ITS#5309: Use ldap_pvt_thread_pool_setkey_x() in slap_passwd_check() and

be_rootdn_bind() - push/pop any old value instead of resetting it.

servers/slapd/backend.c

@@ -795,6 +795,9 @@ int
 be_rootdn_bind( Operation *op, SlapReply *rs )
 {
 	int		rc;
+#ifdef SLAPD_SPASSWD
+	void	*old_authctx = NULL;
+#endif
 
 	assert( op->o_tag == LDAP_REQ_BIND );
 	assert( op->orb_method == LDAP_AUTH_SIMPLE );
@@ -819,14 +822,15 @@ be_rootdn_bind( Operation *op, SlapReply *rs )
 	}
 
 #ifdef SLAPD_SPASSWD
-	ldap_pvt_thread_pool_setkey( op->o_threadctx, slap_sasl_bind,
+	ldap_pvt_thread_pool_setkey_x( op->o_threadctx, slap_sasl_bind,
-		op->o_conn->c_sasl_authctx, NULL );
+		op->o_conn->c_sasl_authctx, NULL, &old_authctx, NULL );
 #endif
 
 	rc = lutil_passwd( &op->o_bd->be_rootpw, &op->orb_cred, NULL, NULL );
 
 #ifdef SLAPD_SPASSWD
-	ldap_pvt_thread_pool_setkey( op->o_threadctx, slap_sasl_bind, NULL, NULL );
+	ldap_pvt_thread_pool_setkey( op->o_threadctx, slap_sasl_bind,
+		old_authctx, NULL );
 #endif
 
 	rc = ( rc == 0 ? LDAP_SUCCESS : LDAP_INVALID_CREDENTIALS );

servers/slapd/passwd.c

@@ -505,8 +505,10 @@ slap_passwd_check(
 	AccessControlState	acl_state = ACL_STATE_INIT;
 
 #ifdef SLAPD_SPASSWD
-	ldap_pvt_thread_pool_setkey( op->o_threadctx, slap_sasl_bind,
+	void		*old_authctx = NULL;
-		op->o_conn->c_sasl_authctx, NULL );
+
+	ldap_pvt_thread_pool_setkey_x( op->o_threadctx, slap_sasl_bind,
+		op->o_conn->c_sasl_authctx, NULL, &old_authctx, NULL );
 #endif
 
 	for ( bv = a->a_vals; bv->bv_val != NULL; bv++ ) {
@@ -525,7 +527,7 @@ slap_passwd_check(
 
 #ifdef SLAPD_SPASSWD
 	ldap_pvt_thread_pool_setkey( op->o_threadctx, slap_sasl_bind,
-		NULL, NULL );
+		old_authctx, NULL );
 #endif
 
 	return result;