SASL: me thinks I got the states okay... now to test.

2024-12-15 03:01:09 +08:00 · 2000-04-25 18:02:50 +00:00 · 2000-04-25 18:02:50 +00:00 · 20351a05cc
commit 20351a05cc
parent 42a20681cc
2 changed files with 35 additions and 17 deletions
--- a/servers/slapd/bind.c
+++ b/servers/slapd/bind.c
@ -216,28 +216,24 @@ do_bind(
 		ldap_pvt_thread_mutex_lock( &conn->c_mutex );

 		if ( conn->c_sasl_bind_mech != NULL ) {
-			assert( conn->c_sasl_bind_in_progress );
-
 			if((strcmp(conn->c_sasl_bind_mech, mech) != 0)) {
 				/* mechanism changed, cancel in progress bind */
-				conn->c_sasl_bind_in_progress = 0;
-				free( conn->c_sasl_bind_mech );
-				conn->c_sasl_bind_mech = NULL;
 #ifdef HAVE_CYRUS_SASL
 				sasl_dispose(&conn->c_sasl_bind_context);
 				conn->c_sasl_bind_context = NULL;
 #endif
 			}
+			free( conn->c_sasl_bind_mech );
+			conn->c_sasl_bind_mech = NULL;

 #ifdef LDAP_DEBUG
-		} else {
-			assert( !conn->c_sasl_bind_in_progress );
-			assert( conn->c_sasl_bind_mech == NULL );
 #ifdef HAVE_CYRUS_SASL
+		} else {
 			assert( conn->c_sasl_bind_context == NULL );
 #endif
 #endif
 		}
+
 		ldap_pvt_thread_mutex_unlock( &conn->c_mutex );

 		edn = NULL;
@ -245,9 +241,25 @@ do_bind(

 		if( rc == LDAP_SUCCESS && edn != NULL ) {
 			ldap_pvt_thread_mutex_lock( &conn->c_mutex );
+#ifdef HAVE_CYRUS_SASL
+			assert( conn->c_sasl_bind_context == NULL );
+#endif
 			conn->c_dn = edn;
 			ldap_pvt_thread_mutex_unlock( &conn->c_mutex );
+
+		} else if ( rc == LDAP_SASL_BIND_IN_PROGRESS ) {
+#ifdef HAVE_CYRUS_SASL
+			assert( conn->c_sasl_bind_context != NULL );
+#endif
+			conn->c_sasl_bind_mech = mech;
+			mech = NULL;
+
+#ifdef HAVE_CYRUS_SASL
+		} else {
+			assert( conn->c_sasl_bind_context != NULL );
+#endif
 		}
+
 		goto cleanup;

 	} else {
@ -257,15 +269,18 @@ do_bind(
 		if ( conn->c_sasl_bind_mech != NULL ) {
 			assert( conn->c_sasl_bind_in_progress );

-			/* cancel in progress bind */
-			conn->c_sasl_bind_in_progress = 0;
-
 			free(conn->c_sasl_bind_mech);
 			conn->c_sasl_bind_mech = NULL;

 #ifdef HAVE_CYRUS_SASL
+			assert( conn->c_sasl_bind_context != NULL );
 			sasl_dispose(&conn->c_sasl_bind_context);
 			conn->c_sasl_bind_context = NULL;
+#endif
+		} else {
+			assert( !conn->c_sasl_bind_in_progress );
+#ifdef HAVE_CYRUS_SASL
+			assert( conn->c_sasl_bind_context == NULL );
 #endif
 		}

--- a/servers/slapd/sasl.c
+++ b/servers/slapd/sasl.c
@ -144,7 +144,7 @@ int sasl_bind(
 	Debug(LDAP_DEBUG_ARGS, "==> sasl_bind: dn=%s, mech=%s, cred->bv_len=%d\n",
 		dn, mech, cred ? cred->bv_len : 0 );

-	if ( conn->c_sasl_bind_context ) {
+	if ( conn->c_sasl_bind_context == NULL ) {
 		sasl_callback_t callbacks[4];
 		int cbnum = 0;

@ -210,6 +210,9 @@ int sasl_bind(
 				NULL, NULL, NULL, NULL );

 		} else {
+			Debug(LDAP_DEBUG_TRACE, "<== sasl_bind: username=%s\n",
+				authzid, 0, 0);
+
 			if( strncasecmp( authzid, "anonymous", sizeof("anonyous")-1 ) &&
 				( ( authzid[sizeof("anonymous")] == '\0' ) ||
 				( authzid[sizeof("anonymous")] == '@' ) ) )
@ -224,15 +227,15 @@ int sasl_bind(
 		}

 	} else if ( sc == SASL_CONTINUE ) {
-		/*
-		 * We set c_sasl_bind_in_progress because it doesn't appear
-		 * that connection.c sets this (unless do_bind() itself
-		 * returns LDAP_SASL_BIND_IN_PROGRESS).
-		 */
 		send_ldap_sasl( conn, op, rc = LDAP_SASL_BIND_IN_PROGRESS,
 			NULL, NULL, NULL, NULL,  &response );
 	} 

+	if ( sc != SASL_CONTINUE && conn->c_sasl_bind_context != NULL ) {
+		sasl_dispose( &conn->c_sasl_bind_context );
+		conn->c_sasl_bind_context = NULL;
+	}
+
 	Debug(LDAP_DEBUG_TRACE, "<== sasl_bind: rc=%d\n", rc, 0, 0);

 	return rc;