[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#8909) "authz-policy all" works as "authz-policy any", possibly yielding unauthorized access

To: openldap-its@OpenLDAP.org
Subject: Re: (ITS#8909) "authz-policy all" works as "authz-policy any", possibly yielding unauthorized access
From: guilhem@fripost.org
Date: Wed, 29 Aug 2018 00:45:30 +0000
Auto-submitted: auto-generated (OpenLDAP-ITS)

On Wed, 29 Aug 2018 at 01:14:51 +0100, Howard Chu wrote:
> Thanks for the report. Looks like this has been present since commit
> 113727ba.  Fixed now in git master

Thanks for the quick fix!  Not sure why rc's value is preserved here but
set to LDAP_INAPPROPRIATE_AUTH in all other failing cases, though.  But
that doesn't seem to matter beside debug logs now showing a return value
other than 48, disclosing the actual reason of the failure; for instance

    <== slap_sasl_authorized: return 16
    SASL Proxy Authorize [conn=1022]: proxy authorization disallowed (16)

for a missing authTo under authz-policy "all".

-- 
Guilhem.

Prev by Date: Re: (ITS#8906) Fail to download package in yocto project
Next by Date: Re: (ITS#8909) "authz-policy all" works as "authz-policy any", possibly yielding unauthorized access
Index(es):
- Chronological
- Thread