Re: (ITS#6475) SASL OTP and syncrepl - openldap-bugs

19 Jul 2010

Hi,
I've received segmentation faults during some basic SASL OTP testing 
using CVS HEAD.
Below you'll find a small patch (against HEAD) which seems to fix this 
issue ...
Before the patch:
root@tingletangle:~/repos/openldap# /usr/local/openldap/bin/ldapsearch 
-v -Y OTP -U test1
ldap_initialize( <DEFAULT> )
SASL/OTP authentication started
ldap_sasl_interactive_bind_s: Can't contact LDAP server (-1) (<== slapd 
segfault)
After the patch has been applied:
root@tingletangle:~/repos/openldap# /usr/local/openldap/bin/ldapsearch 
-v -Y OTP -U test1
ldap_initialize( <DEFAULT> )
SASL/OTP authentication started
Challenge: otp-md5 498 ti6311 ext
Please enter your one-time password:  huhu
ldap_sasl_interactive_bind_s: Invalid credentials (49)
        additional info: SASL(-13): authentication failure: (<== slapd 
still running ;-) )
As I'm not (yet ;-)) an OTP-expert I have not tested any further because 
I currently just don't know how to calculate the one-time password based 
on the challenge ...
Best regards,
Daniel
Index: servers/slapd/sasl.c
===================================================================
RCS file: /repo/OpenLDAP/pkg/ldap/servers/slapd/sasl.c,v
retrieving revision 1.274
diff -u -r1.274 sasl.c

--- servers/slapd/sasl.c        15 Apr 2010 16:13:54 -0000      1.274
+++ servers/slapd/sasl.c        19 Jul 2010 19:55:11 -0000
@@ -548,7 +548,7 @@
                                        op.o_req_ndn.bv_val = (char 
*)pr[i].values[0];
                        }
 #ifdef SLAP_AUXPROP_DONTUSECOPY
-                       {
+                       if ( slap_dontUseCopy_propnames != NULL ) {
                                struct berval bv;
                                ber_str2bv( &pr[i].name[1], 0, 1, &bv );
                                for ( j = 0; !BER_BVISNULL( 
&slap_dontUseCopy_propnames[ j ] ); j++ ) {

    