X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=servers%2Fslapd%2Fback-ldap%2Fbind.c;h=cfecc0362f26c71747460936b1696b54065b7c02;hb=1a9bc6655ddf9a1d08ee4f5e6e4ef6a7707ca5f7;hp=5a7f133430c4c92db485bd7c7b3a52040141678a;hpb=ed369e02af625a5e16b5cc858454f63cd37b9684;p=openldap

diff --git a/servers/slapd/back-ldap/bind.c b/servers/slapd/back-ldap/bind.c
index 5a7f133430..cfecc0362f 100644
--- a/servers/slapd/back-ldap/bind.c
+++ b/servers/slapd/back-ldap/bind.c
@@ -2,7 +2,9 @@
 /* $OpenLDAP$ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1999-2003 The OpenLDAP Foundation.
+ * Copyright 1999-2004 The OpenLDAP Foundation.
+ * Portions Copyright 2000-2003 Pierangelo Masarati.
+ * Portions Copyright 1999-2003 Howard Chu.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -18,36 +20,6 @@
  * in OpenLDAP Software and subsequently enhanced by Pierangelo
  * Masarati.
  */
-/* This is an altered version */
-/*
- * Copyright 1999, Howard Chu, All rights reserved. <hyc@highlandsun.com>
- * 
- * Permission is granted to anyone to use this software for any purpose
- * on any computer system, and to alter it and redistribute it, subject
- * to the following restrictions:
- * 
- * 1. The author is not responsible for the consequences of use of this
- *    software, no matter how awful, even if they arise from flaws in it.
- * 
- * 2. The origin of this software must not be misrepresented, either by
- *    explicit claim or by omission.  Since few users ever read sources,
- *    credits should appear in the documentation.
- * 
- * 3. Altered versions must be plainly marked as such, and must not be
- *    misrepresented as being the original software.  Since few users
- *    ever read sources, credits should appear in the documentation.
- * 
- * 4. This notice may not be removed or altered.
- *
- *
- *
- * Copyright 2000, Pierangelo Masarati, All rights reserved. <ando@sys-net.it>
- * 
- * This software is being modified by Pierangelo Masarati.
- * The previously reported conditions apply to the modified code as well.
- * Changes in the original code are highlighted where required.
- * Credits for the original code go to the author, Howard Chu.
- */
 
 #include "portable.h"
 
@@ -418,7 +390,7 @@ ldap_back_dobind( struct ldapconn *lc, Operation *op, SlapReply *rs )
 		 * otherwise we cannot do symmetric pools of servers;
 		 * we have to live with the fact that a user can
 		 * authorize itself as any ID that is allowed
-		 * by the saslAuthzTo directive of the "binddn".
+		 * by the saslAuthzTo directive of the "proxyauthzdn".
 		 */
 		/*
 		 * NOTE: current Proxy Authorization specification
@@ -430,16 +402,17 @@ ldap_back_dobind( struct ldapconn *lc, Operation *op, SlapReply *rs )
 
 		/*
 		 * if no bind took place yet, but the connection is bound
-		 * and the binddn is set, then bind with binddn and 
-		 * explicitly add proxyAuthz control to every operation
-		 * with the dn bound to the connection as control value.
+		 * and the "proxyauthzdn" is set, then bind as 
+		 * "proxyauthzdn" and explicitly add the proxyAuthz 
+		 * control to every operation with the dn bound 
+		 * to the connection as control value.
 		 */
 		if ( ( lc->bound_dn.bv_val == NULL || lc->bound_dn.bv_len == 0 )
 	      			&& ( op->o_conn && op->o_conn->c_dn.bv_val != NULL && op->o_conn->c_dn.bv_len != 0 )
-	      			&& ( li->binddn.bv_val != NULL && li->binddn.bv_len != 0 ) 
+	      			&& ( li->proxyauthzdn.bv_val != NULL && li->proxyauthzdn.bv_len != 0 ) 
 	      			&& ! gotit ) {
-			rs->sr_err = ldap_sasl_bind(lc->ld, li->binddn.bv_val,
-				LDAP_SASL_SIMPLE, &li->bindpw, NULL, NULL, &msgid);
+			rs->sr_err = ldap_sasl_bind(lc->ld, li->proxyauthzdn.bv_val,
+				LDAP_SASL_SIMPLE, &li->proxyauthzpw, NULL, NULL, &msgid);
 
 		} else
 #endif /* LDAP_BACK_PROXY_AUTHZ */
@@ -600,8 +573,8 @@ ldap_back_op_result(struct ldapconn *lc, Operation *op, SlapReply *rs,
  * it might return some error if it failed.
  * 
  * if no bind took place yet, but the connection is bound
- * and the binddn is set, then bind with binddn and 
- * explicitly add proxyAuthz control to every operation
+ * and the "proxyauthzdn" is set, then bind as "proxyauthzdn" 
+ * and explicitly add proxyAuthz the control to every operation
  * with the dn bound to the connection as control value.
  *
  * If no server-side controls are defined for the operation,
@@ -624,7 +597,7 @@ ldap_back_proxy_authz_ctrl(
 
 	if ( ( lc->bound_dn.bv_val == NULL || lc->bound_dn.bv_len == 0 )
 	      		&& ( op->o_conn && op->o_conn->c_dn.bv_val != NULL && op->o_conn->c_dn.bv_len != 0 )
-	      		&& ( li->binddn.bv_val != NULL && li->binddn.bv_len != 0 ) ) {
+	      		&& ( li->proxyauthzdn.bv_val != NULL && li->proxyauthzdn.bv_len != 0 ) ) {
 		int	i = 0;
 
 		if ( !op->o_proxy_authz ) {
@@ -650,10 +623,10 @@ ldap_back_proxy_authz_ctrl(
 			/*
 			 * FIXME: we do not want to perform proxyAuthz
 			 * on behalf of the client, because this would
-			 * be performed with "binddn" privileges.
+			 * be performed with "proxyauthzdn" privileges.
 			 *
 			 * This might actually be too strict, since
-			 * the "binddn" saslAuthzTo, and each entry's
+			 * the "proxyauthzdn" saslAuthzTo, and each entry's
 			 * saslAuthzFrom attributes may be crafted
 			 * to avoid unwanted proxyAuthz to take place.
 			 */