Bug 184585
Summary: | Re-binding when using SASL is not handled correctly | ||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Product: | [Retired] 389 | Reporter: | Nathan Kinder <nkinder> | ||||||||||
Component: | Security - SASL | Assignee: | Nathan Kinder <nkinder> | ||||||||||
Status: | CLOSED NEXTRELEASE | QA Contact: | Orla Hegarty <ohegarty> | ||||||||||
Severity: | medium | Docs Contact: | |||||||||||
Priority: | medium | ||||||||||||
Version: | 1.0 | CC: | jmoyer, ohegarty | ||||||||||
Target Milestone: | --- | ||||||||||||
Target Release: | --- | ||||||||||||
Hardware: | All | ||||||||||||
OS: | Linux | ||||||||||||
Whiteboard: | |||||||||||||
Fixed In Version: | Doc Type: | Bug Fix | |||||||||||
Doc Text: | Story Points: | --- | |||||||||||
Clone Of: | Environment: | ||||||||||||
Last Closed: | 2006-05-26 20:14:29 UTC | Type: | --- | ||||||||||
Regression: | --- | Mount Type: | --- | ||||||||||
Documentation: | --- | CRM: | |||||||||||
Verified Versions: | Category: | --- | |||||||||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||||||
Cloudforms Team: | --- | Target Upstream Version: | |||||||||||
Embargoed: | |||||||||||||
Bug Depends On: | |||||||||||||
Bug Blocks: | 152373, 159328, 182367, 205654, 240316 | ||||||||||||
Attachments: |
|
Description
Nathan Kinder
2006-03-10 00:06:45 UTC
Created attachment 125910 [details]
CVS Diffs
These changes dispose of and create a new server-side SASL context when you
re-bind using SASL.
Created attachment 126078 [details]
Revised Diffs
Revised the fix to deal with the case where the SASL mechanism is changed in
the middle of an uncompleted SASL bind operation.
Created attachment 126115 [details]
Revised Diffs
An additional change was needed to reset the IO function pointers of the
connection before disposing of the sasl context. This requires us to lock
pb->pb_conn.
Checked into HEAD. Reviewed by Rich, Pete, and Noriko. Checking in saslbind.c; /cvs/dirsec/ldapserver/ldap/servers/slapd/saslbind.c,v <-- saslbind.c new revision: 1.15; previous revision: 1.14 done Checking in slap.h; /cvs/dirsec/ldapserver/ldap/servers/slapd/slap.h,v <-- slap.h new revision: 1.12; previous revision: 1.11 done Created attachment 126117 [details]
Additional Diff
Rich suggested a modification to the location where we aquire the connection
lock. This diff has that additional change. The change has been checked into
HEAD.
Checking in saslbind.c;
/cvs/dirsec/ldapserver/ldap/servers/slapd/saslbind.c,v <-- saslbind.c
new revision: 1.16; previous revision: 1.15
done
Somehow the errata system did not automatically close these bugs even though DS SP 2 is shipped and available live on RHN trying to manually close trying again *** Bug 195331 has been marked as a duplicate of this bug. *** |