Fix strchrlen running past end of berval

[openldap] / servers / slapd / saslauthz.c

diff --git a/servers/slapd/saslauthz.c b/servers/slapd/saslauthz.c
index 42bb8a136810b99e193f7fd7f0f886832b6fe215..dec004141559283d05ee695bce7fb38c17f21a5f 100644 (file)
--- a/servers/slapd/saslauthz.c
+++ b/servers/slapd/saslauthz.c
@@ -1,7 +1,7 @@
 /* $OpenLDAP$ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2005 The OpenLDAP Foundation.
+ * Copyright 1998-2006 The OpenLDAP Foundation.
  * Portions Copyright 2000 Mark Adamson, Carnegie Mellon.
  * All rights reserved.
  *
@@ -202,7 +202,6 @@ int slap_parse_user( struct berval *id, struct berval *user,
        return LDAP_SUCCESS;
 }
 
-#ifdef SLAP_AUTHZ_SYNTAX
 int
 authzValidate(
        Syntax *syntax,
@@ -919,7 +918,6 @@ authzPretty(
        return rc;
 }
 
-#endif /* SLAP_AUTHZ_SYNTAX */
 
 static int
 slap_parseURI(
@@ -936,9 +934,7 @@ slap_parseURI(
        int             rc;
        LDAPURLDesc     *ludp;
 
-#ifdef SLAP_ORDERED_PRETTYNORM
        struct berval   idx;
-#endif /* SLAP_ORDERED_PRETTYNORM */
 
        assert( uri != NULL && !BER_BVISNULL( uri ) );
        BER_BVZERO( base );
@@ -952,7 +948,6 @@ slap_parseURI(
 
        rc = LDAP_PROTOCOL_ERROR;
 
-#ifdef SLAP_ORDERED_PRETTYNORM
        idx = *uri;
        if ( idx.bv_val[ 0 ] == '{' ) {
                char    *ptr;
@@ -965,7 +960,6 @@ slap_parseURI(
                idx.bv_val = ptr;
                uri = &idx;
        }
-#endif /* SLAP_ORDERED_PRETTYNORM */
 
        /*
         * dn[.<dnstyle>]:<dnpattern>
@@ -1576,24 +1570,25 @@ static int slap_authz_regexp( struct berval *in, struct berval *out,
 }
 
 /* This callback actually does some work...*/
-static int sasl_sc_sasl2dn( Operation *o, SlapReply *rs )
+static int sasl_sc_sasl2dn( Operation *op, SlapReply *rs )
 {
-       struct berval *ndn = o->o_callback->sc_private;
+       struct berval *ndn = op->o_callback->sc_private;
 
-       if (rs->sr_type != REP_SEARCH) return 0;
+       if ( rs->sr_type != REP_SEARCH ) return LDAP_SUCCESS;
 
        /* We only want to be called once */
        if ( !BER_BVISNULL( ndn ) ) {
-               o->o_tmpfree(ndn->bv_val, o->o_tmpmemctx);
+               op->o_tmpfree( ndn->bv_val, op->o_tmpmemctx );
                BER_BVZERO( ndn );
 
                Debug( LDAP_DEBUG_TRACE,
-                       "slap_sc_sasl2dn: search DN returned more than 1 entry\n", 0, 0, 0 );
-               return -1;
+                       "%s: slap_sc_sasl2dn: search DN returned more than 1 entry\n",
+                       op->o_log_prefix, 0, 0 );
+               return LDAP_OTHER;
        }
 
-       ber_dupbv_x(ndn, &rs->sr_entry->e_nname, o->o_tmpmemctx);
-       return 0;
+       ber_dupbv_x( ndn, &rs->sr_entry->e_nname, op->o_tmpmemctx );
+       return LDAP_SUCCESS;
 }
 
 
@@ -1677,13 +1672,7 @@ slap_sasl_match( Operation *opx, struct berval *rule,
 
        /* NOTE: don't normalize rule if authz syntax is enabled */
        rc = slap_parseURI( opx, rule, &base, &op.o_req_ndn,
-               &op.ors_scope, &op.ors_filter, &op.ors_filterstr, 
-#ifdef SLAP_AUTHZ_SYNTAX
-               0
-#else /* ! SLAP_AUTHZ_SYNTAX */
-               1
-#endif /* ! SLAP_AUTHZ_SYNTAX */
-               );
+               &op.ors_scope, &op.ors_filter, &op.ors_filterstr, 0 );
 
        if( rc != LDAP_SUCCESS ) goto CONCLUDED;
 
@@ -2055,7 +2044,8 @@ int slap_sasl_authorized( Operation *op,
 
        Debug( LDAP_DEBUG_TRACE,
           "==>slap_sasl_authorized: can %s become %s?\n",
-               authcDN->bv_val, authzDN->bv_val, 0 );
+               authcDN->bv_len ? authcDN->bv_val : "(null)",
+               authzDN->bv_len ? authzDN->bv_val : "(null)",  0 );
 
        /* If person is authorizing to self, succeed */
        if ( dn_match( authcDN, authzDN ) ) {