X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=servers%2Fslapd%2Fbind.c;h=6480cf7fb82b5fcaa375e44e08ab3e2a9737df07;hb=0f30fb0d8f0adbbb7b41fd455c57aa56d64c9853;hp=169b3e05f54454d9edc79379970114a2b3c75125;hpb=f49fd8a98e6849f74e50a01165f4214b065b9b00;p=openldap

diff --git a/servers/slapd/bind.c b/servers/slapd/bind.c
index 169b3e05f5..6480cf7fb8 100644
--- a/servers/slapd/bind.c
+++ b/servers/slapd/bind.c
@@ -251,6 +251,14 @@ do_bind(
 			goto cleanup;
 		}
 
+		/* check restrictions */
+		rc = backend_check_restrictions( NULL, conn, op, mech, &text );
+		if( rc != LDAP_SUCCESS ) {
+			send_ldap_result( conn, op, rc,
+				NULL, text, NULL, NULL );
+			goto cleanup;
+		}
+
 		ldap_pvt_thread_mutex_lock( &conn->c_mutex );
 		if ( conn->c_sasl_bind_in_progress ) {
 			if((strcmp(conn->c_sasl_bind_mech, mech) != 0)) {
@@ -272,10 +280,18 @@ do_bind(
 			conn->c_authmech = conn->c_sasl_bind_mech;
 			conn->c_sasl_bind_mech = NULL;
 			conn->c_sasl_bind_in_progress = 0;
+
 			conn->c_sasl_ssf = ssf;
 			if( ssf > conn->c_ssf ) {
 				conn->c_ssf = ssf;
 			}
+
+			if( conn->c_dn != NULL ) {
+				ber_len_t max = sockbuf_max_incoming;
+				ber_sockbuf_ctrl( conn->c_sb,
+					LBER_SB_OPT_SET_MAX_INCOMING, &max );
+			}
+
 		} else if ( rc == LDAP_SASL_BIND_IN_PROGRESS ) {
 			conn->c_sasl_bind_in_progress = 1;
 
@@ -327,6 +343,9 @@ do_bind(
 				/* disallow */
 				rc = LDAP_INAPPROPRIATE_AUTH;
 				text = "anonymous bind disallowed";
+
+			} else {
+				rc = backend_check_restrictions( NULL, conn, op, mech, &text );
 			}
 
 			/*
@@ -411,8 +430,13 @@ do_bind(
 
 	if ( (be = select_backend( ndn, 0 )) == NULL ) {
 		if ( default_referral ) {
+			struct berval **ref = referral_rewrite( default_referral,
+				NULL, dn, LDAP_SCOPE_DEFAULT );
+
 			send_ldap_result( conn, op, rc = LDAP_REFERRAL,
-				NULL, NULL, default_referral, NULL );
+				NULL, NULL, ref ? ref : default_referral, NULL );
+
+			ber_bvecfree( ref );
 
 		} else {
 			/* noSuchObject is not allowed to be returned by bind */
@@ -424,7 +448,7 @@ do_bind(
 	}
 
 	/* check restrictions */
-	rc = backend_check_restrictions( be, conn, op, NULL, &text ) ;
+	rc = backend_check_restrictions( be, conn, op, NULL, &text );
 	if( rc != LDAP_SUCCESS ) {
 		send_ldap_result( conn, op, rc,
 			NULL, text, NULL, NULL );
@@ -457,6 +481,12 @@ do_bind(
 				ndn = NULL;
 			}
 
+			if( conn->c_dn != NULL ) {
+				ber_len_t max = sockbuf_max_incoming;
+				ber_sockbuf_ctrl( conn->c_sb,
+					LBER_SB_OPT_SET_MAX_INCOMING, &max );
+			}
+
 #ifdef NEW_LOGGING
 			LDAP_LOG(( "operation", LDAP_LEVEL_DETAIL1,
 				   "do_bind: conn %d  v%d bind: \"%s\" to \"%s\" \n",