Fix SASL layering bug

author Kurt Zeilenga <kurt@openldap.org>

Wed, 11 Oct 2000 04:51:08 +0000 (04:51 +0000)

committer Kurt Zeilenga <kurt@openldap.org>

Wed, 11 Oct 2000 04:51:08 +0000 (04:51 +0000)
author Kurt Zeilenga <kurt@openldap.org>
Wed, 11 Oct 2000 04:51:08 +0000 (04:51 +0000)
committer Kurt Zeilenga <kurt@openldap.org>
Wed, 11 Oct 2000 04:51:08 +0000 (04:51 +0000)
diff --git a/CHANGES b/CHANGES

index aee75807db032411bda6ded31dcad40efd0f08a7..5253b965badd0643d040319067e79014c02665bd 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -3,6 +3,7 @@ OpenLDAP 2.0 Change Log
  OpenLDAP 2.0.X Engineering
         Fixed slapd spasswd mutex bug
         Fixed slapd ACL nameuid bug
+       Fixed slapd SASL layerring bug
         Updated -lldap SASL error reporting
         Updated -lldap TLS error reporting
         Updated slapadd error reporting
diff --git a/servers/slapd/bind.c b/servers/slapd/bind.c

index 4d96e0431efc685f3020e22762a0880268f10b28..ade43afd81078033f4886139309bef65c3b41e1f 100644 (file)
--- a/servers/slapd/bind.c
+++ b/servers/slapd/bind.c
@@ -235,7 +235,6 @@ do_bind(
                         ldap_pvt_thread_mutex_lock( &conn->c_mutex );
                         conn->c_dn = edn;
                         conn->c_authmech = mech;
-                       if( ssf ) conn->c_sasl_layers++;
                         conn->c_sasl_ssf = ssf;
                         if( ssf > conn->c_ssf ) {
                                 conn->c_ssf = ssf;
diff --git a/servers/slapd/sasl.c b/servers/slapd/sasl.c

index 97470532ef14bc932eec06b8cd4037cfc6c30141..38d741eae92b958446fc444add36f45875216908 100644 (file)
--- a/servers/slapd/sasl.c
+++ b/servers/slapd/sasl.c
@@ -95,8 +95,16 @@ slap_sasl_authorize(
                 authzid ? authzid : "<empty>" );
  
         if ( authzid == NULL || *authzid == '\0' ||
+               ( authzid[0] == 'u' && authzid[1] == ':' &&
+                       strcmp( authcid, &authzid[2] ) == 0 ) ||
                 strcmp( authcid, authzid ) == 0 )
         {
+               /* authzid is:
+                *              empty
+                *              u:authcid
+                *              authcid
+                */
+
                 char* cuser;
                 size_t len = sizeof("u:") + strlen( authcid );
  
@@ -485,6 +493,12 @@ int slap_sasl_bind(
                         }
  
                         if( rc == LDAP_SUCCESS ) {
+                               if( ssf ) {
+                                       ldap_pvt_thread_mutex_lock( &conn->c_mutex );
+                                       conn->c_sasl_layers++;
+                                       ldap_pvt_thread_mutex_unlock( &conn->c_mutex );
+                               }
+
                                 send_ldap_sasl( conn, op, rc,
                                         NULL, NULL, NULL, NULL,
                                         response.bv_len ? &response : NULL );
author	Kurt Zeilenga <kurt@openldap.org>
	Wed, 11 Oct 2000 04:51:08 +0000 (04:51 +0000)
committer	Kurt Zeilenga <kurt@openldap.org>
	Wed, 11 Oct 2000 04:51:08 +0000 (04:51 +0000)
CHANGES		patch \| blob \| blame \| history
servers/slapd/bind.c		patch \| blob \| blame \| history
servers/slapd/sasl.c		patch \| blob \| blame \| history