idassert also in case of SASL mechs that do not set authcId

author Pierangelo Masarati <ando@openldap.org>

Sun, 9 Sep 2007 22:23:58 +0000 (22:23 +0000)

committer Pierangelo Masarati <ando@openldap.org>

Sun, 9 Sep 2007 22:23:58 +0000 (22:23 +0000)
author Pierangelo Masarati <ando@openldap.org>
Sun, 9 Sep 2007 22:23:58 +0000 (22:23 +0000)
committer Pierangelo Masarati <ando@openldap.org>
Sun, 9 Sep 2007 22:23:58 +0000 (22:23 +0000)
diff --git a/CHANGES b/CHANGES

index 58a2ca682ae6a2d826f370d4c27c802e60c7837e..3dcc4a4f5f85596818f695b89bfe9ccb70917f6c 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -1,4 +1,5 @@
  OpenLDAP 2.4 Change Log
  
  OpenLDAP 2.4.6 Engineering
+       Fixed slapd-ldap SASL idassert w/o autchId
         Fixed slapo-rwm modlist handling (ITS#5124)
diff --git a/servers/slapd/back-ldap/bind.c b/servers/slapd/back-ldap/bind.c

index e5878a2cbd965e22919dc4042d9be6f46356faa6..882058302a1eec5140561f50aa43296cf058dd1f 100644 (file)
--- a/servers/slapd/back-ldap/bind.c
+++ b/servers/slapd/back-ldap/bind.c
@@ -2249,7 +2249,8 @@ ldap_back_proxy_authz_ctrl(
          * but if it is not set this test fails.  We need a different
          * means to detect if idassert is enabled */
         if ( ( BER_BVISNULL( &si->si_bc.sb_authcId ) || BER_BVISEMPTY( &si->si_bc.sb_authcId ) )
-                       && ( BER_BVISNULL( &si->si_bc.sb_binddn ) || BER_BVISEMPTY( &si->si_bc.sb_binddn ) ) )
+               && ( BER_BVISNULL( &si->si_bc.sb_binddn ) || BER_BVISEMPTY( &si->si_bc.sb_binddn ) )
+               && BER_BVISNULL( &si->si_bc.sb_saslmech ) )
         {
                 goto done;
         }
@@ -2393,11 +2394,14 @@ ldap_back_proxy_authz_ctrl(
                 goto done;
         }
  
+       ctrl->ldctl_oid = LDAP_CONTROL_PROXY_AUTHZ;
+
         switch ( si->si_mode ) {
         /* already in u:ID or dn:DN form */
         case LDAP_BACK_IDASSERT_OTHERID:
         case LDAP_BACK_IDASSERT_OTHERDN:
                 ber_dupbv_x( &ctrl->ldctl_value, &assertedID, op->o_tmpmemctx );
+               rs->sr_err = LDAP_SUCCESS;
                 break;
  
         /* needs the dn: prefix */
@@ -2408,6 +2412,7 @@ ldap_back_proxy_authz_ctrl(
                 AC_MEMCPY( ctrl->ldctl_value.bv_val, "dn:", STRLENOF( "dn:" ) );
                 AC_MEMCPY( &ctrl->ldctl_value.bv_val[ STRLENOF( "dn:" ) ],
                                 assertedID.bv_val, assertedID.bv_len + 1 );
+               rs->sr_err = LDAP_SUCCESS;
                 break;
         }
  
@@ -2435,6 +2440,8 @@ ldap_back_proxy_authz_ctrl(
                         goto free_ber;
                 }
  
+               rs->sr_err = LDAP_SUCCESS;
+
  free_ber:;
                 op->o_tmpfree( authzID.bv_val, op->o_tmpmemctx );
                 ber_free_buf( ber );
@@ -2475,6 +2482,9 @@ free_ber:;
                         goto free_ber2;
                 }
  
+               ctrl->ldctl_oid = LDAP_CONTROL_OBSOLETE_PROXY_AUTHZ;
+               rs->sr_err = LDAP_SUCCESS;
+
  free_ber2:;
                 op->o_tmpfree( authzID.bv_val, op->o_tmpmemctx );
                 ber_free_buf( ber );
@@ -2482,8 +2492,6 @@ free_ber2:;
                 if ( rs->sr_err != LDAP_SUCCESS ) {
                         goto done;
                 }
-
-               ctrl->ldctl_oid = LDAP_CONTROL_OBSOLETE_PROXY_AUTHZ;
         }
  
  done:;
author	Pierangelo Masarati <ando@openldap.org>
	Sun, 9 Sep 2007 22:23:58 +0000 (22:23 +0000)
committer	Pierangelo Masarati <ando@openldap.org>
	Sun, 9 Sep 2007 22:23:58 +0000 (22:23 +0000)
CHANGES		patch \| blob \| history
servers/slapd/back-ldap/bind.c		patch \| blob \| history