From: Howard Chu Date: Wed, 2 Feb 2011 20:56:58 +0000 (+0000) Subject: ITS#6711 minimal tweaks for aclbind/idassertbind for privileged connection X-Git-Tag: MIGRATION_CVS2GIT~137 X-Git-Url: https://git.sur5r.net/?a=commitdiff_plain;h=e72c093a555c5e4f8d6ea2b48037088701c9d44e;p=openldap ITS#6711 minimal tweaks for aclbind/idassertbind for privileged connection in dobind_int(). --- diff --git a/servers/slapd/back-ldap/bind.c b/servers/slapd/back-ldap/bind.c index add28dfdff..6ee668df62 100644 --- a/servers/slapd/back-ldap/bind.c +++ b/servers/slapd/back-ldap/bind.c @@ -1404,28 +1404,33 @@ retry_lock:; } #ifdef HAVE_CYRUS_SASL - if ( LDAP_BACK_CONN_ISPRIV( lc ) - && li->li_acl_authmethod == LDAP_AUTH_SASL ) - { + if ( LDAP_BACK_CONN_ISPRIV( lc )) { + slap_bindconf *sb; + if ( li->li_acl_authmethod != LDAP_AUTH_NONE ) + sb = &li->li_acl; + else + sb = &li->li_idassert.si_bc; + + if ( sb->sb_method == LDAP_AUTH_SASL ) { void *defaults = NULL; - if ( li->li_acl_secprops != NULL ) { + if ( sb->sb_secprops != NULL ) { rc = ldap_set_option( lc->lc_ld, - LDAP_OPT_X_SASL_SECPROPS, li->li_acl_secprops ); + LDAP_OPT_X_SASL_SECPROPS, sb->sb_secprops ); if ( rc != LDAP_OPT_SUCCESS ) { Debug( LDAP_DEBUG_ANY, "Error: ldap_set_option " "(SECPROPS,\"%s\") failed!\n", - li->li_acl_secprops, 0, 0 ); + sb->sb_secprops, 0, 0 ); goto done; } } defaults = lutil_sasl_defaults( lc->lc_ld, - li->li_acl_sasl_mech.bv_val, - li->li_acl_sasl_realm.bv_val, - li->li_acl_authcID.bv_val, - li->li_acl_passwd.bv_val, + sb->sb_saslmech.bv_val, + sb->sb_realm.bv_val, + sb->sb_authcId.bv_val, + sb->sb_cred.bv_val, NULL ); if ( defaults == NULL ) { rs->sr_err = LDAP_OTHER; @@ -1437,8 +1442,8 @@ retry_lock:; } rs->sr_err = ldap_sasl_interactive_bind_s( lc->lc_ld, - li->li_acl_authcDN.bv_val, - li->li_acl_sasl_mech.bv_val, NULL, NULL, + sb->sb_binddn.bv_val, + sb->sb_saslmech.bv_val, NULL, NULL, LDAP_SASL_QUIET, lutil_sasl_interact, defaults ); @@ -1472,6 +1477,7 @@ retry_lock:; goto done; } + } #endif /* HAVE_CYRUS_SASL */ retry:;