Author: rmeggins
Update of /cvs/dirsec/ldapserver/ldap/servers/slapd In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv19542/ldapserver/ldap/servers/slapd
Modified Files: util.c Log Message: Resolves: bug 476891 Bug Description: Replication: Server to Server Connection Error: SASL(-1): generic failure: All-whitespace username. Reviewed by: nkinder (Thanks!) Fix Description: 1) SASL/DIGEST-MD5 needs both username and authid 2) The username and authid in this context are always a bind DN - they must have the "dn:" prefix in order for the SASL mapping to work 3) gssapi (kerberos) sets both username and authid to NULL Platforms tested: RHEL5 Flag Day: no Doc impact: no
Index: util.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/util.c,v retrieving revision 1.21 retrieving revision 1.22 diff -u -r1.21 -r1.22 --- util.c 5 Dec 2008 22:41:53 -0000 1.21 +++ util.c 17 Dec 2008 20:47:36 -0000 1.22 @@ -1247,6 +1247,7 @@ const char *realm) { ldapSaslInteractVals *vals = NULL; + char *idprefix = "";
vals = (ldapSaslInteractVals *) slapi_ch_calloc(1, sizeof(ldapSaslInteractVals)); @@ -1261,8 +1262,12 @@ ldap_get_option(ld, LDAP_OPT_X_SASL_MECH, &vals->mech); }
+ if (vals->mech && !strcasecmp(vals->mech, "DIGEST-MD5")) { + idprefix = "dn:"; /* prefix name and id with this string */ + } + if (authid) { /* use explicit passed in value */ - vals->authid = slapi_ch_strdup(authid); + vals->authid = slapi_ch_smprintf("%s%s", idprefix, authid); } else { /* use option value if any */ ldap_get_option(ld, LDAP_OPT_X_SASL_AUTHCID, &vals->authid); if (!vals->authid) { @@ -1272,7 +1277,7 @@ }
if (username) { /* use explicit passed in value */ - vals->username = slapi_ch_strdup(username); + vals->username = slapi_ch_smprintf("%s%s", idprefix, username); } else { /* use option value if any */ ldap_get_option(ld, LDAP_OPT_X_SASL_AUTHZID, &vals->username); if (!vals->username) { /* use default sasl value */ @@ -1413,7 +1418,7 @@ int tries = 0;
while (tries < 2) { - void *defaults = ldap_sasl_set_interact_vals(ld, mech, NULL, bindid, + void *defaults = ldap_sasl_set_interact_vals(ld, mech, bindid, bindid, creds, NULL); /* have to first set the defaults used by the callback function */ /* call the bind function */ @@ -1941,8 +1946,9 @@ cc_env_name); }
- /* use NULL as username */ + /* use NULL as username and authid */ slapi_ch_free_string(&vals->username); + slapi_ch_free_string(&vals->authid);
cleanup: krb5_free_unparsed_name(ctx, princ_name);