[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
RE: slapd exits on processing malformed saslAuthzTo attribute (ITS#3077)
Thank you for this. Following the installation of your patch, a
saslAuthzTo like "dn.subtree:ou=person,dc=mynym,dc=net" is processed as
I would expect. For me, this issue is resolved.
-----Original Message-----
From: Pierangelo Masarati [mailto:ando@sys-net.it]
Sent: Tuesday, 13 April 2004 5:35 PM
To: mg@netspeed.com.au
Cc: openldap-its@OpenLDAP.org
Subject: Re: slapd exits on processing malformed saslAuthzTo attribute
(ITS#3077)
> Full_Name: Michael Glasson
> Version: 2.2.7
> OS: Linux
> URL: ftp://ftp.openldap.org/incoming/
> Submission from: (NULL) (165.12.252.12)
>
>
> slapd exits when processing a saslAuthzTo attribute which is not
> formatted correctly.
>
> A saslAuthzTo like "uid=mg,ou=person,dc=mynym,dc=net" is processed as
> you would expect, allowing the authentication id to authorize as the
> target entry.
>
> A saslAuthzTo like "dn.regex:uid=.*,ou=person,dc=mynym,dc=net" is also
> processed as you would expect, allowing the authentication id to
> authorize as an entry in the target subtree.
>
> A saslAuthzTo like "dn.subtree:ou=person,dc=mynym,dc=net" causes slapd
> to exit immediately.
>
> I understand that saslAuthzTo entries of forms other than
> "dn.regex:..." may not be supported, but I do not imagine that slapd
> should die when it processes an unsupported saslAuthzTo.
.. or please try this patch and see if it works.
diff -u -r1.88.2.10 saslauthz.c
--- saslauthz.c 22 Mar 2004 17:33:28 -0000 1.88.2.10
+++ saslauthz.c 13 Apr 2004 07:34:20 -0000
@@ -663,6 +798,7 @@
if ( bv.bv_val[ -1 ] == ',' && dn_match(
&op.o_req_ndn, &bv ) ) {
switch ( op.oq_search.rs_scope ) {
+ case LDAP_X_SCOPE_SUBTREE:
case LDAP_X_SCOPE_CHILDREN:
rc = LDAP_SUCCESS;
break;
--
Pierangelo Masarati
mailto:pierangelo.masarati@sys-net.it