Another abandon check

[openldap] / servers / slapd / saslauthz.c

diff --git a/servers/slapd/saslauthz.c b/servers/slapd/saslauthz.c
index 3faedc8ff1e75cdcbdc55e8132edcec83f45d3c3..28e44248cd71df6f374ff5eb30119c134fd7d86f 100644 (file)
--- a/servers/slapd/saslauthz.c
+++ b/servers/slapd/saslauthz.c
@@ -1,7 +1,7 @@
 /* $OpenLDAP$ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
  * Portions Copyright 2000 Mark Adamson, Carnegie Mellon.
  * All rights reserved.
  *
@@ -411,6 +411,13 @@ is_dn:             bv.bv_len = uri->bv_len - (bv.bv_val - uri->bv_val);
        rc = ldap_url_parse( uri->bv_val, &ludp );
        switch ( rc ) {
        case LDAP_URL_SUCCESS:
+               /* FIXME: the check is pedantic, but I think it's necessary,
+                * because people tend to use things like ldaps:// which
+                * gives the idea SSL is being used.  Maybe we could
+                * accept ldapi:// as well, but the point is that we use
+                * an URL as an easy means to define bits of a search with
+                * little parsing.
+                */
                if ( strcasecmp( ludp->lud_scheme, "ldap" ) != 0 ) {
                        /*
                         * must be ldap:///
@@ -693,7 +700,9 @@ static int slap_authz_regexp( struct berval *in, struct berval *out,
                if ( !BER_BVISNULL( out ) ) {
                        char *val = out->bv_val;
                        ber_str2bv_x( val, 0, 1, out, ctx );
-                       free( val );
+                       if ( val != in->bv_val ) {
+                               free( val );
+                       }
                } else {
                        ber_dupbv_x( out, in, ctx );
                }
@@ -992,21 +1001,13 @@ exact_match:
                goto CONCLUDED;
        }
 
+       op.o_hdr = opx->o_hdr;
        op.o_tag = LDAP_REQ_SEARCH;
-       op.o_protocol = LDAP_VERSION3;
        op.o_ndn = *authc;
        op.o_callback = &cb;
        op.o_time = slap_get_time();
        op.o_do_not_cache = 1;
        op.o_is_auth_check = 1;
-       op.o_threadctx = opx->o_threadctx;
-       op.o_tmpmemctx = opx->o_tmpmemctx;
-       op.o_tmpmfuncs = opx->o_tmpmfuncs;
-#ifdef LDAP_SLAPI
-       op.o_pb = opx->o_pb;
-#endif
-       op.o_conn = opx->o_conn;
-       op.o_connid = opx->o_connid;
        /* use req_ndn as req_dn instead of non-pretty base of uri */
        if( !BER_BVISNULL( &base ) ) {
                ch_free( base.bv_val );
@@ -1100,8 +1101,7 @@ void slap_sasl2dn( Operation *opx,
                "converting SASL name %s to a DN\n",
                saslname->bv_val, 0,0 );
 
-       sasldn->bv_val = NULL;
-       sasldn->bv_len = 0;
+       BER_BVZERO( sasldn );
        cb.sc_private = sasldn;
 
        /* Convert the SASL name into a minimal URI */
@@ -1163,21 +1163,13 @@ void slap_sasl2dn( Operation *opx,
                goto FINISHED;
        }
 
-       op.o_conn = opx->o_conn;
-       op.o_connid = opx->o_connid;
+       op.o_hdr = opx->o_hdr;
        op.o_tag = LDAP_REQ_SEARCH;
-       op.o_protocol = LDAP_VERSION3;
        op.o_ndn = opx->o_conn->c_ndn;
        op.o_callback = &cb;
        op.o_time = slap_get_time();
        op.o_do_not_cache = 1;
        op.o_is_auth_check = 1;
-       op.o_threadctx = opx->o_threadctx;
-       op.o_tmpmemctx = opx->o_tmpmemctx;
-       op.o_tmpmfuncs = opx->o_tmpmfuncs;
-#ifdef LDAP_SLAPI
-       op.o_pb = opx->o_pb;
-#endif
        op.ors_deref = LDAP_DEREF_NEVER;
        op.ors_slimit = 1;
        op.ors_tlimit = SLAP_NO_LIMIT;