mirror/openldap
2
0
Fork 0
mirror of https://git.openldap.org/openldap/openldap.git synced 2025-01-06 10:46:21 +08:00
Code Issues Packages Projects Releases Wiki Activity

Bind fixes for chaining

Browse Source
This commit is contained in:
Howard Chu 2003-06-11 22:35:31 +00:00
parent 33b8042bc0
commit 9c47359912
2 changed files with 17 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
servers/slapd/back-ldap/bind.c
View File

@ -304,7 +304,7 @@ ldap_back_getconn(Operation *op, SlapReply *rs)
lc->cred.bv_val = NULL;
lc->bound_dn.bv_val = NULL;
lc->bound_dn.bv_len = 0;
if ( op->o_conn->c_dn.bv_len != 0
if ( op->o_conn && op->o_conn->c_dn.bv_len != 0
&& ( op->o_bd == op->o_conn->c_authz_backend ) ) {
dncookie dc;
@ -324,7 +324,7 @@ ldap_back_getconn(Operation *op, SlapReply *rs)
#endif
if ( ldap_back_dn_massage( &dc, &op->o_conn->c_dn, &bv ) ) {
if (op->o_conn) send_ldap_result( op, rs );
send_ldap_result( op, rs );
return NULL;
}

21
servers/slapd/back-ldap/chain.c
View File

@ -47,6 +47,7 @@ ldap_chain_response( Operation *op, SlapReply *rs )
int cache = op->o_do_not_cache;
char *authzid = NULL;
BerVarray ref;
struct berval ndn = op->o_ndn;
if ( rs->sr_err != LDAP_REFERRAL )
return SLAP_CB_CONTINUE;
@ -60,6 +61,10 @@ ldap_chain_response( Operation *op, SlapReply *rs )
op->o_bd->be_private = on->on_bi.bi_private;
op->o_callback = NULL;
/* Chaining is performed by a privileged user on behalf
* of a normal user, using the ProxyAuthz control. However,
* Binds are done separately, on an anonymous session.
*/
if ( op->o_tag != LDAP_REQ_BIND ) {
for (i=0; prev && prev[i]; i++);
nctrls = i;
@ -85,16 +90,19 @@ ldap_chain_response( Operation *op, SlapReply *rs )
authz.ldctl_value.bv_val = authzid;
}
op->o_ctrls = ctrls;
op->o_ndn = op->o_bd->be_rootndn;
}
/* Chaining is performed by a privileged user on behalf
* of a normal user
*/
op->o_do_not_cache = 1;
switch( op->o_tag ) {
case LDAP_REQ_BIND:
case LDAP_REQ_BIND: {
struct berval rndn = op->o_req_ndn;
Connection *conn = op->o_conn;
op->o_req_ndn = slap_empty_bv;
op->o_conn = NULL;
rc = ldap_back_bind( op, rs );
op->o_req_ndn = rndn;
op->o_conn = conn;
}
break;
case LDAP_REQ_ADD:
rc = ldap_back_add( op, rs );
@ -125,6 +133,7 @@ ldap_chain_response( Operation *op, SlapReply *rs )
op->o_ctrls = prev;
op->o_bd->be_private = private;
op->o_callback = sc;
op->o_ndn = ndn;
if ( ctrls ) op->o_tmpfree( ctrls, op->o_tmpmemctx );
if ( authzid ) op->o_tmpfree( authzid, op->o_tmpmemctx );
rs->sr_ref = ref;