slurpd TLS/SASL fixes to resolve ITS#1527 ITS#1528

diff --git a/CHANGES b/CHANGES
index a7cba1e536b7e41a44cc9839058adfb75311d8bb..6448699bb8a20de4b5e6f56d6baa2c402cfbb79e 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -5,6 +5,8 @@ OpenLDAP 2.0.20 Engineering
        Fixed back-passwd db_config bug
        Fixed -lldap cache debug bug (ITS#1501)
        Fixed -lldap dnssrv free bug
+       Fixed slurpd TLS non-critical/critical bug (ITS#1527)
+       Fixed slurpd SASL password bug (ITS#1528)
        Build environment
                Fixed repl_user build error (ITS#1503)
                Updated BerkeleyDB 4 support

diff --git a/servers/slurpd/ldap_op.c b/servers/slurpd/ldap_op.c
index ee561ce147eed5045beee0685eda2553d14e2713..6c1c2f19dbb6a5ab15eb707eb54094ab6fdcd2cb 100644 (file)
--- a/servers/slurpd/ldap_op.c
+++ b/servers/slurpd/ldap_op.c
@@ -613,10 +613,6 @@ do_bind(
 )
 {
     int                ldrc;
-#ifdef HAVE_CYRUS_SASL
-       void *defaults;
-#endif
-
 
     *lderr = 0;
 
@@ -687,10 +683,10 @@ do_bind(
                if( err != LDAP_SUCCESS ) {
                        Debug( LDAP_DEBUG_ANY,
                                "%s: ldap_start_tls failed: %s (%d)\n",
-                               ri->ri_tls != TLS_CRITICAL ? "Warning" : "Error",
+                               ri->ri_tls == TLS_CRITICAL ? "Error" : "Warning",
                                ldap_err2string( err ), err );
 
-                       if( ri->ri_tls != TLS_CRITICAL ) {
+                       if( ri->ri_tls == TLS_CRITICAL ) {
                                ldap_unbind( ri->ri_ldp );
                                ri->ri_ldp = NULL;
                                return BIND_ERR_TLS_FAILED;
@@ -738,18 +734,25 @@ do_bind(
                }
        }
 
-       defaults = lutil_sasl_defaults( ri->ri_ldp, ri->ri_saslmech,
-           ri->ri_realm, ri->ri_authcId, ri->ri_password, ri->ri_authzId );
-       ldrc = ldap_sasl_interactive_bind_s( ri->ri_ldp, ri->ri_bind_dn,
-           ri->ri_saslmech, NULL, NULL,
-           LDAP_SASL_QUIET, lutil_sasl_interact, defaults );
-       if ( ldrc != LDAP_SUCCESS ) {
-               Debug( LDAP_DEBUG_ANY, "Error: LDAP SASL for %s:%d failed: %s\n",
-                   ri->ri_hostname, ri->ri_port, ldap_err2string( ldrc ));
-               *lderr = ldrc;
-               ldap_unbind( ri->ri_ldp );
-               ri->ri_ldp = NULL;
-               return( BIND_ERR_SASL_FAILED );
+       {
+               char *passwd = ri->ri_password ? ber_strdup( ri->ri_password ) : NULL;
+               void *defaults = lutil_sasl_defaults( ri->ri_ldp, ri->ri_saslmech,
+                   ri->ri_realm, ri->ri_authcId, passwd, ri->ri_authzId );
+
+               ldrc = ldap_sasl_interactive_bind_s( ri->ri_ldp, ri->ri_bind_dn,
+                   ri->ri_saslmech, NULL, NULL,
+                   LDAP_SASL_QUIET, lutil_sasl_interact, defaults );
+               if ( ldrc != LDAP_SUCCESS ) {
+                       Debug( LDAP_DEBUG_ANY, "Error: LDAP SASL for %s:%d failed: %s\n",
+                           ri->ri_hostname, ri->ri_port, ldap_err2string( ldrc ));
+                       *lderr = ldrc;
+                       ldap_unbind( ri->ri_ldp );
+                       ri->ri_ldp = NULL;
+                       return( BIND_ERR_SASL_FAILED );
+               }
+
+               ber_memfree( passwd );
+               ber_memfree( defaults );
        }
        break;
 #else