From: Pierangelo Masarati <ando@openldap.org>
Date: Mon, 15 Dec 2003 18:19:14 +0000 (+0000)
Subject: allow 'AUTHZ' mech in proxyAuthz control to allow also the <mech> part of the 'u... 
X-Git-Tag: OPENLDAP_REL_ENG_2_1_MP~186
X-Git-Url: https://git.sur5r.net/?a=commitdiff_plain;h=bc972e0656ae7c2cadda9a0e50ae4a149f821495;p=openldap

allow 'AUTHZ' mech in proxyAuthz control to allow also the <mech> part of the 'u:' user
---

diff --git a/servers/slapd/controls.c b/servers/slapd/controls.c
index 1433e1fef0..1ede30038f 100644
--- a/servers/slapd/controls.c
+++ b/servers/slapd/controls.c
@@ -761,7 +761,9 @@ static int parseProxyAuthz (
 
 		rc = slap_parse_user( &id, &user, &realm, &mech );
 		if ( rc == LDAP_SUCCESS ) {
-			if ( mech.bv_len ) {
+			struct berval authz = BER_BVC( "AUTHZ" );
+
+			if ( mech.bv_len && !bvmatch( &mech, &authz) ) {
 				rs->sr_text = "mech not allowed in authzId";
 				return LDAP_PROXY_AUTHZ_FAILURE;
 			}
diff --git a/servers/slapd/saslauthz.c b/servers/slapd/saslauthz.c
index b5d1d7b38c..a2f7fe0221 100644
--- a/servers/slapd/saslauthz.c
+++ b/servers/slapd/saslauthz.c
@@ -131,9 +131,11 @@ int slap_parse_user( struct berval *id, struct berval *user,
 		mech->bv_val[ 0 ] = '\0';
 		mech->bv_val++;
 
-		realm->bv_val = strchr( id->bv_val, '/' );
+		realm->bv_val = strchr( mech->bv_val, '/' );
 
 		if ( realm->bv_val ) {
+			realm->bv_val[ 0 ] = '\0';
+			realm->bv_val++;
 			mech->bv_len = realm->bv_val - mech->bv_val - 1;
 			realm->bv_len = user->bv_val - realm->bv_val - 1;
 		} else {