From d88ab7bf36b36c41c6c6ae58fc14b8f8e8ae5a2c Mon Sep 17 00:00:00 2001 From: Howard Chu Date: Sat, 22 Dec 2007 21:16:54 +0000 Subject: [PATCH] ITS#5264 don't log NULL/anonymous DNs --- servers/slapd/saslauthz.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/servers/slapd/saslauthz.c b/servers/slapd/saslauthz.c index 135c242fe5..e5c508fa33 100644 --- a/servers/slapd/saslauthz.c +++ b/servers/slapd/saslauthz.c @@ -1665,7 +1665,7 @@ slap_sasl_match( Operation *opx, struct berval *rule, Debug( LDAP_DEBUG_TRACE, "===>slap_sasl_match: comparing DN %s to rule %s\n", - assertDN->bv_val, rule->bv_val, 0 ); + assertDN->bv_len ? assertDN->bv_val : "(null)", rule->bv_val, 0 ); /* NOTE: don't normalize rule if authz syntax is enabled */ rc = slap_parseURI( opx, rule, &base, &op.o_req_ndn, @@ -2038,11 +2038,16 @@ int slap_sasl_authorized( Operation *op, int rc = LDAP_INAPPROPRIATE_AUTH; /* User binding as anonymous */ - if ( authzDN == NULL ) { + if ( !authzDN || !authzDN->bv_len || !authzDN->bv_val ) { rc = LDAP_SUCCESS; goto DONE; } + /* User is anonymous */ + if ( !authcDN || !authcDN->bv_len || !authcDN->bv_val ) { + goto DONE; + } + Debug( LDAP_DEBUG_TRACE, "==>slap_sasl_authorized: can %s become %s?\n", authcDN->bv_len ? authcDN->bv_val : "(null)", -- 2.39.5