X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=servers%2Fslapd%2Fback-ldap%2Fbind.c;h=cfecc0362f26c71747460936b1696b54065b7c02;hb=1a9bc6655ddf9a1d08ee4f5e6e4ef6a7707ca5f7;hp=5a7f133430c4c92db485bd7c7b3a52040141678a;hpb=ed369e02af625a5e16b5cc858454f63cd37b9684;p=openldap
diff --git a/servers/slapd/back-ldap/bind.c b/servers/slapd/back-ldap/bind.c
index 5a7f133430..cfecc0362f 100644
--- a/servers/slapd/back-ldap/bind.c
+++ b/servers/slapd/back-ldap/bind.c
@@ -2,7 +2,9 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software .
*
- * Copyright 1999-2003 The OpenLDAP Foundation.
+ * Copyright 1999-2004 The OpenLDAP Foundation.
+ * Portions Copyright 2000-2003 Pierangelo Masarati.
+ * Portions Copyright 1999-2003 Howard Chu.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -18,36 +20,6 @@
* in OpenLDAP Software and subsequently enhanced by Pierangelo
* Masarati.
*/
-/* This is an altered version */
-/*
- * Copyright 1999, Howard Chu, All rights reserved.
- *
- * Permission is granted to anyone to use this software for any purpose
- * on any computer system, and to alter it and redistribute it, subject
- * to the following restrictions:
- *
- * 1. The author is not responsible for the consequences of use of this
- * software, no matter how awful, even if they arise from flaws in it.
- *
- * 2. The origin of this software must not be misrepresented, either by
- * explicit claim or by omission. Since few users ever read sources,
- * credits should appear in the documentation.
- *
- * 3. Altered versions must be plainly marked as such, and must not be
- * misrepresented as being the original software. Since few users
- * ever read sources, credits should appear in the documentation.
- *
- * 4. This notice may not be removed or altered.
- *
- *
- *
- * Copyright 2000, Pierangelo Masarati, All rights reserved.
- *
- * This software is being modified by Pierangelo Masarati.
- * The previously reported conditions apply to the modified code as well.
- * Changes in the original code are highlighted where required.
- * Credits for the original code go to the author, Howard Chu.
- */
#include "portable.h"
@@ -418,7 +390,7 @@ ldap_back_dobind( struct ldapconn *lc, Operation *op, SlapReply *rs )
* otherwise we cannot do symmetric pools of servers;
* we have to live with the fact that a user can
* authorize itself as any ID that is allowed
- * by the saslAuthzTo directive of the "binddn".
+ * by the saslAuthzTo directive of the "proxyauthzdn".
*/
/*
* NOTE: current Proxy Authorization specification
@@ -430,16 +402,17 @@ ldap_back_dobind( struct ldapconn *lc, Operation *op, SlapReply *rs )
/*
* if no bind took place yet, but the connection is bound
- * and the binddn is set, then bind with binddn and
- * explicitly add proxyAuthz control to every operation
- * with the dn bound to the connection as control value.
+ * and the "proxyauthzdn" is set, then bind as
+ * "proxyauthzdn" and explicitly add the proxyAuthz
+ * control to every operation with the dn bound
+ * to the connection as control value.
*/
if ( ( lc->bound_dn.bv_val == NULL || lc->bound_dn.bv_len == 0 )
&& ( op->o_conn && op->o_conn->c_dn.bv_val != NULL && op->o_conn->c_dn.bv_len != 0 )
- && ( li->binddn.bv_val != NULL && li->binddn.bv_len != 0 )
+ && ( li->proxyauthzdn.bv_val != NULL && li->proxyauthzdn.bv_len != 0 )
&& ! gotit ) {
- rs->sr_err = ldap_sasl_bind(lc->ld, li->binddn.bv_val,
- LDAP_SASL_SIMPLE, &li->bindpw, NULL, NULL, &msgid);
+ rs->sr_err = ldap_sasl_bind(lc->ld, li->proxyauthzdn.bv_val,
+ LDAP_SASL_SIMPLE, &li->proxyauthzpw, NULL, NULL, &msgid);
} else
#endif /* LDAP_BACK_PROXY_AUTHZ */
@@ -600,8 +573,8 @@ ldap_back_op_result(struct ldapconn *lc, Operation *op, SlapReply *rs,
* it might return some error if it failed.
*
* if no bind took place yet, but the connection is bound
- * and the binddn is set, then bind with binddn and
- * explicitly add proxyAuthz control to every operation
+ * and the "proxyauthzdn" is set, then bind as "proxyauthzdn"
+ * and explicitly add proxyAuthz the control to every operation
* with the dn bound to the connection as control value.
*
* If no server-side controls are defined for the operation,
@@ -624,7 +597,7 @@ ldap_back_proxy_authz_ctrl(
if ( ( lc->bound_dn.bv_val == NULL || lc->bound_dn.bv_len == 0 )
&& ( op->o_conn && op->o_conn->c_dn.bv_val != NULL && op->o_conn->c_dn.bv_len != 0 )
- && ( li->binddn.bv_val != NULL && li->binddn.bv_len != 0 ) ) {
+ && ( li->proxyauthzdn.bv_val != NULL && li->proxyauthzdn.bv_len != 0 ) ) {
int i = 0;
if ( !op->o_proxy_authz ) {
@@ -650,10 +623,10 @@ ldap_back_proxy_authz_ctrl(
/*
* FIXME: we do not want to perform proxyAuthz
* on behalf of the client, because this would
- * be performed with "binddn" privileges.
+ * be performed with "proxyauthzdn" privileges.
*
* This might actually be too strict, since
- * the "binddn" saslAuthzTo, and each entry's
+ * the "proxyauthzdn" saslAuthzTo, and each entry's
* saslAuthzFrom attributes may be crafted
* to avoid unwanted proxyAuthz to take place.
*/