]> git.sur5r.net Git - openldap/blobdiff - servers/slapd/back-ldap/bind.c
projects / openldap / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
ITS#5138 don't scan past the sequence of attributes
[openldap] / servers / slapd / back-ldap / bind.c
diff --git a/servers/slapd/back-ldap/bind.c b/servers/slapd/back-ldap/bind.c
index e5878a2cbd965e22919dc4042d9be6f46356faa6..eb3d49703b20f02acb6a5296f94625228998f7bb 100644 (file)
--- a/servers/slapd/back-ldap/bind.c
+++ b/servers/slapd/back-ldap/bind.c
@@ -1462,7 +1462,7 @@ retry:;
                        if ( op->o_callback == &cb )
                                op->o_callback = cb.sc_next;
                        op->o_tag = o_tag;
-                       rs->sr_text = "Internal proxy bind failure";
+                       rs->sr_text = "Proxy can't contact remote server";
                        send_ldap_result( op, rs );
                }
 
@@ -2249,7 +2249,8 @@ ldap_back_proxy_authz_ctrl(
         * but if it is not set this test fails.  We need a different
         * means to detect if idassert is enabled */
        if ( ( BER_BVISNULL( &si->si_bc.sb_authcId ) || BER_BVISEMPTY( &si->si_bc.sb_authcId ) )
-                       && ( BER_BVISNULL( &si->si_bc.sb_binddn ) || BER_BVISEMPTY( &si->si_bc.sb_binddn ) ) )
+               && ( BER_BVISNULL( &si->si_bc.sb_binddn ) || BER_BVISEMPTY( &si->si_bc.sb_binddn ) )
+               && BER_BVISNULL( &si->si_bc.sb_saslmech ) )
        {
                goto done;
        }
@@ -2393,11 +2394,14 @@ ldap_back_proxy_authz_ctrl(
                goto done;
        }
 
+       ctrl->ldctl_oid = LDAP_CONTROL_PROXY_AUTHZ;
+
        switch ( si->si_mode ) {
        /* already in u:ID or dn:DN form */
        case LDAP_BACK_IDASSERT_OTHERID:
        case LDAP_BACK_IDASSERT_OTHERDN:
                ber_dupbv_x( &ctrl->ldctl_value, &assertedID, op->o_tmpmemctx );
+               rs->sr_err = LDAP_SUCCESS;
                break;
 
        /* needs the dn: prefix */
@@ -2408,6 +2412,7 @@ ldap_back_proxy_authz_ctrl(
                AC_MEMCPY( ctrl->ldctl_value.bv_val, "dn:", STRLENOF( "dn:" ) );
                AC_MEMCPY( &ctrl->ldctl_value.bv_val[ STRLENOF( "dn:" ) ],
                                assertedID.bv_val, assertedID.bv_len + 1 );
+               rs->sr_err = LDAP_SUCCESS;
                break;
        }
 
@@ -2435,6 +2440,8 @@ ldap_back_proxy_authz_ctrl(
                        goto free_ber;
                }
 
+               rs->sr_err = LDAP_SUCCESS;
+
 free_ber:;
                op->o_tmpfree( authzID.bv_val, op->o_tmpmemctx );
                ber_free_buf( ber );
@@ -2475,6 +2482,9 @@ free_ber:;
                        goto free_ber2;
                }
 
+               ctrl->ldctl_oid = LDAP_CONTROL_OBSOLETE_PROXY_AUTHZ;
+               rs->sr_err = LDAP_SUCCESS;
+
 free_ber2:;
                op->o_tmpfree( authzID.bv_val, op->o_tmpmemctx );
                ber_free_buf( ber );
@@ -2482,8 +2492,6 @@ free_ber2:;
                if ( rs->sr_err != LDAP_SUCCESS ) {
                        goto done;
                }
-
-               ctrl->ldctl_oid = LDAP_CONTROL_OBSOLETE_PROXY_AUTHZ;
        }
 
 done:;
Cloned from git://git.openldap.org/openldap.git