idassert also in case of SASL mechs that do not set authcId

[openldap] / servers / slapd / back-ldap / search.c

diff --git a/servers/slapd/back-ldap/search.c b/servers/slapd/back-ldap/search.c
index 467c5642f99252e174f31d0052be8678e8741b05..4c4f078fb1442d45dfa8853506eb5430b4ee4ae9 100644 (file)
--- a/servers/slapd/back-ldap/search.c
+++ b/servers/slapd/back-ldap/search.c
@@ -205,8 +205,7 @@ ldap_back_search(
        }
 
        ctrls = op->o_ctrls;
-       rc = ldap_back_proxy_authz_ctrl( &lc->lc_bound_ndn,
-               li->li_version, &li->li_idassert, op, rs, &ctrls );
+       rc = ldap_back_controls_add( op, rs, lc, &ctrls );
        if ( rc != LDAP_SUCCESS ) {
                goto finish;
        }
@@ -330,12 +329,18 @@ retry:
                        e = ldap_first_entry( lc->lc_ld, res );
                        rc = ldap_build_entry( op, e, &ent, &bdn );
                        if ( rc == LDAP_SUCCESS ) {
+                               ldap_get_entry_controls( lc->lc_ld, res, &rs->sr_ctrls );
                                rs->sr_entry = &ent;
                                rs->sr_attrs = op->ors_attrs;
                                rs->sr_operational_attrs = NULL;
                                rs->sr_flags = 0;
                                rs->sr_err = LDAP_SUCCESS;
                                rc = rs->sr_err = send_search_entry( op, rs );
+                               if ( rs->sr_ctrls ) {
+                                       ldap_controls_free( rs->sr_ctrls );
+                                       rs->sr_ctrls = NULL;
+                               }
+                               rs->sr_entry = NULL;
                                if ( !BER_BVISNULL( &ent.e_name ) ) {
                                        assert( ent.e_name.bv_val != bdn.bv_val );
                                        op->o_tmpfree( ent.e_name.bv_val, op->o_tmpmemctx );
@@ -383,6 +388,7 @@ retry:
                                BER_BVZERO( &rs->sr_ref[ cnt ] );
 
                                /* ignore return value by now */
+                               rs->sr_entry = NULL;
                                ( void )send_search_reference( op, rs );
 
                        } else {
@@ -522,7 +528,7 @@ finish:;
                send_ldap_result( op, rs );
        }
 
-       (void)ldap_back_proxy_authz_ctrl_free( op, &ctrls );
+       (void)ldap_back_controls_free( op, rs, &ctrls );
 
        if ( rs->sr_ctrls ) {
                ldap_controls_free( rs->sr_ctrls );
@@ -812,8 +818,7 @@ ldap_back_entry_get(
 
 retry:
        ctrls = op->o_ctrls;
-       rc = ldap_back_proxy_authz_ctrl( &lc->lc_bound_ndn,
-               li->li_version, &li->li_idassert, op, &rs, &ctrls );
+       rc = ldap_back_controls_add( op, &rs, lc, &ctrls );
        if ( rc != LDAP_SUCCESS ) {
                goto cleanup;
        }
@@ -826,7 +831,7 @@ retry:
                        do_retry = 0;
                        if ( ldap_back_retry( &lc, op, &rs, LDAP_BACK_DONTSEND ) ) {
                                /* if the identity changed, there might be need to re-authz */
-                               (void)ldap_back_proxy_authz_ctrl_free( op, &ctrls );
+                               (void)ldap_back_controls_free( op, &rs, &ctrls );
                                goto retry;
                        }
                }
@@ -853,7 +858,7 @@ retry:
        }
 
 cleanup:
-       (void)ldap_back_proxy_authz_ctrl_free( op, &ctrls );
+       (void)ldap_back_controls_free( op, &rs, &ctrls );
 
        if ( result ) {
                ldap_msgfree( result );