Fix ITS#2234 canonicalization bug

author Howard Chu <hyc@openldap.org>

Thu, 12 Dec 2002 13:49:25 +0000 (13:49 +0000)

committer Howard Chu <hyc@openldap.org>

Thu, 12 Dec 2002 13:49:25 +0000 (13:49 +0000)
author Howard Chu <hyc@openldap.org>
Thu, 12 Dec 2002 13:49:25 +0000 (13:49 +0000)
committer Howard Chu <hyc@openldap.org>
Thu, 12 Dec 2002 13:49:25 +0000 (13:49 +0000)
diff --git a/servers/slapd/sasl.c b/servers/slapd/sasl.c

index f3e9209dc44da587d976c02107a47b2e92a1a73b..02ee9f7ed111dec5ae8ed2521c2f98a04efa61ba 100644 (file)
--- a/servers/slapd/sasl.c
+++ b/servers/slapd/sasl.c
@@ -656,8 +656,12 @@ slap_sasl_canonicalize(
          * the authcID temporarily in conn->c_sasl_dn. We necessarily
          * finish Canonicalizing before Authorizing, so there is no
          * conflict with slap_sasl_authorize's use of this temp var.
+        *
+        * The SASL EXTERNAL mech is backwards from all the other mechs,
+        * it does authzID before the authcID. If we see that authzID
+        * has already been done, don't do anything special with authcID.
          */
-       if ( flags == SASL_CU_AUTHID ) {
+       if ( flags == SASL_CU_AUTHID && !auxvals[PROP_AUTHZ].values ) {
                 conn->c_sasl_dn.bv_val = (char *) in;
         } else if ( flags == SASL_CU_AUTHZID && conn->c_sasl_dn.bv_val ) {
                 rc = strcmp( in, conn->c_sasl_dn.bv_val );
author	Howard Chu <hyc@openldap.org>
	Thu, 12 Dec 2002 13:49:25 +0000 (13:49 +0000)
committer	Howard Chu <hyc@openldap.org>
	Thu, 12 Dec 2002 13:49:25 +0000 (13:49 +0000)