From fb3fc81c7e146b1471899b0c3b02d3cf3dd2c3eb Mon Sep 17 00:00:00 2001
From: Pierangelo Masarati <ando@openldap.org>
Date: Sat, 10 Sep 2005 09:56:29 +0000
Subject: [PATCH] improved authz_backend detection for internal databases
 (ITS#4018)

---
 servers/slapd/back-ldap/bind.c | 10 +++-------
 servers/slapd/bind.c           |  2 ++
 servers/slapd/slap.h           |  8 ++++++++
 3 files changed, 13 insertions(+), 7 deletions(-)

diff --git a/servers/slapd/back-ldap/bind.c b/servers/slapd/back-ldap/bind.c
index e94fc9c483..0df5202bed 100644
--- a/servers/slapd/back-ldap/bind.c
+++ b/servers/slapd/back-ldap/bind.c
@@ -451,11 +451,7 @@ ldap_back_getconn( Operation *op, SlapReply *rs, ldap_back_send_t sendok )
 	/* Searches for a ldapconn in the avl tree */
 
 	/* Explicit binds must not be shared */
-	if ( op->o_tag == LDAP_REQ_BIND
-		|| ( op->o_conn
-			&& op->o_conn->c_authz_backend
-			&& op->o_bd->be_private == op->o_conn->c_authz_backend->be_private ) )
-	{
+	if ( op->o_tag == LDAP_REQ_BIND || SLAP_IS_AUTHZ_BACKEND( op ) ) {
 		lc_curr.lc_conn = op->o_conn;
 
 	} else {
@@ -513,8 +509,8 @@ ldap_back_getconn( Operation *op, SlapReply *rs, ldap_back_send_t sendok )
 		} else {
 			BER_BVZERO( &lc->lc_cred );
 			BER_BVZERO( &lc->lc_bound_ndn );
-			if ( op->o_conn && !BER_BVISEMPTY( &op->o_ndn )
-				&& op->o_bd->be_private == op->o_conn->c_authz_backend->be_private )
+			if ( !BER_BVISEMPTY( &op->o_ndn )
+				&& SLAP_IS_AUTHZ_BACKEND( op ) )
 			{
 				ber_dupbv( &lc->lc_bound_ndn, &op->o_ndn );
 			}
diff --git a/servers/slapd/bind.c b/servers/slapd/bind.c
index 73699edf1d..aa5c58af0a 100644
--- a/servers/slapd/bind.c
+++ b/servers/slapd/bind.c
@@ -452,6 +452,8 @@ fe_op_bind( Operation *op, SlapReply *rs )
 	}
 
 	if( op->o_bd->be_bind ) {
+		op->o_conn->c_authz_cookie = NULL;
+
 		rs->sr_err = (op->o_bd->be_bind)( op, rs );
 
 		if ( rs->sr_err == 0 ) {
diff --git a/servers/slapd/slap.h b/servers/slapd/slap.h
index 4a20dc3903..bf02fa3666 100644
--- a/servers/slapd/slap.h
+++ b/servers/slapd/slap.h
@@ -2621,6 +2621,14 @@ typedef struct slap_conn {
 
 	/* authorization backend */
 	Backend *c_authz_backend;
+	void	*c_authz_cookie;
+#define SLAP_IS_AUTHZ_BACKEND( op )	\
+	( (op)->o_bd != NULL \
+		&& (op)->o_bd->be_private != NULL \
+		&& (op)->o_conn != NULL \
+		&& (op)->o_conn->c_authz_backend != NULL \
+		&& ( (op)->o_bd->be_private == (op)->o_conn->c_authz_backend->be_private \
+			|| (op)->o_bd->be_private == (op)->o_conn->c_authz_cookie ) )
 
 	AuthorizationInformation c_authz;
 
-- 
2.39.5