Ticket #6 - protocol error from proxied auth operation

Bug Description:  Trying to perform a proxied auth operation leads to
                  a protocol error(err=2).

Fix Description:  ber_scanf() was rejecting the authdn value, becuase it
                  did not start with a octet string/char.  The fix was
                  to check for the octet string, and if it wasn't present
		  then just use the value as it is.

https://fedorahosted.org/389/ticket/

ldap/servers/slapd/proxyauth.c

@@ -106,21 +106,25 @@ parse_LDAPProxyAuth(struct berval *spec_ber, int version, char **errtextp,
 		break;
 	}
 
-	ber = ber_init(spec_ber);
-	if (!ber) {
-		break;
-	}
-
-	if ( version == 1 ) {
-		tag = ber_scanf(ber, "{a}", &spec->auth_dn);
+	if (version == 2 && (spec_ber->bv_val[0] != CHAR_OCTETSTRING)) {
+		/* This doesn't start with an octet string, so just use the actual value */
+		spec->auth_dn = slapi_ch_strdup(spec_ber->bv_val);
 	} else {
-		tag = ber_scanf(ber, "a", &spec->auth_dn);
-	}
-	if (tag == LBER_ERROR) {
-		lderr = LDAP_PROTOCOL_ERROR;
-		break;
-	}
+		ber = ber_init(spec_ber);
+		if (!ber) {
+			break;
+		}
 
+		if ( version == 1 ) {
+			tag = ber_scanf(ber, "{a}", &spec->auth_dn);
+		} else {
+			tag = ber_scanf(ber, "a", &spec->auth_dn);
+		}
+		if (tag == LBER_ERROR) {
+			lderr = LDAP_PROTOCOL_ERROR;
+			break;
+		}
+	}
 	/*
 	 * In version 2 of the control, the control value is actually an
 	 * authorization ID (see section 9 of RFC 2829).  We only support

ldap/servers/slapd/slap.h

@@ -2310,6 +2310,8 @@ extern char	*attr_dataversion;
 #define LDAP_VIRTUAL_LIST_VIEW_ERROR    0x4C      /* 76 */
 #endif
 
+#define CHAR_OCTETSTRING (char)0x04
+
 /* copied from replication/repl5.h */
 #define RUV_STORAGE_ENTRY_UNIQUEID "ffffffff-ffffffff-ffffffff-ffffffff"