Fix setting c_authz_backend for SASL binds:

  in slap_sasl2dn, make sure it's set for base DN searches as well.
  in do_bind, don't zero it during multi-stage binds.

diff --git a/servers/slapd/bind.c b/servers/slapd/bind.c
index 45c2fab3fbe77f6a3ddf6fb0caf914acca2e1a2b..81898e3ea083dd5c6bf159d522581e6e789db920 100644 (file)
--- a/servers/slapd/bind.c
+++ b/servers/slapd/bind.c
@@ -57,7 +57,9 @@ do_bind(
         * Force to connection to "anonymous" until bind succeeds.
         */
        ldap_pvt_thread_mutex_lock( &conn->c_mutex );
+       if ( conn->c_sasl_bind_in_progress ) be = conn->c_authz_backend;
        connection2anonymous( conn );
+       if ( conn->c_sasl_bind_in_progress ) conn->c_authz_backend = be;
        ldap_pvt_thread_mutex_unlock( &conn->c_mutex );
 
        if ( op->o_dn.bv_val != NULL ) {

diff --git a/servers/slapd/saslauthz.c b/servers/slapd/saslauthz.c
index b6a9cd94205a73cd4a47417bbcfd194a9a34c51c..ea2fa2430ff8faf0fc246857e51845c83e0e7fb1 100644 (file)
--- a/servers/slapd/saslauthz.c
+++ b/servers/slapd/saslauthz.c
@@ -495,11 +495,10 @@ void slap_sasl2dn( Connection *conn, struct berval *saslname, struct berval *dn
                uri.scope, LDAP_DEREF_NEVER, 1, 0,
                filter, NULL, NULL, 1 );
        
+FINISHED:
        if( dn->bv_len ) {
                conn->c_authz_backend = be;
        }
-
-FINISHED:
        if( uri.dn.bv_len ) ch_free( uri.dn.bv_val );
        if( uri.filter.bv_len ) ch_free( uri.filter.bv_val );
        if( filter ) filter_free( filter );