On Wed, Jun 27, 2012 at 05:29:07PM +0300, Alexander Bokovoy wrote: > Hi, > > attached patch adds comprehensive error condition handling to SASL bind > callback in ipasam module. The callback is doing keytab-based auth > against FreeIPA LDAP server and original version lacked error checks on > purpose.
The patch is working find, but I would like to ask you to consider the following two changes: diff --git a/daemons/ipa-sam/ipa_sam.c b/daemons/ipa-sam/ipa_sam.c index e41cb96..5e9f63d 100644 --- a/daemons/ipa-sam/ipa_sam.c +++ b/daemons/ipa-sam/ipa_sam.c @@ -3166,6 +3166,8 @@ static int bind_callback(LDAP *ldap_struct, struct smbldap_state *ldap_state, vo struct ipasam_sasl_interact_priv data; int ret; + memset(&data, 0, sizeof(struct ipasam_sasl_interact_priv)); + data.name = (const char*)ipasam_principal; if (data.name == NULL) { DEBUG(0, ("bind_callback: ipasam:principal is not set, cannot use GSSAPI bind\n")); @@ -3309,8 +3311,7 @@ static NTSTATUS pdb_init_ipasam(struct pdb_methods **pdb_method, &ldap_state->smbldap_state); if (NT_STATUS_IS_OK(status)) { ldap_state->smbldap_state->bind_callback = bind_callback; - ldap_state->smbldap_state->bind_callback_data = - (void*)lp_parm_const_string(-1, "ipasam", "principal", NULL); + ldap_state->smbldap_state->bind_callback_data = service_principal; } bye, Sumit > > Now it is time to fix the purpose. :) > > -- > / Alexander Bokovoy _______________________________________________ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel