(almost) blind fixes to ITS#4782

diff --git a/servers/slapd/back-ldap/bind.c b/servers/slapd/back-ldap/bind.c
index d74ba6e7e419695ef13461f0076e42e61a1cce47..cbfa9ca4c56eed0c2293e91d4dbc3a0ee8620f18 100644 (file)
--- a/servers/slapd/back-ldap/bind.c
+++ b/servers/slapd/back-ldap/bind.c
@@ -704,7 +704,10 @@ ldap_back_getconn(
                        op->o_dn = op->o_req_dn;
                        op->o_ndn = op->o_req_ndn;
                }
-               isproxyauthz = ldap_back_is_proxy_authz( op, rs, 0, binddn, bindcred );
+               isproxyauthz = ldap_back_is_proxy_authz( op, rs, sendok, binddn, bindcred );
+               if ( isproxyauthz == -1 ) {
+                       return NULL;
+               }
                if ( op->o_tag == LDAP_REQ_BIND ) {
                        op->o_dn = save_o_dn;
                        op->o_ndn = save_o_ndn;
@@ -1154,7 +1157,9 @@ retry_lock:;
         */
        if ( LDAP_BACK_CONN_ISIDASSERT( lc ) ) {
                if ( BER_BVISEMPTY( &binddn ) && BER_BVISEMPTY( &bindcred ) ) {
-                       ldap_back_is_proxy_authz( op, rs, 0, &binddn, &bindcred );
+                       /* if we got here, it shouldn't return result */
+                       (void)ldap_back_is_proxy_authz( op, rs,
+                               LDAP_BACK_DONTSEND, &binddn, &bindcred );
                }
                (void)ldap_back_proxy_authz_bind( lc, op, rs, sendok, &binddn, &bindcred );
                goto done;
@@ -1706,6 +1711,7 @@ ldap_back_is_proxy_authz( Operation *op, SlapReply *rs, ldap_back_send_t sendok,
                rs->sr_err = LDAP_UNWILLING_TO_PERFORM;
                if ( sendok & LDAP_BACK_SENDERR ) {
                        send_ldap_result( op, rs );
+                       dobind = -1;
                }
                goto done;
        }
@@ -1740,6 +1746,7 @@ ldap_back_is_proxy_authz( Operation *op, SlapReply *rs, ldap_back_send_t sendok,
                                rs->sr_err = LDAP_INAPPROPRIATE_AUTH;
                                if ( sendok & LDAP_BACK_SENDERR ) {
                                        send_ldap_result( op, rs );
+                                       dobind = -1;
                                }
 
                        } else {
@@ -1766,6 +1773,7 @@ ldap_back_is_proxy_authz( Operation *op, SlapReply *rs, ldap_back_send_t sendok,
                                if ( li->li_idassert_flags & LDAP_BACK_AUTH_PRESCRIPTIVE ) {
                                        if ( sendok & LDAP_BACK_SENDERR ) {
                                                send_ldap_result( op, rs );
+                                               dobind = -1;
                                        }
 
                                } else {

diff --git a/servers/slapd/back-ldap/init.c b/servers/slapd/back-ldap/init.c
index 3847bd0259d440519fcdf6c971e07edf90a5d8ca..4fa8eaea4d03414f1f0b93e3bdf325f892ed0879 100644 (file)
--- a/servers/slapd/back-ldap/init.c
+++ b/servers/slapd/back-ldap/init.c
@@ -152,6 +152,10 @@ ldap_back_db_init( Backend *be )
        be->be_cf_ocs = be->bd_info->bi_cf_ocs;
 
        rc = ldap_back_monitor_db_init( be );
+       if ( rc != 0 ) {
+               /* ignore, by now */
+               rc = 0;
+       }
 
        return rc;
 }