From: Howard Chu <hyc@openldap.org>
Date: Tue, 23 Dec 2003 14:27:54 +0000 (+0000)
Subject: Revert to simple authzID behavior
X-Git-Tag: OPENLDAP_REL_ENG_2_1_MP~113
X-Git-Url: https://git.sur5r.net/?a=commitdiff_plain;h=8aaaad0dd7a7a93eed7f668036ded2983946da4e;p=openldap

Revert to simple authzID behavior
---

diff --git a/servers/slapd/controls.c b/servers/slapd/controls.c
index 97e66724ea..a5bdde13fc 100644
--- a/servers/slapd/controls.c
+++ b/servers/slapd/controls.c
@@ -750,46 +750,17 @@ static int parseProxyAuthz (
 		return LDAP_SUCCESS;
 	}
 
-	/* FIXME: how can we get the realm? */
-	{
-		int	rc;
-		char		buf[ SLAP_LDAPDN_MAXLEN ];
-		struct berval	id,
-				user = { 0, NULL },
-				realm = { 0, NULL },
-				mech = { 0, NULL };
-
-		if ( sizeof( buf ) <= ctrl->ldctl_value.bv_len ) {
-			return LDAP_INVALID_SYNTAX;
-		}
-
-		id.bv_len = ctrl->ldctl_value.bv_len;
-		id.bv_val = buf;
-		strncpy( buf, ctrl->ldctl_value.bv_val, sizeof( buf ) );
+	rc = slap_sasl_getdn( op->o_conn, op,
+			ctrl->ldctl_value.bv_val, ctrl->ldctl_value.bv_len,
+			NULL, &dn, SLAP_GETDN_AUTHZID );
 
-		rc = slap_parse_user( &id, &user, &realm, &mech );
-		if ( rc == LDAP_SUCCESS ) {
-			struct berval authz = BER_BVC( "AUTHZ" );
-
-			if ( mech.bv_len && !bvmatch( &mech, &authz) ) {
-				rs->sr_text = "mech not allowed in authzId";
-				return LDAP_PROXY_AUTHZ_FAILURE;
-			}
-		} else {
-			user = ctrl->ldctl_value;
+	if( rc != LDAP_SUCCESS || !dn.bv_len ) {
+		if ( dn.bv_val ) {
+			ch_free( dn.bv_val );
 		}
+		rs->sr_text = "authzId mapping failed";
+		return LDAP_PROXY_AUTHZ_FAILURE;
 
-		rc = slap_sasl_getdn( op->o_conn, op,
-				user.bv_val, user.bv_len,
-				realm.bv_val, &dn, SLAP_GETDN_AUTHZID );
-
-		if( rc != LDAP_SUCCESS || !dn.bv_len ) {
-			if ( dn.bv_val ) {
-				ch_free( dn.bv_val );
-			}
-			rs->sr_text = "authzId mapping failed";
-			return LDAP_PROXY_AUTHZ_FAILURE;
-		}
 	}
 
 #ifdef NEW_LOGGING
diff --git a/servers/slapd/sasl.c b/servers/slapd/sasl.c
index 60e9db716d..f186eb7c0c 100644
--- a/servers/slapd/sasl.c
+++ b/servers/slapd/sasl.c
@@ -1881,29 +1881,6 @@ int slap_sasl_getdn( Connection *conn, Operation *op, char *id, int len,
 
 		len = dn->bv_len + sizeof("uid=")-1 + sizeof(",cn=auth")-1;
 
-#if 0
-		/* username may have embedded realm name */
-		/* FIXME:
-		 * userids can legally have embedded '@' chars;
-		 * the realm should be set by those mechanisms
-		 * that support it by means of the user_realm
-		 * variable
-		 */
-		if( ( realm.bv_val = strrchr( dn->bv_val, '@') ) ) {
-			char *r = realm.bv_val;
-
-			realm.bv_val++;
-			realm.bv_len = dn->bv_len - ( realm.bv_val - dn->bv_val );
-			len += sizeof( ",cn=" ) - 2;
-			c1.bv_len -= realm.bv_len + 1;
-
-			if ( strchr( dn->bv_val, '@') == r ) {
-				/* FIXME: ambiguity, is it the realm 
-				 * or something else? */
-			}	
-			
-		} else
-#endif
 		if( user_realm && *user_realm ) {
 			realm.bv_val = user_realm;
 			realm.bv_len = strlen( user_realm );