Commit 2d9b6798 authored by Pierangelo Masarati's avatar Pierangelo Masarati
Browse files

import fix to ITS#4798

parent 2001352b
......@@ -5,6 +5,7 @@ OpenLDAP 2.3.33 Engineering
Fixed slapd-ldap chase-referrals switch (ITS#4557)
Fixed slapd-ldap bind behavior when idassert is always used (ITS#4781)
Fixed slapd-ldap response handling bugs (ITS#4782)
Fixed slapd-ldap idassert mode=self anonymous ops (ITS#4798)
Fixed slapd-ldap/meta privileged connections handling (ITS#4791)
Fixed slapd-meta retrying (ITS#4594, 4762)
Fixed slapo-chain referral DN use (ITS#4776)
......
......@@ -2131,6 +2131,7 @@ ldap_back_proxy_authz_ctrl(
slap_idassert_mode_t mode;
struct berval assertedID,
ndn;
int isroot = 0;
*pctrls = NULL;
......@@ -2160,7 +2161,7 @@ ldap_back_proxy_authz_ctrl(
goto done;
}
if ( !op->o_conn || op->o_do_not_cache || be_isroot( op ) ) {
if ( !op->o_conn || op->o_do_not_cache || ( isroot = be_isroot( op ) ) ) {
goto done;
}
......@@ -2212,7 +2213,7 @@ ldap_back_proxy_authz_ctrl(
goto done;
}
} else if ( si->si_authz && !be_isroot( op ) ) {
} else if ( si->si_authz && !isroot ) {
int rc;
struct berval authcDN;
......@@ -2263,21 +2264,11 @@ ldap_back_proxy_authz_ctrl(
}
switch ( mode ) {
case LDAP_BACK_IDASSERT_SELF:
if ( BER_BVISNULL( &ndn ) ) {
goto done;
}
assertedID = ndn;
break;
case LDAP_BACK_IDASSERT_LEGACY:
/* original behavior:
* assert the client's identity */
if ( BER_BVISNULL( &ndn ) ) {
assertedID = slap_empty_bv;
} else {
assertedID = ndn;
}
case LDAP_BACK_IDASSERT_SELF:
assertedID = ndn;
break;
case LDAP_BACK_IDASSERT_ANONYMOUS:
......@@ -2299,6 +2290,7 @@ ldap_back_proxy_authz_ctrl(
assert( 0 );
}
/* if we got here, "" is allowed to proxyAuthz */
if ( BER_BVISNULL( &assertedID ) ) {
assertedID = slap_empty_bv;
}
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment