return LDAP_OTHER;
}
- if( ( extoid == NULL || strcmp( extoid, LDAP_EXOP_START_TLS ) )
- && op->o_tag != LDAP_REQ_BIND )
- {
- /* these checks don't apply to bind nor StartTLS */
+ if (( extoid == NULL || strcmp( extoid, LDAP_EXOP_START_TLS ) ) ) {
+ /* these checks don't apply to StartTLS */
if( op->o_tag == LDAP_REQ_EXTENDED ) {
/* threat other extended operations as update ops */
return LDAP_CONFIDENTIALITY_REQUIRED;
}
}
+ }
+
+ if (( extoid == NULL || strcmp( extoid, LDAP_EXOP_START_TLS ) )
+ || op->o_tag == LDAP_REQ_BIND )
+ {
+ /* these checks don't apply to StartTLS or Bind */
if( requires & SLAP_REQUIRE_STRONG ) {
/* should check mechanism */
}
if( restrictops & opflag ) {
- if( (restrictops & SLAP_RESTRICT_OP_READS)
- == SLAP_RESTRICT_OP_READS )
- {
+ if( restrictops == SLAP_RESTRICT_OP_READS ) {
*text = "read operations restricted";
} else {
*text = "operation restricted";
goto cleanup;
}
- if( op->o_ssf < be->be_ssf_set.sss_ssf ) {
- text = "confidentiality required";
- rc = LDAP_CONFIDENTIALITY_REQUIRED;
-
- } else if( op->o_transport_ssf < be->be_ssf_set.sss_transport ) {
- text = "transport confidentiality required";
- rc = LDAP_CONFIDENTIALITY_REQUIRED;
-
- } else if( op->o_tls_ssf < be->be_ssf_set.sss_tls ) {
- text = "TLS confidentiality required";
- rc = LDAP_CONFIDENTIALITY_REQUIRED;
-
- } else if( op->o_sasl_ssf < be->be_ssf_set.sss_sasl ) {
- text = "SASL confidentiality required";
- rc = LDAP_CONFIDENTIALITY_REQUIRED;
-
- } else if( be->be_restrictops & SLAP_RESTRICT_OP_BIND ) {
- text = "bind operation restricted";
- rc = LDAP_UNWILLING_TO_PERFORM;
- }
-
- if( rc != LDAP_SUCCESS ) {
- send_ldap_result( conn, op, rc,
- NULL, text, NULL, NULL );
- goto cleanup;
- }
-
conn->c_authz_backend = be;
if ( be->be_bind ) {
projects / openldap / commitdiff