From: Pierangelo Masarati <ando@openldap.org>
Date: Mon, 19 Mar 2007 15:52:17 +0000 (+0000)
Subject: Fix issue with unauthorized idassert and DN rewrite
X-Git-Tag: OPENLDAP_REL_ENG_2_3_35~32
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=d4e690e0028d47521b0429a3090261e6c8794856;p=thirdparty%2Fopenldap.git

Fix issue with unauthorized idassert and DN rewrite
---

diff --git a/CHANGES b/CHANGES
index f5c0276503..a52ea58741 100644
--- a/CHANGES
+++ b/CHANGES
@@ -6,6 +6,7 @@ OpenLDAP 2.3.35 Engineering
 	Fixed zero-length IA5string handling (ITS#4823)
 	Fixed slapd-bdb/hdb startup with missing shm env (ITS#4851)
 	Fixed slapd-ldap/meta consistency in referral proxying (ITS#4861)
+	Fixed slapd-ldap bind cleanup in case of unauthorized idassert
 	Fixed slapd-meta search cleanup
 	Fixed slapd-meta/slapo-rwm filter mapping
 	Fixed slapd-sql subtree shortcut (ITS#4856)
diff --git a/servers/slapd/back-ldap/bind.c b/servers/slapd/back-ldap/bind.c
index d4bb36ab8b..d0ade05649 100644
--- a/servers/slapd/back-ldap/bind.c
+++ b/servers/slapd/back-ldap/bind.c
@@ -760,13 +760,13 @@ ldap_back_getconn(
 			op->o_ndn = op->o_req_ndn;
 		}
 		isproxyauthz = ldap_back_is_proxy_authz( op, rs, sendok, binddn, bindcred );
-		if ( isproxyauthz == -1 ) {
-			return NULL;
-		}
 		if ( op->o_tag == LDAP_REQ_BIND ) {
 			op->o_dn = save_o_dn;
 			op->o_ndn = save_o_ndn;
 		}
+		if ( isproxyauthz == -1 ) {
+			return NULL;
+		}
 
 		lc_curr.lc_local_ndn = op->o_ndn;
 		/* Explicit binds must not be shared;