SLAP_CTRL_GLOBAL|SLAP_CTRL_ACCESS,
proxy_authz_extops, NULL,
parseProxyAuthz, LDAP_SLIST_ENTRY_INITIALIZER(next) },
- { NULL, 0, 0, NULL, 0, LDAP_SLIST_ENTRY_INITIALIZER(next) }
+ { NULL, 0, 0, NULL, 0, NULL, LDAP_SLIST_ENTRY_INITIALIZER(next) }
};
static struct slap_control *
} else {
if ( sc->sc_extendedopsbv ) {
- ber_bvarray_free( sc->sc_extendedops );
+ /* FIXME: in principle, we should rather merge
+ * existing extops with those supported by the
+ * new control handling implementation.
+ * In fact, whether a control is compatible with
+ * an extop should not be a matter of implementation.
+ * We likely also need a means for a newly
+ * registered extop to declare that it is
+ * comptible with an already registered control.
+ */
+ ber_bvarray_free( sc->sc_extendedopsbv );
+ sc->sc_extendedopsbv = NULL;
sc->sc_extendedops = NULL;
}
}
if ( !( global_allows & SLAP_ALLOW_PROXY_AUTHZ_ANON )
&& BER_BVISEMPTY( &op->o_ndn ) )
{
- rs->sr_text = "anonymous proxyAuthz not allowed";
- return LDAP_PROXY_AUTHZ_FAILURE;
+ rs->sr_text = "anonymous proxied authorization not allowed";
+ return LDAP_PROXIED_AUTHORIZATION_DENIED;
}
op->o_proxy_authz = ctrl->ldctl_iscritical
ch_free( dn.bv_val );
}
rs->sr_text = "authzId mapping failed";
- return LDAP_PROXY_AUTHZ_FAILURE;
+ return LDAP_PROXIED_AUTHORIZATION_DENIED;
}
Debug( LDAP_DEBUG_TRACE,
if ( rc ) {
ch_free( dn.bv_val );
rs->sr_text = "not authorized to assume identity";
- return LDAP_PROXY_AUTHZ_FAILURE;
+ return LDAP_PROXIED_AUTHORIZATION_DENIED;
}
ch_free( op->o_ndn.bv_val );
projects / openldap / blobdiff