ITS#4158 move SASL bind finalization to bind_cb.

diff --git a/servers/slapd/bind.c b/servers/slapd/bind.c
index 90c6a96414ad7b85b7e63a93f46f5a380f9c340f..6fb47737ef998b6a39b80dbfbbdec6d59c7c7918 100644 (file)
--- a/servers/slapd/bind.c
+++ b/servers/slapd/bind.c
@@ -275,51 +275,6 @@ fe_op_bind( Operation *op, SlapReply *rs )
 
                rs->sr_err = slap_sasl_bind( op, rs );
 
-               ldap_pvt_thread_mutex_lock( &op->o_conn->c_mutex );
-               if( rs->sr_err == LDAP_SUCCESS ) {
-                       ber_dupbv(&op->o_conn->c_dn, &op->orb_edn);
-                       if( !BER_BVISEMPTY( &op->orb_edn ) ) {
-                               /* edn is always normalized already */
-                               ber_dupbv( &op->o_conn->c_ndn, &op->o_conn->c_dn );
-                       }
-                       op->o_tmpfree( op->orb_edn.bv_val, op->o_tmpmemctx );
-                       BER_BVZERO( &op->orb_edn );
-                       op->o_conn->c_authmech = op->o_conn->c_sasl_bind_mech;
-                       BER_BVZERO( &op->o_conn->c_sasl_bind_mech );
-
-                       op->o_conn->c_sasl_ssf = op->orb_ssf;
-                       if( op->orb_ssf > op->o_conn->c_ssf ) {
-                               op->o_conn->c_ssf = op->orb_ssf;
-                       }
-
-                       if( !BER_BVISEMPTY( &op->o_conn->c_dn ) ) {
-                               ber_len_t max = sockbuf_max_incoming_auth;
-                               ber_sockbuf_ctrl( op->o_conn->c_sb,
-                                       LBER_SB_OPT_SET_MAX_INCOMING, &max );
-                       }
-
-                       /* log authorization identity */
-                       Statslog( LDAP_DEBUG_STATS,
-                               "%s BIND dn=\"%s\" mech=%s ssf=%d\n",
-                               op->o_log_prefix,
-                               BER_BVISNULL( &op->o_conn->c_dn ) ? "<empty>" : op->o_conn->c_dn.bv_val,
-                               op->o_conn->c_authmech.bv_val, op->orb_ssf, 0 );
-
-                       Debug( LDAP_DEBUG_TRACE,
-                               "do_bind: SASL/%s bind: dn=\"%s\" ssf=%d\n",
-                               op->o_conn->c_authmech.bv_val,
-                               BER_BVISNULL( &op->o_conn->c_dn ) ? "<empty>" : op->o_conn->c_dn.bv_val,
-                               op->orb_ssf );
-
-               } else if ( rs->sr_err != LDAP_SASL_BIND_IN_PROGRESS ) {
-                       if ( !BER_BVISNULL( &op->o_conn->c_sasl_bind_mech ) ) {
-                               free( op->o_conn->c_sasl_bind_mech.bv_val );
-                               BER_BVZERO( &op->o_conn->c_sasl_bind_mech );
-                       }
-               }
-
-               ldap_pvt_thread_mutex_unlock( &op->o_conn->c_mutex );
-
                goto cleanup;
 
        } else {

diff --git a/servers/slapd/connection.c b/servers/slapd/connection.c
index 17a0e3a25f36dc3d70475a56d6691c1d4ba9bc81..628b13b0b02d760fd6a1cb79a5d8fd81e80dc1ea 100644 (file)
--- a/servers/slapd/connection.c
+++ b/servers/slapd/connection.c
@@ -2006,6 +2006,51 @@ static int connection_bind_cb( Operation *op, SlapReply *rs )
        op->o_conn->c_conn_state = SLAP_C_ACTIVE;
        op->o_conn->c_sasl_bind_in_progress =
                ( rs->sr_err == LDAP_SASL_BIND_IN_PROGRESS );
+
+       /* Moved here from bind.c due to ITS#4158 */
+       if ( op->orb_method == LDAP_AUTH_SASL ) {
+               if( rs->sr_err == LDAP_SUCCESS ) {
+                       ber_dupbv(&op->o_conn->c_dn, &op->orb_edn);
+                       if( !BER_BVISEMPTY( &op->orb_edn ) ) {
+                               /* edn is always normalized already */
+                               ber_dupbv( &op->o_conn->c_ndn, &op->o_conn->c_dn );
+                       }
+                       op->o_tmpfree( op->orb_edn.bv_val, op->o_tmpmemctx );
+                       BER_BVZERO( &op->orb_edn );
+                       op->o_conn->c_authmech = op->o_conn->c_sasl_bind_mech;
+                       BER_BVZERO( &op->o_conn->c_sasl_bind_mech );
+
+                       op->o_conn->c_sasl_ssf = op->orb_ssf;
+                       if( op->orb_ssf > op->o_conn->c_ssf ) {
+                               op->o_conn->c_ssf = op->orb_ssf;
+                       }
+
+                       if( !BER_BVISEMPTY( &op->o_conn->c_dn ) ) {
+                               ber_len_t max = sockbuf_max_incoming_auth;
+                               ber_sockbuf_ctrl( op->o_conn->c_sb,
+                                       LBER_SB_OPT_SET_MAX_INCOMING, &max );
+                       }
+
+                       /* log authorization identity */
+                       Statslog( LDAP_DEBUG_STATS,
+                               "%s BIND dn=\"%s\" mech=%s ssf=%d\n",
+                               op->o_log_prefix,
+                               BER_BVISNULL( &op->o_conn->c_dn ) ? "<empty>" : op->o_conn->c_dn.bv_val,
+                               op->o_conn->c_authmech.bv_val, op->orb_ssf, 0 );
+
+                       Debug( LDAP_DEBUG_TRACE,
+                               "do_bind: SASL/%s bind: dn=\"%s\" ssf=%d\n",
+                               op->o_conn->c_authmech.bv_val,
+                               BER_BVISNULL( &op->o_conn->c_dn ) ? "<empty>" : op->o_conn->c_dn.bv_val,
+                               op->orb_ssf );
+
+               } else if ( rs->sr_err != LDAP_SASL_BIND_IN_PROGRESS ) {
+                       if ( !BER_BVISNULL( &op->o_conn->c_sasl_bind_mech ) ) {
+                               free( op->o_conn->c_sasl_bind_mech.bv_val );
+                               BER_BVZERO( &op->o_conn->c_sasl_bind_mech );
+                       }
+               }
+       }
        ldap_pvt_thread_mutex_unlock( &op->o_conn->c_mutex );
 
        ch_free( cb );