[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#6824) slap_sasl2dn can erroneously set c_authz_backend



masarati@aero.polimi.it wrote:
> Full_Name: Pierangelo Masarati
> Version: HEAD/re24
> OS: irrelevant
> URL: ftp://ftp.openldap.org/incoming/
> Submission from: (NULL) (2.40.0.119)
> Submitted by: ando
>
>
> slap_sasl2dn may set c_authz_backend; however, this function can be called
> concurrently by multiple operations without mutex protection, and under
> erroneous conditions (e.g. while applying the proxied authorization control).
>
> Not exactly sure about ho to proceed; I assume this should only happen during
> SASL bind.

Yes.

Check if op == op->o_conn->c_sasl_bindop. If true, set c_authz_backend. No 
mutex protection is required since actual Binds are already serialized.

-- 
   -- Howard Chu
   CTO, Symas Corp.           http://www.symas.com
   Director, Highland Sun     http://highlandsun.com/hyc/
   Chief Architect, OpenLDAP  http://www.openldap.org/project/