Experimental cruft to propagate valid Operation to SASL callbacks.

If you have a better way, jupm on in...

servers/slapd/bind.c

@@ -231,6 +231,10 @@ do_bind(
 		goto cleanup;
 	}
 
+	/* Set the bindop for the benefit of in-directory SASL lookups */
+	ldap_pvt_thread_mutex_lock( &conn->c_sasl_bindmutex );
+	conn->c_sasl_bindop = op;
+
 	if ( method == LDAP_AUTH_SASL ) {
 		slap_ssf_t ssf = 0;
 
@@ -570,6 +574,9 @@ do_bind(
 	}
 
 cleanup:
+	conn->c_sasl_bindop = NULL;
+	ldap_pvt_thread_mutex_unlock( &conn->c_sasl_bindmutex );
+
 	if( pdn.bv_val != NULL ) {
 		free( pdn.bv_val );
 	}

servers/slapd/connection.c

@@ -139,6 +139,7 @@ int connections_destroy(void)
 			ber_sockbuf_free( connections[i].c_sb );
 			ldap_pvt_thread_mutex_destroy( &connections[i].c_mutex );
 			ldap_pvt_thread_mutex_destroy( &connections[i].c_write_mutex );
+			ldap_pvt_thread_mutex_destroy( &connections[i].c_sasl_bindmutex );
 			ldap_pvt_thread_cond_destroy( &connections[i].c_write_cv );
 		}
 	}
@@ -436,6 +437,7 @@ long connection_init(
 		c->c_sasl_bind_mech.bv_len = 0;
 		c->c_sasl_context = NULL;
 		c->c_sasl_extra = NULL;
+		c->c_sasl_bindop = NULL;
 
 		c->c_sb = ber_sockbuf_alloc( );
 
@@ -449,6 +451,7 @@ long connection_init(
 		/* should check status of thread calls */
 		ldap_pvt_thread_mutex_init( &c->c_mutex );
 		ldap_pvt_thread_mutex_init( &c->c_write_mutex );
+		ldap_pvt_thread_mutex_init( &c->c_sasl_bindmutex );
 		ldap_pvt_thread_cond_init( &c->c_write_cv );
 
 		c->c_struct_state = SLAP_C_UNUSED;
@@ -470,6 +473,7 @@ long connection_init(
 	assert( c->c_sasl_bind_mech.bv_val == NULL );
 	assert( c->c_sasl_context == NULL );
 	assert( c->c_sasl_extra == NULL );
+	assert( c->c_sasl_bindop == NULL );
 	assert( c->c_currentber == NULL );
 
 	ber_str2bv( url, 0, 1, &c->c_listener_url );

servers/slapd/sasl.c

@@ -607,6 +607,7 @@ slap_auxprop_lookup(
 			op.o_callback = &cb;
 			op.o_time = slap_get_time();
 			op.o_do_not_cache = 1;
+			op.o_threadctx = conn->c_sasl_bindop->o_threadctx;
 
 			(*be->be_search)( be, conn, &op, NULL, &dn,
 				LDAP_SCOPE_BASE, LDAP_DEREF_NEVER, 1, 0,
@@ -731,6 +732,7 @@ slap_sasl_checkpass(
 		op.o_callback = &cb;
 		op.o_time = slap_get_time();
 		op.o_do_not_cache = 1;
+		op.o_threadctx = conn->c_sasl_bindop->o_threadctx;
 
 		(*be->be_search)( be, conn, &op, NULL, &dn,
 			LDAP_SCOPE_BASE, LDAP_DEREF_NEVER, 1, 0,

servers/slapd/saslauthz.c

@@ -449,6 +449,7 @@ void slap_sasl2dn( Connection *conn,
 	op.o_callback = &cb;
 	op.o_time = slap_get_time();
 	op.o_do_not_cache = 1;
+	op.o_threadctx = conn->c_sasl_bindop->o_threadctx;
 
 	(*be->be_search)( be, conn, &op, NULL, &dn,
 		scope, LDAP_DEREF_NEVER, 1, 0,
@@ -569,6 +570,7 @@ int slap_sasl_match(Connection *conn, struct berval *rule, struct berval *assert
 	op.o_callback = &cb;
 	op.o_time = slap_get_time();
 	op.o_do_not_cache = 1;
+	op.o_threadctx = conn->c_sasl_bindop->o_threadctx;
 
 	(*be->be_search)( be, conn, &op, /*base=*/NULL, &searchbase,
 	   scope, /*deref=*/1, /*sizelimit=*/0, /*time=*/0, filter, /*fstr=*/NULL,
@@ -622,7 +624,7 @@ slap_sasl_check_authz( Connection *conn,
 	   assertDN->bv_val, ad->ad_cname.bv_val, searchDN->bv_val);
 #endif
 
-	rc = backend_attribute( NULL, NULL, NULL, NULL, searchDN, ad, &vals );
+	rc = backend_attribute( NULL, NULL, conn->c_sasl_bindop, NULL, searchDN, ad, &vals );
 	if( rc != LDAP_SUCCESS )
 		goto COMPLETE;
 

servers/slapd/slap.h

@@ -1618,6 +1618,8 @@ typedef struct slap_conn {
 	int		c_sasl_layers;	 /* true if we need to install SASL i/o handlers */
 	void	*c_sasl_context;	/* SASL session context */
 	void	*c_sasl_extra;		/* SASL session extra stuff */
+	struct slap_op	*c_sasl_bindop;	/* set to current op if it's a bind */
+	ldap_pvt_thread_mutex_t	c_sasl_bindmutex;	/* lock for bindop */
 
 	PagedResultsState c_pagedresults_state; /* paged result state */