EXTERNAL, &ssf );
 				sasl_setprop( ctx, SASL_AUTH_EXTERNAL, authid );
 				ch_free( (char *)authid );
 			}