From ea71c3b6b60e563651ea8596a975aef0c8199519 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Mon, 29 Jun 2026 10:44:47 +0200 Subject: [PATCH] openldap: handle Curl_sasl_continue() returns better Similar to how it gets treated already in other protocol handlers. Follow-up to eeca818b1e8d1e61c2d4 Reported-by: Eunsoo Kim Closes #22213 --- lib/openldap.c | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) diff --git a/lib/openldap.c b/lib/openldap.c index ee765d8d05..6c15734d29 100644 --- a/lib/openldap.c +++ b/lib/openldap.c @@ -791,8 +791,19 @@ static CURLcode oldap_state_sasl_resp(struct Curl_easy *data, } else { result = Curl_sasl_continue(&li->sasl, data, code, &progress); - if(!result && progress != SASL_INPROGRESS) - oldap_state(data, li, OLDAP_STOP); + if(!result) { + switch(progress) { + case SASL_DONE: + oldap_state(data, li, OLDAP_STOP); /* Authenticated */ + break; + case SASL_IDLE: /* No mechanism left after cancellation */ + failf(data, "Authentication cancelled"); + result = CURLE_LOGIN_DENIED; + break; + default: + break; + } + } } if(li->servercred)