X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=servers%2Fslapd%2Fsasl.c;h=ec86ede0f1551a43b08257eef7b7fbbfd4e240ae;hb=e25f6ef0cdd1780577dffeaca8ba8b19b5697880;hp=ea3dc20aa81cdd15e3d3a109e6b2a06886bd988f;hpb=826056e75bab39d888cc14d6bf80905eca9eb20d;p=openldap

diff --git a/servers/slapd/sasl.c b/servers/slapd/sasl.c
index ea3dc20aa8..ec86ede0f1 100644
--- a/servers/slapd/sasl.c
+++ b/servers/slapd/sasl.c
@@ -1,13 +1,14 @@
 /* $OpenLDAP$ */
 /*
- * Copyright 1998-2000 The OpenLDAP Foundation, All Rights Reserved.
+ * Copyright 1998-2002 The OpenLDAP Foundation, All Rights Reserved.
  * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
  */
 
 #include "portable.h"
 
-#include <ac/stdlib.h>
 #include <stdio.h>
+#include <ac/stdlib.h>
+#include <ac/string.h>
 
 #include <lber.h>
 #include <ldap_log.h>
@@ -24,6 +25,10 @@
 #include <lutil.h>
 #endif
 
+/* Flags for telling slap_sasl_getdn() what type of identity is being passed */
+#define FLAG_GETDN_FINAL   1
+#define FLAG_GETDN_AUTHCID 2
+#define FLAG_GETDN_AUTHZID 4
 
 static sasl_security_properties_t sasl_secprops;
 
@@ -99,9 +104,10 @@ int slap_sasl_getdn( Connection *conn, char *id, char **dnptr, int flags )
 
 
 	/* Blatantly anonymous ID */
-	len = sizeof( "anonymous" ) - 1;
-	if( id && ( id[len] == '\0' || id[len] == '@' ) &&
-		!strncasecmp( id, "anonymous", len) ) {
+	if( id &&
+		( id[sizeof( "anonymous" )-1] == '\0'
+			|| id[sizeof( "anonymous" )-1] == '@' ) &&
+		!strncasecmp( id, "anonymous", sizeof( "anonymous" )-1) ) {
 		*dnptr = NULL;
 		return( LDAP_SUCCESS );
 	}
@@ -123,7 +129,7 @@ int slap_sasl_getdn( Connection *conn, char *id, char **dnptr, int flags )
 			dn[0] = 'd';
 			dn[1] = 'n';
 			dn[2] = ':';
-			memmove( &dn[3], tmpdn, len+1 );
+			AC_MEMCPY( &dn[3], tmpdn, len+1 );
 			len += 3;
 
 		} else {
@@ -131,7 +137,7 @@ int slap_sasl_getdn( Connection *conn, char *id, char **dnptr, int flags )
 			dn = ch_malloc( len+3 );
 			dn[0] = 'u';
 			dn[1] = ':';
-			memmove( &dn[2], id, len+1 );
+			AC_MEMCPY( &dn[2], id, len+1 );
 			len += 2;
 		}
 	} else {
@@ -140,8 +146,8 @@ int slap_sasl_getdn( Connection *conn, char *id, char **dnptr, int flags )
 
 	/* An authzID must be properly prefixed */
 	if( flags & FLAG_GETDN_AUTHZID
-		&& strncasecmp( dn, "u:", 2 )
-		&& strncasecmp( dn, "dn:", 3 ) )
+		&& strncasecmp( dn, "u:", sizeof("u:")-1 )
+		&& strncasecmp( dn, "dn:", sizeof("dn:")-1 ) )
 	{
 		ch_free( dn );
 		*dnptr = NULL;
@@ -149,9 +155,8 @@ int slap_sasl_getdn( Connection *conn, char *id, char **dnptr, int flags )
 	}
 
 	/* Username strings */
-	if( !strncasecmp( dn, "u:", 2 ) ) {
-		int len1  = strlen( ",cn=auth" );
-		len += strlen( "dn:uid=" ) + len1;
+	if( !strncasecmp( dn, "u:", sizeof("u:")-1 ) ) {
+		len += (sizeof("dn:uid=")-1) + (sizeof(",cn=auth")-1);
 
 		/* Figure out how much data we have for the dn */
 		rc = sasl_getprop( ctx,	SASL_REALM, (void **)&c );
@@ -170,11 +175,11 @@ int slap_sasl_getdn( Connection *conn, char *id, char **dnptr, int flags )
 		}
 
 		if( c && *c ) {
-			len += strlen( c ) + strlen(",cn=" );
+			len += strlen( c ) + (sizeof(",cn=")-1);
 		}
 
 		if( conn->c_sasl_bind_mech ) {
-			len += strlen( conn->c_sasl_bind_mech ) + strlen( ",cn=" );
+			len += strlen( conn->c_sasl_bind_mech ) + (sizeof(",cn=")-1);
 		}
 
 		/* Build the new dn */
@@ -190,7 +195,7 @@ int slap_sasl_getdn( Connection *conn, char *id, char **dnptr, int flags )
 			len += sprintf( dn+len, ",cn=%s", conn->c_sasl_bind_mech );
 		}
 		strcpy(	dn+len, ",cn=auth" );
-		len += len1;
+		len += (sizeof(",cn=auth")-1);
 
 #ifdef NEW_LOGGING
 		LDAP_LOG(( "sasl", LDAP_LEVEL_ENTRY,
@@ -201,30 +206,33 @@ int slap_sasl_getdn( Connection *conn, char *id, char **dnptr, int flags )
 	}
 
 	/* DN strings that are a cn=auth identity to run through regexp */
-	if( !strncasecmp( dn, "dn:", 3) && ( ( flags & FLAG_GETDN_FINAL ) == 0 ) ) {
-		c1 = slap_sasl2dn( dn + 3 );
+	if( !strncasecmp( dn, "dn:", sizeof("dn:")-1) &&
+		( ( flags & FLAG_GETDN_FINAL ) == 0 ) )
+	{
+		c1 = slap_sasl2dn( dn + (sizeof("dn:")-1) );
 		if( c1 ) {
 			ch_free( dn );
 			dn = c1;
 			/* Reaffix the dn: prefix if it was removed */
-			if( strncasecmp( dn, "dn:", 3) ) {
+			if( strncasecmp( dn, "dn:", sizeof("dn:")-1) ) {
 				c1 = dn;
-				dn = ch_malloc( strlen( c1 ) + 4 );
+				dn = ch_malloc( strlen( c1 ) + sizeof("dn:") );
 				sprintf( dn, "dn:%s", c1 );
 				ch_free( c1 );
 			}
 
 #ifdef NEW_LOGGING
 			LDAP_LOG(( "sasl", LDAP_LEVEL_ENTRY,
-				   "slap_sasl_getdn: dn:id converted to %s.\n", dn ));
+				"slap_sasl_getdn: dn:id converted to %s.\n", dn ));
 #else
-			Debug( LDAP_DEBUG_TRACE, "getdn: dn:id converted to %s\n", dn,0,0 );
+			Debug( LDAP_DEBUG_TRACE, "getdn: dn:id converted to %s\n",
+				dn, 0, 0 );
 #endif
 		}
 	}
 
 	if( ( flags & FLAG_GETDN_FINAL ) == 0 )	 {
-		dn_normalize( dn+3 );
+		dn_normalize( dn+(sizeof("dn:")-1) );
 	}
 
 	*dnptr = dn;
@@ -564,7 +572,7 @@ char ** slap_sasl_mechs( Connection *conn )
 		if( sc != SASL_OK ) {
 #ifdef NEW_LOGGING
 			LDAP_LOG(( "sasl", LDAP_LEVEL_ERR,
-				   "slap_sasl_mechs: sasl_listmech failed: %d\n", sc ));
+				"slap_sasl_mechs: sasl_listmech failed: %d\n", sc ));
 #else
 			Debug( LDAP_DEBUG_ANY, "slap_sasl_listmech failed: %d\n",
 				sc, 0, 0 );
@@ -603,11 +611,11 @@ int slap_sasl_close( Connection *conn )
 int slap_sasl_bind(
     Connection		*conn,
     Operation		*op,  
-    const char		*dn,  
-    const char		*ndn,
+    struct berval	*dn,  
+    struct berval	*ndn,
     struct berval	*cred,
-	char				**edn,
-	slap_ssf_t			*ssfp )
+	char			**edn,
+	slap_ssf_t		*ssfp )
 {
 	int rc = 1;
 
@@ -620,15 +628,17 @@ int slap_sasl_bind(
 
 #ifdef NEW_LOGGING
 	LDAP_LOG(( "sasl", LDAP_LEVEL_ENTRY,
-		   "sasl_bind: conn %ld dn=\"%s\" mech=%s datalen=%ld\n",
-		   conn->c_connid, dn,
-		   conn->c_sasl_bind_in_progress ? "<continuing>" : conn->c_sasl_bind_mech,
-		   cred ? cred->bv_len : 0 ));
+		"sasl_bind: conn %ld dn=\"%s\" mech=%s datalen=%ld\n",
+		conn->c_connid,
+		dn->bv_len ? dn->bv_val : "",
+		conn->c_sasl_bind_in_progress ? "<continuing>" : conn->c_sasl_bind_mech,
+		cred ? cred->bv_len : 0 ));
 #else
 	Debug(LDAP_DEBUG_ARGS,
-	  "==> sasl_bind: dn=\"%s\" mech=%s datalen=%ld\n", dn,
-	  conn->c_sasl_bind_in_progress ? "<continuing>":conn->c_sasl_bind_mech,
-	  cred ? cred->bv_len : 0 );
+		"==> sasl_bind: dn=\"%s\" mech=%s datalen=%ld\n",
+		dn->bv_len ? dn->bv_val : "",
+		conn->c_sasl_bind_in_progress ? "<continuing>":conn->c_sasl_bind_mech,
+		cred ? cred->bv_len : 0 );
 #endif
 
 
@@ -662,7 +672,7 @@ int slap_sasl_bind(
 		if ( sc != SASL_OK ) {
 #ifdef NEW_LOGGING
 			LDAP_LOG(( "sasl", LDAP_LEVEL_ERR,
-				   "slap_sasl_bind: getprop(USERNAME) failed: %d\n", sc ));
+				"slap_sasl_bind: getprop(USERNAME) failed: %d\n", sc ));
 #else
 			Debug(LDAP_DEBUG_TRACE,
 				"slap_sasl_bind: getprop(USERNAME) failed!\n",
@@ -722,7 +732,7 @@ int slap_sasl_bind(
 
 #ifdef NEW_LOGGING
 	LDAP_LOG(( "sasl", LDAP_LEVEL_ENTRY,
-		   "slap_sasl_bind: rc=%d\n", rc ));
+		"slap_sasl_bind: rc=%d\n", rc ));
 #else
 	Debug(LDAP_DEBUG_TRACE, "<== slap_sasl_bind: rc=%d\n", rc, 0, 0);
 #endif