From 161574b00d68456a0f24d5e364853d923ef5ba8b Mon Sep 17 00:00:00 2001
From: Howard Chu <hyc@openldap.org>
Date: Sat, 11 Nov 2006 22:55:09 +0000
Subject: [PATCH] ITS#4744 authzTo/authzFrom patterns are supposed to allow
 multiple targets. Partially revert rev 1.126.

---
 servers/slapd/saslauthz.c | 20 ++++----------------
 1 file changed, 4 insertions(+), 16 deletions(-)

diff --git a/servers/slapd/saslauthz.c b/servers/slapd/saslauthz.c
index 3fd24ad87d..60f1879fca 100644
--- a/servers/slapd/saslauthz.c
+++ b/servers/slapd/saslauthz.c
@@ -1623,26 +1623,14 @@ static int sasl_sc_smatch( Operation *o, SlapReply *rs )
 {
 	smatch_info *sm = o->o_callback->sc_private;
 
-	if ( rs->sr_type != REP_SEARCH ) {
-		if ( rs->sr_err != LDAP_SUCCESS ) {
-			sm->match = -1;
-		}
-		return 0;
-	}
-
-	if ( sm->match == 1 ) {
-		sm->match = -1;
-		return 0;
-	}
+	if (rs->sr_type != REP_SEARCH) return 0;
 
 	if (dn_match(sm->dn, &rs->sr_entry->e_nname)) {
 		sm->match = 1;
-
-	} else {
-		sm->match = -1;
+		return -1;	/* short-circuit the search */
 	}
 
-	return 0;
+	return 1;
 }
 
 int
@@ -1859,7 +1847,7 @@ exact_match:
 
 	op.o_bd->be_search( &op, &rs );
 
-	if (sm.match == 1) {
+	if (sm.match) {
 		rc = LDAP_SUCCESS;
 	} else {
 		rc = LDAP_INAPPROPRIATE_AUTH;
-- 
2.39.5