NVALUES: fix a couple of value_find_ex() calls

[openldap] / servers / slapd / saslauthz.c

diff --git a/servers/slapd/saslauthz.c b/servers/slapd/saslauthz.c
index 9980b79ab5cbc094b69fe380e2e2180d09450c8f..775979bf1dc0914d952d2e16b375d8cb069de927 100644 (file)
--- a/servers/slapd/saslauthz.c
+++ b/servers/slapd/saslauthz.c
@@ -359,8 +359,8 @@ static int sasl_sc_sasl2dn( BackendDB *be, Connection *conn, Operation *o,
                ndn->bv_val = NULL;
 
 #ifdef NEW_LOGGING
-       LDAP_LOG( TRANSPORT, DETAIL1,
-                   "slap_sasl2dn: search DN returned more than 1 entry\n", 0, 0, 0 );
+               LDAP_LOG( TRANSPORT, DETAIL1,
+                       "slap_sasl2dn: search DN returned more than 1 entry\n", 0, 0, 0 );
 #else
                Debug( LDAP_DEBUG_TRACE,
                        "slap_sasl2dn: search DN returned more than 1 entry\n", 0,0,0 );
@@ -409,7 +409,12 @@ int slap_sasl_match(Connection *conn, struct berval *rule, struct berval *assert
        Filter *filter=NULL;
        regex_t reg;
        smatch_info sm;
-       slap_callback cb = { slap_cb_null_response, slap_cb_null_sresult, sasl_sc_smatch, NULL };
+       slap_callback cb = {
+               slap_cb_null_response,
+               slap_cb_null_sresult,
+               sasl_sc_smatch,
+               NULL
+       };
        Operation op = {0};
 
 #ifdef NEW_LOGGING
@@ -458,7 +463,6 @@ int slap_sasl_match(Connection *conn, struct berval *rule, struct berval *assert
                rc = LDAP_INAPPROPRIATE_AUTH;
                goto CONCLUDED;
        }
-       suffix_alias( be, &searchbase );
 
        sm.dn = assertDN;
        sm.match = 0;
@@ -470,6 +474,7 @@ int slap_sasl_match(Connection *conn, struct berval *rule, struct berval *assert
        op.o_callback = &cb;
        op.o_time = slap_get_time();
        op.o_do_not_cache = 1;
+       op.o_is_auth_check = 1;
        op.o_threadctx = conn->c_sasl_bindop->o_threadctx;
 
        (*be->be_search)( be, conn, &op, /*base=*/NULL, &searchbase,
@@ -623,7 +628,6 @@ void slap_sasl2dn( Connection *conn,
        if(( be == NULL ) || ( be->be_search == NULL)) {
                goto FINISHED;
        }
-       suffix_alias( be, &dn );
 
        op.o_tag = LDAP_REQ_SEARCH;
        op.o_protocol = LDAP_VERSION3;
@@ -631,7 +635,9 @@ void slap_sasl2dn( Connection *conn,
        op.o_callback = &cb;
        op.o_time = slap_get_time();
        op.o_do_not_cache = 1;
-       op.o_threadctx = conn->c_sasl_bindop->o_threadctx;
+       op.o_is_auth_check = 1;
+       op.o_threadctx = conn->c_sasl_bindop ? conn->c_sasl_bindop->o_threadctx:
+               ldap_pvt_thread_pool_context( &connection_pool );
 
        (*be->be_search)( be, conn, &op, NULL, &dn,
                scope, LDAP_DEREF_NEVER, 1, 0,
@@ -689,7 +695,7 @@ int slap_sasl_authorized( Connection *conn,
        }
 
        /* Allow the manager to authorize as any DN. */
-       if( be_isroot( conn->c_authz_backend, authcDN )) {
+       if( conn->c_authz_backend && be_isroot( conn->c_authz_backend, authcDN )) {
                rc = LDAP_SUCCESS;
                goto DONE;
        }