From: Howard Chu <hyc@openldap.org>
Date: Thu, 12 Dec 2002 13:49:25 +0000 (+0000)
Subject: Fix ITS#2234 canonicalization bug
X-Git-Tag: NO_SLAP_OP_BLOCKS~687
X-Git-Url: https://git.sur5r.net/?a=commitdiff_plain;h=88adbc86918226e5667afe8c9d34d74695700c25;p=openldap

Fix ITS#2234 canonicalization bug
---

diff --git a/servers/slapd/sasl.c b/servers/slapd/sasl.c
index f3e9209dc4..02ee9f7ed1 100644
--- a/servers/slapd/sasl.c
+++ b/servers/slapd/sasl.c
@@ -656,8 +656,12 @@ slap_sasl_canonicalize(
 	 * the authcID temporarily in conn->c_sasl_dn. We necessarily
 	 * finish Canonicalizing before Authorizing, so there is no
 	 * conflict with slap_sasl_authorize's use of this temp var.
+	 *
+	 * The SASL EXTERNAL mech is backwards from all the other mechs,
+	 * it does authzID before the authcID. If we see that authzID
+	 * has already been done, don't do anything special with authcID.
 	 */
-	if ( flags == SASL_CU_AUTHID ) {
+	if ( flags == SASL_CU_AUTHID && !auxvals[PROP_AUTHZ].values ) {
 		conn->c_sasl_dn.bv_val = (char *) in;
 	} else if ( flags == SASL_CU_AUTHZID && conn->c_sasl_dn.bv_val ) {
 		rc = strcmp( in, conn->c_sasl_dn.bv_val );