ITS#4744 authzTo/authzFrom patterns are supposed to allow multiple targets.

author Howard Chu <hyc@openldap.org>

Sat, 11 Nov 2006 22:55:09 +0000 (22:55 +0000)

committer Howard Chu <hyc@openldap.org>

Sat, 11 Nov 2006 22:55:09 +0000 (22:55 +0000)
author Howard Chu <hyc@openldap.org>
Sat, 11 Nov 2006 22:55:09 +0000 (22:55 +0000)
committer Howard Chu <hyc@openldap.org>
Sat, 11 Nov 2006 22:55:09 +0000 (22:55 +0000)
diff --git a/servers/slapd/saslauthz.c b/servers/slapd/saslauthz.c

index 3fd24ad87d2386f35b584f493090694b036fbfd6..60f1879fcae60316a75832b5a076408e2e1548ff 100644 (file)
--- a/servers/slapd/saslauthz.c
+++ b/servers/slapd/saslauthz.c
@@ -1623,26 +1623,14 @@ static int sasl_sc_smatch( Operation *o, SlapReply *rs )
  {
         smatch_info *sm = o->o_callback->sc_private;
  
-       if ( rs->sr_type != REP_SEARCH ) {
-               if ( rs->sr_err != LDAP_SUCCESS ) {
-                       sm->match = -1;
-               }
-               return 0;
-       }
-
-       if ( sm->match == 1 ) {
-               sm->match = -1;
-               return 0;
-       }
+       if (rs->sr_type != REP_SEARCH) return 0;
  
         if (dn_match(sm->dn, &rs->sr_entry->e_nname)) {
                 sm->match = 1;
-
-       } else {
-               sm->match = -1;
+               return -1;      /* short-circuit the search */
         }
  
-       return 0;
+       return 1;
  }
  
  int
@@ -1859,7 +1847,7 @@ exact_match:
  
         op.o_bd->be_search( &op, &rs );
  
-       if (sm.match == 1) {
+       if (sm.match) {
                 rc = LDAP_SUCCESS;
         } else {
                 rc = LDAP_INAPPROPRIATE_AUTH;
author	Howard Chu <hyc@openldap.org>
	Sat, 11 Nov 2006 22:55:09 +0000 (22:55 +0000)
committer	Howard Chu <hyc@openldap.org>
	Sat, 11 Nov 2006 22:55:09 +0000 (22:55 +0000)