ITS#5490

[openldap] / servers / slapd / saslauthz.c

diff --git a/servers/slapd/saslauthz.c b/servers/slapd/saslauthz.c
index 135c242fe53a4bf33dfeabf7bd9ad116da99c2ad..fafc2a4d91a51e2eca71c0b2a90538298ecbc4d4 100644 (file)
--- a/servers/slapd/saslauthz.c
+++ b/servers/slapd/saslauthz.c
@@ -1,7 +1,7 @@
 /* $OpenLDAP$ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2007 The OpenLDAP Foundation.
+ * Copyright 1998-2008 The OpenLDAP Foundation.
  * Portions Copyright 2000 Mark Adamson, Carnegie Mellon.
  * All rights reserved.
  *
@@ -1665,7 +1665,7 @@ slap_sasl_match( Operation *opx, struct berval *rule,
 
        Debug( LDAP_DEBUG_TRACE,
           "===>slap_sasl_match: comparing DN %s to rule %s\n",
-               assertDN->bv_val, rule->bv_val, 0 );
+               assertDN->bv_len ? assertDN->bv_val : "(null)", rule->bv_val, 0 );
 
        /* NOTE: don't normalize rule if authz syntax is enabled */
        rc = slap_parseURI( opx, rule, &base, &op.o_req_ndn,
@@ -2038,11 +2038,16 @@ int slap_sasl_authorized( Operation *op,
        int rc = LDAP_INAPPROPRIATE_AUTH;
 
        /* User binding as anonymous */
-       if ( authzDN == NULL ) {
+       if ( !authzDN || !authzDN->bv_len || !authzDN->bv_val ) {
                rc = LDAP_SUCCESS;
                goto DONE;
        }
 
+       /* User is anonymous */
+       if ( !authcDN || !authcDN->bv_len || !authcDN->bv_val ) {
+               goto DONE;
+       }
+
        Debug( LDAP_DEBUG_TRACE,
           "==>slap_sasl_authorized: can %s become %s?\n",
                authcDN->bv_len ? authcDN->bv_val : "(null)",