From 8aaaad0dd7a7a93eed7f668036ded2983946da4e Mon Sep 17 00:00:00 2001 From: Howard Chu Date: Tue, 23 Dec 2003 14:27:54 +0000 Subject: [PATCH] Revert to simple authzID behavior --- servers/slapd/controls.c | 45 +++++++--------------------------------- servers/slapd/sasl.c | 23 -------------------- 2 files changed, 8 insertions(+), 60 deletions(-) diff --git a/servers/slapd/controls.c b/servers/slapd/controls.c index 97e66724ea..a5bdde13fc 100644 --- a/servers/slapd/controls.c +++ b/servers/slapd/controls.c @@ -750,46 +750,17 @@ static int parseProxyAuthz ( return LDAP_SUCCESS; } - /* FIXME: how can we get the realm? */ - { - int rc; - char buf[ SLAP_LDAPDN_MAXLEN ]; - struct berval id, - user = { 0, NULL }, - realm = { 0, NULL }, - mech = { 0, NULL }; - - if ( sizeof( buf ) <= ctrl->ldctl_value.bv_len ) { - return LDAP_INVALID_SYNTAX; - } - - id.bv_len = ctrl->ldctl_value.bv_len; - id.bv_val = buf; - strncpy( buf, ctrl->ldctl_value.bv_val, sizeof( buf ) ); + rc = slap_sasl_getdn( op->o_conn, op, + ctrl->ldctl_value.bv_val, ctrl->ldctl_value.bv_len, + NULL, &dn, SLAP_GETDN_AUTHZID ); - rc = slap_parse_user( &id, &user, &realm, &mech ); - if ( rc == LDAP_SUCCESS ) { - struct berval authz = BER_BVC( "AUTHZ" ); - - if ( mech.bv_len && !bvmatch( &mech, &authz) ) { - rs->sr_text = "mech not allowed in authzId"; - return LDAP_PROXY_AUTHZ_FAILURE; - } - } else { - user = ctrl->ldctl_value; + if( rc != LDAP_SUCCESS || !dn.bv_len ) { + if ( dn.bv_val ) { + ch_free( dn.bv_val ); } + rs->sr_text = "authzId mapping failed"; + return LDAP_PROXY_AUTHZ_FAILURE; - rc = slap_sasl_getdn( op->o_conn, op, - user.bv_val, user.bv_len, - realm.bv_val, &dn, SLAP_GETDN_AUTHZID ); - - if( rc != LDAP_SUCCESS || !dn.bv_len ) { - if ( dn.bv_val ) { - ch_free( dn.bv_val ); - } - rs->sr_text = "authzId mapping failed"; - return LDAP_PROXY_AUTHZ_FAILURE; - } } #ifdef NEW_LOGGING diff --git a/servers/slapd/sasl.c b/servers/slapd/sasl.c index 60e9db716d..f186eb7c0c 100644 --- a/servers/slapd/sasl.c +++ b/servers/slapd/sasl.c @@ -1881,29 +1881,6 @@ int slap_sasl_getdn( Connection *conn, Operation *op, char *id, int len, len = dn->bv_len + sizeof("uid=")-1 + sizeof(",cn=auth")-1; -#if 0 - /* username may have embedded realm name */ - /* FIXME: - * userids can legally have embedded '@' chars; - * the realm should be set by those mechanisms - * that support it by means of the user_realm - * variable - */ - if( ( realm.bv_val = strrchr( dn->bv_val, '@') ) ) { - char *r = realm.bv_val; - - realm.bv_val++; - realm.bv_len = dn->bv_len - ( realm.bv_val - dn->bv_val ); - len += sizeof( ",cn=" ) - 2; - c1.bv_len -= realm.bv_len + 1; - - if ( strchr( dn->bv_val, '@') == r ) { - /* FIXME: ambiguity, is it the realm - * or something else? */ - } - - } else -#endif if( user_realm && *user_realm ) { realm.bv_val = user_realm; realm.bv_len = strlen( user_realm ); -- 2.39.5