ITS#2423 - make the lib that allocates SASL prompt results responsible

for freeing them.

include/lutil_ldap.h

@@ -22,6 +22,10 @@
 
 LDAP_BEGIN_DECL
 
+LDAP_LUTIL_F( void )
+lutil_sasl_freedefs LDAP_P((
+	void *defaults ));
+
 LDAP_LUTIL_F( void * )
 lutil_sasl_defaults LDAP_P((
 	LDAP *ld,

libraries/libldap/cyrus.c

@@ -529,7 +529,6 @@ ldap_int_sasl_bind(
 	sasl_ssf_t		*ssf = NULL;
 	sasl_conn_t	*ctx;
 	sasl_interact_t *prompts = NULL;
-	const void *promptresult = NULL;
 	unsigned credlen;
 	struct berval ccred;
 	ber_socket_t		sd;
@@ -590,9 +589,6 @@ ldap_int_sasl_bind(
 			&credlen,
 			&mech );
 
-		/* Cyrus SASL library doesn't initialize the prompt result pointer */
-		if( promptresult == NULL && prompts != NULL ) prompts->result = NULL;
-
 		if( pmech == NULL && mech != NULL ) {
 			pmech = mech;
 
@@ -608,11 +604,6 @@ ldap_int_sasl_bind(
 			if( !interact ) break;
 			res = (interact)( ld, flags, defaults, prompts );
 
-			/* keep a pointer to the prompt result so we can free it
-			 * after Cyrus SASL has consumed the prompts.
-			 */
-			promptresult = prompts->result;
-
 			if( res != LDAP_SUCCESS ) break;
 		}
 	} while ( saslrc == SASL_INTERACT );
@@ -688,9 +679,6 @@ ldap_int_sasl_bind(
 				(SASL_CONST char **)&ccred.bv_val,
 				&credlen );
 
-			/* SASL library doesn't initialize the prompt result pointer */
-			if( promptresult == NULL && prompts != NULL ) prompts->result = NULL;
-
 #ifdef NEW_LOGGING
 				LDAP_LOG ( TRANSPORT, DETAIL1, 
 					"ldap_int_sasl_bind: sasl_client_step: %d\n", saslrc,0,0 );
@@ -703,12 +691,6 @@ ldap_int_sasl_bind(
 				int res;
 				if( !interact ) break;
 				res = (interact)( ld, flags, defaults, prompts );
-
-				/* keep a pointer to the prompt result so we can free it
-				 * after Cyrus SASL has consumed the prompts.
-				 */
-				promptresult = prompts->result;
-
 				if( res != LDAP_SUCCESS ) break;
 			}
 		} while ( saslrc == SASL_INTERACT );
@@ -768,8 +750,6 @@ ldap_int_sasl_bind(
 	}
 
 done:
-	/* free the last prompt result */
-	LDAP_FREE((void*)promptresult);
 	return rc;
 }
 

libraries/liblutil/sasl.c

@@ -29,9 +29,27 @@ typedef struct lutil_sasl_defaults_s {
 	char *authcid;
 	char *passwd;
 	char *authzid;
+	char **resps;
+	int nresps;
 } lutilSASLdefaults;
 
 
+void
+lutil_sasl_freedefs(
+	void *defaults )
+{
+	lutilSASLdefaults *defs = defaults;
+	
+	if (defs->mech) ber_memfree(defs->mech);
+	if (defs->realm) ber_memfree(defs->realm);
+	if (defs->authcid) ber_memfree(defs->authcid);
+	if (defs->passwd) ber_memfree(defs->passwd);
+	if (defs->authzid) ber_memfree(defs->authzid);
+	if (defs->resps) ldap_charray_free(defs->resps);
+
+	ber_memfree(defs);
+}
+
 void *
 lutil_sasl_defaults(
 	LDAP *ld,
@@ -47,11 +65,11 @@ lutil_sasl_defaults(
 
 	if( defaults == NULL ) return NULL;
 
-	defaults->mech = mech;
-	defaults->realm = realm;
-	defaults->authcid = authcid;
-	defaults->passwd = passwd;
-	defaults->authzid = authzid;
+	defaults->mech = mech ? ber_strdup(mech) : NULL;
+	defaults->realm = realm ? ber_strdup(realm) : NULL;
+	defaults->authcid = authcid ? ber_strdup(authcid) : NULL;
+	defaults->passwd = passwd ? ber_strdup(passwd) : NULL;
+	defaults->authzid = authzid ? ber_strdup(authzid) : NULL;
 
 	if( defaults->mech == NULL ) {
 		ldap_get_option( ld, LDAP_OPT_X_SASL_MECH, &defaults->mech );
@@ -65,6 +83,8 @@ lutil_sasl_defaults(
 	if( defaults->authzid == NULL ) {
 		ldap_get_option( ld, LDAP_OPT_X_SASL_AUTHZID, &defaults->authzid );
 	}
+	defaults->resps = NULL;
+	defaults->nresps = 0;
 
 	return defaults;
 }
@@ -160,7 +180,8 @@ static int interaction(
 	if( interact->len > 0 ) {
 		/* duplicate */
 		char *p = (char *)interact->result;
-		interact->result = strdup( p );
+		ldap_charray_add(&defaults->resps, interact->result);
+		interact->result = defaults->resps[defaults->nresps++];
 
 		/* zap */
 		memset( p, '\0', interact->len );
@@ -168,15 +189,8 @@ static int interaction(
 	} else {
 use_default:
 		/* input must be empty */
-		interact->result = strdup( (dflt && *dflt) ? dflt : "" );
-		interact->len = interact->result
-			? strlen( interact->result ) : 0;
-	}
-
-	if( defaults && defaults->passwd && interact->id == SASL_CB_PASS ) {
-		/* zap password after first use */
-		memset( defaults->passwd, '\0', strlen(defaults->passwd) );
-		defaults->passwd = NULL;
+		interact->result = (dflt && *dflt) ? dflt : "";
+		interact->len = strlen( interact->result );
 	}
 
 	return LDAP_SUCCESS;
@@ -190,12 +204,6 @@ int lutil_sasl_interact(
 {
 	sasl_interact_t *interact = in;
 
-	if( interact->result ) {
-		/* we have results from a previous interaction */
-		free( (void *)interact->result );
-		interact->result = NULL;
-	}
-
 	if( ld == NULL ) return LDAP_PARAM_ERROR;
 
 	if( flags == LDAP_SASL_INTERACTIVE ) {