ITS#6518 When using proxyauthz, replace existing control - (async)meta

diff --git a/servers/slapd/back-asyncmeta/bind.c b/servers/slapd/back-asyncmeta/bind.c
index 9a5c0eeee492507110758f8b691cc6a6d39a9021..a7d266ddebed422a60bc3563a4d6764471ef3693 100644 (file)
--- a/servers/slapd/back-asyncmeta/bind.c
+++ b/servers/slapd/back-asyncmeta/bind.c
@@ -1258,7 +1258,7 @@ asyncmeta_controls_add( Operation *op,
        LDAPControl             **ctrls = NULL;
        /* set to the maximum number of controls this backend can add */
        LDAPControl             c[ 2 ] = {{ 0 }};
-       int                     n = 0, i, j1 = 0, j2 = 0;
+       int                     n = 0, i, j1 = 0, j2 = 0, skipped = 0;
 
        *pctrls = NULL;
 
@@ -1344,12 +1344,21 @@ asyncmeta_controls_add( Operation *op,
 
        i = 0;
        if ( op->o_ctrls ) {
+               LDAPControl *proxyauthz = ldap_control_find(
+                               LDAP_CONTROL_PROXY_AUTHZ, op->o_ctrls, NULL );
+
                for ( i = 0; op->o_ctrls[ i ]; i++ ) {
-                       ctrls[ i + j1 ] = op->o_ctrls[ i ];
+                       if ( proxyauthz && proxyauthz == op->o_ctrls[ i ] ) {
+                               /* Frontend has already checked only one is present */
+                               assert( skipped == 0 );
+                               skipped++;
+                               continue;
+                       }
+                       ctrls[ i + j1 - skipped ] = op->o_ctrls[ i ];
                }
        }
 
-       n += j1;
+       n += j1 - skipped;
        if ( j2 ) {
                ctrls[ n ] = (LDAPControl *)&ctrls[ n + j2 + 1 ] + j1;
                *ctrls[ n ] = c[ j1 ];

diff --git a/servers/slapd/back-meta/bind.c b/servers/slapd/back-meta/bind.c
index d2d70656f68bef46c52d3f52cc1fbee20415ef9e..235deb9582f54d22f82de48992dbde2faf39c397 100644 (file)
--- a/servers/slapd/back-meta/bind.c
+++ b/servers/slapd/back-meta/bind.c
@@ -1633,7 +1633,7 @@ meta_back_controls_add(
        LDAPControl             **ctrls = NULL;
        /* set to the maximum number of controls this backend can add */
        LDAPControl             c[ 2 ] = {{ 0 }};
-       int                     n = 0, i, j1 = 0, j2 = 0;
+       int                     n = 0, i, j1 = 0, j2 = 0, skipped = 0;
 
        *pctrls = NULL;
 
@@ -1719,12 +1719,21 @@ meta_back_controls_add(
 
        i = 0;
        if ( op->o_ctrls ) {
+               LDAPControl *proxyauthz = ldap_control_find(
+                               LDAP_CONTROL_PROXY_AUTHZ, op->o_ctrls, NULL );
+
                for ( i = 0; op->o_ctrls[ i ]; i++ ) {
-                       ctrls[ i + j1 ] = op->o_ctrls[ i ];
+                       if ( proxyauthz && proxyauthz == op->o_ctrls[ i ] ) {
+                               /* Frontend has already checked only one is present */
+                               assert( skipped == 0 );
+                               skipped++;
+                               continue;
+                       }
+                       ctrls[ i + j1 - skipped ] = op->o_ctrls[ i ];
                }
        }
 
-       n += j1;
+       n += j1 - skipped;
        if ( j2 ) {
                ctrls[ n ] = (LDAPControl *)&ctrls[ n + j2 + 1 ] + j1;
                *ctrls[ n ] = c[ j1 ];