idassert also in case of SASL mechs that do not set authcId

[openldap] / servers / slapd / back-ldap / extended.c

diff --git a/servers/slapd/back-ldap/extended.c b/servers/slapd/back-ldap/extended.c
index febfffacabac05921dace824b310bb617a203111..cf3aacbb71ebf2504c1b3ef1523b7ac48b92d6e0 100644 (file)
--- a/servers/slapd/back-ldap/extended.c
+++ b/servers/slapd/back-ldap/extended.c
@@ -47,7 +47,7 @@ ldap_back_extended_one( Operation *op, SlapReply *rs, ldap_back_exop_f exop )
        ldapinfo_t      *li = (ldapinfo_t *) op->o_bd->be_private;
 
        ldapconn_t      *lc = NULL;
-       LDAPControl     **oldctrls = NULL;
+       LDAPControl     **ctrls = NULL, **oldctrls = NULL;
        int             rc;
 
        /* FIXME: this needs to be called here, so it is
@@ -58,9 +58,8 @@ ldap_back_extended_one( Operation *op, SlapReply *rs, ldap_back_exop_f exop )
                return -1;
        }
 
-       oldctrls = op->o_ctrls;
-       if ( ldap_back_proxy_authz_ctrl( &lc->lc_bound_ndn,
-               li->li_version, &li->li_idassert, op, rs, &op->o_ctrls ) )
+       ctrls = op->o_ctrls;
+       if ( ldap_back_controls_add( op, rs, lc, &ctrls ) )
        {
                op->o_ctrls = oldctrls;
                send_ldap_extended( op, rs );
@@ -70,13 +69,11 @@ ldap_back_extended_one( Operation *op, SlapReply *rs, ldap_back_exop_f exop )
                goto done;
        }
 
+       op->o_ctrls = ctrls;
        rc = exop( op, rs, &lc );
 
-       if ( op->o_ctrls && op->o_ctrls != oldctrls ) {
-               free( op->o_ctrls[ 0 ] );
-               free( op->o_ctrls );
-       }
        op->o_ctrls = oldctrls;
+       (void)ldap_back_controls_free( op, rs, &ctrls );
 
 done:;
        if ( lc != NULL ) {
@@ -125,6 +122,7 @@ ldap_back_exop_passwd(
                        ndn = op->o_req_ndn;
 
        assert( lc != NULL );
+       assert( rs->sr_ctrls == NULL );
 
        if ( BER_BVISNULL( &ndn ) && op->ore_reqdata != NULL ) {
                /* NOTE: most of this code is mutuated
@@ -190,6 +188,7 @@ retry:
                op->o_ctrls, NULL, &msgid );
 
        if ( rc == LDAP_SUCCESS ) {
+               /* TODO: set timeout? */
                if ( ldap_result( lc->lc_ld, msgid, LDAP_MSG_ALL, NULL, &res ) == -1 ) {
                        ldap_get_option( lc->lc_ld, LDAP_OPT_ERROR_NUMBER, &rc );
                        rs->sr_err = rc;
@@ -206,7 +205,7 @@ retry:
                        rc = ldap_parse_result( lc->lc_ld, res, &rs->sr_err,
                                        (char **)&rs->sr_matched,
                                        &text,
-                                       NULL, NULL, 0 );
+                                       NULL, &rs->sr_ctrls, 0 );
 
                        if ( rc == LDAP_SUCCESS ) {
                                if ( rs->sr_err == LDAP_SUCCESS ) {
@@ -270,6 +269,11 @@ retry:
                rs->sr_matched = NULL;
        }
 
+       if ( rs->sr_ctrls ) {
+               ldap_controls_free( rs->sr_ctrls );
+               rs->sr_ctrls = NULL;
+       }
+
        if ( text ) {
                free( text );
                rs->sr_text = NULL;
@@ -299,6 +303,7 @@ ldap_back_exop_generic(
        char            *text = NULL;
 
        assert( lc != NULL );
+       assert( rs->sr_ctrls == NULL );
 
        Debug( LDAP_DEBUG_ARGS, "==> ldap_back_exop_generic(%s, \"%s\")\n",
                op->ore_reqoid.bv_val, op->o_req_dn.bv_val, 0 );
@@ -309,6 +314,7 @@ retry:
                op->o_ctrls, NULL, &msgid );
 
        if ( rc == LDAP_SUCCESS ) {
+               /* TODO: set timeout? */
                if ( ldap_result( lc->lc_ld, msgid, LDAP_MSG_ALL, NULL, &res ) == -1 ) {
                        ldap_get_option( lc->lc_ld, LDAP_OPT_ERROR_NUMBER, &rc );
                        rs->sr_err = rc;
@@ -325,7 +331,7 @@ retry:
                        rc = ldap_parse_result( lc->lc_ld, res, &rs->sr_err,
                                        (char **)&rs->sr_matched,
                                        &text,
-                                       NULL, NULL, 0 );
+                                       NULL, &rs->sr_ctrls, 0 );
                        if ( rc == LDAP_SUCCESS ) {
                                if ( rs->sr_err == LDAP_SUCCESS ) {
                                        rc = ldap_parse_extended_result( lc->lc_ld, res,
@@ -370,6 +376,11 @@ retry:
                rs->sr_matched = NULL;
        }
 
+       if ( rs->sr_ctrls ) {
+               ldap_controls_free( rs->sr_ctrls );
+               rs->sr_ctrls = NULL;
+       }
+
        if ( text ) {
                free( text );
                rs->sr_text = NULL;