From: Kurt Zeilenga <kurt@openldap.org>
Date: Wed, 11 Oct 2000 04:51:08 +0000 (+0000)
Subject: Fix SASL layering bug
X-Git-Tag: OPENLDAP_REL_ENG_2_0_7~62
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=94c6bdf42a9e4f3cea0c456a86732aa0bc405b85;p=thirdparty%2Fopenldap.git

Fix SASL layering bug
---

diff --git a/CHANGES b/CHANGES
index aee75807db..5253b965ba 100644
--- a/CHANGES
+++ b/CHANGES
@@ -3,6 +3,7 @@ OpenLDAP 2.0 Change Log
 OpenLDAP 2.0.X Engineering
 	Fixed slapd spasswd mutex bug
 	Fixed slapd ACL nameuid bug
+	Fixed slapd SASL layerring bug
 	Updated -lldap SASL error reporting
 	Updated -lldap TLS error reporting
 	Updated slapadd error reporting
diff --git a/servers/slapd/bind.c b/servers/slapd/bind.c
index 4d96e0431e..ade43afd81 100644
--- a/servers/slapd/bind.c
+++ b/servers/slapd/bind.c
@@ -235,7 +235,6 @@ do_bind(
 			ldap_pvt_thread_mutex_lock( &conn->c_mutex );
 			conn->c_dn = edn;
 			conn->c_authmech = mech;
-			if( ssf ) conn->c_sasl_layers++;
 			conn->c_sasl_ssf = ssf;
 			if( ssf > conn->c_ssf ) {
 				conn->c_ssf = ssf;
diff --git a/servers/slapd/sasl.c b/servers/slapd/sasl.c
index 97470532ef..38d741eae9 100644
--- a/servers/slapd/sasl.c
+++ b/servers/slapd/sasl.c
@@ -95,8 +95,16 @@ slap_sasl_authorize(
 		authzid ? authzid : "<empty>" );
 
 	if ( authzid == NULL || *authzid == '\0' ||
+		( authzid[0] == 'u' && authzid[1] == ':' &&
+			strcmp( authcid, &authzid[2] ) == 0 ) ||
 		strcmp( authcid, authzid ) == 0 )
 	{
+		/* authzid is:
+		 *		empty
+		 *		u:authcid
+		 *		authcid
+		 */
+
 		char* cuser;
 		size_t len = sizeof("u:") + strlen( authcid );
 
@@ -485,6 +493,12 @@ int slap_sasl_bind(
 			}
 
 			if( rc == LDAP_SUCCESS ) {
+				if( ssf ) {
+					ldap_pvt_thread_mutex_lock( &conn->c_mutex );
+					conn->c_sasl_layers++;
+					ldap_pvt_thread_mutex_unlock( &conn->c_mutex );
+				}
+
 				send_ldap_sasl( conn, op, rc,
 					NULL, NULL, NULL, NULL,
 					response.bv_len ? &response : NULL );