ITS#6518 Only remove proxyauthz control if we generated one ourselves

author Ondřej Kuzník <ondra@mistotebe.net>

Mon, 1 Feb 2021 17:22:35 +0000 (17:22 +0000)

committer Ondřej Kuzník <ondra@mistotebe.net>

Mon, 1 Feb 2021 17:22:35 +0000 (17:22 +0000)
author Ondřej Kuzník <ondra@mistotebe.net>
Mon, 1 Feb 2021 17:22:35 +0000 (17:22 +0000)
committer Ondřej Kuzník <ondra@mistotebe.net>
Mon, 1 Feb 2021 17:22:35 +0000 (17:22 +0000)
diff --git a/servers/slapd/back-asyncmeta/bind.c b/servers/slapd/back-asyncmeta/bind.c

index a7d266ddebed422a60bc3563a4d6764471ef3693..35e0d36778e4ee9e0448db8a6a5e866c88b842d1 100644 (file)
--- a/servers/slapd/back-asyncmeta/bind.c
+++ b/servers/slapd/back-asyncmeta/bind.c
@@ -1348,7 +1348,8 @@ asyncmeta_controls_add( Operation *op,
                                 LDAP_CONTROL_PROXY_AUTHZ, op->o_ctrls, NULL );
  
                 for ( i = 0; op->o_ctrls[ i ]; i++ ) {
-                       if ( proxyauthz && proxyauthz == op->o_ctrls[ i ] ) {
+                       /* Only replace it if we generated one */
+                       if ( j1 && proxyauthz && proxyauthz == op->o_ctrls[ i ] ) {
                                 /* Frontend has already checked only one is present */
                                 assert( skipped == 0 );
                                 skipped++;
diff --git a/servers/slapd/back-ldap/bind.c b/servers/slapd/back-ldap/bind.c

index b948dc37b62e35d512a7fb409f7fd449cd3ac1f0..9e9b0cce876f89390423da7dcf3631c52aeb8a36 100644 (file)
--- a/servers/slapd/back-ldap/bind.c
+++ b/servers/slapd/back-ldap/bind.c
@@ -2897,7 +2897,8 @@ ldap_back_controls_add(
                                 LDAP_CONTROL_PROXY_AUTHZ, op->o_ctrls, NULL );
  
                 for ( i = 0; op->o_ctrls[ i ]; i++ ) {
-                       if ( proxyauthz && proxyauthz == op->o_ctrls[ i ] ) {
+                       /* Only replace it if we generated one */
+                       if ( j1 && proxyauthz && proxyauthz == op->o_ctrls[ i ] ) {
                                 /* Frontend has already checked only one is present */
                                 assert( skipped == 0 );
                                 skipped++;
diff --git a/servers/slapd/back-meta/bind.c b/servers/slapd/back-meta/bind.c

index 235deb9582f54d22f82de48992dbde2faf39c397..4f8f65668ede47fabb90e2eef26d854877bbe5be 100644 (file)
--- a/servers/slapd/back-meta/bind.c
+++ b/servers/slapd/back-meta/bind.c
@@ -1723,7 +1723,8 @@ meta_back_controls_add(
                                 LDAP_CONTROL_PROXY_AUTHZ, op->o_ctrls, NULL );
  
                 for ( i = 0; op->o_ctrls[ i ]; i++ ) {
-                       if ( proxyauthz && proxyauthz == op->o_ctrls[ i ] ) {
+                       /* Only replace it if we generated one */
+                       if ( j1 && proxyauthz && proxyauthz == op->o_ctrls[ i ] ) {
                                 /* Frontend has already checked only one is present */
                                 assert( skipped == 0 );
                                 skipped++;
author	Ondřej Kuzník <ondra@mistotebe.net>
	Mon, 1 Feb 2021 17:22:35 +0000 (17:22 +0000)
committer	Ondřej Kuzník <ondra@mistotebe.net>
	Mon, 1 Feb 2021 17:22:35 +0000 (17:22 +0000)
servers/slapd/back-asyncmeta/bind.c		patch \| blob \| blame \| history
servers/slapd/back-ldap/bind.c		patch \| blob \| blame \| history
servers/slapd/back-meta/bind.c		patch \| blob \| blame \| history