From: Quanah Gibson-Mount <quanah@openldap.org>
Date: Tue, 29 Sep 2009 20:12:57 +0000 (+0000)
Subject: Fix: minuid/maxuid test used wrong attribute
X-Git-Tag: OPENLDAP_REL_ENG_2_4_19~23
X-Git-Url: https://git.sur5r.net/?a=commitdiff_plain;h=fbeda7331790ff52d019d547f049e7ab8aac35a6;p=openldap

Fix: minuid/maxuid test used wrong attribute
Fix: use attr_valfind, not value_find_ex
Fix usage flags for normalizing
Fix pam_authz result code
---

diff --git a/contrib/slapd-modules/nssov/pam.c b/contrib/slapd-modules/nssov/pam.c
index 2f3969dd2d..50e91adc0e 100644
--- a/contrib/slapd-modules/nssov/pam.c
+++ b/contrib/slapd-modules/nssov/pam.c
@@ -266,7 +266,7 @@ int pam_authz(nssov_info *ni,TFILE *fp,Operation *op)
 	char ruserc[32];
 	char rhostc[256];
 	char ttyc[256];
-	int rc = NSLCD_PAM_SUCCESS;
+	int rc;
 	Entry *e = NULL;
 	Attribute *a;
 	SlapReply rs = {REP_RESULT};
@@ -400,9 +400,10 @@ int pam_authz(nssov_info *ni,TFILE *fp,Operation *op)
 	}
 	if ((ni->ni_pam_opts & NI_PAM_USERHOST) && nssov_pam_host_ad) {
 		a = attr_find(e->e_attrs, nssov_pam_host_ad);
-		if (!a || value_find_ex( nssov_pam_host_ad,
-			SLAP_MR_ATTRIBUTE_VALUE_NORMALIZED_MATCH,
-			a->a_vals, &global_host_bv, op->o_tmpmemctx )) {
+		if (!a || attr_valfind( a,
+			SLAP_MR_ATTRIBUTE_VALUE_NORMALIZED_MATCH |
+			SLAP_MR_VALUE_OF_SYNTAX,
+			&global_host_bv, NULL, op->o_tmpmemctx )) {
 			rc = NSLCD_PAM_PERM_DENIED;
 			authzmsg = hostmsg;
 			goto finish;
@@ -410,9 +411,10 @@ int pam_authz(nssov_info *ni,TFILE *fp,Operation *op)
 	}
 	if ((ni->ni_pam_opts & NI_PAM_USERSVC) && nssov_pam_svc_ad) {
 		a = attr_find(e->e_attrs, nssov_pam_svc_ad);
-		if (!a || value_find_ex( nssov_pam_svc_ad,
-			SLAP_MR_ATTRIBUTE_VALUE_NORMALIZED_MATCH,
-			a->a_vals, &svc, op->o_tmpmemctx )) {
+		if (!a || attr_valfind( a,
+			SLAP_MR_ATTRIBUTE_VALUE_NORMALIZED_MATCH |
+			SLAP_MR_VALUE_OF_SYNTAX,
+			&svc, NULL, op->o_tmpmemctx )) {
 			rc = NSLCD_PAM_PERM_DENIED;
 			authzmsg = svcmsg;
 			goto finish;
@@ -425,7 +427,7 @@ int pam_authz(nssov_info *ni,TFILE *fp,Operation *op)
 	if (ni->ni_pam_min_uid || ni->ni_pam_max_uid) {
 		int id;
 		char *tmp;
-		nssov_mapinfo *mi = &ni->ni_maps[NM_host];
+		nssov_mapinfo *mi = &ni->ni_maps[NM_passwd];
 		a = attr_find(e->e_attrs, mi->mi_attrs[UIDN_KEY].an_desc);
 		if (!a) {
 			rc = NSLCD_PAM_PERM_DENIED;
@@ -453,6 +455,7 @@ int pam_authz(nssov_info *ni,TFILE *fp,Operation *op)
 		else if (!BER_BVISEMPTY(&ni->ni_pam_template))
 			uid = ni->ni_pam_template;
 	}
+	rc = NSLCD_PAM_SUCCESS;
 
 finish:
 	WRITE_INT32(fp,NSLCD_VERSION);