From 37df43786bbb1918e28f3fb0117e58dd9d96cd1c Mon Sep 17 00:00:00 2001
From: Howard Chu <hyc@openldap.org>
Date: Wed, 29 Aug 2018 01:13:05 +0100
Subject: [PATCH] ITS#8909 fix "authz-policy all" condition

Broken since original commit 113727ba
---
 servers/slapd/saslauthz.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/servers/slapd/saslauthz.c b/servers/slapd/saslauthz.c
index e1ea0a1e9e..e4a74ea7fd 100644
--- a/servers/slapd/saslauthz.c
+++ b/servers/slapd/saslauthz.c
@@ -2074,7 +2074,7 @@ int slap_sasl_authorized( Operation *op,
 	if( authz_policy & SASL_AUTHZ_TO ) {
 		rc = slap_sasl_check_authz( op, authcDN, authzDN,
 			slap_schema.si_ad_saslAuthzTo, authcDN );
-		if( rc == LDAP_SUCCESS && !(authz_policy & SASL_AUTHZ_AND) ) {
+		if(( rc == LDAP_SUCCESS ) ^ (( authz_policy & SASL_AUTHZ_AND) != 0)) {
 			goto DONE;
 		}
 	}
-- 
2.47.2