From 48c34d254f96e872db73d3888f93d17b4f542bfa Mon Sep 17 00:00:00 2001
From: Kurt Zeilenga <kurt@openldap.org>
Date: Thu, 12 Jan 2006 22:55:56 +0000
Subject: [PATCH] Update proxied authorization implementation to use IANA
 assigned result code.

---
 include/ldap.h            | 4 +++-
 libraries/libldap/error.c | 4 +++-
 servers/slapd/controls.c  | 8 ++++----
 3 files changed, 10 insertions(+), 6 deletions(-)

diff --git a/include/ldap.h b/include/ldap.h
index ecad4b550e..1ca22a7f4d 100644
--- a/include/ldap.h
+++ b/include/ldap.h
@@ -544,7 +544,7 @@ typedef struct ldapcontrol {
 
 #define LDAP_SECURITY_ERROR(n)	LDAP_RANGE((n),0x2F,0x32) /* 47-50 */
 
-#define LDAP_PROXY_AUTHZ_FAILURE	0x2F /* LDAPv3 proxy authorization */
+#define LDAP_X_PROXY_AUTHZ_FAILURE	0x2F /* LDAPv3 proxy authorization */
 #define LDAP_INAPPROPRIATE_AUTH		0x30
 #define LDAP_INVALID_CREDENTIALS	0x31
 #define LDAP_INSUFFICIENT_ACCESS	0x32
@@ -585,6 +585,8 @@ typedef struct ldapcontrol {
 /* Assertion control (122) */ 
 #define LDAP_ASSERTION_FAILED		0x7A
 
+/* Proxied Authorization Denied (123) */ 
+#define LDAP_PROXIED_AUTHORIZATION_DENIED		0x7B
 
 /* Experimental result codes */
 #define LDAP_E_ERROR(n)	LDAP_RANGE((n),0x1000,0x3FFF)
diff --git a/libraries/libldap/error.c b/libraries/libldap/error.c
index e7f0867386..b102d4ab77 100644
--- a/libraries/libldap/error.c
+++ b/libraries/libldap/error.c
@@ -65,7 +65,6 @@ static struct ldaperror ldap_builtin_errlist[] = {
 	{LDAP_IS_LEAF, 					N_("Entry is a leaf")},
 	{LDAP_ALIAS_DEREF_PROBLEM,	 	N_("Alias dereferencing problem")},
 
-	{LDAP_PROXY_AUTHZ_FAILURE,		N_("Proxy Authorization Failure")},
 	{LDAP_INAPPROPRIATE_AUTH, 		N_("Inappropriate authentication")},
 	{LDAP_INVALID_CREDENTIALS, 		N_("Invalid credentials")},
 	{LDAP_INSUFFICIENT_ACCESS, 		N_("Insufficient access")},
@@ -93,6 +92,9 @@ static struct ldaperror ldap_builtin_errlist[] = {
 	{LDAP_ASSERTION_FAILED,			N_("Assertion Failed")},
 	{LDAP_X_ASSERTION_FAILED,		N_("Assertion Failed (X)")},
 
+	{LDAP_PROXIED_AUTHORIZATION_DENIED, N_("Proxied Authorization Denied")},
+	{LDAP_X_PROXY_AUTHZ_FAILURE,		N_("Proxy Authorization Failure (X)")},
+
 	{LDAP_SYNC_REFRESH_REQUIRED,	N_("Content Sync Refresh Required")},
 	{LDAP_X_SYNC_REFRESH_REQUIRED,	N_("Content Sync Refresh Required (X)")},
 
diff --git a/servers/slapd/controls.c b/servers/slapd/controls.c
index 049096c29b..33d71d1f01 100644
--- a/servers/slapd/controls.c
+++ b/servers/slapd/controls.c
@@ -921,8 +921,8 @@ static int parseProxyAuthz (
 	if ( !( global_allows & SLAP_ALLOW_PROXY_AUTHZ_ANON )
 		&& BER_BVISEMPTY( &op->o_ndn ) )
 	{
-		rs->sr_text = "anonymous proxyAuthz not allowed";
-		return LDAP_PROXY_AUTHZ_FAILURE;
+		rs->sr_text = "anonymous proxied authorization not allowed";
+		return LDAP_PROXIED_AUTHORIZATION_DENIED;
 	}
 
 	op->o_proxy_authz = ctrl->ldctl_iscritical
@@ -963,7 +963,7 @@ static int parseProxyAuthz (
 			ch_free( dn.bv_val );
 		}
 		rs->sr_text = "authzId mapping failed";
-		return LDAP_PROXY_AUTHZ_FAILURE;
+		return LDAP_PROXIED_AUTHORIZATION_DENIED;
 	}
 
 	Debug( LDAP_DEBUG_TRACE,
@@ -976,7 +976,7 @@ static int parseProxyAuthz (
 	if ( rc ) {
 		ch_free( dn.bv_val );
 		rs->sr_text = "not authorized to assume identity";
-		return LDAP_PROXY_AUTHZ_FAILURE;
+		return LDAP_PROXIED_AUTHORIZATION_DENIED;
 	}
 
 	ch_free( op->o_ndn.bv_val );
-- 
2.39.5