Tree - rpms/389-ds-base - CentOS Git server

rpms / 389-ds-base

Blame SOURCES/0039-Ticket-49474-sasl-allow-mechs-does-not-operate-corre.patch

Blob History Raw

		058656	`From bfaf5b56bb1a416c5e058a9925642098c87e0330 Mon Sep 17 00:00:00 2001`
		058656	`From: William Brown <firstyear@redhat.com>`
		058656	`Date: Thu, 30 Nov 2017 14:06:59 +0100`
		058656	`Subject: [PATCH] Ticket 49474 - sasl allow mechs does not operate correctly`
		058656
		058656	`Bug Description: In a fix to sasl allowed mechs, the logic`
		058656	`was not properly configured.`
		058656
		058656	`Fix Description: Alter the ids_sasl_supported_mech to be`
		058656	`clearer and simpler in it's design.`
		058656
		058656	`https://pagure.io/389-ds-base/issue/49474`
		058656
		058656	`Author: wibrown`
		058656
		058656	`Review by: tbordaz (Thank you!)`
		058656
		058656	`Cherry picked from f75cfbce07b79272a7f1a2e387dc232d45c169f5`
		058656	`---`
		058656	`ldap/servers/slapd/saslbind.c \| 49 ++++++++-----------------------------------`
		058656	`1 file changed, 9 insertions(+), 40 deletions(-)`
		058656
		058656	`diff --git a/ldap/servers/slapd/saslbind.c b/ldap/servers/slapd/saslbind.c`
		058656	`index 6734c32a7..67da97148 100644`
		058656	`--- a/ldap/servers/slapd/saslbind.c`
		058656	`+++ b/ldap/servers/slapd/saslbind.c`
		058656	`@@ -835,52 +835,21 @@ ids_sasl_listmech(Slapi_PBlock *pb)`
		058656	`static int`
		058656	`ids_sasl_mech_supported(Slapi_PBlock pb, const char mech)`
		058656	`{`
		058656	`- int i, ret = 0;`
		058656	`- char **mechs;`
		058656	`- char **allowed_mechs = NULL;`
		058656	`- char *dupstr;`
		058656	`- const char *str;`
		058656	`- int sasl_result = 0;`
		058656	`- Connection *pb_conn = NULL;`
		058656	`-`
		058656	`- slapi_pblock_get(pb, SLAPI_CONNECTION, &pb_conn);`
		058656	`- sasl_conn_t sasl_conn = (sasl_conn_t )pb_conn->c_sasl_conn;`
		058656	`slapi_log_err(SLAPI_LOG_TRACE, "ids_sasl_mech_supported", "=>\n");`
		058656
		058656	`- /* sasl_listmech is not thread-safe - caller must lock pb_conn */`
		058656	`- sasl_result = sasl_listmech(sasl_conn,`
		058656	`- NULL, /* username */`
		058656	`- "", ",", "",`
		058656	`- &str, NULL, NULL);`
		058656	`- if (sasl_result != SASL_OK) {`
		058656	`- return 0;`
		058656	`- }`
		058656	`-`
		058656	`- dupstr = slapi_ch_strdup(str);`
		058656	`- mechs = slapi_str2charray(dupstr, ",");`
		058656	`- allowed_mechs = config_get_allowed_sasl_mechs_array();`
		058656	`+ char **allowed_mechs = ids_sasl_listmech(pb);`
		058656
		058656	`- for (i = 0; mechs[i] != NULL; i++) {`
		058656	`- if (strcasecmp(mech, mechs[i]) == 0) {`
		058656	`- if (allowed_mechs) {`
		058656	`- if (charray_inlist(allowed_mechs, (char *)mech) == 0) {`
		058656	`- ret = 1;`
		058656	`- }`
		058656	`- break;`
		058656	`- } else {`
		058656	`- ret = 1;`
		058656	`- break;`
		058656	`- }`
		058656	`- }`
		058656	`+ /* 0 indicates "now allowed" */`
		058656	`+ int allowed_mech_present = 0;`
		058656	`+ if (allowed_mechs != NULL) {`
		058656	`+ /* Returns 1 if present and allowed. */`
		058656	`+ allowed_mech_present = charray_inlist(allowed_mechs, (char *)mech);`
		058656	`+ charray_free(allowed_mechs);`
		058656	`}`
		058656
		058656	`- charray_free(allowed_mechs);`
		058656	`- charray_free(mechs);`
		058656	`- slapi_ch_free((void **)&dupstr);`
		058656	`-`
		058656	`slapi_log_err(SLAPI_LOG_TRACE, "ids_sasl_mech_supported", "<=\n");`
		058656
		058656	`- return ret;`
		058656	`+ return allowed_mech_present;`
		058656	`}`
		058656
		058656	`/*`
		058656	`@@ -944,7 +913,7 @@ ids_sasl_check_bind(Slapi_PBlock *pb)`
		058656	`* different error code to SASL_NOMECH. Must be called`
		058656	`* while holding the pb_conn lock`
		058656	`*/`
		058656	`- if (!ids_sasl_mech_supported(pb, mech)) {`
		058656	`+ if (ids_sasl_mech_supported(pb, mech) == 0) {`
		058656	`rc = SASL_NOMECH;`
		058656	`goto sasl_check_result;`
		058656	`}`
		058656	`--`
		058656	`2.13.6`
		058656

rpms / 389-ds-base

Source Code

Blame SOURCES/0039-Ticket-49474-sasl-allow-mechs-does-not-operate-corre.patch