Re: [PATCH 0/4] Updated LDAP SASL bind series

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Dear Ian,

final testing of the patch series let to a core dump on libldap. For more information and a correction proposal please refer to my reply to patch 3/4.

With the chnages proposed there, everything works fine.

Kind regards

Thomas

On 25/08/2022 01:08, Thomas Reim wrote:
Dear Ian,

thank you very much for review and correction of the patches. Your updates are fine for me. Four eyes are always better tan two. :-)

Your updates with regard to ldap_res are fine and should work. For your convenience I've added the guideline of OpenLDAP with regard of handling this parameter:

       The
       message obtained from ldap_result() must be passed in the result
       parameter.  This parameter must be NULL when initiating a new
       Bind. The caller must free the result message after each call
       using ldap_msgfree().  The ldap_sasl_interactive_bind() function
       returns an LDAP result code. If the code is LDAP_SASL_BIND_IN_PROGRESS        then the Bind is not complete yet, and this function must be called
       again with the next result from the server.

Our changes follow this principle and should be fine. Calling ldap_msg_free() after successful bind is somehow redundant, as calling ldap_parse_result() with last parameter (freeit) set to 1 already frees memory, but does not harm, either.

I will perform a final testing of all patches on Ubuntu Jammy and come back to you.

Kind regards

Thomas

On 22/08/2022 04:55, Ian Kent wrote:
I've made a few changes, mostly to the do_bind() interact area.

I'm still a little unclear of what's going on there with ldap_res.

For example, ldap_sasl_interactive_bind() is called with ldap_res
as a parameter but it's passed by value so the caller can't see any
changes to it. Further down the call to ldap_result() is where it
imight get a value. So the question is, is ldap_res used in the call
to ldap_sasl_interactive_bind() on subsequent iterations?

I did some more white space changes, added some initializations, and
added a CHANGELOG entry.

Can you have a look and let me know if the changes I've made are ok
with you and that I haven't made any mistakes.

---

Thomas Reim (4):
       autofs-5.1.8 - restore gcc flags after autoconf Kerberos 5 check
       autofs-5.1.8 - prepare for OpenLDAP SASL binding
       autofs-5.1.8 - let OpenLDAP handle SASL binding
       autofs-5.1.8 - configure: LDAP function checks ignore implicit declarations


  CHANGELOG             |   4 ++
  aclocal.m4            |  52 +++++++++++++++
  configure             |  55 +++++++++++++++-
  configure.in          |   5 +-
  include/config.h.in   |   3 +
  include/lookup_ldap.h |   6 ++
  modules/cyrus-sasl.c  | 150 +++++++++++++++++++++++++++++++++++++++++-
  modules/lookup_ldap.c | 137 +++++++++++++++++++++++++++++++++++++-
  8 files changed, 408 insertions(+), 4 deletions(-)

--
Ian




[Index of Archives]     [Linux Filesystem Development]     [Linux Ext4]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux