idassert also in case of SASL mechs that do not set authcId

[openldap] / servers / slapd / back-ldap / search.c

diff --git a/servers/slapd/back-ldap/search.c b/servers/slapd/back-ldap/search.c
index ef183ab97abcebe931ee418d6f5f18412336f65d..4c4f078fb1442d45dfa8853506eb5430b4ee4ae9 100644 (file)
--- a/servers/slapd/back-ldap/search.c
+++ b/servers/slapd/back-ldap/search.c
@@ -158,6 +158,8 @@ ldap_back_search(
        int             freetext = 0;
        int             do_retry = 1, dont_retry = 0;
        LDAPControl     **ctrls = NULL;
+       char            **references = NULL;
+
        /* FIXME: shouldn't this be null? */
        const char      *save_matched = rs->sr_matched;
 
@@ -203,8 +205,7 @@ ldap_back_search(
        }
 
        ctrls = op->o_ctrls;
-       rc = ldap_back_proxy_authz_ctrl( &lc->lc_bound_ndn,
-               li->li_version, &li->li_idassert, op, rs, &ctrls );
+       rc = ldap_back_controls_add( op, rs, lc, &ctrls );
        if ( rc != LDAP_SUCCESS ) {
                goto finish;
        }
@@ -328,12 +329,18 @@ retry:
                        e = ldap_first_entry( lc->lc_ld, res );
                        rc = ldap_build_entry( op, e, &ent, &bdn );
                        if ( rc == LDAP_SUCCESS ) {
+                               ldap_get_entry_controls( lc->lc_ld, res, &rs->sr_ctrls );
                                rs->sr_entry = &ent;
                                rs->sr_attrs = op->ors_attrs;
                                rs->sr_operational_attrs = NULL;
                                rs->sr_flags = 0;
                                rs->sr_err = LDAP_SUCCESS;
                                rc = rs->sr_err = send_search_entry( op, rs );
+                               if ( rs->sr_ctrls ) {
+                                       ldap_controls_free( rs->sr_ctrls );
+                                       rs->sr_ctrls = NULL;
+                               }
+                               rs->sr_entry = NULL;
                                if ( !BER_BVISNULL( &ent.e_name ) ) {
                                        assert( ent.e_name.bv_val != bdn.bv_val );
                                        op->o_tmpfree( ent.e_name.bv_val, op->o_tmpmemctx );
@@ -356,8 +363,6 @@ retry:
                        }
 
                } else if ( rc == LDAP_RES_SEARCH_REFERENCE ) {
-                       char            **references = NULL;
-
                        do_retry = 0;
                        rc = ldap_parse_reference( lc->lc_ld, res,
                                        &references, &rs->sr_ctrls, 1 );
@@ -383,6 +388,7 @@ retry:
                                BER_BVZERO( &rs->sr_ref[ cnt ] );
 
                                /* ignore return value by now */
+                               rs->sr_entry = NULL;
                                ( void )send_search_reference( op, rs );
 
                        } else {
@@ -398,6 +404,7 @@ retry:
                                ber_memvfree( (void **)references );
                                op->o_tmpfree( rs->sr_ref, op->o_tmpmemctx );
                                rs->sr_ref = NULL;
+                               references = NULL;
                        }
 
                        if ( rs->sr_ctrls ) {
@@ -406,7 +413,7 @@ retry:
                        }
 
                } else {
-                       char            **references = NULL, *err = NULL;
+                       char            *err = NULL;
 
                        rc = ldap_parse_result( lc->lc_ld, res, &rs->sr_err,
                                        &match.bv_val, &err,
@@ -444,7 +451,7 @@ retry:
 
                                        for ( cnt = 0; references[ cnt ]; cnt++ ) {
                                                /* duplicating ...*/
-                                               ber_str2bv( references[ cnt ], 0, 1, &rs->sr_ref[ cnt ] );
+                                               ber_str2bv( references[ cnt ], 0, 0, &rs->sr_ref[ cnt ] );
                                        }
                                        BER_BVZERO( &rs->sr_ref[ cnt ] );
                                }
@@ -460,8 +467,6 @@ retry:
                                rs->sr_err = LDAP_NO_SUCH_OBJECT;
                        }
 
-                       ber_memvfree( (void **)references );
-
                        if ( match.bv_val != NULL ) {
                                match.bv_len = strlen( match.bv_val );
                        }
@@ -523,7 +528,7 @@ finish:;
                send_ldap_result( op, rs );
        }
 
-       (void)ldap_back_proxy_authz_ctrl_free( op, &ctrls );
+       (void)ldap_back_controls_free( op, rs, &ctrls );
 
        if ( rs->sr_ctrls ) {
                ldap_controls_free( rs->sr_ctrls );
@@ -552,10 +557,14 @@ finish:;
        }
 
        if ( rs->sr_ref ) {
-               ber_bvarray_free_x( rs->sr_ref, op->o_tmpmemctx );
+               op->o_tmpfree( rs->sr_ref, op->o_tmpmemctx );
                rs->sr_ref = NULL;
        }
 
+       if ( references ) {
+               ber_memvfree( (void **)references );
+       }
+
        if ( attrs ) {
                ch_free( attrs );
        }
@@ -809,8 +818,7 @@ ldap_back_entry_get(
 
 retry:
        ctrls = op->o_ctrls;
-       rc = ldap_back_proxy_authz_ctrl( &lc->lc_bound_ndn,
-               li->li_version, &li->li_idassert, op, &rs, &ctrls );
+       rc = ldap_back_controls_add( op, &rs, lc, &ctrls );
        if ( rc != LDAP_SUCCESS ) {
                goto cleanup;
        }
@@ -823,7 +831,7 @@ retry:
                        do_retry = 0;
                        if ( ldap_back_retry( &lc, op, &rs, LDAP_BACK_DONTSEND ) ) {
                                /* if the identity changed, there might be need to re-authz */
-                               (void)ldap_back_proxy_authz_ctrl_free( op, &ctrls );
+                               (void)ldap_back_controls_free( op, &rs, &ctrls );
                                goto retry;
                        }
                }
@@ -850,7 +858,7 @@ retry:
        }
 
 cleanup:
-       (void)ldap_back_proxy_authz_ctrl_free( op, &ctrls );
+       (void)ldap_back_controls_free( op, &rs, &ctrls );
 
        if ( result ) {
                ldap_msgfree( result );