From 20351a05cc5b9f447ddeebf4cf0dea294a70bc4c Mon Sep 17 00:00:00 2001 From: Kurt Zeilenga Date: Tue, 25 Apr 2000 18:02:50 +0000 Subject: [PATCH] SASL: me thinks I got the states okay... now to test. --- servers/slapd/bind.c | 37 ++++++++++++++++++++++++++----------- servers/slapd/sasl.c | 15 +++++++++------ 2 files changed, 35 insertions(+), 17 deletions(-) diff --git a/servers/slapd/bind.c b/servers/slapd/bind.c index 723baecdc6..715ee676cc 100644 --- a/servers/slapd/bind.c +++ b/servers/slapd/bind.c @@ -216,28 +216,24 @@ do_bind( ldap_pvt_thread_mutex_lock( &conn->c_mutex ); if ( conn->c_sasl_bind_mech != NULL ) { - assert( conn->c_sasl_bind_in_progress ); - if((strcmp(conn->c_sasl_bind_mech, mech) != 0)) { /* mechanism changed, cancel in progress bind */ - conn->c_sasl_bind_in_progress = 0; - free( conn->c_sasl_bind_mech ); - conn->c_sasl_bind_mech = NULL; #ifdef HAVE_CYRUS_SASL sasl_dispose(&conn->c_sasl_bind_context); conn->c_sasl_bind_context = NULL; #endif } + free( conn->c_sasl_bind_mech ); + conn->c_sasl_bind_mech = NULL; #ifdef LDAP_DEBUG - } else { - assert( !conn->c_sasl_bind_in_progress ); - assert( conn->c_sasl_bind_mech == NULL ); #ifdef HAVE_CYRUS_SASL + } else { assert( conn->c_sasl_bind_context == NULL ); #endif #endif } + ldap_pvt_thread_mutex_unlock( &conn->c_mutex ); edn = NULL; @@ -245,9 +241,25 @@ do_bind( if( rc == LDAP_SUCCESS && edn != NULL ) { ldap_pvt_thread_mutex_lock( &conn->c_mutex ); +#ifdef HAVE_CYRUS_SASL + assert( conn->c_sasl_bind_context == NULL ); +#endif conn->c_dn = edn; ldap_pvt_thread_mutex_unlock( &conn->c_mutex ); + + } else if ( rc == LDAP_SASL_BIND_IN_PROGRESS ) { +#ifdef HAVE_CYRUS_SASL + assert( conn->c_sasl_bind_context != NULL ); +#endif + conn->c_sasl_bind_mech = mech; + mech = NULL; + +#ifdef HAVE_CYRUS_SASL + } else { + assert( conn->c_sasl_bind_context != NULL ); +#endif } + goto cleanup; } else { @@ -257,15 +269,18 @@ do_bind( if ( conn->c_sasl_bind_mech != NULL ) { assert( conn->c_sasl_bind_in_progress ); - /* cancel in progress bind */ - conn->c_sasl_bind_in_progress = 0; - free(conn->c_sasl_bind_mech); conn->c_sasl_bind_mech = NULL; #ifdef HAVE_CYRUS_SASL + assert( conn->c_sasl_bind_context != NULL ); sasl_dispose(&conn->c_sasl_bind_context); conn->c_sasl_bind_context = NULL; +#endif + } else { + assert( !conn->c_sasl_bind_in_progress ); +#ifdef HAVE_CYRUS_SASL + assert( conn->c_sasl_bind_context == NULL ); #endif } diff --git a/servers/slapd/sasl.c b/servers/slapd/sasl.c index ce04d94fc2..1cb655ed16 100644 --- a/servers/slapd/sasl.c +++ b/servers/slapd/sasl.c @@ -144,7 +144,7 @@ int sasl_bind( Debug(LDAP_DEBUG_ARGS, "==> sasl_bind: dn=%s, mech=%s, cred->bv_len=%d\n", dn, mech, cred ? cred->bv_len : 0 ); - if ( conn->c_sasl_bind_context ) { + if ( conn->c_sasl_bind_context == NULL ) { sasl_callback_t callbacks[4]; int cbnum = 0; @@ -210,6 +210,9 @@ int sasl_bind( NULL, NULL, NULL, NULL ); } else { + Debug(LDAP_DEBUG_TRACE, "<== sasl_bind: username=%s\n", + authzid, 0, 0); + if( strncasecmp( authzid, "anonymous", sizeof("anonyous")-1 ) && ( ( authzid[sizeof("anonymous")] == '\0' ) || ( authzid[sizeof("anonymous")] == '@' ) ) ) @@ -224,15 +227,15 @@ int sasl_bind( } } else if ( sc == SASL_CONTINUE ) { - /* - * We set c_sasl_bind_in_progress because it doesn't appear - * that connection.c sets this (unless do_bind() itself - * returns LDAP_SASL_BIND_IN_PROGRESS). - */ send_ldap_sasl( conn, op, rc = LDAP_SASL_BIND_IN_PROGRESS, NULL, NULL, NULL, NULL, &response ); } + if ( sc != SASL_CONTINUE && conn->c_sasl_bind_context != NULL ) { + sasl_dispose( &conn->c_sasl_bind_context ); + conn->c_sasl_bind_context = NULL; + } + Debug(LDAP_DEBUG_TRACE, "<== sasl_bind: rc=%d\n", rc, 0, 0); return rc; -- 2.39.5