Skip to content
Snippets Groups Projects
Commit bc972e06 authored by Pierangelo Masarati's avatar Pierangelo Masarati
Browse files

allow 'AUTHZ' mech in proxyAuthz control to allow also the <mech> part of the 'u:' user

parent 74443523
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
servers/slapd/controls.c
+ 3
1
View file @ bc972e06
......@@ -761,7 +761,9 @@ static int parseProxyAuthz (
rc = slap_parse_user( &id, &user, &realm, &mech );
if ( rc == LDAP_SUCCESS ) {
if ( mech.bv_len ) {
struct berval authz = BER_BVC( "AUTHZ" );
if ( mech.bv_len && !bvmatch( &mech, &authz) ) {
rs->sr_text = "mech not allowed in authzId";
return LDAP_PROXY_AUTHZ_FAILURE;
}
......
servers/slapd/saslauthz.c
+ 3
1
View file @ bc972e06
......@@ -131,9 +131,11 @@ int slap_parse_user( struct berval *id, struct berval *user,
mech->bv_val[ 0 ] = '\0';
mech->bv_val++;
realm->bv_val = strchr( id->bv_val, '/' );
realm->bv_val = strchr( mech->bv_val, '/' );
if ( realm->bv_val ) {
realm->bv_val[ 0 ] = '\0';
realm->bv_val++;
mech->bv_len = realm->bv_val - mech->bv_val - 1;
realm->bv_len = user->bv_val - realm->bv_val - 1;
} else {
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment