From: Pierangelo Masarati Date: Sun, 10 Apr 2005 23:43:17 +0000 (+0000) Subject: more bindconf cleanup X-Git-Tag: OPENLDAP_AC_BP~931 X-Git-Url: https://git.sur5r.net/?a=commitdiff_plain;h=c1885efd83a013debcbafd2012454a40566c6076;p=openldap more bindconf cleanup --- diff --git a/servers/slapd/config.c b/servers/slapd/config.c index 500a64c468..07286b218a 100644 --- a/servers/slapd/config.c +++ b/servers/slapd/config.c @@ -725,10 +725,10 @@ static cf_aux_table bindkey[] = { { BER_BVC("bindmethod="), offsetof(slap_bindconf, sb_method), 'd', 0, methkey }, { BER_BVC("binddn="), offsetof(slap_bindconf, sb_binddn), 'b', 1, NULL }, { BER_BVC("credentials="), offsetof(slap_bindconf, sb_cred), 'b', 1, NULL }, - { BER_BVC("saslmech="), offsetof(slap_bindconf, sb_saslmech), 's', 0, NULL }, + { BER_BVC("saslmech="), offsetof(slap_bindconf, sb_saslmech), 'b', 0, NULL }, { BER_BVC("secprops="), offsetof(slap_bindconf, sb_secprops), 's', 0, NULL }, - { BER_BVC("realm="), offsetof(slap_bindconf, sb_realm), 's', 0, NULL }, - { BER_BVC("authcID="), offsetof(slap_bindconf, sb_authcId), 's', 0, NULL }, + { BER_BVC("realm="), offsetof(slap_bindconf, sb_realm), 'b', 0, NULL }, + { BER_BVC("authcID="), offsetof(slap_bindconf, sb_authcId), 'b', 0, NULL }, { BER_BVC("authzID="), offsetof(slap_bindconf, sb_authzId), 'b', 1, NULL }, { BER_BVNULL, 0, 0, 0, NULL } }; @@ -831,24 +831,31 @@ int bindconf_unparse( slap_bindconf *bc, struct berval *bv ) { void bindconf_free( slap_bindconf *bc ) { if ( !BER_BVISNULL( &bc->sb_binddn ) ) { ch_free( bc->sb_binddn.bv_val ); + BER_BVZERO( &bc->sb_binddn ); } if ( !BER_BVISNULL( &bc->sb_cred ) ) { ch_free( bc->sb_cred.bv_val ); + BER_BVZERO( &bc->sb_cred ); } - if ( bc->sb_saslmech ) { - ch_free( bc->sb_saslmech ); + if ( !BER_BVISNULL( &bc->sb_saslmech ) ) { + ch_free( bc->sb_saslmech.bv_val ); + BER_BVZERO( &bc->sb_saslmech ); } if ( bc->sb_secprops ) { ch_free( bc->sb_secprops ); + bc->sb_secprops = NULL; } - if ( bc->sb_realm ) { - ch_free( bc->sb_realm ); + if ( !BER_BVISNULL( &bc->sb_realm ) ) { + ch_free( bc->sb_realm.bv_val ); + BER_BVZERO( &bc->sb_realm ); } - if ( bc->sb_authcId ) { - ch_free( bc->sb_authcId ); + if ( !BER_BVISNULL( &bc->sb_authcId ) ) { + ch_free( bc->sb_authcId.bv_val ); + BER_BVZERO( &bc->sb_authcId ); } if ( !BER_BVISNULL( &bc->sb_authzId ) ) { ch_free( bc->sb_authzId.bv_val ); + BER_BVZERO( &bc->sb_authzId ); } } diff --git a/servers/slapd/slap.h b/servers/slapd/slap.h index 3ab274a426..18ab4df30a 100644 --- a/servers/slapd/slap.h +++ b/servers/slapd/slap.h @@ -1481,10 +1481,10 @@ typedef struct slap_bindconf { int sb_method; struct berval sb_binddn; struct berval sb_cred; - char *sb_saslmech; + struct berval sb_saslmech; char *sb_secprops; - char *sb_realm; - char *sb_authcId; + struct berval sb_realm; + struct berval sb_authcId; struct berval sb_authzId; } slap_bindconf; diff --git a/servers/slapd/syncrepl.c b/servers/slapd/syncrepl.c index baf41a0555..48d9faf53c 100644 --- a/servers/slapd/syncrepl.c +++ b/servers/slapd/syncrepl.c @@ -322,13 +322,16 @@ do_syncrep1( } } - defaults = lutil_sasl_defaults( si->si_ld, si->si_bindconf.sb_saslmech, - si->si_bindconf.sb_realm, si->si_bindconf.sb_authcId, - si->si_bindconf.sb_cred.bv_val, si->si_bindconf.sb_authzId.bv_val ); + defaults = lutil_sasl_defaults( si->si_ld, + si->si_bindconf.sb_saslmech.bv_val, + si->si_bindconf.sb_realm.bv_val, + si->si_bindconf.sb_authcId.bv_val, + si->si_bindconf.sb_cred.bv_val, + si->si_bindconf.sb_authzId.bv_val ); rc = ldap_sasl_interactive_bind_s( si->si_ld, si->si_bindconf.sb_binddn.bv_val, - si->si_bindconf.sb_saslmech, + si->si_bindconf.sb_saslmech.bv_val, NULL, NULL, LDAP_SASL_QUIET, lutil_sasl_interact, @@ -341,13 +344,15 @@ do_syncrep1( * 2) on err policy : exit, retry, backoff ... */ if ( rc != LDAP_SUCCESS ) { + static struct berval bv_GSSAPI = BER_BVC( "GSSAPI" ); + Debug( LDAP_DEBUG_ANY, "do_syncrep1: " "ldap_sasl_interactive_bind_s failed (%d)\n", rc, 0, 0 ); /* FIXME (see above comment) */ /* if Kerberos credentials cache is not active, retry */ - if ( strcmp( si->si_bindconf.sb_saslmech, "GSSAPI" ) == 0 && + if ( ber_bvcmp( &si->si_bindconf.sb_saslmech, &bv_GSSAPI ) == 0 && rc == LDAP_LOCAL_ERROR ) { rc = LDAP_SERVER_DOWN;