Commit f120d0e4 authored by Howard Chu's avatar Howard Chu Committed by Quanah Gibson-Mount
Browse files

ITS#9038 restrict rootDN proxyauthz to its own DBs.

Treat as normal user for any other DB.
parent 271d3336
...@@ -2062,12 +2062,13 @@ int slap_sasl_authorized( Operation *op, ...@@ -2062,12 +2062,13 @@ int slap_sasl_authorized( Operation *op,
goto DONE; goto DONE;
} }
/* Allow the manager to authorize as any DN. */ /* Allow the manager to authorize as any DN in its own DBs. */
if( op->o_conn->c_authz_backend &&
be_isroot_dn( op->o_conn->c_authz_backend, authcDN ))
{ {
rc = LDAP_SUCCESS; Backend *zbe = select_backend( authzDN, 1 );
goto DONE; if ( zbe && be_isroot_dn( zbe, authcDN )) {
rc = LDAP_SUCCESS;
goto DONE;
}
} }
/* Check source rules */ /* Check source rules */
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment