Sync with HEAD

[openldap] / servers / slapd / connection.c

diff --git a/servers/slapd/connection.c b/servers/slapd/connection.c
index e3bd2f5d411915b288f6904a3be681581cb38549..c2be214f59f3e442408da0b329610b34e6253723 100644 (file)
--- a/servers/slapd/connection.c
+++ b/servers/slapd/connection.c
@@ -151,7 +151,7 @@ int connections_init(void)
                NUM_CONNECTION_ARRAY, sizeof(ldap_pvt_thread_mutex_t) );
        if( connections_mutex == NULL ) {
                Debug( LDAP_DEBUG_ANY, "connections_init: "
-                       "allocation of connection mutex[%d] failed\n", i, 0, 0 );
+                       "allocation of connection mutexes failed\n", 0, 0, 0 );
                return -1;
        }
 
@@ -2004,9 +2004,59 @@ static int connection_bind_cb( Operation *op, SlapReply *rs )
 
        ldap_pvt_thread_mutex_lock( &op->o_conn->c_mutex );
        op->o_conn->c_conn_state = SLAP_C_ACTIVE;
+       op->o_conn->c_sasl_bind_in_progress =
+               ( rs->sr_err == LDAP_SASL_BIND_IN_PROGRESS );
+
+       /* Moved here from bind.c due to ITS#4158 */
+       op->o_conn->c_sasl_bindop = NULL;
+       if ( op->orb_method == LDAP_AUTH_SASL ) {
+               if( rs->sr_err == LDAP_SUCCESS ) {
+                       ber_dupbv(&op->o_conn->c_dn, &op->orb_edn);
+                       if( !BER_BVISEMPTY( &op->orb_edn ) ) {
+                               /* edn is always normalized already */
+                               ber_dupbv( &op->o_conn->c_ndn, &op->o_conn->c_dn );
+                       }
+                       op->o_tmpfree( op->orb_edn.bv_val, op->o_tmpmemctx );
+                       BER_BVZERO( &op->orb_edn );
+                       op->o_conn->c_authmech = op->o_conn->c_sasl_bind_mech;
+                       BER_BVZERO( &op->o_conn->c_sasl_bind_mech );
+
+                       op->o_conn->c_sasl_ssf = op->orb_ssf;
+                       if( op->orb_ssf > op->o_conn->c_ssf ) {
+                               op->o_conn->c_ssf = op->orb_ssf;
+                       }
+
+                       if( !BER_BVISEMPTY( &op->o_conn->c_dn ) ) {
+                               ber_len_t max = sockbuf_max_incoming_auth;
+                               ber_sockbuf_ctrl( op->o_conn->c_sb,
+                                       LBER_SB_OPT_SET_MAX_INCOMING, &max );
+                       }
+
+                       /* log authorization identity */
+                       Statslog( LDAP_DEBUG_STATS,
+                               "%s BIND dn=\"%s\" mech=%s ssf=%d\n",
+                               op->o_log_prefix,
+                               BER_BVISNULL( &op->o_conn->c_dn ) ? "<empty>" : op->o_conn->c_dn.bv_val,
+                               op->o_conn->c_authmech.bv_val, op->orb_ssf, 0 );
+
+                       Debug( LDAP_DEBUG_TRACE,
+                               "do_bind: SASL/%s bind: dn=\"%s\" ssf=%d\n",
+                               op->o_conn->c_authmech.bv_val,
+                               BER_BVISNULL( &op->o_conn->c_dn ) ? "<empty>" : op->o_conn->c_dn.bv_val,
+                               op->orb_ssf );
+
+               } else if ( rs->sr_err != LDAP_SASL_BIND_IN_PROGRESS ) {
+                       if ( !BER_BVISNULL( &op->o_conn->c_sasl_bind_mech ) ) {
+                               free( op->o_conn->c_sasl_bind_mech.bv_val );
+                               BER_BVZERO( &op->o_conn->c_sasl_bind_mech );
+                       }
+               }
+       }
        ldap_pvt_thread_mutex_unlock( &op->o_conn->c_mutex );
 
        ch_free( cb );
+       op->o_callback = NULL;
+
        return SLAP_CB_CONTINUE;
 }