[SSSD] [PATCH] Unbreak SASL

Pavel Březina Tue, 31 Jul 2012 04:39:36 -0700

Patch bc76428246c4ce532abd0eadcd539069fc1d94a8 changed the data
type of sasl_minssf from int to ber_len_t. Unfortunately, default
value of ldap_sasl_minssf is -1 but ber_len_t is defined as
unsigned long. This made SASL mechanism inoperative.

>From ef5a1eb0d92adb0a85713965d646ea7068af51a3 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrez...@redhat.com>
Date: Tue, 31 Jul 2012 12:49:34 +0200
Subject: [PATCH] Unbreak SASL


Patch bc76428246c4ce532abd0eadcd539069fc1d94a8 changed the data
type of sasl_minssf from int to ber_len_t. Unfortunately, default
value of ldap_sasl_minssf is -1 but ber_len_t is defined as
unsigned long. This made SASL mechanism inoperative.
---
 src/providers/ldap/sdap_async_connection.c |   21 ++++++++++++---------
 1 files changed, 12 insertions(+), 9 deletions(-)

diff --git a/src/providers/ldap/sdap_async_connection.c b/src/providers/ldap/sdap_async_connection.c
index d7beaa8061f023e8094b0fd15077ca7b4f531178..202277a7bf0f2a04f86016044b31f4c15c8a07ba 100644
--- a/src/providers/ldap/sdap_async_connection.c
+++ b/src/providers/ldap/sdap_async_connection.c
@@ -158,7 +158,8 @@ static void sdap_sys_connect_done(struct tevent_req *subreq)
     int sd;
     bool sasl_nocanon;
     const char *sasl_mech;
-    ber_len_t sasl_minssf;
+    int sasl_minssf;
+    ber_len_t ber_sasl_minssf;
 
     ret = sss_ldap_init_recv(subreq, &state->sh->ldap, &sd);
     talloc_zfree(subreq);
@@ -286,14 +287,16 @@ static void sdap_sys_connect_done(struct tevent_req *subreq)
 
     sasl_mech = dp_opt_get_string(state->opts->basic, SDAP_SASL_MECH);
     if (sasl_mech != NULL) {
-        sasl_minssf = (ber_len_t) dp_opt_get_int(state->opts->basic,
-                                                 SDAP_SASL_MINSSF);
-        lret = ldap_set_option(state->sh->ldap, LDAP_OPT_X_SASL_SSF_MIN,
-                               &sasl_minssf);
-        if (lret != LDAP_OPT_SUCCESS) {
-            DEBUG(SSSDBG_CRIT_FAILURE,
-                  ("Failed to set LDAP MIN SSF option to %lu\n", sasl_minssf));
-            goto fail;
+        sasl_minssf = dp_opt_get_int(state->opts->basic, SDAP_SASL_MINSSF);
+        if (sasl_minssf >= 0) {
+        	ber_sasl_minssf = (ber_len_t)sasl_minssf;
+            lret = ldap_set_option(state->sh->ldap, LDAP_OPT_X_SASL_SSF_MIN,
+                                   &ber_sasl_minssf);
+            if (lret != LDAP_OPT_SUCCESS) {
+                DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to set LDAP MIN SSF option "
+                                            "to %lu\n", sasl_minssf));
+                goto fail;
+            }
         }
     }
 
-- 
1.7.6.4

_______________________________________________
sssd-devel mailing list
sssd-devel@lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/sssd-devel

[SSSD] [PATCH] Unbreak SASL

Reply via email to