openldap/ITS-8909-additional-tweak.patch

From 324fdd0c41fca50bd0bfacead6b5b7583ac233dc Mon Sep 17 00:00:00 2001
From: Howard Chu <hyc@openldap.org>
Date: Wed, 29 Aug 2018 02:02:13 +0100
Subject: [PATCH 033/109] ITS#8909 additional tweak

Set error code on failure
---
 servers/slapd/saslauthz.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/servers/slapd/saslauthz.c b/servers/slapd/saslauthz.c
index e4a74ea7f..d80370ff9 100644
--- a/servers/slapd/saslauthz.c
+++ b/servers/slapd/saslauthz.c
@@ -2075,6 +2075,8 @@ int slap_sasl_authorized( Operation *op,
 		rc = slap_sasl_check_authz( op, authcDN, authzDN,
 			slap_schema.si_ad_saslAuthzTo, authcDN );
 		if(( rc == LDAP_SUCCESS ) ^ (( authz_policy & SASL_AUTHZ_AND) != 0)) {
+			if( rc != LDAP_SUCCESS )
+				rc = LDAP_INAPPROPRIATE_AUTH;
 			goto DONE;
 		}
 	}
-- 
2.19.1
init 2019-12-29 17:30:53 +08:00			`From 324fdd0c41fca50bd0bfacead6b5b7583ac233dc Mon Sep 17 00:00:00 2001`
			`From: Howard Chu <hyc@openldap.org>`
			`Date: Wed, 29 Aug 2018 02:02:13 +0100`
			`Subject: [PATCH 033/109] ITS#8909 additional tweak`

			`Set error code on failure`
			`---`
			`servers/slapd/saslauthz.c \| 2 ++`
			`1 file changed, 2 insertions(+)`

			`diff --git a/servers/slapd/saslauthz.c b/servers/slapd/saslauthz.c`
			`index e4a74ea7f..d80370ff9 100644`
			`--- a/servers/slapd/saslauthz.c`
			`+++ b/servers/slapd/saslauthz.c`
			`@@ -2075,6 +2075,8 @@ int slap_sasl_authorized( Operation *op,`
			`rc = slap_sasl_check_authz( op, authcDN, authzDN,`
			`slap_schema.si_ad_saslAuthzTo, authcDN );`
			`if(( rc == LDAP_SUCCESS ) ^ (( authz_policy & SASL_AUTHZ_AND) != 0)) {`
			`+ if( rc != LDAP_SUCCESS )`
			`+ rc = LDAP_INAPPROPRIATE_AUTH;`
			`goto DONE;`
			`}`
			`}`
			`--`
			`2.19.1`