From 8a465da10c1a9c76cac9174c37bd854fd3e9d0ab Mon Sep 17 00:00:00 2001 From: Howard Chu Date: Wed, 16 Nov 2005 00:05:34 +0000 Subject: [PATCH] Import ITS#4158 fixes from HEAD --- servers/slapd/bind.c | 61 -------------------------------------- servers/slapd/connection.c | 50 +++++++++++++++++++++++++++++++ 2 files changed, 50 insertions(+), 61 deletions(-) diff --git a/servers/slapd/bind.c b/servers/slapd/bind.c index d894ceefb2..18241b154e 100644 --- a/servers/slapd/bind.c +++ b/servers/slapd/bind.c @@ -299,63 +299,6 @@ do_bind( rs->sr_err = slap_sasl_bind( op, rs ); - ldap_pvt_thread_mutex_lock( &op->o_conn->c_mutex ); - if( rs->sr_err == LDAP_SUCCESS ) { - ber_dupbv(&op->o_conn->c_dn, &op->orb_edn); - if( op->orb_edn.bv_len != 0 ) { - /* edn is always normalized already */ - ber_dupbv( &op->o_conn->c_ndn, &op->o_conn->c_dn ); - } - op->o_tmpfree( op->orb_edn.bv_val, op->o_tmpmemctx ); - BER_BVZERO( &op->orb_edn ); - op->o_conn->c_authmech = op->o_conn->c_sasl_bind_mech; - BER_BVZERO( &op->o_conn->c_sasl_bind_mech ); - op->o_conn->c_sasl_bind_in_progress = 0; - - op->o_conn->c_sasl_ssf = op->orb_ssf; - if( op->orb_ssf > op->o_conn->c_ssf ) { - op->o_conn->c_ssf = op->orb_ssf; - } - - if( op->o_conn->c_dn.bv_len != 0 ) { - ber_len_t max = sockbuf_max_incoming_auth; - ber_sockbuf_ctrl( op->o_conn->c_sb, - LBER_SB_OPT_SET_MAX_INCOMING, &max ); - } - - /* log authorization identity */ - Statslog( LDAP_DEBUG_STATS, - "conn=%lu op=%lu BIND dn=\"%s\" mech=%s ssf=%d\n", - op->o_connid, op->o_opid, - op->o_conn->c_dn.bv_val ? op->o_conn->c_dn.bv_val : "", - op->o_conn->c_authmech.bv_val, op->orb_ssf ); - -#ifdef NEW_LOGGING - LDAP_LOG( OPERATION, DETAIL1, - "do_bind: SASL/%s bind: dn=\"%s\" ssf=%d\n", - op->o_conn->c_authmech.bv_val, - op->o_conn->c_dn.bv_val ? op->o_conn->c_dn.bv_val : "", - op->orb_ssf ); -#else - Debug( LDAP_DEBUG_TRACE, - "do_bind: SASL/%s bind: dn=\"%s\" ssf=%d\n", - op->o_conn->c_authmech.bv_val, - op->o_conn->c_dn.bv_val ? op->o_conn->c_dn.bv_val : "", - op->orb_ssf ); -#endif - - } else if ( rs->sr_err == LDAP_SASL_BIND_IN_PROGRESS ) { - op->o_conn->c_sasl_bind_in_progress = 1; - - } else { - if ( op->o_conn->c_sasl_bind_mech.bv_val ) { - free( op->o_conn->c_sasl_bind_mech.bv_val ); - op->o_conn->c_sasl_bind_mech.bv_val = NULL; - op->o_conn->c_sasl_bind_mech.bv_len = 0; - } - op->o_conn->c_sasl_bind_in_progress = 0; - } - #ifdef LDAP_SLAPI #define pb op->o_pb /* @@ -375,8 +318,6 @@ do_bind( } #endif /* LDAP_SLAPI */ - ldap_pvt_thread_mutex_unlock( &op->o_conn->c_mutex ); - goto cleanup; } else { @@ -697,8 +638,6 @@ cleanup: op->o_conn->c_authtype = op->orb_method; } - op->o_conn->c_sasl_bindop = NULL; - if( op->o_req_dn.bv_val != NULL ) { sl_free( op->o_req_dn.bv_val, op->o_tmpmemctx ); op->o_req_dn.bv_val = NULL; diff --git a/servers/slapd/connection.c b/servers/slapd/connection.c index 6514132700..6504debccd 100644 --- a/servers/slapd/connection.c +++ b/servers/slapd/connection.c @@ -1787,9 +1787,59 @@ static int connection_bind_cb( Operation *op, SlapReply *rs ) ldap_pvt_thread_mutex_lock( &op->o_conn->c_mutex ); op->o_conn->c_conn_state = SLAP_C_ACTIVE; + op->o_conn->c_sasl_bind_in_progress = + ( rs->sr_err == LDAP_SASL_BIND_IN_PROGRESS ); + + /* Moved here from bind.c due to ITS#4158 */ + op->o_conn->c_sasl_bindop = NULL; + if ( op->orb_method == LDAP_AUTH_SASL ) { + if( rs->sr_err == LDAP_SUCCESS ) { + ber_dupbv(&op->o_conn->c_dn, &op->orb_edn); + if( !BER_BVISEMPTY( &op->orb_edn ) ) { + /* edn is always normalized already */ + ber_dupbv( &op->o_conn->c_ndn, &op->o_conn->c_dn ); + } + op->o_tmpfree( op->orb_edn.bv_val, op->o_tmpmemctx ); + BER_BVZERO( &op->orb_edn ); + op->o_conn->c_authmech = op->o_conn->c_sasl_bind_mech; + BER_BVZERO( &op->o_conn->c_sasl_bind_mech ); + + op->o_conn->c_sasl_ssf = op->orb_ssf; + if( op->orb_ssf > op->o_conn->c_ssf ) { + op->o_conn->c_ssf = op->orb_ssf; + } + + if( !BER_BVISEMPTY( &op->o_conn->c_dn ) ) { + ber_len_t max = sockbuf_max_incoming_auth; + ber_sockbuf_ctrl( op->o_conn->c_sb, + LBER_SB_OPT_SET_MAX_INCOMING, &max ); + } + + /* log authorization identity */ + Statslog( LDAP_DEBUG_STATS, + "conn=%lu op=%lu BIND dn=\"%s\" mech=%s ssf=%d\n", + op->o_connid, op->o_opid, + op->o_conn->c_dn.bv_val ? op->o_conn->c_dn.bv_val : "", + op->o_conn->c_authmech.bv_val, op->orb_ssf ); + + Debug( LDAP_DEBUG_TRACE, + "do_bind: SASL/%s bind: dn=\"%s\" ssf=%d\n", + op->o_conn->c_authmech.bv_val, + op->o_conn->c_dn.bv_val ? op->o_conn->c_dn.bv_val : "", + op->orb_ssf ); + + } else if ( rs->sr_err != LDAP_SASL_BIND_IN_PROGRESS ) { + if ( !BER_BVISNULL( &op->o_conn->c_sasl_bind_mech ) ) { + free( op->o_conn->c_sasl_bind_mech.bv_val ); + BER_BVZERO( &op->o_conn->c_sasl_bind_mech ); + } + } + } ldap_pvt_thread_mutex_unlock( &op->o_conn->c_mutex ); ch_free( cb ); + op->o_callback = NULL; + return SLAP_CB_CONTINUE; } -- 2.39.2