[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: slapd exits on processing malformed saslAuthzTo attribute (ITS#3077)

To: openldap-its@OpenLDAP.org
Subject: Re: slapd exits on processing malformed saslAuthzTo attribute (ITS#3077)
From: ando@sys-net.it
Date: Tue, 13 Apr 2004 07:35:14 GMT

> Full_Name: Michael Glasson
> Version: 2.2.7
> OS: Linux
> URL: ftp://ftp.openldap.org/incoming/
> Submission from: (NULL) (165.12.252.12)
>
>
> slapd exits when processing a saslAuthzTo attribute which is not
> formatted correctly.
>
> A saslAuthzTo like "uid=mg,ou=person,dc=mynym,dc=net" is processed as
> you would expect, allowing the authentication id to authorize as the
> target entry.
>
> A saslAuthzTo like "dn.regex:uid=.*,ou=person,dc=mynym,dc=net" is also
> processed as you would expect, allowing the authentication id to
> authorize as an entry in the target subtree.
>
> A saslAuthzTo like "dn.subtree:ou=person,dc=mynym,dc=net" causes slapd
> to exit immediately.
>
> I understand that saslAuthzTo entries of forms other than "dn.regex:..."
> may not be supported, but I do not imagine that slapd should die when it
> processes an unsupported saslAuthzTo.

... or please try this patch and see if it works.

diff -u -r1.88.2.10 saslauthz.c
--- saslauthz.c 22 Mar 2004 17:33:28 -0000      1.88.2.10
+++ saslauthz.c 13 Apr 2004 07:34:20 -0000
@@ -663,6 +798,7 @@

                        if ( bv.bv_val[ -1 ] == ',' && dn_match(
&op.o_req_ndn, &bv ) ) {
                                switch ( op.oq_search.rs_scope ) {
+                               case LDAP_X_SCOPE_SUBTREE:
                                case LDAP_X_SCOPE_CHILDREN:
                                        rc = LDAP_SUCCESS;
                                        break;


-- 
Pierangelo Masarati
mailto:pierangelo.masarati@sys-net.it

Prev by Date: Re: slapd exits on processing malformed saslAuthzTo attribute (ITS#3077)
Next by Date: limits directive broken in 2.2.8 (ITS#3078)
Index(es):
- Chronological
- Thread