X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;ds=sidebyside;f=servers%2Fslapd%2Fsaslauthz.c;h=c42a7eb8a1088ac5e33227333f12bc738de760d1;hb=f59cf6698755c2cb689a09c17d2134a267dafbdc;hp=dfae18f99e7cfdab77b1aeae1d48cc579f5d661a;hpb=79766910707979b7e8dce96980d37ccc12bd9799;p=openldap

diff --git a/servers/slapd/saslauthz.c b/servers/slapd/saslauthz.c
index dfae18f99e..c42a7eb8a1 100644
--- a/servers/slapd/saslauthz.c
+++ b/servers/slapd/saslauthz.c
@@ -312,18 +312,27 @@ is_dn:		bv.bv_len = uri->bv_len - (bv.bv_val - uri->bv_val);
 	}
 		
 	rc = ldap_url_parse( uri->bv_val, &ludp );
-	if ( rc == LDAP_URL_ERR_BADSCHEME ) {
+ 	switch ( rc ) {
+ 	case LDAP_URL_SUCCESS:
+ 		if ( strcasecmp( ludp->lud_scheme, "ldap" ) != 0 ) {
+ 			/*
+ 			 * must be ldap:///
+ 			 */
+ 			return LDAP_PROTOCOL_ERROR;
+ 		}
+ 		break;
+ 
+ 	case LDAP_URL_ERR_BADSCHEME:
 		/* last chance: assume it's a(n exact) DN ... */
 		bv.bv_val = uri->bv_val;
 		*scope = LDAP_X_SCOPE_EXACT;
 		goto is_dn;
-	}
 
-	if ( rc != LDAP_URL_SUCCESS ) {
+	default:
 		return LDAP_PROTOCOL_ERROR;
 	}
 
-	if (( ludp->lud_host && *ludp->lud_host )
+	if ( ( ludp->lud_host && *ludp->lud_host )
 		|| ludp->lud_attrs || ludp->lud_exts )
 	{
 		/* host part must be empty */
@@ -923,7 +932,13 @@ void slap_sasl2dn( Operation *opx,
 		op.o_req_ndn.bv_val, op.oq_search.rs_scope, 0 );
 #endif
 
-	if(( op.o_bd == NULL ) || ( op.o_bd->be_search == NULL)) {
+	if ( ( op.o_bd == NULL ) || ( op.o_bd->be_search == NULL) ) {
+		goto FINISHED;
+	}
+
+	/* Must run an internal search. */
+	if ( op.ors_filter == NULL ) {
+		rc = LDAP_FILTER_ERROR;
 		goto FINISHED;
 	}