upstream/openldap
1
0
Fork 0
mirror of https://git.openldap.org/openldap/openldap.git synced 2025-12-31 12:09:35 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

ITS#10227 Asyncmeta will not reset a connection if a bind operation fails with LDAP_OTHER, leaving the connection in invalid state

Browse source
This commit is contained in:
Nadezhda Ivanova 2024-03-01 15:13:47 +02:00 committed by Quanah Gibson-Mount
parent 6b4b68b13a
commit 0f521e636b
1 changed files with 19 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

24
servers/slapd/back-asyncmeta/bind.c
View file

@ -851,18 +851,29 @@ asyncmeta_back_proxy_authz_cred(
mt->mt_idassert_sasl_mech.bv_val, NULL, NULL,
LDAP_SASL_QUIET, lutil_sasl_interact,
defaults );
/* restore the old timeout just in case */
ldap_set_option( msc->msc_ld, LDAP_OPT_TIMEOUT, (void *)&old_tv );
rs->sr_err = slap_map_api2result( rs );
if ( rs->sr_err != LDAP_SUCCESS ) {
char *xtext = NULL;
rs->sr_text = "Failure to execute SASL bind to remote target.";
ldap_get_option( msc->msc_ld,
LDAP_OPT_DIAGNOSTIC_MESSAGE, &xtext );
if ( xtext != NULL && xtext [ 0 ] == '\0' ) {
ldap_memfree( xtext );
xtext = NULL;
}
if ( LogTest( asyncmeta_debug ) ) {
char time_buf[ SLAP_TEXT_BUFLEN ];
asyncmeta_get_timestamp(time_buf);
Debug( asyncmeta_debug, "[%s] asyncmeta_back_proxy_authz_cred failed bind msc: %p\n",
time_buf, msc );
Debug( asyncmeta_debug, "[%s] asyncmeta_back_proxy_authz_cred failed bind msc: %p with message %s\n",
time_buf, msc, (xtext ? xtext : "") );
}
if ( xtext )
ldap_memfree( xtext );
LDAP_BACK_CONN_ISBOUND_CLEAR( msc );
if ( sendok & LDAP_BACK_SENDERR ) {
send_ldap_result( op, rs );
@ -1701,10 +1712,13 @@ asyncmeta_dobind_init_with_retry(Operation *op, SlapReply *rs, bm_context_t *bc,
retry_dobind:
ldap_pvt_thread_mutex_lock( &mc->mc_om_mutex );
rc = asyncmeta_dobind_init(op, rs, bc, mc, candidate);
if (rs->sr_err != LDAP_UNAVAILABLE && rs->sr_err != LDAP_BUSY) {
if (rs->sr_err != LDAP_UNAVAILABLE &&
rs->sr_err != LDAP_BUSY &&
rs->sr_err != LDAP_OTHER ) {
ldap_pvt_thread_mutex_unlock( &mc->mc_om_mutex );
return rc;
} else if (bc->nretries[candidate] == 0) {
} else if ( bc->nretries[candidate] == 0 ||
rs->sr_err == LDAP_OTHER ) {
char buf[ SLAP_TEXT_BUFLEN ];
snprintf( buf, sizeof( buf ), "called from %s:%d", __FILE__, __LINE__ );
asyncmeta_reset_msc(NULL, mc, candidate, 0, buf);