Bug 184585 - Re-binding when using SASL is not handled correctly
Re-binding when using SASL is not handled correctly
Product: 389
Classification: Community
Component: Security - SASL (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: Nathan Kinder
Orla Hegarty
: 195331 (view as bug list)
Depends On:
Blocks: 152373 159328 182367 205654 240316
  Show dependency treegraph
Reported: 2006-03-09 19:06 EST by Nathan Kinder
Modified: 2007-05-16 09:56 EDT (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2006-05-26 16:14:29 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
CVS Diffs (2.34 KB, patch)
2006-03-09 19:15 EST, Nathan Kinder
no flags Details | Diff
Revised Diffs (2.50 KB, patch)
2006-03-13 18:41 EST, Nathan Kinder
no flags Details | Diff
Revised Diffs (2.76 KB, patch)
2006-03-14 13:28 EST, Nathan Kinder
no flags Details | Diff
Additional Diff (1.04 KB, patch)
2006-03-14 14:29 EST, Nathan Kinder
no flags Details | Diff

  None (edit)
Description Nathan Kinder 2006-03-09 19:06:45 EST
The server does not allow you to re-bind using SASL on the same connection.  For
example, If I bind and authenticate to the server using DIGEST-MD5, then do
another SASL bind using DIGEST-MD5, the server will return an error 49.  It
should allow me to do this.
Comment 2 Nathan Kinder 2006-03-09 19:15:14 EST
Created attachment 125910 [details]
CVS Diffs

These changes dispose of and create a new server-side SASL context when you
re-bind using SASL.
Comment 3 Nathan Kinder 2006-03-13 18:41:26 EST
Created attachment 126078 [details]
Revised Diffs

Revised the fix to deal with the case where the SASL mechanism is changed in
the middle of an uncompleted SASL bind operation.
Comment 4 Nathan Kinder 2006-03-14 13:28:43 EST
Created attachment 126115 [details]
Revised Diffs

An additional change was needed to reset the IO function pointers of the
connection before disposing of the sasl context.  This requires us to lock
Comment 5 Nathan Kinder 2006-03-14 14:13:47 EST
Checked into HEAD.  Reviewed by Rich, Pete, and Noriko.

Checking in saslbind.c;
/cvs/dirsec/ldapserver/ldap/servers/slapd/saslbind.c,v  <--  saslbind.c
new revision: 1.15; previous revision: 1.14
Checking in slap.h;
/cvs/dirsec/ldapserver/ldap/servers/slapd/slap.h,v  <--  slap.h
new revision: 1.12; previous revision: 1.11
Comment 6 Nathan Kinder 2006-03-14 14:29:33 EST
Created attachment 126117 [details]
Additional Diff

Rich suggested a modification to the location where we aquire the connection
lock.  This diff has that additional change.  The change has been checked into

Checking in saslbind.c;
/cvs/dirsec/ldapserver/ldap/servers/slapd/saslbind.c,v	<--  saslbind.c
new revision: 1.16; previous revision: 1.15
Comment 12 Orla Hegarty 2006-05-26 13:49:19 EDT
Somehow the errata system did not automatically close these bugs even though DS
SP 2 is shipped and available live on RHN
Comment 13 Orla Hegarty 2006-05-26 13:53:13 EDT
trying to manually close
Comment 14 Orla Hegarty 2006-05-26 16:14:29 EDT
trying again
Comment 16 Rich Megginson 2006-06-29 08:14:45 EDT
*** Bug 195331 has been marked as a duplicate of this bug. ***

Note You need to log in before you can comment on or make changes to this bug.