idassert also in case of SASL mechs that do not set authcId

[openldap] / servers / slapd / back-ldap / extended.c

diff --git a/servers/slapd/back-ldap/extended.c b/servers/slapd/back-ldap/extended.c
index 06f374ae3c45d4c6eaa6b3fa3162318c0eb6feba..cf3aacbb71ebf2504c1b3ef1523b7ac48b92d6e0 100644 (file)
--- a/servers/slapd/back-ldap/extended.c
+++ b/servers/slapd/back-ldap/extended.c
@@ -47,7 +47,7 @@ ldap_back_extended_one( Operation *op, SlapReply *rs, ldap_back_exop_f exop )
        ldapinfo_t      *li = (ldapinfo_t *) op->o_bd->be_private;
 
        ldapconn_t      *lc = NULL;
-       LDAPControl     **oldctrls = NULL;
+       LDAPControl     **ctrls = NULL, **oldctrls = NULL;
        int             rc;
 
        /* FIXME: this needs to be called here, so it is
@@ -58,9 +58,8 @@ ldap_back_extended_one( Operation *op, SlapReply *rs, ldap_back_exop_f exop )
                return -1;
        }
 
-       oldctrls = op->o_ctrls;
-       if ( ldap_back_proxy_authz_ctrl( &lc->lc_bound_ndn,
-               li->li_version, &li->li_idassert, op, rs, &op->o_ctrls ) )
+       ctrls = op->o_ctrls;
+       if ( ldap_back_controls_add( op, rs, lc, &ctrls ) )
        {
                op->o_ctrls = oldctrls;
                send_ldap_extended( op, rs );
@@ -70,13 +69,11 @@ ldap_back_extended_one( Operation *op, SlapReply *rs, ldap_back_exop_f exop )
                goto done;
        }
 
+       op->o_ctrls = ctrls;
        rc = exop( op, rs, &lc );
 
-       if ( op->o_ctrls && op->o_ctrls != oldctrls ) {
-               free( op->o_ctrls[ 0 ] );
-               free( op->o_ctrls );
-       }
        op->o_ctrls = oldctrls;
+       (void)ldap_back_controls_free( op, rs, &ctrls );
 
 done:;
        if ( lc != NULL ) {