X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=servers%2Fslapd%2Fbind.c;h=646b72f657ceec50b444242951c51e4818898a6e;hb=8975676fa435f4178c62e4d213697906ff81059f;hp=45c2fab3fbe77f6a3ddf6fb0caf914acca2e1a2b;hpb=6107ba67d2fd7eadb23ffdd1d284306011ef4013;p=openldap

diff --git a/servers/slapd/bind.c b/servers/slapd/bind.c
index 45c2fab3fb..646b72f657 100644
--- a/servers/slapd/bind.c
+++ b/servers/slapd/bind.c
@@ -45,7 +45,7 @@ do_bind(
 	int	rc = LDAP_SUCCESS;
 	const char *text;
 	struct berval cred = { 0, NULL };
-	Backend *be;
+	Backend *be = NULL;
 
 #ifdef NEW_LOGGING
 	LDAP_LOG( OPERATION, ENTRY, "do_bind: conn %d\n", conn->c_connid, 0, 0 );
@@ -57,7 +57,9 @@ do_bind(
 	 * Force to connection to "anonymous" until bind succeeds.
 	 */
 	ldap_pvt_thread_mutex_lock( &conn->c_mutex );
+	if ( conn->c_sasl_bind_in_progress ) be = conn->c_authz_backend;
 	connection2anonymous( conn );
+	if ( conn->c_sasl_bind_in_progress ) conn->c_authz_backend = be;
 	ldap_pvt_thread_mutex_unlock( &conn->c_mutex );
 
 	if ( op->o_dn.bv_val != NULL ) {
@@ -229,6 +231,9 @@ do_bind(
 		goto cleanup;
 	}
 
+	/* Set the bindop for the benefit of in-directory SASL lookups */
+	conn->c_sasl_bindop = op;
+
 	if ( method == LDAP_AUTH_SASL ) {
 		slap_ssf_t ssf = 0;
 
@@ -272,7 +277,7 @@ do_bind(
 
 		ldap_pvt_thread_mutex_lock( &conn->c_mutex );
 		if ( conn->c_sasl_bind_in_progress ) {
-			if((ber_bvcmp(&conn->c_sasl_bind_mech, &mech) != 0)) {
+			if( !bvmatch( &conn->c_sasl_bind_mech, &mech ) ) {
 				/* mechanism changed between bind steps */
 				slap_sasl_reset(conn);
 			}
@@ -305,11 +310,21 @@ do_bind(
 			}
 
 			if( conn->c_dn.bv_len != 0 ) {
-				ber_len_t max = sockbuf_max_incoming;
+				ber_len_t max = sockbuf_max_incoming_auth;
 				ber_sockbuf_ctrl( conn->c_sb,
 					LBER_SB_OPT_SET_MAX_INCOMING, &max );
 			}
 
+#ifdef NEW_LOGGING
+			LDAP_LOG( OPERATION, DETAIL1, 
+				"do_bind: SASL/%s bind: dn=\"%s\" ssf=%d\n",
+				conn->c_authmech.bv_val, conn->c_dn.bv_val, ssf );
+#else
+			Debug( LDAP_DEBUG_TRACE,
+				"do_bind: SASL/%s bind: dn=\"%s\" ssf=%d\n",
+				conn->c_authmech.bv_val, conn->c_dn.bv_val, ssf );
+#endif
+
 		} else if ( rc == LDAP_SASL_BIND_IN_PROGRESS ) {
 			conn->c_sasl_bind_in_progress = 1;
 
@@ -526,7 +541,7 @@ do_bind(
 			ndn.bv_len = 0;
 
 			if( conn->c_dn.bv_len != 0 ) {
-				ber_len_t max = sockbuf_max_incoming;
+				ber_len_t max = sockbuf_max_incoming_auth;
 				ber_sockbuf_ctrl( conn->c_sb,
 					LBER_SB_OPT_SET_MAX_INCOMING, &max );
 			}
@@ -558,6 +573,8 @@ do_bind(
 	}
 
 cleanup:
+	conn->c_sasl_bindop = NULL;
+
 	if( pdn.bv_val != NULL ) {
 		free( pdn.bv_val );
 	}