From HEAD

[openldap] / servers / slapd / saslauthz.c

diff --git a/servers/slapd/saslauthz.c b/servers/slapd/saslauthz.c
index 48ab0e900445932985069c94e196279152c2f987..dca9a0eb15c37e2f116a571c8dd266b9a7e239f3 100644 (file)
--- a/servers/slapd/saslauthz.c
+++ b/servers/slapd/saslauthz.c
@@ -211,35 +211,36 @@ static int slap_parseURI( Operation *op, struct berval *uri,
                        bv.bv_val++;
 
                        if ( !strncasecmp( bv.bv_val, "exact:", sizeof( "exact:" ) - 1 ) ) {
-                               bv.bv_val += sizeof( "exact" ) - 1;
+                               bv.bv_val += sizeof( "exact:" ) - 1;
                                *scope = LDAP_X_SCOPE_EXACT;
 
                        } else if ( !strncasecmp( bv.bv_val, "regex:", sizeof( "regex:" ) - 1 ) ) {
-                               bv.bv_val += sizeof( "regex" ) - 1;
+                               bv.bv_val += sizeof( "regex:" ) - 1;
                                *scope = LDAP_X_SCOPE_REGEX;
 
                        } else if ( !strncasecmp( bv.bv_val, "children:", sizeof( "chldren:" ) - 1 ) ) {
-                               bv.bv_val += sizeof( "children" ) - 1;
+                               bv.bv_val += sizeof( "children:" ) - 1;
                                *scope = LDAP_X_SCOPE_CHILDREN;
 
                        } else if ( !strncasecmp( bv.bv_val, "subtree:", sizeof( "subtree:" ) - 1 ) ) {
-                               bv.bv_val += sizeof( "subtree" ) - 1;
+                               bv.bv_val += sizeof( "subtree:" ) - 1;
                                *scope = LDAP_X_SCOPE_SUBTREE;
 
                        } else if ( !strncasecmp( bv.bv_val, "onelevel:", sizeof( "onelevel:" ) - 1 ) ) {
-                               bv.bv_val += sizeof( "onelevel" ) - 1;
+                               bv.bv_val += sizeof( "onelevel:" ) - 1;
                                *scope = LDAP_X_SCOPE_ONELEVEL;
 
                        } else {
                                return LDAP_PROTOCOL_ERROR;
                        }
+               } else {
+                       if ( bv.bv_val[ 0 ] != ':' ) {
+                               return LDAP_PROTOCOL_ERROR;
+                       }
+                       *scope = LDAP_X_SCOPE_EXACT;
+                       bv.bv_val++;
                }
 
-               if ( bv.bv_val[ 0 ] != ':' ) {
-                       return LDAP_PROTOCOL_ERROR;
-               }
-               bv.bv_val++;
-
                bv.bv_val += strspn( bv.bv_val, " " );
                /* jump here in case no type specification was present
                 * and uir was not an URI... HEADS-UP: assuming EXACT */
@@ -276,9 +277,9 @@ is_dn:              bv.bv_len = uri->bv_len - (bv.bv_val - uri->bv_val);
                Connection      c = *op->o_conn;
                char            buf[ SLAP_LDAPDN_MAXLEN ];
                struct berval   id,
-                               user = { 0, NULL },
-                               realm = { 0, NULL },
-                               mech = { 0, NULL };
+                               user = BER_BVNULL,
+                               realm = BER_BVNULL,
+                               mech = BER_BVNULL;
 
                if ( sizeof( buf ) <= uri->bv_len ) {
                        return LDAP_INVALID_SYNTAX;
@@ -632,9 +633,7 @@ int slap_sasl_match( Operation *opx, struct berval *rule,
                &op.ors_filterstr );
        if( rc != LDAP_SUCCESS ) goto CONCLUDED;
 
-       /* Massive shortcut: search scope == base */
        switch ( op.oq_search.rs_scope ) {
-       case LDAP_SCOPE_BASE:
        case LDAP_X_SCOPE_EXACT:
 exact_match:
                if ( dn_match( &op.o_req_ndn, assertDN ) ) {
@@ -663,6 +662,7 @@ exact_match:
 
                        if ( bv.bv_val[ -1 ] == ',' && dn_match( &op.o_req_ndn, &bv ) ) {
                                switch ( op.oq_search.rs_scope ) {
+                               case LDAP_X_SCOPE_SUBTREE:
                                case LDAP_X_SCOPE_CHILDREN:
                                        rc = LDAP_SUCCESS;
                                        break;
@@ -750,6 +750,9 @@ exact_match:
        op.o_conn = opx->o_conn;
        op.o_connid = opx->o_connid;
        op.o_req_dn = op.o_req_ndn;
+       op.oq_search.rs_slimit = 1;
+       op.oq_search.rs_tlimit = -1;
+       op.o_sync_slog_size = -1;
 
        op.o_bd->be_search( &op, &rs );
 
@@ -760,10 +763,10 @@ exact_match:
        }
 
 CONCLUDED:
-       if( op.o_req_dn.bv_len ) ch_free( op.o_req_dn.bv_val );
-       if( op.o_req_ndn.bv_len ) sl_free( op.o_req_ndn.bv_val, opx->o_tmpmemctx );
+       if( op.o_req_dn.bv_val && op.o_req_dn.bv_val != op.o_req_ndn.bv_val ) ch_free( op.o_req_dn.bv_val );
+       if( op.o_req_ndn.bv_val ) sl_free( op.o_req_ndn.bv_val, opx->o_tmpmemctx );
        if( op.oq_search.rs_filter ) filter_free_x( opx, op.oq_search.rs_filter );
-       if( op.ors_filterstr.bv_len ) ch_free( op.ors_filterstr.bv_val );
+       if( op.ors_filterstr.bv_val ) ch_free( op.ors_filterstr.bv_val );
 
 #ifdef NEW_LOGGING
        LDAP_LOG( TRANSPORT, ENTRY, 
@@ -849,7 +852,7 @@ void slap_sasl2dn( Operation *opx,
        slap_callback cb = { NULL, sasl_sc_sasl2dn, NULL, NULL };
        Operation op = {0};
        SlapReply rs = {REP_RESULT};
-       struct berval regout = { 0, NULL };
+       struct berval regout = BER_BVNULL;
 
 #ifdef NEW_LOGGING
        LDAP_LOG( TRANSPORT, ENTRY, 
@@ -881,9 +884,7 @@ void slap_sasl2dn( Operation *opx,
        /* Must do an internal search */
        op.o_bd = select_backend( &op.o_req_ndn, 0, 1 );
 
-       /* Massive shortcut: search scope == base */
        switch ( op.oq_search.rs_scope ) {
-       case LDAP_SCOPE_BASE:
        case LDAP_X_SCOPE_EXACT:
                *sasldn = op.o_req_ndn;
                op.o_req_ndn.bv_len = 0;
@@ -897,6 +898,7 @@ void slap_sasl2dn( Operation *opx,
                /* correctly parsed, but illegal */
                goto FINISHED;
 
+       case LDAP_SCOPE_BASE:
        case LDAP_SCOPE_ONELEVEL:
        case LDAP_SCOPE_SUBTREE:
 #ifdef LDAP_SCOPE_SUBORDINATE
@@ -941,6 +943,7 @@ void slap_sasl2dn( Operation *opx,
 #endif
        op.oq_search.rs_deref = LDAP_DEREF_NEVER;
        op.oq_search.rs_slimit = 1;
+       op.oq_search.rs_tlimit = -1;
        op.oq_search.rs_attrsonly = 1;
        op.o_req_dn = op.o_req_ndn;