assert( buf != NULL );
assert( sbb != NULL );
+#if 0
assert( sbb->buf_size > 0 );
+#endif
max = sbb->buf_end - sbb->buf_ptr;
max = ( max < len) ? max : len;
return ld->ld_errno;
}
- rc = sasl_client_new( "ldap", host,
- session_callbacks,
-#ifdef LDAP_SASL_SECURITY_LAYER
- SASL_SECURITY_LAYER,
-#else
- 0,
-#endif
- &ctx );
+ rc = sasl_client_new( "ldap", host, session_callbacks,
+ SASL_SECURITY_LAYER, &ctx );
if ( rc != SASL_OK ) {
ld->ld_errno = sasl_err2ldap( rc );
(unsigned long) *ssf );
}
-#ifdef LDAP_SASL_SECURITY_LAYER
if( ssf && *ssf ) {
if( flags != LDAP_SASL_QUIET ) {
fprintf( stderr, "SASL installing layers\n" );
}
ldap_pvt_sasl_install( ld->ld_sb, ctx );
}
-#endif
}
return rc;
if ( method == LDAP_AUTH_SASL ) {
char *edn;
+ unsigned long ssf = 0;
if ( version < LDAP_VERSION3 ) {
Debug( LDAP_DEBUG_ANY, "do_bind: sasl with LDAPv%ld\n",
ldap_pvt_thread_mutex_unlock( &conn->c_mutex );
edn = NULL;
- rc = slap_sasl_bind( conn, op, dn, ndn, saslmech, &cred, &edn );
+ rc = slap_sasl_bind( conn, op, dn, ndn, saslmech, &cred,
+ &edn, &ssf );
if( rc == LDAP_SUCCESS ) {
ldap_pvt_thread_mutex_lock( &conn->c_mutex );
conn->c_dn = edn;
conn->c_authmech = mech;
+ if( ssf ) conn->c_sasl_layers++;
ldap_pvt_thread_mutex_unlock( &conn->c_mutex );
} else if ( rc == LDAP_SASL_BIND_IN_PROGRESS ) {
fd_set rfd;
Debug( LDAP_DEBUG_TRACE,
- "connection_read(%d): TLS accept error error=%d id=%ld, closing\n",
- s, rc, c->c_connid );
+ "connection_read(%d): TLS accept error "
+ "error=%d id=%ld, closing\n",
+ s, rc, c->c_connid );
c->c_needs_tls_accept = 0;
/* connections_mutex and c_mutex are locked */
}
#endif
+#ifdef HAVE_CYRUS_SASL
+ if ( c->c_sasl_layers ) {
+ c->c_sasl_layers = 0;
+
+ rc = ldap_pvt_sasl_install( c->c_sb, c->c_sasl_context );
+
+ if( rc != LDAP_SUCCESS ) {
+ Debug( LDAP_DEBUG_TRACE,
+ "connection_read(%d): SASL install error "
+ "error=%d id=%ld, closing\n",
+ s, rc, c->c_connid );
+
+ /* connections_mutex and c_mutex are locked */
+ connection_closing( c );
+ connection_close( c );
+ connection_return( c );
+ ldap_pvt_thread_mutex_unlock( &connections_mutex );
+ return 0;
+ }
+ }
+#endif
+
#define CONNECTION_INPUT_LOOP 1
#ifdef DATA_READY_LOOP
Connection *conn, Operation *op,
const char *dn, const char *ndn,
const char *mech, struct berval *cred,
- char **edn ));
+ char **edn, unsigned long *ssf ));
/* oc.c */
LDAP_SLAPD_F (int) oc_schema_info( Entry *e );
assert( conn->c_sasl_context == NULL );
assert( conn->c_sasl_extra == NULL );
+ conn->c_sasl_layers = 0;
+
session_callbacks =
ch_calloc( 3, sizeof(sasl_callback_t));
conn->c_sasl_extra = session_callbacks;
/* create new SASL context */
sc = sasl_server_new( "ldap", sasl_host, global_realm,
- session_callbacks,
-#ifdef LDAP_SASL_SECURITY_LAYER
- SASL_SECURITY_LAYER,
-#else
- 0,
-#endif
- &ctx );
-
+ session_callbacks, SASL_SECURITY_LAYER, &ctx );
if( sc != SASL_OK ) {
Debug( LDAP_DEBUG_ANY, "sasl_server_new failed: %d\n",
const char *ndn,
const char *mech,
struct berval *cred,
- char **edn )
+ char **edn,
+ unsigned long *ssfp )
{
int rc = 1;
int sc;
Debug(LDAP_DEBUG_ARGS,
- "==> sasl_bind: dn=\"%s\" mech=%s cred->bv_len=%d\n",
+ "==> sasl_bind: dn=\"%s\" mech=%s datalen=%d\n",
dn, mech ? mech : "<continuing>", cred ? cred->bv_len : 0 );
if( ctx == NULL ) {
realm ? realm : "",
(unsigned long) ( ssf ? *ssf : 0 ) );
+ *ssfp = ssf ? *ssf : 0;
rc = LDAP_SUCCESS;
return "SASL not supported";
#endif
}
-
int c_is_tls; /* true if this LDAP over raw TLS */
int c_needs_tls_accept; /* true if SSL_accept should be called */
#endif
+ int c_sasl_layers; /* true if we need to install SASL i/o handlers */
void *c_sasl_context; /* SASL session context */
void *c_sasl_extra; /* SASL session extra stuff */
projects / openldap / commitdiff