From 28ae87c93923d57c88dcd6d53d9c8980d25db542 Mon Sep 17 00:00:00 2001
From: Kurt Zeilenga <kurt@openldap.org>
Date: Sat, 12 Jan 2002 21:23:03 +0000
Subject: [PATCH] slurpd TLS/SASL fixes to resolve ITS#1527 ITS#1528

---
 CHANGES                  |  2 ++
 servers/slurpd/ldap_op.c | 39 +++++++++++++++++++++------------------
 2 files changed, 23 insertions(+), 18 deletions(-)

diff --git a/CHANGES b/CHANGES
index a7cba1e536..6448699bb8 100644
--- a/CHANGES
+++ b/CHANGES
@@ -5,6 +5,8 @@ OpenLDAP 2.0.20 Engineering
 	Fixed back-passwd db_config bug
 	Fixed -lldap cache debug bug (ITS#1501)
 	Fixed -lldap dnssrv free bug
+	Fixed slurpd TLS non-critical/critical bug (ITS#1527)
+	Fixed slurpd SASL password bug (ITS#1528)
 	Build environment
 		Fixed repl_user build error (ITS#1503)
 		Updated BerkeleyDB 4 support
diff --git a/servers/slurpd/ldap_op.c b/servers/slurpd/ldap_op.c
index ee561ce147..6c1c2f19db 100644
--- a/servers/slurpd/ldap_op.c
+++ b/servers/slurpd/ldap_op.c
@@ -613,10 +613,6 @@ do_bind(
 )
 {
     int		ldrc;
-#ifdef HAVE_CYRUS_SASL
-	void *defaults;
-#endif
-
 
     *lderr = 0;
 
@@ -687,10 +683,10 @@ do_bind(
 		if( err != LDAP_SUCCESS ) {
 			Debug( LDAP_DEBUG_ANY,
 				"%s: ldap_start_tls failed: %s (%d)\n",
-				ri->ri_tls != TLS_CRITICAL ? "Warning" : "Error",
+				ri->ri_tls == TLS_CRITICAL ? "Error" : "Warning",
 				ldap_err2string( err ), err );
 
-			if( ri->ri_tls != TLS_CRITICAL ) {
+			if( ri->ri_tls == TLS_CRITICAL ) {
 				ldap_unbind( ri->ri_ldp );
 				ri->ri_ldp = NULL;
 				return BIND_ERR_TLS_FAILED;
@@ -738,18 +734,25 @@ do_bind(
 		}
 	}
 
-	defaults = lutil_sasl_defaults( ri->ri_ldp, ri->ri_saslmech,
-	    ri->ri_realm, ri->ri_authcId, ri->ri_password, ri->ri_authzId );
-	ldrc = ldap_sasl_interactive_bind_s( ri->ri_ldp, ri->ri_bind_dn,
-	    ri->ri_saslmech, NULL, NULL,
-	    LDAP_SASL_QUIET, lutil_sasl_interact, defaults );
-	if ( ldrc != LDAP_SUCCESS ) {
-		Debug( LDAP_DEBUG_ANY, "Error: LDAP SASL for %s:%d failed: %s\n",
-		    ri->ri_hostname, ri->ri_port, ldap_err2string( ldrc ));
-		*lderr = ldrc;
-		ldap_unbind( ri->ri_ldp );
-		ri->ri_ldp = NULL;
-		return( BIND_ERR_SASL_FAILED );
+	{
+		char *passwd = ri->ri_password ? ber_strdup( ri->ri_password ) : NULL;
+		void *defaults = lutil_sasl_defaults( ri->ri_ldp, ri->ri_saslmech,
+		    ri->ri_realm, ri->ri_authcId, passwd, ri->ri_authzId );
+
+		ldrc = ldap_sasl_interactive_bind_s( ri->ri_ldp, ri->ri_bind_dn,
+		    ri->ri_saslmech, NULL, NULL,
+		    LDAP_SASL_QUIET, lutil_sasl_interact, defaults );
+		if ( ldrc != LDAP_SUCCESS ) {
+			Debug( LDAP_DEBUG_ANY, "Error: LDAP SASL for %s:%d failed: %s\n",
+			    ri->ri_hostname, ri->ri_port, ldap_err2string( ldrc ));
+			*lderr = ldrc;
+			ldap_unbind( ri->ri_ldp );
+			ri->ri_ldp = NULL;
+			return( BIND_ERR_SASL_FAILED );
+		}
+
+		ber_memfree( passwd );
+		ber_memfree( defaults );
 	}
 	break;
 #else
-- 
2.39.2