Index: bind.c =================================================================== RCS file: /repo/OpenLDAP/pkg/ldap/servers/slapd/bind.c,v retrieving revision 1.117 diff -u -r1.117 bind.c --- bind.c 12 Jul 2002 22:11:03 -0000 1.117 +++ bind.c 22 Jul 2002 21:50:55 -0000 @@ -296,6 +296,10 @@ /* edn is always normalized already */ ber_dupbv( &conn->c_ndn, &conn->c_dn ); } + + /* As we've changed the DN reset the group info */ + connection_resetgroups(conn); + conn->c_authmech = conn->c_sasl_bind_mech; conn->c_sasl_bind_mech.bv_val = NULL; conn->c_sasl_bind_mech.bv_len = 0; @@ -527,6 +531,8 @@ ndn.bv_val = NULL; ndn.bv_len = 0; + connection_resetgroups(conn); + if( conn->c_dn.bv_len != 0 ) { ber_len_t max = sockbuf_max_incoming; ber_sockbuf_ctrl( conn->c_sb, Index: connection.c =================================================================== RCS file: /repo/OpenLDAP/pkg/ldap/servers/slapd/connection.c,v retrieving revision 1.184 diff -u -r1.184 connection.c --- connection.c 11 Jul 2002 18:33:28 -0000 1.184 +++ connection.c 22 Jul 2002 21:51:11 -0000 @@ -567,6 +567,19 @@ return id; } +void +connection_resetgroups( Connection *c) +{ + GroupAssertion *g, *n; + for (g = c->c_groups; g; g=n) + { + n = g->ga_next; + free(g); + } + c->c_groups = NULL; +} + + void connection2anonymous( Connection *c ) { assert( connections != NULL ); @@ -596,14 +609,7 @@ c->c_authz_backend = NULL; - { - GroupAssertion *g, *n; - for (g = c->c_groups; g; g=n) { - n = g->ga_next; - free(g); - } - c->c_groups = NULL; - } + connection_resetgroups(c); } static void Index: proto-slap.h =================================================================== RCS file: /repo/OpenLDAP/pkg/ldap/servers/slapd/proto-slap.h,v retrieving revision 1.351 diff -u -r1.351 proto-slap.h --- proto-slap.h 24 Jun 2002 23:04:54 -0000 1.351 +++ proto-slap.h 22 Jul 2002 21:51:19 -0000 @@ -323,6 +330,8 @@ LDAP_SLAPD_F (void) connection2anonymous LDAP_P((Connection *)); +LDAP_SLAPD_F (void) connection_resetgroups LDAP_P((Connection *)); + /* * daemon.c */ @@ -857,6 +866,7 @@ struct berval *saslname, struct berval *dn )); LDAP_SLAPD_F (int) slap_sasl_authorized LDAP_P(( + Connection *conn, struct berval *authcid, struct berval *authzid )); LDAP_SLAPD_F (int) slap_sasl_regexp_config LDAP_P(( Index: sasl.c =================================================================== RCS file: /repo/OpenLDAP/pkg/ldap/servers/slapd/sasl.c,v retrieving revision 1.111 diff -u -r1.111 sasl.c --- sasl.c 12 Jul 2002 21:43:46 -0000 1.111 +++ sasl.c 22 Jul 2002 21:51:26 -0000 @@ -780,7 +780,7 @@ AC_MEMCPY( &authzDN, auxvals[1].values[0], sizeof(authzDN) ); - rc = slap_sasl_authorized( &authcDN, &authzDN ); + rc = slap_sasl_authorized(conn, &authcDN, &authzDN ); ch_free( authcDN.bv_val ); if ( rc != LDAP_SUCCESS ) { #ifdef NEW_LOGGING @@ -887,7 +887,7 @@ return SASL_NOAUTHZ; } - rc = slap_sasl_authorized( &authcDN, &authzDN ); + rc = slap_sasl_authorized(conn, &authcDN, &authzDN ); ch_free( authcDN.bv_val ); if( rc ) { #ifdef NEW_LOGGING Index: saslauthz.c =================================================================== RCS file: /repo/OpenLDAP/pkg/ldap/servers/slapd/saslauthz.c,v retrieving revision 1.51 diff -u -r1.51 saslauthz.c --- saslauthz.c 12 Jul 2002 22:11:03 -0000 1.51 +++ saslauthz.c 22 Jul 2002 21:51:29 -0000 @@ -491,7 +491,7 @@ op.o_callback = &cb; op.o_time = slap_get_time(); - (*be->be_search)( be, NULL, &op, NULL, &uri.dn, + (*be->be_search)( be, conn, &op, NULL, &uri.dn, uri.scope, LDAP_DEREF_NEVER, 1, 0, filter, NULL, NULL, 1 ); @@ -543,7 +543,7 @@ */ static -int slap_sasl_match( struct berval *rule, struct berval *assertDN, struct berval *authc ) +int slap_sasl_match(Connection *conn, struct berval *rule, struct berval *assertDN, struct berval *authc ) { struct berval searchbase = {0, NULL}; int rc, scope; @@ -611,7 +611,7 @@ op.o_callback = &cb; op.o_time = slap_get_time(); - (*be->be_search)( be, /*conn=*/NULL, &op, /*base=*/NULL, &searchbase, + (*be->be_search)( be, conn, &op, /*base=*/NULL, &searchbase, scope, /*deref=*/1, /*sizelimit=*/0, /*time=*/0, filter, /*fstr=*/NULL, /*attrs=*/NULL, /*attrsonly=*/0 ); @@ -644,7 +644,7 @@ * The DNs should not have the dn: prefix */ static int -slap_sasl_check_authz(struct berval *searchDN, struct berval *assertDN, AttributeDescription *ad, struct berval *authc) +slap_sasl_check_authz(Connection *conn, struct berval *searchDN, struct berval *assertDN, AttributeDescription *ad, struct berval *authc) { int i, rc; BerVarray vals=NULL; @@ -665,7 +665,7 @@ /* Check if the *assertDN matches any **vals */ for( i=0; vals[i].bv_val != NULL; i++ ) { - rc = slap_sasl_match( &vals[i], assertDN, authc ); + rc = slap_sasl_match( conn, &vals[i], assertDN, authc ); if ( rc == LDAP_SUCCESS ) goto COMPLETE; } @@ -692,7 +692,7 @@ * The DNs should not have the dn: prefix */ -int slap_sasl_authorized( struct berval *authcDN, struct berval *authzDN ) +int slap_sasl_authorized(Connection *conn, struct berval *authcDN, struct berval *authzDN ) { int rc = LDAP_INAPPROPRIATE_AUTH; @@ -720,7 +720,7 @@ /* Check source rules */ if( authz_policy & SASL_AUTHZ_TO ) { - rc = slap_sasl_check_authz( authcDN, authzDN, + rc = slap_sasl_check_authz(conn, authcDN, authzDN, slap_schema.si_ad_saslAuthzTo, authcDN ); if( rc == LDAP_SUCCESS ) { goto DONE; @@ -729,7 +729,7 @@ /* Check destination rules */ if( authz_policy & SASL_AUTHZ_FROM ) { - rc = slap_sasl_check_authz( authzDN, authcDN, + rc = slap_sasl_check_authz(conn, authzDN, authcDN, slap_schema.si_ad_saslAuthzFrom, authcDN ); if( rc == LDAP_SUCCESS ) { goto DONE;