ITS#8796 Fix SSF reset

Maintain the SSF across SASL binds.

diff --git a/servers/slapd/sasl.c b/servers/slapd/sasl.c
index a187d45dc498f9c7e68f99af667f9c8af2861b27..1b7cdcaa74f8596773bd4bc5f945f4cad1b50309 100644 (file)
--- a/servers/slapd/sasl.c
+++ b/servers/slapd/sasl.c
@@ -1498,11 +1498,16 @@ int slap_sasl_bind( Operation *op, SlapReply *rs )
        if ( !op->o_conn->c_sasl_bind_in_progress ) {
                /* If we already authenticated once, must use a new context */
                if ( op->o_conn->c_sasl_done ) {
-                       sasl_ssf_t *ssf = NULL;
+                       sasl_ssf_t ssf = 0;
+                       sasl_ssf_t *ssfp = NULL;
                        const char *authid = NULL;
-                       sasl_getprop( ctx, SASL_SSF_EXTERNAL, (void *)&ssf );
+
+                       sasl_getprop( ctx, SASL_SSF_EXTERNAL, (void *)&ssfp );
+                       if ( ssfp ) ssf = *ssfp;
+
                        sasl_getprop( ctx, SASL_AUTH_EXTERNAL, (void *)&authid );
                        if ( authid ) authid = ch_strdup( authid );
+
                        if ( ctx != op->o_conn->c_sasl_sockctx ) {
                                sasl_dispose( &ctx );
                        }
@@ -1510,8 +1515,8 @@ int slap_sasl_bind( Operation *op, SlapReply *rs )
                                
                        slap_sasl_open( op->o_conn, 1 );
                        ctx = op->o_conn->c_sasl_authctx;
+                       sasl_setprop( ctx, SASL_SSF_EXTERNAL, &ssf );
                        if ( authid ) {
-                               sasl_setprop( ctx, SASL_SSF_EXTERNAL, ssf );
                                sasl_setprop( ctx, SASL_AUTH_EXTERNAL, authid );
                                ch_free( (char *)authid );
                        }