From: Pierangelo Masarati <ando@openldap.org>
Date: Thu, 13 May 2004 22:55:02 +0000 (+0000)
Subject: import fix of slapd parsing of auth{cz} "dn:<pat>" rules from HEAD
X-Git-Tag: OPENLDAP_REL_ENG_2_2_12~16
X-Git-Url: https://git.sur5r.net/?a=commitdiff_plain;h=4b723fc54f2dae64d1e4ca4ec4ec3aca771a7c85;p=openldap

import fix of slapd parsing of auth{cz} "dn:<pat>" rules from HEAD
---

diff --git a/CHANGES b/CHANGES
index 6b91c3c2e5..394cfd5e13 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,6 +1,7 @@
 OpenLDAP 2.2 Change Log
 
 OpenLDAP 2.2.12 Engineering
+	Fixed slapd parsing of auth{cz} "dn:<pat>" rules
 	Fixed slapd set acl recursion (ITS#3140)
 	Fixed slapd first component bug (ITS#3118)
 	Fixed slapd TOLOWER macro use bug (ITS#3115)
diff --git a/servers/slapd/saslauthz.c b/servers/slapd/saslauthz.c
index e08cdd9bd6..d38ad64079 100644
--- a/servers/slapd/saslauthz.c
+++ b/servers/slapd/saslauthz.c
@@ -211,35 +211,36 @@ static int slap_parseURI( Operation *op, struct berval *uri,
 			bv.bv_val++;
 
 			if ( !strncasecmp( bv.bv_val, "exact:", sizeof( "exact:" ) - 1 ) ) {
-				bv.bv_val += sizeof( "exact" ) - 1;
+				bv.bv_val += sizeof( "exact:" ) - 1;
 				*scope = LDAP_X_SCOPE_EXACT;
 
 			} else if ( !strncasecmp( bv.bv_val, "regex:", sizeof( "regex:" ) - 1 ) ) {
-				bv.bv_val += sizeof( "regex" ) - 1;
+				bv.bv_val += sizeof( "regex:" ) - 1;
 				*scope = LDAP_X_SCOPE_REGEX;
 
 			} else if ( !strncasecmp( bv.bv_val, "children:", sizeof( "chldren:" ) - 1 ) ) {
-				bv.bv_val += sizeof( "children" ) - 1;
+				bv.bv_val += sizeof( "children:" ) - 1;
 				*scope = LDAP_X_SCOPE_CHILDREN;
 
 			} else if ( !strncasecmp( bv.bv_val, "subtree:", sizeof( "subtree:" ) - 1 ) ) {
-				bv.bv_val += sizeof( "subtree" ) - 1;
+				bv.bv_val += sizeof( "subtree:" ) - 1;
 				*scope = LDAP_X_SCOPE_SUBTREE;
 
 			} else if ( !strncasecmp( bv.bv_val, "onelevel:", sizeof( "onelevel:" ) - 1 ) ) {
-				bv.bv_val += sizeof( "onelevel" ) - 1;
+				bv.bv_val += sizeof( "onelevel:" ) - 1;
 				*scope = LDAP_X_SCOPE_ONELEVEL;
 
 			} else {
 				return LDAP_PROTOCOL_ERROR;
 			}
+		} else {
+			if ( bv.bv_val[ 0 ] != ':' ) {
+				return LDAP_PROTOCOL_ERROR;
+			}
+			*scope = LDAP_X_SCOPE_EXACT;
+			bv.bv_val++;
 		}
 
-		if ( bv.bv_val[ 0 ] != ':' ) {
-			return LDAP_PROTOCOL_ERROR;
-		}
-		bv.bv_val++;
-
 		bv.bv_val += strspn( bv.bv_val, " " );
 		/* jump here in case no type specification was present
 		 * and uir was not an URI... HEADS-UP: assuming EXACT */