more bindconf cleanup

servers/slapd/config.c

@@ -725,10 +725,10 @@ static cf_aux_table bindkey[] = {
 	{ BER_BVC("bindmethod="), offsetof(slap_bindconf, sb_method), 'd', 0, methkey },
 	{ BER_BVC("binddn="), offsetof(slap_bindconf, sb_binddn), 'b', 1, NULL },
 	{ BER_BVC("credentials="), offsetof(slap_bindconf, sb_cred), 'b', 1, NULL },
-	{ BER_BVC("saslmech="), offsetof(slap_bindconf, sb_saslmech), 's', 0, NULL },
+	{ BER_BVC("saslmech="), offsetof(slap_bindconf, sb_saslmech), 'b', 0, NULL },
 	{ BER_BVC("secprops="), offsetof(slap_bindconf, sb_secprops), 's', 0, NULL },
-	{ BER_BVC("realm="), offsetof(slap_bindconf, sb_realm), 's', 0, NULL },
-	{ BER_BVC("authcID="), offsetof(slap_bindconf, sb_authcId), 's', 0, NULL },
+	{ BER_BVC("realm="), offsetof(slap_bindconf, sb_realm), 'b', 0, NULL },
+	{ BER_BVC("authcID="), offsetof(slap_bindconf, sb_authcId), 'b', 0, NULL },
 	{ BER_BVC("authzID="), offsetof(slap_bindconf, sb_authzId), 'b', 1, NULL },
 	{ BER_BVNULL, 0, 0, 0, NULL }
 };
@@ -831,24 +831,31 @@ int bindconf_unparse( slap_bindconf *bc, struct berval *bv ) {
 void bindconf_free( slap_bindconf *bc ) {
 	if ( !BER_BVISNULL( &bc->sb_binddn ) ) {
 		ch_free( bc->sb_binddn.bv_val );
+		BER_BVZERO( &bc->sb_binddn );
 	}
 	if ( !BER_BVISNULL( &bc->sb_cred ) ) {
 		ch_free( bc->sb_cred.bv_val );
+		BER_BVZERO( &bc->sb_cred );
 	}
-	if ( bc->sb_saslmech ) {
-		ch_free( bc->sb_saslmech );
+	if ( !BER_BVISNULL( &bc->sb_saslmech ) ) {
+		ch_free( bc->sb_saslmech.bv_val );
+		BER_BVZERO( &bc->sb_saslmech );
 	}
 	if ( bc->sb_secprops ) {
 		ch_free( bc->sb_secprops );
+		bc->sb_secprops = NULL;
 	}
-	if ( bc->sb_realm ) {
-		ch_free( bc->sb_realm );
+	if ( !BER_BVISNULL( &bc->sb_realm ) ) {
+		ch_free( bc->sb_realm.bv_val );
+		BER_BVZERO( &bc->sb_realm );
 	}
-	if ( bc->sb_authcId ) {
-		ch_free( bc->sb_authcId );
+	if ( !BER_BVISNULL( &bc->sb_authcId ) ) {
+		ch_free( bc->sb_authcId.bv_val );
+		BER_BVZERO( &bc->sb_authcId );
 	}
 	if ( !BER_BVISNULL( &bc->sb_authzId ) ) {
 		ch_free( bc->sb_authzId.bv_val );
+		BER_BVZERO( &bc->sb_authzId );
 	}
 }
 

servers/slapd/slap.h

@@ -1481,10 +1481,10 @@ typedef struct slap_bindconf {
 	int sb_method;
 	struct berval sb_binddn;
 	struct berval sb_cred;
-	char *sb_saslmech;
+	struct berval sb_saslmech;
 	char *sb_secprops;
-	char *sb_realm;
-	char *sb_authcId;
+	struct berval sb_realm;
+	struct berval sb_authcId;
 	struct berval sb_authzId;
 } slap_bindconf;
 

servers/slapd/syncrepl.c

@@ -322,13 +322,16 @@ do_syncrep1(
 			}
 		}
 
-		defaults = lutil_sasl_defaults( si->si_ld, si->si_bindconf.sb_saslmech,
-			si->si_bindconf.sb_realm, si->si_bindconf.sb_authcId,
-			si->si_bindconf.sb_cred.bv_val, si->si_bindconf.sb_authzId.bv_val );
+		defaults = lutil_sasl_defaults( si->si_ld,
+			si->si_bindconf.sb_saslmech.bv_val,
+			si->si_bindconf.sb_realm.bv_val,
+			si->si_bindconf.sb_authcId.bv_val,
+			si->si_bindconf.sb_cred.bv_val,
+			si->si_bindconf.sb_authzId.bv_val );
 
 		rc = ldap_sasl_interactive_bind_s( si->si_ld,
 				si->si_bindconf.sb_binddn.bv_val,
-				si->si_bindconf.sb_saslmech,
+				si->si_bindconf.sb_saslmech.bv_val,
 				NULL, NULL,
 				LDAP_SASL_QUIET,
 				lutil_sasl_interact,
@@ -341,13 +344,15 @@ do_syncrep1(
 		 *	2) on err policy : exit, retry, backoff ...
 		 */
 		if ( rc != LDAP_SUCCESS ) {
+			static struct berval bv_GSSAPI = BER_BVC( "GSSAPI" );
+
 			Debug( LDAP_DEBUG_ANY, "do_syncrep1: "
 				"ldap_sasl_interactive_bind_s failed (%d)\n",
 				rc, 0, 0 );
 
 			/* FIXME (see above comment) */
 			/* if Kerberos credentials cache is not active, retry */
-			if ( strcmp( si->si_bindconf.sb_saslmech, "GSSAPI" ) == 0 &&
+			if ( ber_bvcmp( &si->si_bindconf.sb_saslmech, &bv_GSSAPI ) == 0 &&
 				rc == LDAP_LOCAL_ERROR )
 			{
 				rc = LDAP_SERVER_DOWN;