/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2007 The OpenLDAP Foundation.
+ * Copyright 1998-2012 The OpenLDAP Foundation.
* Portions Copyright 2000 Mark Adamson, Carnegie Mellon.
* All rights reserved.
*
return( rc );
}
-#if 0
-int
-authzMatch(
- int *matchp,
- slap_mask_t flags,
- Syntax *syntax,
- MatchingRule *mr,
- struct berval *value,
- void *assertedValue )
-{
- return octetStringMatch( matchp, flags, syntax, mr, value, assertedValue );
-}
-#endif
-
static int
authzPrettyNormal(
struct berval *val,
done:
if( rc != LDAP_SUCCESS ) {
- if( *filter ) filter_free_x( op, *filter );
+ if( *filter ) filter_free_x( op, *filter, 1 );
BER_BVZERO( base );
BER_BVZERO( fstr );
} else {
Debug( LDAP_DEBUG_TRACE,
"===>slap_sasl_match: comparing DN %s to rule %s\n",
- assertDN->bv_val, rule->bv_val, 0 );
+ assertDN->bv_len ? assertDN->bv_val : "(null)", rule->bv_val, 0 );
/* NOTE: don't normalize rule if authz syntax is enabled */
rc = slap_parseURI( opx, rule, &base, &op.o_req_ndn,
/* leave room for at least one char of attributeType,
* one for '=' and one for ',' */
- if ( d < STRLENOF( "x=,") ) {
+ if ( d < (int) STRLENOF( "x=,") ) {
goto CONCLUDED;
}
"slap_sasl_match: performing internal search (base=%s, scope=%d)\n",
op.o_req_ndn.bv_val, op.ors_scope, 0 );
- op.o_bd = select_backend( &op.o_req_ndn, 0, 1 );
+ op.o_bd = select_backend( &op.o_req_ndn, 1 );
if(( op.o_bd == NULL ) || ( op.o_bd->be_search == NULL)) {
rc = LDAP_INAPPROPRIATE_AUTH;
goto CONCLUDED;
CONCLUDED:
if( !BER_BVISNULL( &op.o_req_dn ) ) slap_sl_free( op.o_req_dn.bv_val, opx->o_tmpmemctx );
if( !BER_BVISNULL( &op.o_req_ndn ) ) slap_sl_free( op.o_req_ndn.bv_val, opx->o_tmpmemctx );
- if( op.ors_filter ) filter_free_x( opx, op.ors_filter );
+ if( op.ors_filter ) filter_free_x( opx, op.ors_filter, 1 );
if( !BER_BVISNULL( &op.ors_filterstr ) ) ch_free( op.ors_filterstr.bv_val );
Debug( LDAP_DEBUG_TRACE,
}
/* Must do an internal search */
- op.o_bd = select_backend( &op.o_req_ndn, 0, 1 );
+ op.o_bd = select_backend( &op.o_req_ndn, 1 );
switch ( op.ors_scope ) {
case LDAP_X_SCOPE_EXACT:
op.o_bd->be_search( &op, &rs );
FINISHED:
- if( !BER_BVISEMPTY( sasldn ) ) {
+ if( opx == opx->o_conn->c_sasl_bindop && !BER_BVISEMPTY( sasldn ) ) {
opx->o_conn->c_authz_backend = op.o_bd;
}
if( !BER_BVISNULL( &op.o_req_dn ) ) {
slap_sl_free( op.o_req_ndn.bv_val, opx->o_tmpmemctx );
}
if( op.ors_filter ) {
- filter_free_x( opx, op.ors_filter );
+ filter_free_x( opx, op.ors_filter, 1 );
}
if( !BER_BVISNULL( &op.ors_filterstr ) ) {
ch_free( op.ors_filterstr.bv_val );
int rc = LDAP_INAPPROPRIATE_AUTH;
/* User binding as anonymous */
- if ( authzDN == NULL ) {
+ if ( !authzDN || !authzDN->bv_len || !authzDN->bv_val ) {
rc = LDAP_SUCCESS;
goto DONE;
}
+ /* User is anonymous */
+ if ( !authcDN || !authcDN->bv_len || !authcDN->bv_val ) {
+ goto DONE;
+ }
+
Debug( LDAP_DEBUG_TRACE,
"==>slap_sasl_authorized: can %s become %s?\n",
authcDN->bv_len ? authcDN->bv_val : "(null)",
projects / openldap / blobdiff