[Fedora-directory-commits] adminutil/lib/libadmsslutil admsslutil.c, 1.4, 1.5

Richard Allen Megginson (rmeggins) fedora-directory-commits at redhat.com
Fri Nov 3 17:40:32 UTC 2006 

Author: rmeggins

Update of /cvs/dirsec/adminutil/lib/libadmsslutil
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv29624/adminutil/lib/libadmsslutil

Modified Files:
	admsslutil.c 
Log Message:
Reviewed by: nhosoi (Thanks!)
Fix Description: The logic in mod_admserv.c expects admldapBuildInfoSSL to return success but
with a NULL ldap handle if no password was given or found.  This is essentially
what admldapBuildInfo does in the same situation.  I also found and fixed a few
memory leaks with both strings and LDAP handles.
Platforms tested: FC5
Flag Day: no
Doc impact: no 



Index: admsslutil.c
===================================================================
RCS file: /cvs/dirsec/adminutil/lib/libadmsslutil/admsslutil.c,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -r1.4 -r1.5
--- admsslutil.c	24 Mar 2006 04:48:38 -0000	1.4
+++ admsslutil.c	3 Nov 2006 17:40:30 -0000	1.5
@@ -74,24 +74,37 @@
 {
   LDAP  *ld;
   int   ldapError;
+  char *passwd = NULL;
+  char *host = NULL;
 
   *errorcode = ADMUTIL_OP_OK;
 
+  host = admldapGetHost(info);
   if (admldapGetSecurity(info))
-    ld = ldapssl_init(admldapGetHost(info), admldapGetPort(info), 1);
+    ld = ldapssl_init(host, admldapGetPort(info), 1);
   else
-    ld = ldap_init(admldapGetHost(info), admldapGetPort(info));
+    ld = ldap_init(host, admldapGetPort(info));
+  PL_strfree(host);
 
   if (!ld) {
     *errorcode = ADMUTIL_LDAP_ERR;
     return 0;
   }
 
+  passwd = admldapGetSIEPWD(info);
+  if (passwd) {
+      char *dn = admldapGetSIEDN(info);
+      ldapError = ldap_simple_bind_s(ld, dn, passwd);
+      PL_strfree(dn);
+      PL_strfree(passwd);
+  } else {
+      /* no password means just punt rather than do anon bind */
+      /* this mimics the same logic in admldapBuildInfoCbk() */
+      *errorcode = ADMUTIL_LDAP_ERR;
+      return 1; /* have to return true here to mimic admldapBuildInfoCbk() */
+  }
   /* authenticate to LDAP server*/
-  if ((ldapError = ldap_simple_bind_s(ld,
-                                      admldapGetSIEDN(info),
-                                      admldapGetSIEPWD(info)))
-        != LDAP_SUCCESS ) {
+  if (ldapError != LDAP_SUCCESS) {
 #ifdef LDAP_DEBUG
     ldap_perror(ld, "ldap_simple_bind_s");
 #endif
@@ -100,12 +113,14 @@
     case LDAP_INVALID_CREDENTIALS:
     case LDAP_INSUFFICIENT_ACCESS:
       /* authenticate failed: Should not continue */
+      ldap_unbind(ld);
       *errorcode = ADMUTIL_LDAP_ERR;
       return 0;
     case LDAP_NO_SUCH_OBJECT:
     case LDAP_ALIAS_PROBLEM:
     case LDAP_INVALID_DN_SYNTAX:
       /* Not a good user DN */
+      ldap_unbind(ld);
       *errorcode = ADMUTIL_LDAP_ERR;
       return 0;
       break;

More information about the Fedora-directory-commits mailing list