Commit 2ee7488d authored by Howard Chu's avatar Howard Chu
Browse files

ITS#2423 - make the lib that allocates SASL prompt results responsible

for freeing them.
parent 4809e4da
......@@ -22,6 +22,10 @@
LDAP_BEGIN_DECL
LDAP_LUTIL_F( void )
lutil_sasl_freedefs LDAP_P((
void *defaults ));
LDAP_LUTIL_F( void * )
lutil_sasl_defaults LDAP_P((
LDAP *ld,
......
......@@ -529,7 +529,6 @@ ldap_int_sasl_bind(
sasl_ssf_t *ssf = NULL;
sasl_conn_t *ctx;
sasl_interact_t *prompts = NULL;
const void *promptresult = NULL;
unsigned credlen;
struct berval ccred;
ber_socket_t sd;
......@@ -590,9 +589,6 @@ ldap_int_sasl_bind(
&credlen,
&mech );
/* Cyrus SASL library doesn't initialize the prompt result pointer */
if( promptresult == NULL && prompts != NULL ) prompts->result = NULL;
if( pmech == NULL && mech != NULL ) {
pmech = mech;
......@@ -608,11 +604,6 @@ ldap_int_sasl_bind(
if( !interact ) break;
res = (interact)( ld, flags, defaults, prompts );
/* keep a pointer to the prompt result so we can free it
* after Cyrus SASL has consumed the prompts.
*/
promptresult = prompts->result;
if( res != LDAP_SUCCESS ) break;
}
} while ( saslrc == SASL_INTERACT );
......@@ -688,9 +679,6 @@ ldap_int_sasl_bind(
(SASL_CONST char **)&ccred.bv_val,
&credlen );
/* SASL library doesn't initialize the prompt result pointer */
if( promptresult == NULL && prompts != NULL ) prompts->result = NULL;
#ifdef NEW_LOGGING
LDAP_LOG ( TRANSPORT, DETAIL1,
"ldap_int_sasl_bind: sasl_client_step: %d\n", saslrc,0,0 );
......@@ -703,12 +691,6 @@ ldap_int_sasl_bind(
int res;
if( !interact ) break;
res = (interact)( ld, flags, defaults, prompts );
/* keep a pointer to the prompt result so we can free it
* after Cyrus SASL has consumed the prompts.
*/
promptresult = prompts->result;
if( res != LDAP_SUCCESS ) break;
}
} while ( saslrc == SASL_INTERACT );
......@@ -768,8 +750,6 @@ ldap_int_sasl_bind(
}
done:
/* free the last prompt result */
LDAP_FREE((void*)promptresult);
return rc;
}
......
......@@ -29,9 +29,27 @@ typedef struct lutil_sasl_defaults_s {
char *authcid;
char *passwd;
char *authzid;
char **resps;
int nresps;
} lutilSASLdefaults;
void
lutil_sasl_freedefs(
void *defaults )
{
lutilSASLdefaults *defs = defaults;
if (defs->mech) ber_memfree(defs->mech);
if (defs->realm) ber_memfree(defs->realm);
if (defs->authcid) ber_memfree(defs->authcid);
if (defs->passwd) ber_memfree(defs->passwd);
if (defs->authzid) ber_memfree(defs->authzid);
if (defs->resps) ldap_charray_free(defs->resps);
ber_memfree(defs);
}
void *
lutil_sasl_defaults(
LDAP *ld,
......@@ -47,11 +65,11 @@ lutil_sasl_defaults(
if( defaults == NULL ) return NULL;
defaults->mech = mech;
defaults->realm = realm;
defaults->authcid = authcid;
defaults->passwd = passwd;
defaults->authzid = authzid;
defaults->mech = mech ? ber_strdup(mech) : NULL;
defaults->realm = realm ? ber_strdup(realm) : NULL;
defaults->authcid = authcid ? ber_strdup(authcid) : NULL;
defaults->passwd = passwd ? ber_strdup(passwd) : NULL;
defaults->authzid = authzid ? ber_strdup(authzid) : NULL;
if( defaults->mech == NULL ) {
ldap_get_option( ld, LDAP_OPT_X_SASL_MECH, &defaults->mech );
......@@ -65,6 +83,8 @@ lutil_sasl_defaults(
if( defaults->authzid == NULL ) {
ldap_get_option( ld, LDAP_OPT_X_SASL_AUTHZID, &defaults->authzid );
}
defaults->resps = NULL;
defaults->nresps = 0;
return defaults;
}
......@@ -160,7 +180,8 @@ static int interaction(
if( interact->len > 0 ) {
/* duplicate */
char *p = (char *)interact->result;
interact->result = strdup( p );
ldap_charray_add(&defaults->resps, interact->result);
interact->result = defaults->resps[defaults->nresps++];
/* zap */
memset( p, '\0', interact->len );
......@@ -168,15 +189,8 @@ static int interaction(
} else {
use_default:
/* input must be empty */
interact->result = strdup( (dflt && *dflt) ? dflt : "" );
interact->len = interact->result
? strlen( interact->result ) : 0;
}
if( defaults && defaults->passwd && interact->id == SASL_CB_PASS ) {
/* zap password after first use */
memset( defaults->passwd, '\0', strlen(defaults->passwd) );
defaults->passwd = NULL;
interact->result = (dflt && *dflt) ? dflt : "";
interact->len = strlen( interact->result );
}
return LDAP_SUCCESS;
......@@ -190,12 +204,6 @@ int lutil_sasl_interact(
{
sasl_interact_t *interact = in;
if( interact->result ) {
/* we have results from a previous interaction */
free( (void *)interact->result );
interact->result = NULL;
}
if( ld == NULL ) return LDAP_PARAM_ERROR;
if( flags == LDAP_SASL_INTERACTIVE ) {
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment