mirror of
https://git.openldap.org/openldap/openldap.git
synced 2025-12-22 07:39:35 -05:00
ITS#2423 - make the lib that allocates SASL prompt results responsible
for freeing them.
This commit is contained in:
Howard Chu
parent
4809e4da1e
commit
2ee7488d0b
3 changed files with 33 additions and 41 deletions
|
|
@ -22,6 +22,10 @@
|
||||||
|
|
||||||
LDAP_BEGIN_DECL
|
LDAP_BEGIN_DECL
|
||||||
|
|
||||||
|
LDAP_LUTIL_F( void )
|
||||||
|
lutil_sasl_freedefs LDAP_P((
|
||||||
|
void *defaults ));
|
||||||
|
|
||||||
LDAP_LUTIL_F( void * )
|
LDAP_LUTIL_F( void * )
|
||||||
lutil_sasl_defaults LDAP_P((
|
lutil_sasl_defaults LDAP_P((
|
||||||
LDAP *ld,
|
LDAP *ld,
|
||||||
|
|
|
||||||
|
|
@ -529,7 +529,6 @@ ldap_int_sasl_bind(
|
||||||
sasl_ssf_t *ssf = NULL;
|
sasl_ssf_t *ssf = NULL;
|
||||||
sasl_conn_t *ctx;
|
sasl_conn_t *ctx;
|
||||||
sasl_interact_t *prompts = NULL;
|
sasl_interact_t *prompts = NULL;
|
||||||
const void *promptresult = NULL;
|
|
||||||
unsigned credlen;
|
unsigned credlen;
|
||||||
struct berval ccred;
|
struct berval ccred;
|
||||||
ber_socket_t sd;
|
ber_socket_t sd;
|
||||||
|
|
@ -590,9 +589,6 @@ ldap_int_sasl_bind(
|
||||||
&credlen,
|
&credlen,
|
||||||
&mech );
|
&mech );
|
||||||
|
|
||||||
/* Cyrus SASL library doesn't initialize the prompt result pointer */
|
|
||||||
if( promptresult == NULL && prompts != NULL ) prompts->result = NULL;
|
|
||||||
|
|
||||||
if( pmech == NULL && mech != NULL ) {
|
if( pmech == NULL && mech != NULL ) {
|
||||||
pmech = mech;
|
pmech = mech;
|
||||||
|
|
||||||
|
|
@ -608,11 +604,6 @@ ldap_int_sasl_bind(
|
||||||
if( !interact ) break;
|
if( !interact ) break;
|
||||||
res = (interact)( ld, flags, defaults, prompts );
|
res = (interact)( ld, flags, defaults, prompts );
|
||||||
|
|
||||||
/* keep a pointer to the prompt result so we can free it
|
|
||||||
* after Cyrus SASL has consumed the prompts.
|
|
||||||
*/
|
|
||||||
promptresult = prompts->result;
|
|
||||||
|
|
||||||
if( res != LDAP_SUCCESS ) break;
|
if( res != LDAP_SUCCESS ) break;
|
||||||
}
|
}
|
||||||
} while ( saslrc == SASL_INTERACT );
|
} while ( saslrc == SASL_INTERACT );
|
||||||
|
|
@ -688,9 +679,6 @@ ldap_int_sasl_bind(
|
||||||
(SASL_CONST char **)&ccred.bv_val,
|
(SASL_CONST char **)&ccred.bv_val,
|
||||||
&credlen );
|
&credlen );
|
||||||
|
|
||||||
/* SASL library doesn't initialize the prompt result pointer */
|
|
||||||
if( promptresult == NULL && prompts != NULL ) prompts->result = NULL;
|
|
||||||
|
|
||||||
#ifdef NEW_LOGGING
|
#ifdef NEW_LOGGING
|
||||||
LDAP_LOG ( TRANSPORT, DETAIL1,
|
LDAP_LOG ( TRANSPORT, DETAIL1,
|
||||||
"ldap_int_sasl_bind: sasl_client_step: %d\n", saslrc,0,0 );
|
"ldap_int_sasl_bind: sasl_client_step: %d\n", saslrc,0,0 );
|
||||||
|
|
@ -703,12 +691,6 @@ ldap_int_sasl_bind(
|
||||||
int res;
|
int res;
|
||||||
if( !interact ) break;
|
if( !interact ) break;
|
||||||
res = (interact)( ld, flags, defaults, prompts );
|
res = (interact)( ld, flags, defaults, prompts );
|
||||||
|
|
||||||
/* keep a pointer to the prompt result so we can free it
|
|
||||||
* after Cyrus SASL has consumed the prompts.
|
|
||||||
*/
|
|
||||||
promptresult = prompts->result;
|
|
||||||
|
|
||||||
if( res != LDAP_SUCCESS ) break;
|
if( res != LDAP_SUCCESS ) break;
|
||||||
}
|
}
|
||||||
} while ( saslrc == SASL_INTERACT );
|
} while ( saslrc == SASL_INTERACT );
|
||||||
|
|
@ -768,8 +750,6 @@ ldap_int_sasl_bind(
|
||||||
}
|
}
|
||||||
|
|
||||||
done:
|
done:
|
||||||
/* free the last prompt result */
|
|
||||||
LDAP_FREE((void*)promptresult);
|
|
||||||
return rc;
|
return rc;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -29,9 +29,27 @@ typedef struct lutil_sasl_defaults_s {
|
||||||
char *authcid;
|
char *authcid;
|
||||||
char *passwd;
|
char *passwd;
|
||||||
char *authzid;
|
char *authzid;
|
||||||
|
char **resps;
|
||||||
|
int nresps;
|
||||||
} lutilSASLdefaults;
|
} lutilSASLdefaults;
|
||||||
|
|
||||||
|
|
||||||
|
void
|
||||||
|
lutil_sasl_freedefs(
|
||||||
|
void *defaults )
|
||||||
|
{
|
||||||
|
lutilSASLdefaults *defs = defaults;
|
||||||
|
|
||||||
|
if (defs->mech) ber_memfree(defs->mech);
|
||||||
|
if (defs->realm) ber_memfree(defs->realm);
|
||||||
|
if (defs->authcid) ber_memfree(defs->authcid);
|
||||||
|
if (defs->passwd) ber_memfree(defs->passwd);
|
||||||
|
if (defs->authzid) ber_memfree(defs->authzid);
|
||||||
|
if (defs->resps) ldap_charray_free(defs->resps);
|
||||||
|
|
||||||
|
ber_memfree(defs);
|
||||||
|
}
|
||||||
|
|
||||||
void *
|
void *
|
||||||
lutil_sasl_defaults(
|
lutil_sasl_defaults(
|
||||||
LDAP *ld,
|
LDAP *ld,
|
||||||
|
|
@ -47,11 +65,11 @@ lutil_sasl_defaults(
|
||||||
|
|
||||||
if( defaults == NULL ) return NULL;
|
if( defaults == NULL ) return NULL;
|
||||||
|
|
||||||
defaults->mech = mech;
|
defaults->mech = mech ? ber_strdup(mech) : NULL;
|
||||||
defaults->realm = realm;
|
defaults->realm = realm ? ber_strdup(realm) : NULL;
|
||||||
defaults->authcid = authcid;
|
defaults->authcid = authcid ? ber_strdup(authcid) : NULL;
|
||||||
defaults->passwd = passwd;
|
defaults->passwd = passwd ? ber_strdup(passwd) : NULL;
|
||||||
defaults->authzid = authzid;
|
defaults->authzid = authzid ? ber_strdup(authzid) : NULL;
|
||||||
|
|
||||||
if( defaults->mech == NULL ) {
|
if( defaults->mech == NULL ) {
|
||||||
ldap_get_option( ld, LDAP_OPT_X_SASL_MECH, &defaults->mech );
|
ldap_get_option( ld, LDAP_OPT_X_SASL_MECH, &defaults->mech );
|
||||||
|
|
@ -65,6 +83,8 @@ lutil_sasl_defaults(
|
||||||
if( defaults->authzid == NULL ) {
|
if( defaults->authzid == NULL ) {
|
||||||
ldap_get_option( ld, LDAP_OPT_X_SASL_AUTHZID, &defaults->authzid );
|
ldap_get_option( ld, LDAP_OPT_X_SASL_AUTHZID, &defaults->authzid );
|
||||||
}
|
}
|
||||||
|
defaults->resps = NULL;
|
||||||
|
defaults->nresps = 0;
|
||||||
|
|
||||||
return defaults;
|
return defaults;
|
||||||
}
|
}
|
||||||
|
|
@ -160,7 +180,8 @@ static int interaction(
|
||||||
if( interact->len > 0 ) {
|
if( interact->len > 0 ) {
|
||||||
/* duplicate */
|
/* duplicate */
|
||||||
char *p = (char *)interact->result;
|
char *p = (char *)interact->result;
|
||||||
interact->result = strdup( p );
|
ldap_charray_add(&defaults->resps, interact->result);
|
||||||
|
interact->result = defaults->resps[defaults->nresps++];
|
||||||
|
|
||||||
/* zap */
|
/* zap */
|
||||||
memset( p, '\0', interact->len );
|
memset( p, '\0', interact->len );
|
||||||
|
|
@ -168,15 +189,8 @@ static int interaction(
|
||||||
} else {
|
} else {
|
||||||
use_default:
|
use_default:
|
||||||
/* input must be empty */
|
/* input must be empty */
|
||||||
interact->result = strdup( (dflt && *dflt) ? dflt : "" );
|
interact->result = (dflt && *dflt) ? dflt : "";
|
||||||
interact->len = interact->result
|
interact->len = strlen( interact->result );
|
||||||
? strlen( interact->result ) : 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
if( defaults && defaults->passwd && interact->id == SASL_CB_PASS ) {
|
|
||||||
/* zap password after first use */
|
|
||||||
memset( defaults->passwd, '\0', strlen(defaults->passwd) );
|
|
||||||
defaults->passwd = NULL;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
return LDAP_SUCCESS;
|
return LDAP_SUCCESS;
|
||||||
|
|
@ -190,12 +204,6 @@ int lutil_sasl_interact(
|
||||||
{
|
{
|
||||||
sasl_interact_t *interact = in;
|
sasl_interact_t *interact = in;
|
||||||
|
|
||||||
if( interact->result ) {
|
|
||||||
/* we have results from a previous interaction */
|
|
||||||
free( (void *)interact->result );
|
|
||||||
interact->result = NULL;
|
|
||||||
}
|
|
||||||
|
|
||||||
if( ld == NULL ) return LDAP_PARAM_ERROR;
|
if( ld == NULL ) return LDAP_PARAM_ERROR;
|
||||||
|
|
||||||
if( flags == LDAP_SASL_INTERACTIVE ) {
|
if( flags == LDAP_SASL_INTERACTIVE ) {
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue