From: Pierangelo Masarati Date: Sat, 8 Mar 2008 15:41:17 +0000 (+0000) Subject: invalidate connection handler when ldap_sasl_interactive_bind_s() for internal error... X-Git-Tag: OPENLDAP_REL_ENG_2_4_9~20^2~106 X-Git-Url: https://git.sur5r.net/?a=commitdiff_plain;h=ec8466ec836e0924feaebe7d275443db0381ba86;p=openldap invalidate connection handler when ldap_sasl_interactive_bind_s() for internal error (ITS#5404); fix response tag --- diff --git a/servers/slapd/back-ldap/bind.c b/servers/slapd/back-ldap/bind.c index 6ba8c4716b..ae513a4e38 100644 --- a/servers/slapd/back-ldap/bind.c +++ b/servers/slapd/back-ldap/bind.c @@ -1228,6 +1228,8 @@ ldap_back_dobind_cb( { ber_tag_t *tptr = op->o_callback->sc_private; op->o_tag = *tptr; + rs->sr_tag = slap_req2res( op->o_tag ); + return SLAP_CB_CONTINUE; } @@ -1390,15 +1392,26 @@ retry_lock:; lutil_sasl_freedefs( defaults ); - rs->sr_err = slap_map_api2result( rs ); - if ( rs->sr_err != LDAP_SUCCESS ) { + switch ( rs->sr_err ) { + case LDAP_SUCCESS: + LDAP_BACK_CONN_ISBOUND_SET( lc ); + break; + + case LDAP_LOCAL_ERROR: + /* list client API error codes that require + * to taint the connection */ + /* FIXME: should actually retry? */ + LDAP_BACK_CONN_TAINTED_SET( lc ); + + /* fallthru */ + + default: LDAP_BACK_CONN_ISBOUND_CLEAR( lc ); + rs->sr_err = slap_map_api2result( rs ); if ( sendok & LDAP_BACK_SENDERR ) { send_ldap_result( op, rs ); } - - } else { - LDAP_BACK_CONN_ISBOUND_SET( lc ); + break; } if ( LDAP_BACK_QUARANTINE( li ) ) { @@ -2134,15 +2147,26 @@ ldap_back_proxy_authz_bind( LDAP_SASL_QUIET, lutil_sasl_interact, defaults ); - rs->sr_err = slap_map_api2result( rs ); - if ( rs->sr_err != LDAP_SUCCESS ) { + switch ( rs->sr_err ) { + case LDAP_SUCCESS: + LDAP_BACK_CONN_ISBOUND_SET( lc ); + break; + + case LDAP_LOCAL_ERROR: + /* list client API error codes that require + * to taint the connection */ + /* FIXME: should actually retry? */ + LDAP_BACK_CONN_TAINTED_SET( lc ); + + /* fallthru */ + + default: LDAP_BACK_CONN_ISBOUND_CLEAR( lc ); + rs->sr_err = slap_map_api2result( rs ); if ( sendok & LDAP_BACK_SENDERR ) { send_ldap_result( op, rs ); } - - } else { - LDAP_BACK_CONN_ISBOUND_SET( lc ); + break; } lutil_sasl_freedefs( defaults );