upstream/openldap
1
0
Fork 0
mirror of https://git.openldap.org/openldap/openldap.git synced 2026-01-16 03:44:58 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

allow 'AUTHZ' mech in proxyAuthz control to allow also the <mech> part of the 'u:' user

Browse source
This commit is contained in:
Pierangelo Masarati 2003-12-15 18:19:14 +00:00
parent 7444352358
commit bc972e0656
2 changed files with 6 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
servers/slapd/controls.c
View file

@ -761,7 +761,9 @@ static int parseProxyAuthz (
rc = slap_parse_user( &id, &user, &realm, &mech );
if ( rc == LDAP_SUCCESS ) {
if ( mech.bv_len ) {
struct berval authz = BER_BVC( "AUTHZ" );
if ( mech.bv_len && !bvmatch( &mech, &authz) ) {
rs->sr_text = "mech not allowed in authzId";
return LDAP_PROXY_AUTHZ_FAILURE;
}

4
servers/slapd/saslauthz.c
View file

@ -131,9 +131,11 @@ int slap_parse_user( struct berval *id, struct berval *user,
mech->bv_val[ 0 ] = '\0';
mech->bv_val++;
realm->bv_val = strchr( id->bv_val, '/' );
realm->bv_val = strchr( mech->bv_val, '/' );
if ( realm->bv_val ) {
realm->bv_val[ 0 ] = '\0';
realm->bv_val++;
mech->bv_len = realm->bv_val - mech->bv_val - 1;
realm->bv_len = user->bv_val - realm->bv_val - 1;
} else {