[Fedora-directory-commits] adminutil/lib/libadmsslutil admsslutil.c, 1.4, 1.5
Richard Allen Megginson (rmeggins)
fedora-directory-commits at redhat.com
Fri Nov 3 17:40:32 UTC 2006
Author: rmeggins
Update of /cvs/dirsec/adminutil/lib/libadmsslutil
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv29624/adminutil/lib/libadmsslutil
Modified Files:
admsslutil.c
Log Message:
Reviewed by: nhosoi (Thanks!)
Fix Description: The logic in mod_admserv.c expects admldapBuildInfoSSL to return success but
with a NULL ldap handle if no password was given or found. This is essentially
what admldapBuildInfo does in the same situation. I also found and fixed a few
memory leaks with both strings and LDAP handles.
Platforms tested: FC5
Flag Day: no
Doc impact: no
Index: admsslutil.c
===================================================================
RCS file: /cvs/dirsec/adminutil/lib/libadmsslutil/admsslutil.c,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -r1.4 -r1.5
--- admsslutil.c 24 Mar 2006 04:48:38 -0000 1.4
+++ admsslutil.c 3 Nov 2006 17:40:30 -0000 1.5
@@ -74,24 +74,37 @@
{
LDAP *ld;
int ldapError;
+ char *passwd = NULL;
+ char *host = NULL;
*errorcode = ADMUTIL_OP_OK;
+ host = admldapGetHost(info);
if (admldapGetSecurity(info))
- ld = ldapssl_init(admldapGetHost(info), admldapGetPort(info), 1);
+ ld = ldapssl_init(host, admldapGetPort(info), 1);
else
- ld = ldap_init(admldapGetHost(info), admldapGetPort(info));
+ ld = ldap_init(host, admldapGetPort(info));
+ PL_strfree(host);
if (!ld) {
*errorcode = ADMUTIL_LDAP_ERR;
return 0;
}
+ passwd = admldapGetSIEPWD(info);
+ if (passwd) {
+ char *dn = admldapGetSIEDN(info);
+ ldapError = ldap_simple_bind_s(ld, dn, passwd);
+ PL_strfree(dn);
+ PL_strfree(passwd);
+ } else {
+ /* no password means just punt rather than do anon bind */
+ /* this mimics the same logic in admldapBuildInfoCbk() */
+ *errorcode = ADMUTIL_LDAP_ERR;
+ return 1; /* have to return true here to mimic admldapBuildInfoCbk() */
+ }
/* authenticate to LDAP server*/
- if ((ldapError = ldap_simple_bind_s(ld,
- admldapGetSIEDN(info),
- admldapGetSIEPWD(info)))
- != LDAP_SUCCESS ) {
+ if (ldapError != LDAP_SUCCESS) {
#ifdef LDAP_DEBUG
ldap_perror(ld, "ldap_simple_bind_s");
#endif
@@ -100,12 +113,14 @@
case LDAP_INVALID_CREDENTIALS:
case LDAP_INSUFFICIENT_ACCESS:
/* authenticate failed: Should not continue */
+ ldap_unbind(ld);
*errorcode = ADMUTIL_LDAP_ERR;
return 0;
case LDAP_NO_SUCH_OBJECT:
case LDAP_ALIAS_PROBLEM:
case LDAP_INVALID_DN_SYNTAX:
/* Not a good user DN */
+ ldap_unbind(ld);
*errorcode = ADMUTIL_LDAP_ERR;
return 0;
break;
More information about the Fedora-directory-commits
mailing list