From 5c527bc49e5d547e7f092e45d42baf6cb1ae89ae Mon Sep 17 00:00:00 2001
From: Howard Chu <hyc@openldap.org>
Date: Wed, 3 Mar 2010 19:30:58 +0000
Subject: [PATCH] Fix compare checking in pam_authz

---
 contrib/slapd-modules/nssov/pam.c | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/contrib/slapd-modules/nssov/pam.c b/contrib/slapd-modules/nssov/pam.c
index bd6223ef49..a00d418cd7 100644
--- a/contrib/slapd-modules/nssov/pam.c
+++ b/contrib/slapd-modules/nssov/pam.c
@@ -253,6 +253,13 @@ static struct berval svcmsg =
 static struct berval uidmsg =
 	BER_BVC("Access denied by UID check");
 
+static int pam_compare_cb(Operation *op, SlapReply *rs)
+{
+	if (rs->sr_err == LDAP_COMPARE_TRUE)
+		op->o_callback->sc_private = (void *)1;
+	return LDAP_SUCCESS;
+}
+
 int pam_authz(nssov_info *ni,TFILE *fp,Operation *op)
 {
 	struct berval dn, uid, svc, ruser, rhost, tty;
@@ -352,7 +359,7 @@ int pam_authz(nssov_info *ni,TFILE *fp,Operation *op)
 			}
 		}
 
-		cb.sc_response = slap_null_cb;
+		cb.sc_response = pam_compare_cb;
 		cb.sc_private = NULL;
 		op->o_tag = LDAP_REQ_COMPARE;
 		op->o_req_dn = hostdn;
@@ -361,7 +368,7 @@ int pam_authz(nssov_info *ni,TFILE *fp,Operation *op)
 		ava.aa_value = svc;
 		op->orc_ava = &ava;
 		rc = op->o_bd->be_compare( op, &rs );
-		if ( rs.sr_err != LDAP_COMPARE_TRUE ) {
+		if ( cb.sc_private == NULL ) {
 			authzmsg = svcmsg;
 			rc = NSLCD_PAM_PERM_DENIED;
 			goto finish;
-- 
GitLab