cleanup bind

[openldap] / servers / slapd / saslauthz.c

diff --git a/servers/slapd/saslauthz.c b/servers/slapd/saslauthz.c
index b243542d9e259894b8db74bee2d054388438b276..775979bf1dc0914d952d2e16b375d8cb069de927 100644 (file)
--- a/servers/slapd/saslauthz.c
+++ b/servers/slapd/saslauthz.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1998-2002 The OpenLDAP Foundation, All Rights Reserved.
+ * Copyright 1998-2003 The OpenLDAP Foundation, All Rights Reserved.
  * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
  */
 /*
@@ -341,6 +341,12 @@ void slap_cb_null_sresult( Connection *conn, Operation *o, ber_int_t err,
 {
 }
 
+int slap_cb_null_sreference( BackendDB *db, Connection *conn, Operation *o, 
+       Entry *e, BerVarray r, LDAPControl **c, BerVarray *v2)
+{
+       return 0;
+}
+
 /* This callback actually does some work...*/
 static int sasl_sc_sasl2dn( BackendDB *be, Connection *conn, Operation *o,
        Entry *e, AttributeName *an, int ao, LDAPControl **c)
@@ -353,8 +359,8 @@ static int sasl_sc_sasl2dn( BackendDB *be, Connection *conn, Operation *o,
                ndn->bv_val = NULL;
 
 #ifdef NEW_LOGGING
-       LDAP_LOG( TRANSPORT, DETAIL1,
-                   "slap_sasl2dn: search DN returned more than 1 entry\n", 0, 0, 0 );
+               LDAP_LOG( TRANSPORT, DETAIL1,
+                       "slap_sasl2dn: search DN returned more than 1 entry\n", 0, 0, 0 );
 #else
                Debug( LDAP_DEBUG_TRACE,
                        "slap_sasl2dn: search DN returned more than 1 entry\n", 0,0,0 );
@@ -403,7 +409,12 @@ int slap_sasl_match(Connection *conn, struct berval *rule, struct berval *assert
        Filter *filter=NULL;
        regex_t reg;
        smatch_info sm;
-       slap_callback cb = { slap_cb_null_response, slap_cb_null_sresult, sasl_sc_smatch, NULL };
+       slap_callback cb = {
+               slap_cb_null_response,
+               slap_cb_null_sresult,
+               sasl_sc_smatch,
+               NULL
+       };
        Operation op = {0};
 
 #ifdef NEW_LOGGING
@@ -452,7 +463,6 @@ int slap_sasl_match(Connection *conn, struct berval *rule, struct berval *assert
                rc = LDAP_INAPPROPRIATE_AUTH;
                goto CONCLUDED;
        }
-       suffix_alias( be, &searchbase );
 
        sm.dn = assertDN;
        sm.match = 0;
@@ -464,6 +474,7 @@ int slap_sasl_match(Connection *conn, struct berval *rule, struct berval *assert
        op.o_callback = &cb;
        op.o_time = slap_get_time();
        op.o_do_not_cache = 1;
+       op.o_is_auth_check = 1;
        op.o_threadctx = conn->c_sasl_bindop->o_threadctx;
 
        (*be->be_search)( be, conn, &op, /*base=*/NULL, &searchbase,
@@ -564,7 +575,7 @@ void slap_sasl2dn( Connection *conn,
        int scope = LDAP_SCOPE_BASE;
        Filter *filter = NULL;
        slap_callback cb = { slap_cb_null_response,
-               slap_cb_null_sresult, sasl_sc_sasl2dn, NULL};
+               slap_cb_null_sresult, sasl_sc_sasl2dn, slap_cb_null_sreference, NULL};
        Operation op = {0};
        struct berval regout = { 0, NULL };
 
@@ -617,7 +628,6 @@ void slap_sasl2dn( Connection *conn,
        if(( be == NULL ) || ( be->be_search == NULL)) {
                goto FINISHED;
        }
-       suffix_alias( be, &dn );
 
        op.o_tag = LDAP_REQ_SEARCH;
        op.o_protocol = LDAP_VERSION3;
@@ -625,7 +635,9 @@ void slap_sasl2dn( Connection *conn,
        op.o_callback = &cb;
        op.o_time = slap_get_time();
        op.o_do_not_cache = 1;
-       op.o_threadctx = conn->c_sasl_bindop->o_threadctx;
+       op.o_is_auth_check = 1;
+       op.o_threadctx = conn->c_sasl_bindop ? conn->c_sasl_bindop->o_threadctx:
+               ldap_pvt_thread_pool_context( &connection_pool );
 
        (*be->be_search)( be, conn, &op, NULL, &dn,
                scope, LDAP_DEREF_NEVER, 1, 0,
@@ -683,7 +695,7 @@ int slap_sasl_authorized( Connection *conn,
        }
 
        /* Allow the manager to authorize as any DN. */
-       if( be_isroot( conn->c_authz_backend, authcDN )) {
+       if( conn->c_authz_backend && be_isroot( conn->c_authz_backend, authcDN )) {
                rc = LDAP_SUCCESS;
                goto DONE;
        }