SASL: me thinks I got the states okay... now to test.

servers/slapd/bind.c

@@ -216,28 +216,24 @@ do_bind(
 		ldap_pvt_thread_mutex_lock( &conn->c_mutex );
 
 		if ( conn->c_sasl_bind_mech != NULL ) {
-			assert( conn->c_sasl_bind_in_progress );
-
 			if((strcmp(conn->c_sasl_bind_mech, mech) != 0)) {
 				/* mechanism changed, cancel in progress bind */
-				conn->c_sasl_bind_in_progress = 0;
-				free( conn->c_sasl_bind_mech );
-				conn->c_sasl_bind_mech = NULL;
 #ifdef HAVE_CYRUS_SASL
 				sasl_dispose(&conn->c_sasl_bind_context);
 				conn->c_sasl_bind_context = NULL;
 #endif
 			}
+			free( conn->c_sasl_bind_mech );
+			conn->c_sasl_bind_mech = NULL;
 
 #ifdef LDAP_DEBUG
-		} else {
-			assert( !conn->c_sasl_bind_in_progress );
-			assert( conn->c_sasl_bind_mech == NULL );
 #ifdef HAVE_CYRUS_SASL
+		} else {
 			assert( conn->c_sasl_bind_context == NULL );
 #endif
 #endif
 		}
+
 		ldap_pvt_thread_mutex_unlock( &conn->c_mutex );
 
 		edn = NULL;
@@ -245,9 +241,25 @@ do_bind(
 
 		if( rc == LDAP_SUCCESS && edn != NULL ) {
 			ldap_pvt_thread_mutex_lock( &conn->c_mutex );
+#ifdef HAVE_CYRUS_SASL
+			assert( conn->c_sasl_bind_context == NULL );
+#endif
 			conn->c_dn = edn;
 			ldap_pvt_thread_mutex_unlock( &conn->c_mutex );
+
+		} else if ( rc == LDAP_SASL_BIND_IN_PROGRESS ) {
+#ifdef HAVE_CYRUS_SASL
+			assert( conn->c_sasl_bind_context != NULL );
+#endif
+			conn->c_sasl_bind_mech = mech;
+			mech = NULL;
+
+#ifdef HAVE_CYRUS_SASL
+		} else {
+			assert( conn->c_sasl_bind_context != NULL );
+#endif
 		}
+
 		goto cleanup;
 
 	} else {
@@ -257,15 +269,18 @@ do_bind(
 		if ( conn->c_sasl_bind_mech != NULL ) {
 			assert( conn->c_sasl_bind_in_progress );
 
-			/* cancel in progress bind */
-			conn->c_sasl_bind_in_progress = 0;
-
 			free(conn->c_sasl_bind_mech);
 			conn->c_sasl_bind_mech = NULL;
 
 #ifdef HAVE_CYRUS_SASL
+			assert( conn->c_sasl_bind_context != NULL );
 			sasl_dispose(&conn->c_sasl_bind_context);
 			conn->c_sasl_bind_context = NULL;
+#endif
+		} else {
+			assert( !conn->c_sasl_bind_in_progress );
+#ifdef HAVE_CYRUS_SASL
+			assert( conn->c_sasl_bind_context == NULL );
 #endif
 		}
 

servers/slapd/sasl.c

@@ -144,7 +144,7 @@ int sasl_bind(
 	Debug(LDAP_DEBUG_ARGS, "==> sasl_bind: dn=%s, mech=%s, cred->bv_len=%d\n",
 		dn, mech, cred ? cred->bv_len : 0 );
 
-	if ( conn->c_sasl_bind_context ) {
+	if ( conn->c_sasl_bind_context == NULL ) {
 		sasl_callback_t callbacks[4];
 		int cbnum = 0;
 
@@ -210,6 +210,9 @@ int sasl_bind(
 				NULL, NULL, NULL, NULL );
 
 		} else {
+			Debug(LDAP_DEBUG_TRACE, "<== sasl_bind: username=%s\n",
+				authzid, 0, 0);
+
 			if( strncasecmp( authzid, "anonymous", sizeof("anonyous")-1 ) &&
 				( ( authzid[sizeof("anonymous")] == '\0' ) ||
 				( authzid[sizeof("anonymous")] == '@' ) ) )
@@ -224,15 +227,15 @@ int sasl_bind(
 		}
 
 	} else if ( sc == SASL_CONTINUE ) {
-		/*
-		 * We set c_sasl_bind_in_progress because it doesn't appear
-		 * that connection.c sets this (unless do_bind() itself
-		 * returns LDAP_SASL_BIND_IN_PROGRESS).
-		 */
 		send_ldap_sasl( conn, op, rc = LDAP_SASL_BIND_IN_PROGRESS,
 			NULL, NULL, NULL, NULL,  &response );
 	} 
 
+	if ( sc != SASL_CONTINUE && conn->c_sasl_bind_context != NULL ) {
+		sasl_dispose( &conn->c_sasl_bind_context );
+		conn->c_sasl_bind_context = NULL;
+	}
+
 	Debug(LDAP_DEBUG_TRACE, "<== sasl_bind: rc=%d\n", rc, 0, 0);
 
 	return rc;