From: Ondřej Kuzník <ondra@openldap.org>
Date: Mon, 15 Jan 2018 16:07:59 +0000 (+0000)
Subject: ITS#8796 Fix SSF reset
X-Git-Tag: OPENLDAP_REL_ENG_2_4_46~33
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=652c51a3b9e5e9e3657bc9486a0a515ca88a2f92;p=thirdparty%2Fopenldap.git

ITS#8796 Fix SSF reset

Maintain the SSF across SASL binds.
---

diff --git a/servers/slapd/sasl.c b/servers/slapd/sasl.c
index a187d45dc4..1b7cdcaa74 100644
--- a/servers/slapd/sasl.c
+++ b/servers/slapd/sasl.c
@@ -1498,11 +1498,16 @@ int slap_sasl_bind( Operation *op, SlapReply *rs )
 	if ( !op->o_conn->c_sasl_bind_in_progress ) {
 		/* If we already authenticated once, must use a new context */
 		if ( op->o_conn->c_sasl_done ) {
-			sasl_ssf_t *ssf = NULL;
+			sasl_ssf_t ssf = 0;
+			sasl_ssf_t *ssfp = NULL;
 			const char *authid = NULL;
-			sasl_getprop( ctx, SASL_SSF_EXTERNAL, (void *)&ssf );
+
+			sasl_getprop( ctx, SASL_SSF_EXTERNAL, (void *)&ssfp );
+			if ( ssfp ) ssf = *ssfp;
+
 			sasl_getprop( ctx, SASL_AUTH_EXTERNAL, (void *)&authid );
 			if ( authid ) authid = ch_strdup( authid );
+
 			if ( ctx != op->o_conn->c_sasl_sockctx ) {
 				sasl_dispose( &ctx );
 			}
@@ -1510,8 +1515,8 @@ int slap_sasl_bind( Operation *op, SlapReply *rs )
 				
 			slap_sasl_open( op->o_conn, 1 );
 			ctx = op->o_conn->c_sasl_authctx;
+			sasl_setprop( ctx, SASL_SSF_EXTERNAL, &ssf );
 			if ( authid ) {
-				sasl_setprop( ctx, SASL_SSF_EXTERNAL, ssf );
 				sasl_setprop( ctx, SASL_AUTH_EXTERNAL, authid );
 				ch_free( (char *)authid );
 			}