implement "realdn" by clause in ACLs (ITS#3627; accounting for Howard's remarks)

[openldap] / servers / slapd / controls.c

diff --git a/servers/slapd/controls.c b/servers/slapd/controls.c
index 78199b1d2e5e5425d2940fd92e02abb3957fedb4..27fe43f1c6161453fbaa8d452283f29f7b05a917 100644 (file)
--- a/servers/slapd/controls.c
+++ b/servers/slapd/controls.c
@@ -755,19 +755,17 @@ static int parseProxyAuthz (
                ctrl->ldctl_value.bv_len ?  ctrl->ldctl_value.bv_val : "anonymous",
                0 );
 
-       if( ctrl->ldctl_value.bv_len == 0 ) {
+       if ( ctrl->ldctl_value.bv_len == 0 ) {
                Debug( LDAP_DEBUG_TRACE,
                        "parseProxyAuthz: conn=%lu anonymous\n", 
                        op->o_connid, 0, 0 );
 
                /* anonymous */
-               free( op->o_dn.bv_val );
-               op->o_dn.bv_len = 0;
-               op->o_dn.bv_val = ch_strdup( "" );
-
-               free( op->o_ndn.bv_val );
+               op->o_ndn.bv_val[ 0 ] = '\0';
                op->o_ndn.bv_len = 0;
-               op->o_ndn.bv_val = ch_strdup( "" );
+
+               op->o_dn.bv_val[ 0 ] = '\0';
+               op->o_dn.bv_len = 0;
 
                return LDAP_SUCCESS;
        }
@@ -791,27 +789,26 @@ static int parseProxyAuthz (
 
        rc = slap_sasl_authorized( op, &op->o_ndn, &dn );
 
-       if( rc ) {
+       if ( rc ) {
                ch_free( dn.bv_val );
                rs->sr_text = "not authorized to assume identity";
                return LDAP_PROXY_AUTHZ_FAILURE;
        }
 
-       ch_free( op->o_dn.bv_val );
        ch_free( op->o_ndn.bv_val );
-
-       op->o_dn.bv_val = NULL;
-       op->o_ndn = dn;
-
-       Statslog( LDAP_DEBUG_STATS, "%s PROXYAUTHZ dn=\"%s\"\n",
-           op->o_log_prefix, dn.bv_val, 0, 0, 0 );
+       ch_free( op->o_dn.bv_val );
 
        /*
         * NOTE: since slap_sasl_getdn() returns a normalized dn,
         * from now on op->o_dn is normalized
         */
+       op->o_ndn = dn;
        ber_dupbv( &op->o_dn, &dn );
 
+
+       Statslog( LDAP_DEBUG_STATS, "%s PROXYAUTHZ dn=\"%s\"\n",
+           op->o_log_prefix, dn.bv_val, 0, 0, 0 );
+
        return LDAP_SUCCESS;
 }