Yet another schema error bug fix

[openldap] / servers / slapd / connection.c

diff --git a/servers/slapd/connection.c b/servers/slapd/connection.c
index 41828b6aca36d61430dd6c59c896e6edd6401a4a..0f4ce390dad14242e498e711b9ea3bd12e02aeb7 100644 (file)
--- a/servers/slapd/connection.c
+++ b/servers/slapd/connection.c
@@ -417,8 +417,6 @@ long connection_init(
                c->c_dn.bv_len = 0;
                c->c_ndn.bv_val = NULL;
                c->c_ndn.bv_len = 0;
-               c->c_cdn.bv_val = NULL;
-               c->c_cdn.bv_len = 0;
                c->c_groups = NULL;
 
                c->c_listener_url.bv_val = NULL;
@@ -461,7 +459,6 @@ long connection_init(
     assert( c->c_authmech.bv_val == NULL );
     assert( c->c_dn.bv_val == NULL );
     assert( c->c_ndn.bv_val == NULL );
-    assert( c->c_cdn.bv_val == NULL );
     assert( c->c_groups == NULL );
     assert( c->c_listener_url.bv_val == NULL );
     assert( c->c_peer_domain.bv_val == NULL );
@@ -573,8 +570,8 @@ long connection_init(
 
 void connection2anonymous( Connection *c )
 {
-    assert( connections != NULL );
-    assert( c != NULL );
+       assert( connections != NULL );
+       assert( c != NULL );
 
        {
                ber_len_t max = sockbuf_max_incoming;
@@ -587,35 +584,27 @@ void connection2anonymous( Connection *c )
        }
        c->c_authmech.bv_len = 0;
 
-    if(c->c_dn.bv_val != NULL) {
-       free(c->c_dn.bv_val);
-       c->c_dn.bv_val = NULL;
-    }
-    c->c_dn.bv_len = 0;
-    if(c->c_ndn.bv_val != NULL) {
-       free(c->c_ndn.bv_val);
-       c->c_ndn.bv_val = NULL;
-    }
-    c->c_ndn.bv_len = 0;
-
-       if(c->c_cdn.bv_val != NULL) {
-               free(c->c_cdn.bv_val);
-               c->c_cdn.bv_val = NULL;
+       if(c->c_dn.bv_val != NULL) {
+               free(c->c_dn.bv_val);
+               c->c_dn.bv_val = NULL;
        }
-       c->c_cdn.bv_len = 0;
+       c->c_dn.bv_len = 0;
+       if(c->c_ndn.bv_val != NULL) {
+               free(c->c_ndn.bv_val);
+               c->c_ndn.bv_val = NULL;
+       }
+       c->c_ndn.bv_len = 0;
 
        c->c_authz_backend = NULL;
-    
-    {
-       GroupAssertion *g, *n;
-       for (g = c->c_groups; g; g=n)
+       
        {
-           n = g->ga_next;
-           free(g);
+               GroupAssertion *g, *n;
+               for (g = c->c_groups; g; g=n) {
+                       n = g->ga_next;
+                       free(g);
+               }
+               c->c_groups = NULL;
        }
-       c->c_groups = NULL;
-    }
-
 }
 
 static void
@@ -1189,7 +1178,7 @@ int connection_read(ber_socket_t s)
 
                } else if ( rc == 0 ) {
                        void *ssl;
-                       char *authid;
+                       struct berval authid = { 0, NULL };
 
                        c->c_needs_tls_accept = 0;
 
@@ -1201,8 +1190,21 @@ int connection_read(ber_socket_t s)
                                c->c_ssf = c->c_tls_ssf;
                        }
 
-                       authid = (char *)ldap_pvt_tls_get_peer( ssl );
-                       slap_sasl_external( c, c->c_tls_ssf, authid );
+                       rc = dnX509peerNormalize( ssl, &authid );
+                       if ( rc != LDAP_SUCCESS ) {
+#ifdef NEW_LOGGING
+                               LDAP_LOG(( "connection", LDAP_LEVEL_INFO,
+                               "connection_read: conn %lu unable to get TLS client DN, error %d\n",
+                                       c->c_connid, rc));
+#else
+                               Debug( LDAP_DEBUG_TRACE,
+                               "connection_read(%d): unable to get TLS client DN "
+                               "error=%d id=%lu\n",
+                               s, rc, c->c_connid );
+#endif
+                       }
+                       slap_sasl_external( c, c->c_tls_ssf, authid.bv_val );
+                       if ( authid.bv_val )    free( authid.bv_val );
                }
                connection_return( c );
                ldap_pvt_thread_mutex_unlock( &connections_mutex );
@@ -1410,6 +1412,8 @@ connection_input(
 
        op = slap_op_alloc( ber, msgid, tag, conn->c_n_ops_received++ );
 
+       op->vrFilter = NULL;
+
        op->o_pagedresults_state = conn->c_pagedresults_state;
 
 #ifdef LDAP_CONNECTIONLESS