From: Kurt Zeilenga Date: Thu, 20 Jul 2000 18:39:40 +0000 (+0000) Subject: Fix sasl end game processing. X-Git-Tag: LDBM_PRE_GIANT_RWLOCK~2404 X-Git-Url: https://git.sur5r.net/?a=commitdiff_plain;h=804100b43197febd494b64382c9aedbcbff6f06b;p=openldap Fix sasl end game processing. --- diff --git a/libraries/libldap/cyrus.c b/libraries/libldap/cyrus.c index 9cd66814fb..0569099937 100644 --- a/libraries/libldap/cyrus.c +++ b/libraries/libldap/cyrus.c @@ -470,7 +470,7 @@ ldap_int_sasl_bind( sasl_conn_t *ctx; sasl_interact_t *prompts = NULL; unsigned credlen; - struct berval ccred, *scred; + struct berval ccred; ber_socket_t sd; Debug( LDAP_DEBUG_TRACE, "ldap_int_sasl_bind: %s\n", @@ -547,27 +547,36 @@ ldap_int_sasl_bind( return ld->ld_errno; } - scred = NULL; - do { + struct berval *scred; unsigned credlen; - rc = ldap_sasl_bind_s( ld, dn, mech, &ccred, sctrls, cctrls, &scred ); + scred = NULL; - if ( rc == LDAP_SUCCESS ) { - break; - } else if ( rc != LDAP_SASL_BIND_IN_PROGRESS ) { - if ( ccred.bv_val != NULL ) { - LDAP_FREE( ccred.bv_val ); - } - return ld->ld_errno; - } + rc = ldap_sasl_bind_s( ld, dn, mech, &ccred, sctrls, cctrls, &scred ); if ( ccred.bv_val != NULL ) { LDAP_FREE( ccred.bv_val ); ccred.bv_val = NULL; } + if ( rc != LDAP_SUCCESS && rc != LDAP_SASL_BIND_IN_PROGRESS ) { + return ld->ld_errno; + } + + if( rc == LDAP_SUCCESS && saslrc == SASL_OK ) { + /* we're done, no need to step */ + if( scred ) { + /* but server provided us with data! */ + Debug( LDAP_DEBUG_TRACE, + "ldap_int_sasl_bind: rc=%d sasl=%d len=%ld\n", + rc, saslrc, scred->bv_len ); + ber_bvfree( scred ); + return ld->ld_errno = LDAP_LOCAL_ERROR; + } + break; + } + do { saslrc = sasl_client_step( ctx, (scred == NULL) ? NULL : scred->bv_val, @@ -598,7 +607,13 @@ ldap_int_sasl_bind( } } while ( rc == LDAP_SASL_BIND_IN_PROGRESS ); - assert ( rc == LDAP_SUCCESS ); + if ( rc != LDAP_SUCCESS ) { + return rc; + } + + if ( saslrc != SASL_OK ) { + return ld->ld_errno = sasl_err2ldap( saslrc ); + } /* likely should add a quiet option */ diff --git a/servers/slapd/result.c b/servers/slapd/result.c index 7a7000d625..c1616099db 100644 --- a/servers/slapd/result.c +++ b/servers/slapd/result.c @@ -488,8 +488,8 @@ send_ldap_sasl( ber_tag_t tag; ber_int_t msgid; - Debug( LDAP_DEBUG_TRACE, "send_ldap_sasl %ld\n", - (long) err, NULL, NULL ); + Debug( LDAP_DEBUG_TRACE, "send_ldap_sasl: err=%ld len=%ld\n", + (long) err, cred ? cred->bv_len : -1, NULL ); tag = req2res( op->o_tag ); msgid = (tag != LBER_SEQUENCE) ? op->o_msgid : 0; diff --git a/servers/slapd/sasl.c b/servers/slapd/sasl.c index 034f09a113..52b0860802 100644 --- a/servers/slapd/sasl.c +++ b/servers/slapd/sasl.c @@ -486,7 +486,8 @@ int slap_sasl_bind( } send_ldap_sasl( conn, op, rc = LDAP_SUCCESS, - NULL, NULL, NULL, NULL, &response ); + NULL, NULL, NULL, NULL, + response.bv_len ? &response : NULL ); } } else if ( sc == SASL_CONTINUE ) {