diff --git a/servers/slapd/sasl.c b/servers/slapd/sasl.c index fd4b04cdbc..484300bf6f 100644 --- a/servers/slapd/sasl.c +++ b/servers/slapd/sasl.c @@ -173,8 +173,7 @@ sasl_ap_lookup( Operation *op, SlapReply *rs ) Attribute *a; const char *text; int rc, i; - slap_callback *tmp = op->o_callback; - lookup_info *sl = tmp->sc_private; + lookup_info *sl = (lookup_info *)op->o_callback->sc_private; if (rs->sr_type != REP_SEARCH) return 0; @@ -222,9 +221,9 @@ sasl_ap_lookup( Operation *op, SlapReply *rs ) for ( bv = a->a_vals; bv->bv_val; bv++ ) { /* ITS#3846 don't give hashed passwords to SASL */ if ( ad == slap_schema.si_ad_userPassword && - bv->bv_val[0] == '{' ) { - rc = lutil_passwd_scheme( bv->bv_val ); - if ( rc ) { + bv->bv_val[0] == '{' /*}*/ ) + { + if ( lutil_passwd_scheme( bv->bv_val ) ) { /* If it's not a recognized scheme, just assume it's * a cleartext password that happened to include brackets. * @@ -234,11 +233,10 @@ sasl_ap_lookup( Operation *op, SlapReply *rs ) * past the scheme name, skip this value. */ #ifdef SLAPD_CLEARTEXT - if ( !strncasecmp( bv->bv_val, sc_cleartext.bv_val, - sc_cleartext.bv_len )) { + if ( !ber_bvstrcasecmp( bv, &sc_cleartext ) ) { struct berval cbv; cbv.bv_len = bv->bv_len - sc_cleartext.bv_len; - if ( cbv.bv_len ) { + if ( cbv.bv_len > 0 ) { cbv.bv_val = bv->bv_val + sc_cleartext.bv_len; sl->sparams->utils->prop_set( sl->sparams->propctx, sl->list[i].name, cbv.bv_val, cbv.bv_len ); @@ -372,6 +370,7 @@ slap_auxprop_lookup( SlapReply rs = {REP_RESULT}; op.o_hdr = conn->c_sasl_bindop->o_hdr; op.o_tag = LDAP_REQ_SEARCH; + op.o_dn = conn->c_ndn; op.o_ndn = conn->c_ndn; op.o_callback = &cb; slap_op_time( &op.o_time, &op.o_tincr );