]> git.sur5r.net Git - openldap/commitdiff
backport ITS#4320 fix from HEAD
authorKurt Zeilenga <kurt@openldap.org>
Tue, 10 Jan 2006 02:27:00 +0000 (02:27 +0000)
committerKurt Zeilenga <kurt@openldap.org>
Tue, 10 Jan 2006 02:27:00 +0000 (02:27 +0000)
CHANGES
servers/slapd/controls.c

diff --git a/CHANGES b/CHANGES
index 82acef939954b297799754cb2130d85a868acf7b..5aa177fbd9d05c2d7042f956e8656d3b4e2ea2a3 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -1,6 +1,7 @@
 OpenLDAP 2.3 Change Log
 
 OpenLDAP 2.3.17 Engineering
+       Fixed slapd anonymous proxy authorization issue (ITS#4320)
        Fixed slapd-ldap/meta session reuse issue (ITS#4315)
        Fixed slapd-monitor thread issue (ITS#4318)
        Build environment
index 6d5bdcb1dc9b39322ff69dfb55344614baec71b2..f88ce1171b2bebbacf3dc0cf5a1e35d9c941eeb5 100644 (file)
@@ -844,6 +844,11 @@ static int parseProxyAuthz (
                return LDAP_PROTOCOL_ERROR;
        }
 
+       if ( BER_BVISEMPTY( &op->o_ndn ) ) {
+               rs->sr_text = "anonymous proxyAuthz not allowed";
+               return LDAP_PROXY_AUTHZ_FAILURE;
+       }
+
        op->o_proxy_authz = ctrl->ldctl_iscritical
                ? SLAP_CONTROL_CRITICAL
                : SLAP_CONTROL_NONCRITICAL;
@@ -860,10 +865,14 @@ static int parseProxyAuthz (
                        op->o_connid, 0, 0 );
 
                /* anonymous */
-               op->o_ndn.bv_val[ 0 ] = '\0';
+               if ( !BER_BVISNULL( &op->o_ndn ) ) {
+                       op->o_ndn.bv_val[ 0 ] = '\0';
+               }
                op->o_ndn.bv_len = 0;
 
-               op->o_dn.bv_val[ 0 ] = '\0';
+               if ( !BER_BVISNULL( &op->o_dn ) ) {
+                       op->o_dn.bv_val[ 0 ] = '\0';
+               }
                op->o_dn.bv_len = 0;
 
                return LDAP_SUCCESS;