From c81c032f0a17fb6cb0c50e6a0006d273e1553c76 Mon Sep 17 00:00:00 2001 From: Noriko Hosoi Date: Feb 12 2015 00:18:22 +0000 Subject: Ticket #47742 - 64bit problem on big endian: auth method not supported Description: Cast from ber_tag_t to int on a big endian machine causes the "auth method not supported" error. Instead of handling the method as "int", use ber_tag_t through out the server code. https://fedorahosted.org/389/ticket/47742 Reviewed by mreynolds@redhat.com (Thank you, Mark!!) (cherry picked from commit e0219e8fede80d1ab63a7c706d756abd4e53e3a4) --- diff --git a/ldap/servers/plugins/chainingdb/cb_bind.c b/ldap/servers/plugins/chainingdb/cb_bind.c index 827916e..4c6a12b 100644 --- a/ldap/servers/plugins/chainingdb/cb_bind.c +++ b/ldap/servers/plugins/chainingdb/cb_bind.c @@ -47,7 +47,7 @@ cb_free_bervals( struct berval **bvs ); static int -cb_sasl_bind_once_s( cb_conn_pool *pool, const char *dn, int method, +cb_sasl_bind_once_s( cb_conn_pool *pool, const char *dn, ber_tag_t method, char * mechanism, struct berval *creds, LDAPControl **reqctrls, char **matcheddnp, char **errmsgp, struct berval ***refurlsp, @@ -68,7 +68,7 @@ cb_sasl_bind_once_s( cb_conn_pool *pool, const char *dn, int method, static int cb_sasl_bind_s(Slapi_PBlock * pb, cb_conn_pool *pool, int tries, - const char *dn, int method,char * mechanism, + const char *dn, ber_tag_t method, char * mechanism, struct berval *creds, LDAPControl **reqctrls, char **matcheddnp, char **errmsgp, struct berval ***refurlsp, LDAPControl ***resctrlsp ,int *status) @@ -84,7 +84,7 @@ cb_sasl_bind_s(Slapi_PBlock * pb, cb_conn_pool *pool, int tries, if ( slapi_op_abandoned( pb )) { rc = LDAP_USER_CANCELLED; } else { - rc = cb_sasl_bind_once_s( pool, dn, method,mechanism, creds, reqctrls, + rc = cb_sasl_bind_once_s( pool, dn, method, mechanism, creds, reqctrls, matcheddnp, errmsgp, refurlsp, resctrlsp ,status); } } while ( CB_LDAP_CONN_ERROR( rc ) && --tries > 0 ); @@ -93,7 +93,7 @@ cb_sasl_bind_s(Slapi_PBlock * pb, cb_conn_pool *pool, int tries, } static int -cb_sasl_bind_once_s( cb_conn_pool *pool, const char *dn, int method, +cb_sasl_bind_once_s( cb_conn_pool *pool, const char *dn, ber_tag_t method, char * mechanism, struct berval *creds, LDAPControl **reqctrls, char **matcheddnp, char **errmsgp, struct berval ***refurlsp, @@ -244,7 +244,7 @@ chainingdb_bind( Slapi_PBlock *pb ) int rc = LDAP_SUCCESS; int freectrls = 1; int bind_retry; - int method; + ber_tag_t method; if ( LDAP_SUCCESS != (rc = cb_forward_operation(pb) )) { cb_send_ldap_result( pb, rc, NULL, "Chaining forbidden", 0, NULL ); @@ -276,7 +276,7 @@ chainingdb_bind( Slapi_PBlock *pb ) dn = slapi_sdn_get_ndn(sdn); /* always allow noauth simple binds */ - if (( method == LDAP_AUTH_SIMPLE) && creds->bv_len == 0 ) { + if ((method == LDAP_AUTH_SIMPLE) && (creds->bv_len == 0)) { slapi_sdn_free(&mysdn); return( SLAPI_BIND_ANONYMOUS ); } diff --git a/ldap/servers/plugins/pam_passthru/pam_ptpreop.c b/ldap/servers/plugins/pam_passthru/pam_ptpreop.c index 476d834..e550bcf 100644 --- a/ldap/servers/plugins/pam_passthru/pam_ptpreop.c +++ b/ldap/servers/plugins/pam_passthru/pam_ptpreop.c @@ -431,7 +431,7 @@ static int pam_passthru_bindpreop( Slapi_PBlock *pb ) { int rc = LDAP_SUCCESS; - int method; + ber_tag_t method; const char *normbinddn; char *errmsg = NULL; Slapi_DN *bindsdn = NULL; @@ -460,8 +460,8 @@ pam_passthru_bindpreop( Slapi_PBlock *pb ) * We only handle simple bind requests that include non-NULL binddn and * credentials. Let the Directory Server itself handle everything else. */ - if ( method != LDAP_AUTH_SIMPLE || *normbinddn == '\0' || - creds->bv_len == 0 ) { + if ((method != LDAP_AUTH_SIMPLE) || (*normbinddn == '\0') || + (creds->bv_len == 0)) { slapi_log_error( SLAPI_LOG_PLUGIN, PAM_PASSTHRU_PLUGIN_SUBSYSTEM, "<= not handled (not simple bind or NULL dn/credentials)\n" ); return retcode; diff --git a/ldap/servers/plugins/replication/repl_bind.c b/ldap/servers/plugins/replication/repl_bind.c index c9b9229..4518e56 100644 --- a/ldap/servers/plugins/replication/repl_bind.c +++ b/ldap/servers/plugins/replication/repl_bind.c @@ -54,7 +54,7 @@ legacy_preop_bind( Slapi_PBlock *pb ) const char *dn = NULL; Slapi_DN *sdn = NULL; struct berval *cred = NULL; - int method; + ber_tag_t method; slapi_pblock_get(pb, SLAPI_BIND_METHOD, &method); slapi_pblock_get(pb, SLAPI_BIND_TARGET_SDN, &sdn); diff --git a/ldap/servers/slapd/back-ldbm/ldbm_bind.c b/ldap/servers/slapd/back-ldbm/ldbm_bind.c index f1dad38..aaa7b26 100644 --- a/ldap/servers/slapd/back-ldbm/ldbm_bind.c +++ b/ldap/servers/slapd/back-ldbm/ldbm_bind.c @@ -203,7 +203,7 @@ ldbm_back_bind( Slapi_PBlock *pb ) { backend *be; ldbm_instance *inst; - int method; + ber_tag_t method; struct berval *cred; struct ldbminfo *li; struct backentry *e; diff --git a/ldap/servers/slapd/back-ldif/bind.c b/ldap/servers/slapd/back-ldif/bind.c index f897230..06b3a76 100644 --- a/ldap/servers/slapd/back-ldif/bind.c +++ b/ldap/servers/slapd/back-ldif/bind.c @@ -62,7 +62,7 @@ int ldif_back_bind( Slapi_PBlock *pb ) { char *dn; /*Storage for the dn*/ - int method; /*Storage for the bind method*/ + ber_tag_t method; /*Storage for the bind method*/ struct berval *cred; /*Storage for the bind credentials*/ struct berval **bvals; LDIF *db; /*The database*/ @@ -91,7 +91,7 @@ ldif_back_bind( Slapi_PBlock *pb ) if ( (e = (ldif_Entry *)ldif_find_entry( pb, db, dn, &prev )) == NULL ) { /* Allow noauth binds */ - if ( method == LDAP_AUTH_SIMPLE && cred->bv_len == 0 ) { + if ((method == LDAP_AUTH_SIMPLE) && (cred->bv_len == 0)) { rc = SLAPI_BIND_ANONYMOUS; } else { slapi_send_ldap_result( pb, LDAP_NO_SUCH_OBJECT, NULL, NULL, 0, NULL ); diff --git a/ldap/servers/slapd/bind.c b/ldap/servers/slapd/bind.c index bc4aa24..7acec84 100644 --- a/ldap/servers/slapd/bind.c +++ b/ldap/servers/slapd/bind.c @@ -76,7 +76,7 @@ static void log_bind_access( Slapi_PBlock *pb, const char* dn, - int method, + ber_tag_t method, int version, const char *saslmech, const char *msg @@ -889,7 +889,7 @@ static void log_bind_access ( Slapi_PBlock *pb, const char* dn, - int method, + ber_tag_t method, int version, const char *saslmech, const char *msg @@ -910,13 +910,13 @@ log_bind_access ( } else if (msg) { slapi_log_access( LDAP_DEBUG_STATS, "conn=%" NSPRIu64 " op=%d BIND dn=\"%s\" " - "method=%d version=%d, %s\n", + "method=%ld version=%d, %s\n", (long long unsigned int)pb->pb_conn->c_connid, pb->pb_op->o_opid, dn, method, version, msg ); } else { slapi_log_access( LDAP_DEBUG_STATS, "conn=%" NSPRIu64 " op=%d BIND dn=\"%s\" " - "method=%d version=%d\n", + "method=%ld version=%d\n", (long long unsigned int)pb->pb_conn->c_connid, pb->pb_op->o_opid, dn, method, version ); } diff --git a/ldap/servers/slapd/defbackend.c b/ldap/servers/slapd/defbackend.c index dd948d0..0f566d0 100644 --- a/ldap/servers/slapd/defbackend.c +++ b/ldap/servers/slapd/defbackend.c @@ -203,7 +203,8 @@ defbackend_abandon( Slapi_PBlock *pb ) static int defbackend_bind( Slapi_PBlock *pb ) { - int rc, method; + int rc; + ber_tag_t method; struct berval *cred; LDAPDebug( LDAP_DEBUG_TRACE, "defbackend_bind\n", 0, 0, 0 ); diff --git a/ldap/servers/slapd/dse.c b/ldap/servers/slapd/dse.c index 9bb5914..b9ffc5f 100644 --- a/ldap/servers/slapd/dse.c +++ b/ldap/servers/slapd/dse.c @@ -1499,7 +1499,7 @@ dse_delete_entry(struct dse* pdse, Slapi_PBlock *pb, const Slapi_Entry *e) int dse_bind( Slapi_PBlock *pb ) /* JCM There should only be one exit point from this function! */ { - int method; /* The bind method */ + ber_tag_t method; /* The bind method */ struct berval *cred; /* The bind credentials */ Slapi_Value **bvals; struct dse* pdse; diff --git a/ldap/servers/slapd/pblock.c b/ldap/servers/slapd/pblock.c index b35fce7..fd9ccb7 100644 --- a/ldap/servers/slapd/pblock.c +++ b/ldap/servers/slapd/pblock.c @@ -1301,7 +1301,7 @@ slapi_pblock_get( Slapi_PBlock *pblock, int arg, void *value ) case SLAPI_BIND_METHOD: if(pblock->pb_op!=NULL) { - (*(int *)value) = pblock->pb_op->o_params.p.p_bind.bind_method; + (*(ber_tag_t *)value) = pblock->pb_op->o_params.p.p_bind.bind_method; } break; case SLAPI_BIND_CREDENTIALS: @@ -2936,7 +2936,7 @@ slapi_pblock_set( Slapi_PBlock *pblock, int arg, void *value ) case SLAPI_BIND_METHOD: if(pblock->pb_op!=NULL) { - pblock->pb_op->o_params.p.p_bind.bind_method = *((int *) value); + pblock->pb_op->o_params.p.p_bind.bind_method = *((ber_tag_t *) value); } break; case SLAPI_BIND_CREDENTIALS: diff --git a/ldap/servers/slapd/plugin.c b/ldap/servers/slapd/plugin.c index 94aba7f..4df2eb5 100644 --- a/ldap/servers/slapd/plugin.c +++ b/ldap/servers/slapd/plugin.c @@ -77,7 +77,7 @@ static int plugin_call_func (struct slapdplugin *list, int operation, Slapi_PBlo static PRBool plugin_invoke_plugin_pb (struct slapdplugin *plugin, int operation, Slapi_PBlock *pb); static PRBool plugin_matches_operation (Slapi_DN *target_spec, PluginTargetData *ptd, - PRBool bindop, PRBool isroot, PRBool islocal, int method); + PRBool bindop, PRBool isroot, PRBool islocal, ber_tag_t method); static void plugin_config_init (struct pluginconfig *config); static void plugin_config_cleanup (struct pluginconfig *config); @@ -3593,7 +3593,7 @@ plugin_invoke_plugin_sdn (struct slapdplugin *plugin, int operation, Slapi_PBloc PRBool islocal; PRBool bindop; unsigned long op; - int method = -1; + ber_tag_t method = LBER_ERROR; PR_ASSERT (plugin); if (!pb) { @@ -3762,7 +3762,7 @@ PRBool plugin_allow_internal_op (Slapi_DN *target_spec, struct slapdplugin *plug } static PRBool plugin_matches_operation (Slapi_DN *target_spec, PluginTargetData *ptd, - PRBool bindop, PRBool isroot, PRBool islocal, int method) + PRBool bindop, PRBool isroot, PRBool islocal, ber_tag_t method) { int cookie; Slapi_DN *subtree; diff --git a/ldap/servers/slapd/result.c b/ldap/servers/slapd/result.c index 544a9c7..45a5b4c 100644 --- a/ldap/servers/slapd/result.c +++ b/ldap/servers/slapd/result.c @@ -371,7 +371,7 @@ send_ldap_result_ext( const char *dn = NULL; ber_tag_t tag; int flush_ber_element = 1; - int bind_method = 0; + ber_tag_t bind_method = 0; int internal_op; int i, rc, logit = 0; @@ -453,7 +453,7 @@ send_ldap_result_ext( /* invalid password. Update the password retry here */ /* put this here for now. It could be a send_result pre-op plugin. */ - if (err == LDAP_INVALID_CREDENTIALS && bind_method != LDAP_AUTH_SASL ) { + if ((err == LDAP_INVALID_CREDENTIALS) && (bind_method != LDAP_AUTH_SASL)) { slapi_pblock_get( pb, SLAPI_TARGET_SDN, &sdn ); dn = slapi_sdn_get_dn(sdn); pwpolicy = new_passwdPolicy(pb, dn); diff --git a/ldap/servers/slapd/slapi-private.h b/ldap/servers/slapd/slapi-private.h index 921c397..43ba82c 100644 --- a/ldap/servers/slapd/slapi-private.h +++ b/ldap/servers/slapd/slapi-private.h @@ -573,7 +573,7 @@ typedef struct slapi_operation_parameters struct bind_parameters { - int bind_method; + ber_tag_t bind_method; struct berval *bind_creds; char *bind_saslmechanism; /* v3 sasl mechanism name */ struct berval *bind_ret_saslcreds; /* v3 serverSaslCreds */