From 5ee4b676734ab0fa1f49d7b93dfad59aa8ee2205 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ond=C5=99ej=20Kuzn=C3=ADk?= Date: Wed, 27 Sep 2017 11:49:39 +0100 Subject: [PATCH] Move bind handling to bind.c --- servers/lloadd/bind.c | 211 +++++++++++++++++++++++++++++++++++ servers/lloadd/proto-slap.h | 4 + servers/lloadd/upstream.c | 215 +----------------------------------- 3 files changed, 217 insertions(+), 213 deletions(-) diff --git a/servers/lloadd/bind.c b/servers/lloadd/bind.c index 54b9d541b0..38df5449f2 100644 --- a/servers/lloadd/bind.c +++ b/servers/lloadd/bind.c @@ -332,3 +332,214 @@ request_bind( Connection *client, Operation *op ) return rc; } + +int +handle_bind_response( Operation *op, BerElement *ber ) +{ + Connection *client = op->o_client, *upstream = op->o_upstream; + BerValue response; + BerElement *copy; + ber_int_t result; + ber_tag_t tag; + int rc = LDAP_SUCCESS; + + if ( (copy = ber_alloc()) == NULL ) { + rc = -1; + goto done; + } + + tag = ber_peek_element( ber, &response ); + assert( tag == LDAP_RES_BIND ); + + ber_init2( copy, &response, 0 ); + + tag = ber_get_enum( copy, &result ); + ber_free( copy, 0 ); + + if ( tag == LBER_ERROR ) { + rc = -1; + goto done; + } + + Debug( LDAP_DEBUG_STATS, "handle_bind_response: " + "received response for bind request msgid=%d by client " + "connid=%lu, result=%d\n", + op->o_client_msgid, op->o_client_connid, result ); + + CONNECTION_LOCK(upstream); + if ( result != LDAP_SASL_BIND_IN_PROGRESS ) { + upstream->c_state = LLOAD_C_READY; + } + CONNECTION_UNLOCK(upstream); + + CONNECTION_LOCK(client); + if ( client->c_state == LLOAD_C_BINDING ) { + switch ( result ) { + case LDAP_SASL_BIND_IN_PROGRESS: + break; + case LDAP_SUCCESS: + default: { + client->c_state = LLOAD_C_READY; + client->c_type = LLOAD_C_OPEN; + if ( result != LDAP_SUCCESS ) { + ber_memfree( client->c_auth.bv_val ); + BER_BVZERO( &client->c_auth ); + } else if ( !ber_bvstrcasecmp( + &client->c_auth, &lloadd_identity ) ) { + client->c_type = LLOAD_C_PRIVILEGED; + } + if ( !BER_BVISNULL( &client->c_sasl_bind_mech ) ) { + ber_memfree( client->c_sasl_bind_mech.bv_val ); + BER_BVZERO( &client->c_sasl_bind_mech ); + } + break; + } + } + } else { + assert( client->c_state == LLOAD_C_INVALID || + client->c_state == LLOAD_C_CLOSING ); + } + CONNECTION_UNLOCK(client); + +done: + if ( rc ) { + operation_send_reject( op, LDAP_OTHER, "internal error", 0 ); + + ber_free( ber, 1 ); + return LDAP_SUCCESS; + } + return forward_final_response( op, ber ); +} + +#ifdef LDAP_API_FEATURE_VERIFY_CREDENTIALS +int +handle_vc_bind_response( Operation *op, BerElement *ber ) +{ + Connection *c = op->o_client; + BerElement *output; + BerValue matched, diagmsg, creds = BER_BVNULL, controls = BER_BVNULL; + ber_int_t result; + ber_tag_t tag; + ber_len_t len; + int rc = 0; + + tag = ber_scanf( ber, "{emm" /* "}" */, + &result, &matched, &diagmsg ); + if ( tag == LBER_ERROR ) { + rc = -1; + goto done; + } + + tag = ber_peek_tag( ber, &len ); + if ( result == LDAP_PROTOCOL_ERROR ) { + Connection *upstream = op->o_upstream; + Backend *b; + + CONNECTION_LOCK(upstream); + b = (Backend *)upstream->c_private; + Debug( LDAP_DEBUG_ANY, "handle_vc_bind_response: " + "VC extended operation not supported on backend %s\n", + b->b_uri.bv_val ); + CONNECTION_UNLOCK(upstream); + } + + Debug( LDAP_DEBUG_STATS, "handle_vc_bind_response: " + "received response for bind request msgid=%d by client " + "connid=%lu, result=%d\n", + op->o_client_msgid, op->o_client_connid, result ); + + CONNECTION_LOCK(c); + + if ( tag == LDAP_TAG_EXOP_VERIFY_CREDENTIALS_COOKIE ) { + if ( !BER_BVISNULL( &c->c_vc_cookie ) ) { + ber_memfree( c->c_vc_cookie.bv_val ); + } + tag = ber_scanf( ber, "o", &c->c_vc_cookie ); + if ( tag == LBER_ERROR ) { + rc = -1; + CONNECTION_UNLOCK_INCREF(c); + goto done; + } + tag = ber_peek_tag( ber, &len ); + } + + if ( tag == LDAP_TAG_EXOP_VERIFY_CREDENTIALS_SCREDS ) { + tag = ber_scanf( ber, "m", &creds ); + if ( tag == LBER_ERROR ) { + rc = -1; + CONNECTION_UNLOCK_INCREF(c); + goto done; + } + tag = ber_peek_tag( ber, &len ); + } + + if ( tag == LDAP_TAG_EXOP_VERIFY_CREDENTIALS_CONTROLS ) { + tag = ber_scanf( ber, "m", &controls ); + if ( tag == LBER_ERROR ) { + rc = -1; + CONNECTION_UNLOCK_INCREF(c); + goto done; + } + } + + if ( c->c_state == LLOAD_C_BINDING ) { + switch ( result ) { + case LDAP_SASL_BIND_IN_PROGRESS: + break; + case LDAP_SUCCESS: + default: { + c->c_state = LLOAD_C_READY; + c->c_type = LLOAD_C_OPEN; + if ( result != LDAP_SUCCESS ) { + ber_memfree( c->c_auth.bv_val ); + BER_BVZERO( &c->c_auth ); + } else if ( !ber_bvstrcasecmp( + &c->c_auth, &lloadd_identity ) ) { + c->c_type = LLOAD_C_PRIVILEGED; + } + if ( !BER_BVISNULL( &c->c_vc_cookie ) ) { + ber_memfree( c->c_vc_cookie.bv_val ); + BER_BVZERO( &c->c_vc_cookie ); + } + if ( !BER_BVISNULL( &c->c_sasl_bind_mech ) ) { + ber_memfree( c->c_sasl_bind_mech.bv_val ); + BER_BVZERO( &c->c_sasl_bind_mech ); + } + break; + } + } + } else { + assert( c->c_state == LLOAD_C_INVALID || + c->c_state == LLOAD_C_CLOSING ); + } + CONNECTION_UNLOCK_INCREF(c); + + ldap_pvt_thread_mutex_lock( &c->c_io_mutex ); + output = c->c_pendingber; + if ( output == NULL && (output = ber_alloc()) == NULL ) { + rc = -1; + ldap_pvt_thread_mutex_unlock( &c->c_io_mutex ); + goto done; + } + c->c_pendingber = output; + + rc = ber_printf( output, "t{tit{eOOtO}tO}", LDAP_TAG_MESSAGE, + LDAP_TAG_MSGID, op->o_client_msgid, LDAP_RES_BIND, + result, &matched, &diagmsg, + LDAP_TAG_SASL_RES_CREDS, BER_BV_OPTIONAL( &creds ), + LDAP_TAG_CONTROLS, BER_BV_OPTIONAL( &controls ) ); + + ldap_pvt_thread_mutex_unlock( &c->c_io_mutex ); + if ( rc >= 0 ) { + connection_write_cb( -1, 0, c ); + rc = 0; + } + +done: + CONNECTION_LOCK_DECREF(c); + operation_destroy_from_client( op ); + CONNECTION_UNLOCK_OR_DESTROY(c); + ber_free( ber, 1 ); + return rc; +} +#endif /* LDAP_API_FEATURE_VERIFY_CREDENTIALS */ diff --git a/servers/lloadd/proto-slap.h b/servers/lloadd/proto-slap.h index 603ffb915e..5df2ce922b 100644 --- a/servers/lloadd/proto-slap.h +++ b/servers/lloadd/proto-slap.h @@ -65,6 +65,8 @@ LDAP_SLAPD_F (void) ch_free( void * ); * bind.c */ LDAP_SLAPD_F (int) request_bind( Connection *c, Operation *op ); +LDAP_SLAPD_F (int) handle_bind_response( Operation *op, BerElement *ber ); +LDAP_SLAPD_F (int) handle_vc_bind_response( Operation *op, BerElement *ber ); /* * client.c @@ -196,6 +198,8 @@ LDAP_SLAPD_F (void *) slap_sl_context( void *ptr ); /* * upstream.c */ +LDAP_SLAPD_F (int) forward_final_response( Operation *op, BerElement *ber ); +LDAP_SLAPD_F (int) forward_response( Operation *op, BerElement *ber ); LDAP_SLAPD_F (Connection *) upstream_init( ber_socket_t s, Backend *b ); LDAP_SLAPD_F (void) upstream_destroy( Connection *c ); diff --git a/servers/lloadd/upstream.c b/servers/lloadd/upstream.c index f87fae4f23..c64f6258d9 100644 --- a/servers/lloadd/upstream.c +++ b/servers/lloadd/upstream.c @@ -24,7 +24,7 @@ #include "lutil.h" #include "slap.h" -static int +int forward_response( Operation *op, BerElement *ber ) { Connection *c = op->o_client; @@ -66,7 +66,7 @@ forward_response( Operation *op, BerElement *ber ) return 0; } -static int +int forward_final_response( Operation *op, BerElement *ber ) { int rc; @@ -83,217 +83,6 @@ forward_final_response( Operation *op, BerElement *ber ) return rc; } -static int -handle_bind_response( Operation *op, BerElement *ber ) -{ - Connection *client = op->o_client, *upstream = op->o_upstream; - BerValue response; - BerElement *copy; - ber_int_t result; - ber_tag_t tag; - int rc = LDAP_SUCCESS; - - if ( (copy = ber_alloc()) == NULL ) { - rc = -1; - goto done; - } - - tag = ber_peek_element( ber, &response ); - assert( tag == LDAP_RES_BIND ); - - ber_init2( copy, &response, 0 ); - - tag = ber_get_enum( copy, &result ); - ber_free( copy, 0 ); - - if ( tag == LBER_ERROR ) { - rc = -1; - goto done; - } - - Debug( LDAP_DEBUG_STATS, "handle_bind_response: " - "received response for bind request msgid=%d by client " - "connid=%lu, result=%d\n", - op->o_client_msgid, op->o_client_connid, result ); - - CONNECTION_LOCK(upstream); - if ( result != LDAP_SASL_BIND_IN_PROGRESS ) { - upstream->c_state = LLOAD_C_READY; - } - CONNECTION_UNLOCK(upstream); - - CONNECTION_LOCK(client); - if ( client->c_state == LLOAD_C_BINDING ) { - switch ( result ) { - case LDAP_SASL_BIND_IN_PROGRESS: - break; - case LDAP_SUCCESS: - default: { - client->c_state = LLOAD_C_READY; - client->c_type = LLOAD_C_OPEN; - if ( result != LDAP_SUCCESS ) { - ber_memfree( client->c_auth.bv_val ); - BER_BVZERO( &client->c_auth ); - } else if ( !ber_bvstrcasecmp( - &client->c_auth, &lloadd_identity ) ) { - client->c_type = LLOAD_C_PRIVILEGED; - } - if ( !BER_BVISNULL( &client->c_sasl_bind_mech ) ) { - ber_memfree( client->c_sasl_bind_mech.bv_val ); - BER_BVZERO( &client->c_sasl_bind_mech ); - } - break; - } - } - } else { - assert( client->c_state == LLOAD_C_INVALID || - client->c_state == LLOAD_C_CLOSING ); - } - CONNECTION_UNLOCK(client); - -done: - if ( rc ) { - operation_send_reject( op, LDAP_OTHER, "internal error", 0 ); - - ber_free( ber, 1 ); - return LDAP_SUCCESS; - } - return forward_final_response( op, ber ); -} - -#ifdef LDAP_API_FEATURE_VERIFY_CREDENTIALS -static int -handle_vc_bind_response( Operation *op, BerElement *ber ) -{ - Connection *c = op->o_client; - BerElement *output; - BerValue matched, diagmsg, creds = BER_BVNULL, controls = BER_BVNULL; - ber_int_t result; - ber_tag_t tag; - ber_len_t len; - int rc = 0; - - tag = ber_scanf( ber, "{emm" /* "}" */, - &result, &matched, &diagmsg ); - if ( tag == LBER_ERROR ) { - rc = -1; - goto done; - } - - tag = ber_peek_tag( ber, &len ); - if ( result == LDAP_PROTOCOL_ERROR ) { - Connection *upstream = op->o_upstream; - Backend *b; - - CONNECTION_LOCK(upstream); - b = (Backend *)upstream->c_private; - Debug( LDAP_DEBUG_ANY, "handle_vc_bind_response: " - "VC extended operation not supported on backend %s\n", - b->b_uri.bv_val ); - CONNECTION_UNLOCK(upstream); - } - - Debug( LDAP_DEBUG_STATS, "handle_vc_bind_response: " - "received response for bind request msgid=%d by client " - "connid=%lu, result=%d\n", - op->o_client_msgid, op->o_client_connid, result ); - - CONNECTION_LOCK(c); - - if ( tag == LDAP_TAG_EXOP_VERIFY_CREDENTIALS_COOKIE ) { - if ( !BER_BVISNULL( &c->c_vc_cookie ) ) { - ber_memfree( c->c_vc_cookie.bv_val ); - } - tag = ber_scanf( ber, "o", &c->c_vc_cookie ); - if ( tag == LBER_ERROR ) { - rc = -1; - CONNECTION_UNLOCK_INCREF(c); - goto done; - } - tag = ber_peek_tag( ber, &len ); - } - - if ( tag == LDAP_TAG_EXOP_VERIFY_CREDENTIALS_SCREDS ) { - tag = ber_scanf( ber, "m", &creds ); - if ( tag == LBER_ERROR ) { - rc = -1; - CONNECTION_UNLOCK_INCREF(c); - goto done; - } - tag = ber_peek_tag( ber, &len ); - } - - if ( tag == LDAP_TAG_EXOP_VERIFY_CREDENTIALS_CONTROLS ) { - tag = ber_scanf( ber, "m", &controls ); - if ( tag == LBER_ERROR ) { - rc = -1; - CONNECTION_UNLOCK_INCREF(c); - goto done; - } - } - - if ( c->c_state == LLOAD_C_BINDING ) { - switch ( result ) { - case LDAP_SASL_BIND_IN_PROGRESS: - break; - case LDAP_SUCCESS: - default: { - c->c_state = LLOAD_C_READY; - c->c_type = LLOAD_C_OPEN; - if ( result != LDAP_SUCCESS ) { - ber_memfree( c->c_auth.bv_val ); - BER_BVZERO( &c->c_auth ); - } else if ( !ber_bvstrcasecmp( - &c->c_auth, &lloadd_identity ) ) { - c->c_type = LLOAD_C_PRIVILEGED; - } - if ( !BER_BVISNULL( &c->c_vc_cookie ) ) { - ber_memfree( c->c_vc_cookie.bv_val ); - BER_BVZERO( &c->c_vc_cookie ); - } - if ( !BER_BVISNULL( &c->c_sasl_bind_mech ) ) { - ber_memfree( c->c_sasl_bind_mech.bv_val ); - BER_BVZERO( &c->c_sasl_bind_mech ); - } - break; - } - } - } else { - assert( c->c_state == LLOAD_C_INVALID || - c->c_state == LLOAD_C_CLOSING ); - } - CONNECTION_UNLOCK_INCREF(c); - - ldap_pvt_thread_mutex_lock( &c->c_io_mutex ); - output = c->c_pendingber; - if ( output == NULL && (output = ber_alloc()) == NULL ) { - rc = -1; - ldap_pvt_thread_mutex_unlock( &c->c_io_mutex ); - goto done; - } - c->c_pendingber = output; - - rc = ber_printf( output, "t{tit{eOOtO}tO}", LDAP_TAG_MESSAGE, - LDAP_TAG_MSGID, op->o_client_msgid, LDAP_RES_BIND, - result, &matched, &diagmsg, - LDAP_TAG_SASL_RES_CREDS, BER_BV_OPTIONAL( &creds ), - LDAP_TAG_CONTROLS, BER_BV_OPTIONAL( &controls ) ); - - ldap_pvt_thread_mutex_unlock( &c->c_io_mutex ); - if ( rc >= 0 ) { - connection_write_cb( -1, 0, c ); - rc = 0; - } - -done: - CONNECTION_LOCK_DECREF(c); - operation_destroy_from_client( op ); - CONNECTION_UNLOCK_OR_DESTROY(c); - ber_free( ber, 1 ); - return rc; -} -#endif /* LDAP_API_FEATURE_VERIFY_CREDENTIALS */ - static int handle_unsolicited( Connection *c, BerElement *ber ) {