ldap_pvt_thread_mutex_lock( &conn->c_mutex );
- if ( conn->c_authmech != NULL ) {
- assert( conn->c_bind_in_progress );
+ if ( conn->c_sasl_bind_mech != NULL ) {
+ assert( conn->c_sasl_bind_in_progress );
- if((strcmp(conn->c_authmech, mech) != 0)) {
+ if((strcmp(conn->c_sasl_bind_mech, mech) != 0)) {
/* mechanism changed, cancel in progress bind */
- conn->c_bind_in_progress = 0;
- if( conn->c_authstate != NULL ) {
- free(conn->c_authstate);
- conn->c_authstate = NULL;
- }
- free(conn->c_authmech);
- conn->c_authmech = NULL;
+ conn->c_sasl_bind_in_progress = 0;
+ free( conn->c_sasl_bind_mech );
+ conn->c_sasl_bind_mech = NULL;
+#ifdef HAVE_CYRUS_SASL
+ sasl_dispose(&conn->c_sasl_bind_context);
+ conn->c_sasl_bind_context = NULL;
+#endif
}
#ifdef LDAP_DEBUG
} else {
- assert( !conn->c_bind_in_progress );
- assert( conn->c_authmech == NULL );
- assert( conn->c_authstate == NULL );
+ assert( !conn->c_sasl_bind_in_progress );
+ assert( conn->c_sasl_bind_mech == NULL );
+#ifdef HAVE_CYRUS_SASL
+ assert( conn->c_sasl_bind_context == NULL );
+#endif
#endif
}
ldap_pvt_thread_mutex_unlock( &conn->c_mutex );
/* Not SASL, cancel any in-progress bind */
ldap_pvt_thread_mutex_lock( &conn->c_mutex );
- if ( conn->c_authmech != NULL ) {
- assert( conn->c_bind_in_progress );
+ if ( conn->c_sasl_bind_mech != NULL ) {
+ assert( conn->c_sasl_bind_in_progress );
/* cancel in progress bind */
- conn->c_bind_in_progress = 0;
+ conn->c_sasl_bind_in_progress = 0;
- if( conn->c_authstate != NULL ) {
- free(conn->c_authstate);
- conn->c_authstate = NULL;
- }
+ free(conn->c_sasl_bind_mech);
+ conn->c_sasl_bind_mech = NULL;
- free(conn->c_authmech);
- conn->c_authmech = NULL;
+#ifdef HAVE_CYRUS_SASL
+ sasl_dispose(&conn->c_sasl_bind_context);
+ conn->c_sasl_bind_context = NULL;
+#endif
}
ldap_pvt_thread_mutex_unlock( &conn->c_mutex );
assert( c != NULL );
if( c->c_struct_state == SLAP_C_UNINITIALIZED ) {
+ c->c_authmech = NULL;
c->c_dn = NULL;
c->c_cdn = NULL;
c->c_ops = NULL;
c->c_pending_ops = NULL;
- c->c_authmech = NULL;
- c->c_authstate = NULL;
+ c->c_sasl_bind_mech = NULL;
#ifdef HAVE_CYRUS_SASL
- c->c_sasl_context = NULL;
-#endif /* HAVE_CYRUS_SASL */
+ c->c_sasl_bind_context = NULL;
+#endif
c->c_sb = ber_sockbuf_alloc( );
c->c_currentber = NULL;
ldap_pvt_thread_mutex_lock( &c->c_mutex );
assert( c->c_struct_state == SLAP_C_UNUSED );
+ assert( c->c_authmech == NULL );
assert( c->c_dn == NULL );
assert( c->c_cdn == NULL );
assert( c->c_listener_url == NULL );
assert( c->c_sock_name == NULL );
assert( c->c_ops == NULL );
assert( c->c_pending_ops == NULL );
- assert( c->c_authmech == NULL );
- assert( c->c_authstate == NULL );
+ assert( c->c_sasl_bind_mech == NULL );
#ifdef HAVE_CYRUS_SASL
- assert( c->c_sasl_context == NULL );
+ assert( c->c_sasl_bind_context == NULL );
#endif
assert( c->c_currentber == NULL );
c->c_activitytime = c->c_starttime = 0;
+ if(c->c_authmech != NULL ) {
+ free(c->c_authmech);
+ c->c_authmech = NULL;
+ }
if(c->c_dn != NULL) {
free(c->c_dn);
c->c_dn = NULL;
free(c->c_sock_name);
c->c_sock_name = NULL;
}
- if(c->c_authmech != NULL ) {
- free(c->c_authmech);
- c->c_authmech = NULL;
- }
- if(c->c_authstate != NULL ) {
- free(c->c_authstate);
- c->c_authstate = NULL;
- }
+ c->c_sasl_bind_in_progress = 0;
+ if(c->c_sasl_bind_mech != NULL) {
+ free(c->c_sasl_bind_mech);
+ c->c_sasl_bind_mech = NULL;
+ }
#ifdef HAVE_CYRUS_SASL
- if(c->c_sasl_context != NULL ) {
- sasl_dispose( &c->c_sasl_context );
- c->c_sasl_context = NULL;
+ if(c->c_sasl_bind_context != NULL ) {
+ sasl_dispose( &c->c_sasl_bind_context );
+ c->c_sasl_bind_context = NULL;
}
-#endif /* HAVE_CYRUS_SASL */
-
- c->c_bind_in_progress = 0;
+#endif
if ( c->c_currentber != NULL ) {
ber_free( c->c_currentber, 1 );
num_ops_initiated++;
ldap_pvt_thread_mutex_unlock( &num_ops_mutex );
- if( conn->c_bind_in_progress && tag != LDAP_REQ_BIND ) {
+ if( conn->c_sasl_bind_in_progress && tag != LDAP_REQ_BIND ) {
Debug( LDAP_DEBUG_ANY, "connection_operation: "
"error: SASL bind in progress (tag=%ld).\n",
(long) tag, 0, 0 );
* the backend to set this.
*/
if ( rc == LDAP_SASL_BIND_IN_PROGRESS ) {
- conn->c_bind_in_progress = 1;
+ conn->c_sasl_bind_in_progress = 1;
}
}
c->c_ops != NULL ? "x" : "",
c->c_pending_ops != NULL ? "p" : "",
connection_state2str( c->c_conn_state ),
- c->c_bind_in_progress ? "S" : "",
+ c->c_sasl_bind_in_progress ? "S" : "",
c->c_cdn ? c->c_cdn : "<anonymous>",
LIBSLAPD_F (int) sasl_destroy(void);
#ifdef HAVE_CYRUS_SASL
LIBSLAPD_F (int) sasl_errldap LDAP_P(( int ));
-LIBSLAPD_F (int) sasl_bind LDAP_P((Backend *,
+LIBSLAPD_F (int) sasl_bind LDAP_P((
Connection *, Operation *,
char *, char *, char *, struct berval *, char **));
#endif
#include <ldap_log.h>
char **supportedSASLMechanisms = NULL;
+char *sasl_host = NULL;
#ifdef HAVE_CYRUS_SASL
static void *sasl_pvt_mutex_new(void)
return -1;
}
- rc = sasl_server_new( "ldap", NULL, NULL, NULL,
+ if( sasl_host == NULL ) {
+ char hostname[MAXHOSTNAMELEN+1];
+
+ if( gethostname( hostname, MAXHOSTNAMELEN ) == 0 ) {
+ hostname[MAXHOSTNAMELEN] = '\0';
+ sasl_host = hostname;
+ }
+ }
+
+ rc = sasl_server_new( "ldap", sasl_host, NULL, NULL,
SASL_SECURITY_LAYER,
&server );
#ifdef HAVE_CYRUS_SASL
int sasl_bind(
- Backend *be,
Connection *conn,
Operation *op,
char *dn,
Debug(LDAP_DEBUG_ARGS, "==> sasl_bind: dn=%s, mech=%s, cred->bv_len=%d\n",
dn, mech, cred ? cred->bv_len : 0 );
- if ( conn->c_sasl_context == NULL ) {
+ if ( conn->c_sasl_bind_context ) {
sasl_callback_t callbacks[4];
int cbnum = 0;
+#if 0
if (be->be_sasl_authorize) {
callbacks[cbnum].id = SASL_CB_PROXY_POLICY;
callbacks[cbnum].proc = be->be_sasl_authorize;
callbacks[cbnum].context = be;
++cbnum;
}
+#endif
+
callbacks[cbnum].id = SASL_CB_LIST_END;
callbacks[cbnum].proc = NULL;
callbacks[cbnum].context = NULL;
/* create new SASL context */
- if ( sasl_server_new( "ldap", NULL, be->be_realm,
- callbacks, SASL_SECURITY_LAYER, &conn->c_sasl_context ) != SASL_OK ) {
+ sc = sasl_server_new( "ldap", sasl_host, global_realm,
+ callbacks, SASL_SECURITY_LAYER, &conn->c_sasl_bind_context );
+
+ if( sc != SASL_OK ) {
send_ldap_result( conn, op, LDAP_AUTH_METHOD_NOT_SUPPORTED,
NULL, NULL, NULL, NULL );
} else {
conn->c_authmech = ch_strdup( mech );
- sc = sasl_server_start( conn->c_sasl_context, conn->c_authmech,
+ sc = sasl_server_start( conn->c_sasl_bind_context, conn->c_authmech,
cred->bv_val, cred->bv_len, (char **)&response.bv_val,
(unsigned *)&response.bv_len, &errstr );
if ( (sc != SASL_OK) && (sc != SASL_CONTINUE) ) {
}
}
} else {
- sc = sasl_server_step( conn->c_sasl_context, cred->bv_val, cred->bv_len,
+ sc = sasl_server_step( conn->c_sasl_bind_context, cred->bv_val, cred->bv_len,
(char **)&response.bv_val, (unsigned *)&response.bv_len, &errstr );
if ( (sc != SASL_OK) && (sc != SASL_CONTINUE) ) {
send_ldap_result( conn, op, ldap_pvt_sasl_err2ldap( sc ),
if ( sc == SASL_OK ) {
char *authzid;
- if ( ( sc = sasl_getprop( conn->c_sasl_context, SASL_USERNAME,
+ if ( ( sc = sasl_getprop( conn->c_sasl_bind_context, SASL_USERNAME,
(void **)&authzid ) ) != SASL_OK ) {
send_ldap_result( conn, op, ldap_pvt_sasl_err2ldap( sc ),
NULL, NULL, NULL, NULL );
}
} else if ( sc == SASL_CONTINUE ) {
/*
- * We set c_bind_in_progress because it doesn't appear
+ * We set c_sasl_bind_in_progress because it doesn't appear
* that connection.c sets this (unless do_bind() itself
* returns LDAP_SASL_BIND_IN_PROGRESS).
*/
- conn->c_bind_in_progress = 1;
+ conn->c_sasl_bind_in_progress = 1;
send_ldap_sasl( conn, op, LDAP_SASL_BIND_IN_PROGRESS,
NULL, NULL, NULL, NULL, &response );
}
char *c_sock_name; /* sock name (trans=addr:port) */
/* only can be changed by binding thread */
- int c_bind_in_progress; /* multi-op bind in progress */
+ int c_sasl_bind_in_progress; /* multi-op bind in progress */
+ char *c_sasl_bind_mech; /* mech in progress */
#ifdef HAVE_CYRUS_SASL
- sasl_conn_t *c_sasl_context;
+ sasl_conn_t *c_sasl_bind_context; /* Cyrus SASL state data */
#endif
- void *c_authstate; /* SASL state data */
/* authentication backend */
Backend *c_authc_backend;
#ifdef HAVE_CYRUS_SASL
int sasl_bind(
- Backend *be,
Connection *conn,
Operation *op,
char *dn,
projects / openldap / commitdiff