[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: (ITS#6824) slap_sasl2dn can erroneously set c_authz_backend
- To: openldap-its@OpenLDAP.org
- Subject: Re: (ITS#6824) slap_sasl2dn can erroneously set c_authz_backend
- From: hyc@symas.com
- Date: Thu, 3 Feb 2011 17:53:13 GMT
- Auto-submitted: auto-generated (OpenLDAP-ITS)
masarati@aero.polimi.it wrote:
> Full_Name: Pierangelo Masarati
> Version: HEAD/re24
> OS: irrelevant
> URL: ftp://ftp.openldap.org/incoming/
> Submission from: (NULL) (2.40.0.119)
> Submitted by: ando
>
>
> slap_sasl2dn may set c_authz_backend; however, this function can be called
> concurrently by multiple operations without mutex protection, and under
> erroneous conditions (e.g. while applying the proxied authorization control).
>
> Not exactly sure about ho to proceed; I assume this should only happen during
> SASL bind.
Yes.
Check if op == op->o_conn->c_sasl_bindop. If true, set c_authz_backend. No
mutex protection is required since actual Binds are already serialized.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/