From: Howard Chu Date: Mon, 7 Nov 2005 23:38:52 +0000 (+0000) Subject: ITS#4158 move SASL bind finalization to bind_cb. X-Git-Tag: OPENLDAP_REL_ENG_2_2_MP~69 X-Git-Url: https://git.sur5r.net/?a=commitdiff_plain;h=6f9aa99d0c4aac9055a40c743d7fa4bc4e245ed4;p=openldap ITS#4158 move SASL bind finalization to bind_cb. --- diff --git a/servers/slapd/bind.c b/servers/slapd/bind.c index 90c6a96414..6fb47737ef 100644 --- a/servers/slapd/bind.c +++ b/servers/slapd/bind.c @@ -275,51 +275,6 @@ fe_op_bind( Operation *op, SlapReply *rs ) rs->sr_err = slap_sasl_bind( op, rs ); - ldap_pvt_thread_mutex_lock( &op->o_conn->c_mutex ); - if( rs->sr_err == LDAP_SUCCESS ) { - ber_dupbv(&op->o_conn->c_dn, &op->orb_edn); - if( !BER_BVISEMPTY( &op->orb_edn ) ) { - /* edn is always normalized already */ - ber_dupbv( &op->o_conn->c_ndn, &op->o_conn->c_dn ); - } - op->o_tmpfree( op->orb_edn.bv_val, op->o_tmpmemctx ); - BER_BVZERO( &op->orb_edn ); - op->o_conn->c_authmech = op->o_conn->c_sasl_bind_mech; - BER_BVZERO( &op->o_conn->c_sasl_bind_mech ); - - op->o_conn->c_sasl_ssf = op->orb_ssf; - if( op->orb_ssf > op->o_conn->c_ssf ) { - op->o_conn->c_ssf = op->orb_ssf; - } - - if( !BER_BVISEMPTY( &op->o_conn->c_dn ) ) { - ber_len_t max = sockbuf_max_incoming_auth; - ber_sockbuf_ctrl( op->o_conn->c_sb, - LBER_SB_OPT_SET_MAX_INCOMING, &max ); - } - - /* log authorization identity */ - Statslog( LDAP_DEBUG_STATS, - "%s BIND dn=\"%s\" mech=%s ssf=%d\n", - op->o_log_prefix, - BER_BVISNULL( &op->o_conn->c_dn ) ? "" : op->o_conn->c_dn.bv_val, - op->o_conn->c_authmech.bv_val, op->orb_ssf, 0 ); - - Debug( LDAP_DEBUG_TRACE, - "do_bind: SASL/%s bind: dn=\"%s\" ssf=%d\n", - op->o_conn->c_authmech.bv_val, - BER_BVISNULL( &op->o_conn->c_dn ) ? "" : op->o_conn->c_dn.bv_val, - op->orb_ssf ); - - } else if ( rs->sr_err != LDAP_SASL_BIND_IN_PROGRESS ) { - if ( !BER_BVISNULL( &op->o_conn->c_sasl_bind_mech ) ) { - free( op->o_conn->c_sasl_bind_mech.bv_val ); - BER_BVZERO( &op->o_conn->c_sasl_bind_mech ); - } - } - - ldap_pvt_thread_mutex_unlock( &op->o_conn->c_mutex ); - goto cleanup; } else { diff --git a/servers/slapd/connection.c b/servers/slapd/connection.c index 17a0e3a25f..628b13b0b0 100644 --- a/servers/slapd/connection.c +++ b/servers/slapd/connection.c @@ -2006,6 +2006,51 @@ static int connection_bind_cb( Operation *op, SlapReply *rs ) op->o_conn->c_conn_state = SLAP_C_ACTIVE; op->o_conn->c_sasl_bind_in_progress = ( rs->sr_err == LDAP_SASL_BIND_IN_PROGRESS ); + + /* Moved here from bind.c due to ITS#4158 */ + if ( op->orb_method == LDAP_AUTH_SASL ) { + if( rs->sr_err == LDAP_SUCCESS ) { + ber_dupbv(&op->o_conn->c_dn, &op->orb_edn); + if( !BER_BVISEMPTY( &op->orb_edn ) ) { + /* edn is always normalized already */ + ber_dupbv( &op->o_conn->c_ndn, &op->o_conn->c_dn ); + } + op->o_tmpfree( op->orb_edn.bv_val, op->o_tmpmemctx ); + BER_BVZERO( &op->orb_edn ); + op->o_conn->c_authmech = op->o_conn->c_sasl_bind_mech; + BER_BVZERO( &op->o_conn->c_sasl_bind_mech ); + + op->o_conn->c_sasl_ssf = op->orb_ssf; + if( op->orb_ssf > op->o_conn->c_ssf ) { + op->o_conn->c_ssf = op->orb_ssf; + } + + if( !BER_BVISEMPTY( &op->o_conn->c_dn ) ) { + ber_len_t max = sockbuf_max_incoming_auth; + ber_sockbuf_ctrl( op->o_conn->c_sb, + LBER_SB_OPT_SET_MAX_INCOMING, &max ); + } + + /* log authorization identity */ + Statslog( LDAP_DEBUG_STATS, + "%s BIND dn=\"%s\" mech=%s ssf=%d\n", + op->o_log_prefix, + BER_BVISNULL( &op->o_conn->c_dn ) ? "" : op->o_conn->c_dn.bv_val, + op->o_conn->c_authmech.bv_val, op->orb_ssf, 0 ); + + Debug( LDAP_DEBUG_TRACE, + "do_bind: SASL/%s bind: dn=\"%s\" ssf=%d\n", + op->o_conn->c_authmech.bv_val, + BER_BVISNULL( &op->o_conn->c_dn ) ? "" : op->o_conn->c_dn.bv_val, + op->orb_ssf ); + + } else if ( rs->sr_err != LDAP_SASL_BIND_IN_PROGRESS ) { + if ( !BER_BVISNULL( &op->o_conn->c_sasl_bind_mech ) ) { + free( op->o_conn->c_sasl_bind_mech.bv_val ); + BER_BVZERO( &op->o_conn->c_sasl_bind_mech ); + } + } + } ldap_pvt_thread_mutex_unlock( &op->o_conn->c_mutex ); ch_free( cb );