not sure that cyrus-sasl doesn't honor empty authz; need to check

This commit is contained in:
Pierangelo Masarati 2004-06-20 23:21:40 +00:00
parent 4f593f55a6
commit eca48b6f20

View File

@ -464,8 +464,6 @@ ldap_back_dobind( struct ldapconn *lc, Operation *op, SlapReply *rs )
case LDAP_BACK_IDASSERT_SELF: case LDAP_BACK_IDASSERT_SELF:
if ( BER_BVISNULL( &op->o_conn->c_dn ) ) { if ( BER_BVISNULL( &op->o_conn->c_dn ) ) {
/* connection is not authc'd, so don't idassert */ /* connection is not authc'd, so don't idassert */
/* FIXME: cyrus-sasl doesn't honor empty authzID!
* i.e. NULL is equivalent to ""! */
break; break;
} }
authzID.bv_len = STRLENOF( "dn:" ) + op->o_conn->c_dn.bv_len; authzID.bv_len = STRLENOF( "dn:" ) + op->o_conn->c_dn.bv_len;
@ -835,9 +833,6 @@ ldap_back_proxy_authz_ctrl(
case LDAP_BACK_IDASSERT_SELF: case LDAP_BACK_IDASSERT_SELF:
/* original behavior: /* original behavior:
* assert the client's identity */ * assert the client's identity */
/* FIXME: we may get here if binding anonymously,
* because cyrus sasl doesn't honor empty (i.e. "")
* authzID */
assertedID = BER_BVISNULL( &op->o_conn->c_dn ) ? slap_empty_bv : op->o_conn->c_dn; assertedID = BER_BVISNULL( &op->o_conn->c_dn ) ? slap_empty_bv : op->o_conn->c_dn;
break; break;