From ac70b01bc461fed94e3e7c515084d9e12bf23350 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ond=C5=99ej=20Kuzn=C3=ADk?= Date: Mon, 1 Feb 2021 16:40:02 +0000 Subject: [PATCH] ITS#6518 When using proxyauthz, replace existing control - (async)meta --- servers/slapd/back-asyncmeta/bind.c | 15 ++++++++++++--- servers/slapd/back-meta/bind.c | 15 ++++++++++++--- 2 files changed, 24 insertions(+), 6 deletions(-) diff --git a/servers/slapd/back-asyncmeta/bind.c b/servers/slapd/back-asyncmeta/bind.c index 9a5c0eeee4..a7d266ddeb 100644 --- a/servers/slapd/back-asyncmeta/bind.c +++ b/servers/slapd/back-asyncmeta/bind.c @@ -1258,7 +1258,7 @@ asyncmeta_controls_add( Operation *op, LDAPControl **ctrls = NULL; /* set to the maximum number of controls this backend can add */ LDAPControl c[ 2 ] = {{ 0 }}; - int n = 0, i, j1 = 0, j2 = 0; + int n = 0, i, j1 = 0, j2 = 0, skipped = 0; *pctrls = NULL; @@ -1344,12 +1344,21 @@ asyncmeta_controls_add( Operation *op, i = 0; if ( op->o_ctrls ) { + LDAPControl *proxyauthz = ldap_control_find( + LDAP_CONTROL_PROXY_AUTHZ, op->o_ctrls, NULL ); + for ( i = 0; op->o_ctrls[ i ]; i++ ) { - ctrls[ i + j1 ] = op->o_ctrls[ i ]; + if ( proxyauthz && proxyauthz == op->o_ctrls[ i ] ) { + /* Frontend has already checked only one is present */ + assert( skipped == 0 ); + skipped++; + continue; + } + ctrls[ i + j1 - skipped ] = op->o_ctrls[ i ]; } } - n += j1; + n += j1 - skipped; if ( j2 ) { ctrls[ n ] = (LDAPControl *)&ctrls[ n + j2 + 1 ] + j1; *ctrls[ n ] = c[ j1 ]; diff --git a/servers/slapd/back-meta/bind.c b/servers/slapd/back-meta/bind.c index d2d70656f6..235deb9582 100644 --- a/servers/slapd/back-meta/bind.c +++ b/servers/slapd/back-meta/bind.c @@ -1633,7 +1633,7 @@ meta_back_controls_add( LDAPControl **ctrls = NULL; /* set to the maximum number of controls this backend can add */ LDAPControl c[ 2 ] = {{ 0 }}; - int n = 0, i, j1 = 0, j2 = 0; + int n = 0, i, j1 = 0, j2 = 0, skipped = 0; *pctrls = NULL; @@ -1719,12 +1719,21 @@ meta_back_controls_add( i = 0; if ( op->o_ctrls ) { + LDAPControl *proxyauthz = ldap_control_find( + LDAP_CONTROL_PROXY_AUTHZ, op->o_ctrls, NULL ); + for ( i = 0; op->o_ctrls[ i ]; i++ ) { - ctrls[ i + j1 ] = op->o_ctrls[ i ]; + if ( proxyauthz && proxyauthz == op->o_ctrls[ i ] ) { + /* Frontend has already checked only one is present */ + assert( skipped == 0 ); + skipped++; + continue; + } + ctrls[ i + j1 - skipped ] = op->o_ctrls[ i ]; } } - n += j1; + n += j1 - skipped; if ( j2 ) { ctrls[ n ] = (LDAPControl *)&ctrls[ n + j2 + 1 ] + j1; *ctrls[ n ] = c[ j1 ];