Update proxied authorization implementation to use IANA

assigned result code.

diff --git a/include/ldap.h b/include/ldap.h
index ecad4b550ef873373ca9568737553f8be8acce18..1ca22a7f4dd877195aa432062a9707966053eef9 100644 (file)
--- a/include/ldap.h
+++ b/include/ldap.h
@@ -544,7 +544,7 @@ typedef struct ldapcontrol {
 
 #define LDAP_SECURITY_ERROR(n) LDAP_RANGE((n),0x2F,0x32) /* 47-50 */
 
-#define LDAP_PROXY_AUTHZ_FAILURE       0x2F /* LDAPv3 proxy authorization */
+#define LDAP_X_PROXY_AUTHZ_FAILURE     0x2F /* LDAPv3 proxy authorization */
 #define LDAP_INAPPROPRIATE_AUTH                0x30
 #define LDAP_INVALID_CREDENTIALS       0x31
 #define LDAP_INSUFFICIENT_ACCESS       0x32
@@ -585,6 +585,8 @@ typedef struct ldapcontrol {
 /* Assertion control (122) */ 
 #define LDAP_ASSERTION_FAILED          0x7A
 
+/* Proxied Authorization Denied (123) */ 
+#define LDAP_PROXIED_AUTHORIZATION_DENIED              0x7B
 
 /* Experimental result codes */
 #define LDAP_E_ERROR(n)        LDAP_RANGE((n),0x1000,0x3FFF)

diff --git a/libraries/libldap/error.c b/libraries/libldap/error.c
index e7f0867386350b0fc72e86b8c4fd1e13948506a2..b102d4ab77e376e599cd2ec07c52dca94d2c79f9 100644 (file)
--- a/libraries/libldap/error.c
+++ b/libraries/libldap/error.c
@@ -65,7 +65,6 @@ static struct ldaperror ldap_builtin_errlist[] = {
        {LDAP_IS_LEAF,                                  N_("Entry is a leaf")},
        {LDAP_ALIAS_DEREF_PROBLEM,              N_("Alias dereferencing problem")},
 
-       {LDAP_PROXY_AUTHZ_FAILURE,              N_("Proxy Authorization Failure")},
        {LDAP_INAPPROPRIATE_AUTH,               N_("Inappropriate authentication")},
        {LDAP_INVALID_CREDENTIALS,              N_("Invalid credentials")},
        {LDAP_INSUFFICIENT_ACCESS,              N_("Insufficient access")},
@@ -93,6 +92,9 @@ static struct ldaperror ldap_builtin_errlist[] = {
        {LDAP_ASSERTION_FAILED,                 N_("Assertion Failed")},
        {LDAP_X_ASSERTION_FAILED,               N_("Assertion Failed (X)")},
 
+       {LDAP_PROXIED_AUTHORIZATION_DENIED, N_("Proxied Authorization Denied")},
+       {LDAP_X_PROXY_AUTHZ_FAILURE,            N_("Proxy Authorization Failure (X)")},
+
        {LDAP_SYNC_REFRESH_REQUIRED,    N_("Content Sync Refresh Required")},
        {LDAP_X_SYNC_REFRESH_REQUIRED,  N_("Content Sync Refresh Required (X)")},
 

diff --git a/servers/slapd/controls.c b/servers/slapd/controls.c
index 049096c29b58eff30e9251eb792c1b14c46ac2c5..33d71d1f01471c177f83b5b6c49784a0b7b260df 100644 (file)
--- a/servers/slapd/controls.c
+++ b/servers/slapd/controls.c
@@ -921,8 +921,8 @@ static int parseProxyAuthz (
        if ( !( global_allows & SLAP_ALLOW_PROXY_AUTHZ_ANON )
                && BER_BVISEMPTY( &op->o_ndn ) )
        {
-               rs->sr_text = "anonymous proxyAuthz not allowed";
-               return LDAP_PROXY_AUTHZ_FAILURE;
+               rs->sr_text = "anonymous proxied authorization not allowed";
+               return LDAP_PROXIED_AUTHORIZATION_DENIED;
        }
 
        op->o_proxy_authz = ctrl->ldctl_iscritical
@@ -963,7 +963,7 @@ static int parseProxyAuthz (
                        ch_free( dn.bv_val );
                }
                rs->sr_text = "authzId mapping failed";
-               return LDAP_PROXY_AUTHZ_FAILURE;
+               return LDAP_PROXIED_AUTHORIZATION_DENIED;
        }
 
        Debug( LDAP_DEBUG_TRACE,
@@ -976,7 +976,7 @@ static int parseProxyAuthz (
        if ( rc ) {
                ch_free( dn.bv_val );
                rs->sr_text = "not authorized to assume identity";
-               return LDAP_PROXY_AUTHZ_FAILURE;
+               return LDAP_PROXIED_AUTHORIZATION_DENIED;
        }
 
        ch_free( op->o_ndn.bv_val );