streamline handling of simple bind by global overlays (ITS#4454)

This commit is contained in:
Pierangelo Masarati 2006-03-26 23:03:43 +00:00
parent 9003f3cfa4
commit 51e1ab59cd
2 changed files with 50 additions and 43 deletions

View File

@ -222,7 +222,6 @@ cleanup:
int int
fe_op_bind( Operation *op, SlapReply *rs ) fe_op_bind( Operation *op, SlapReply *rs )
{ {
struct berval mech = op->orb_tmp_mech;
BackendDB *bd = op->o_bd; BackendDB *bd = op->o_bd;
/* check for inappropriate controls */ /* check for inappropriate controls */
@ -246,7 +245,7 @@ fe_op_bind( Operation *op, SlapReply *rs )
goto cleanup; goto cleanup;
} }
if( BER_BVISNULL( &mech ) || BER_BVISEMPTY( &mech ) ) { if( BER_BVISNULL( &op->orb_tmp_mech ) || BER_BVISEMPTY( &op->orb_tmp_mech ) ) {
Debug( LDAP_DEBUG_ANY, Debug( LDAP_DEBUG_ANY,
"do_bind: no sasl mechanism provided\n", "do_bind: no sasl mechanism provided\n",
0, 0, 0 ); 0, 0, 0 );
@ -256,19 +255,19 @@ fe_op_bind( Operation *op, SlapReply *rs )
} }
/* check restrictions */ /* check restrictions */
if( backend_check_restrictions( op, rs, &mech ) != LDAP_SUCCESS ) { if( backend_check_restrictions( op, rs, &op->orb_tmp_mech ) != LDAP_SUCCESS ) {
send_ldap_result( op, rs ); send_ldap_result( op, rs );
goto cleanup; goto cleanup;
} }
ldap_pvt_thread_mutex_lock( &op->o_conn->c_mutex ); ldap_pvt_thread_mutex_lock( &op->o_conn->c_mutex );
if ( op->o_conn->c_sasl_bind_in_progress ) { if ( op->o_conn->c_sasl_bind_in_progress ) {
if( !bvmatch( &op->o_conn->c_sasl_bind_mech, &mech ) ) { if( !bvmatch( &op->o_conn->c_sasl_bind_mech, &op->orb_tmp_mech ) ) {
/* mechanism changed between bind steps */ /* mechanism changed between bind steps */
slap_sasl_reset(op->o_conn); slap_sasl_reset(op->o_conn);
} }
} else { } else {
ber_dupbv(&op->o_conn->c_sasl_bind_mech, &mech); ber_dupbv(&op->o_conn->c_sasl_bind_mech, &op->orb_tmp_mech);
} }
ldap_pvt_thread_mutex_unlock( &op->o_conn->c_mutex ); ldap_pvt_thread_mutex_unlock( &op->o_conn->c_mutex );
@ -291,7 +290,7 @@ fe_op_bind( Operation *op, SlapReply *rs )
} }
if ( op->orb_method == LDAP_AUTH_SIMPLE ) { if ( op->orb_method == LDAP_AUTH_SIMPLE ) {
BER_BVSTR( &mech, "SIMPLE" ); BER_BVSTR( &op->orb_tmp_mech, "SIMPLE" );
/* accept "anonymous" binds */ /* accept "anonymous" binds */
if ( BER_BVISEMPTY( &op->orb_cred ) || BER_BVISEMPTY( &op->o_req_ndn ) ) { if ( BER_BVISEMPTY( &op->orb_cred ) || BER_BVISEMPTY( &op->o_req_ndn ) ) {
rs->sr_err = LDAP_SUCCESS; rs->sr_err = LDAP_SUCCESS;
@ -316,7 +315,7 @@ fe_op_bind( Operation *op, SlapReply *rs )
rs->sr_text = "anonymous bind disallowed"; rs->sr_text = "anonymous bind disallowed";
} else { } else {
backend_check_restrictions( op, rs, &mech ); backend_check_restrictions( op, rs, &op->orb_tmp_mech );
} }
/* /*
@ -354,7 +353,7 @@ fe_op_bind( Operation *op, SlapReply *rs )
op->o_protocol, 0, 0 ); op->o_protocol, 0, 0 );
goto cleanup; goto cleanup;
} }
BER_BVSTR( &mech, "KRBV4" ); BER_BVSTR( &op->orb_tmp_mech, "KRBV4" );
} else if ( op->orb_method == LDAP_AUTH_KRBV42 ) { } else if ( op->orb_method == LDAP_AUTH_KRBV42 ) {
rs->sr_err = LDAP_AUTH_METHOD_NOT_SUPPORTED; rs->sr_err = LDAP_AUTH_METHOD_NOT_SUPPORTED;
@ -405,6 +404,26 @@ fe_op_bind( Operation *op, SlapReply *rs )
rs->sr_err = (op->o_bd->be_bind)( op, rs ); rs->sr_err = (op->o_bd->be_bind)( op, rs );
if ( rs->sr_err == 0 ) { if ( rs->sr_err == 0 ) {
(void)fe_op_bind_success( op, rs );
} else if ( !BER_BVISNULL( &op->orb_edn ) ) {
free( op->orb_edn.bv_val );
BER_BVZERO( &op->orb_edn );
}
} else {
send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM,
"operation not supported within naming context" );
}
cleanup:;
op->o_bd = bd;
return rs->sr_err;
}
int
fe_op_bind_success( Operation *op, SlapReply *rs )
{
ldap_pvt_thread_mutex_lock( &op->o_conn->c_mutex ); ldap_pvt_thread_mutex_lock( &op->o_conn->c_mutex );
if( op->o_conn->c_authz_backend == NULL ) { if( op->o_conn->c_authz_backend == NULL ) {
@ -430,7 +449,7 @@ fe_op_bind( Operation *op, SlapReply *rs )
Statslog( LDAP_DEBUG_STATS, Statslog( LDAP_DEBUG_STATS,
"%s BIND dn=\"%s\" mech=%s ssf=0\n", "%s BIND dn=\"%s\" mech=%s ssf=0\n",
op->o_log_prefix, op->o_log_prefix,
op->o_conn->c_dn.bv_val, mech.bv_val, 0, 0 ); op->o_conn->c_dn.bv_val, op->orb_tmp_mech.bv_val, 0, 0 );
Debug( LDAP_DEBUG_TRACE, Debug( LDAP_DEBUG_TRACE,
"do_bind: v%d bind: \"%s\" to \"%s\"\n", "do_bind: v%d bind: \"%s\" to \"%s\"\n",
@ -441,18 +460,5 @@ fe_op_bind( Operation *op, SlapReply *rs )
/* send this here to avoid a race condition */ /* send this here to avoid a race condition */
send_ldap_result( op, rs ); send_ldap_result( op, rs );
} else if ( !BER_BVISNULL( &op->orb_edn ) ) { return LDAP_SUCCESS;
free( op->orb_edn.bv_val );
BER_BVZERO( &op->orb_edn );
} }
} else {
send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM,
"operation not supported within naming context" );
}
cleanup:;
op->o_bd = bd;
return rs->sr_err;
}

View File

@ -1799,6 +1799,7 @@ LDAP_SLAPD_F (int) do_extended LDAP_P((Operation *op, SlapReply *rs));
LDAP_SLAPD_F (int) fe_op_abandon LDAP_P((Operation *op, SlapReply *rs)); LDAP_SLAPD_F (int) fe_op_abandon LDAP_P((Operation *op, SlapReply *rs));
LDAP_SLAPD_F (int) fe_op_add LDAP_P((Operation *op, SlapReply *rs)); LDAP_SLAPD_F (int) fe_op_add LDAP_P((Operation *op, SlapReply *rs));
LDAP_SLAPD_F (int) fe_op_bind LDAP_P((Operation *op, SlapReply *rs)); LDAP_SLAPD_F (int) fe_op_bind LDAP_P((Operation *op, SlapReply *rs));
LDAP_SLAPD_F (int) fe_op_bind_success LDAP_P(( Operation *op, SlapReply *rs ));
LDAP_SLAPD_F (int) fe_op_compare LDAP_P((Operation *op, SlapReply *rs)); LDAP_SLAPD_F (int) fe_op_compare LDAP_P((Operation *op, SlapReply *rs));
LDAP_SLAPD_F (int) fe_op_delete LDAP_P((Operation *op, SlapReply *rs)); LDAP_SLAPD_F (int) fe_op_delete LDAP_P((Operation *op, SlapReply *rs));
LDAP_SLAPD_F (int) fe_op_modify LDAP_P((Operation *op, SlapReply *rs)); LDAP_SLAPD_F (int) fe_op_modify LDAP_P((Operation *op, SlapReply *rs));