mirror of
https://git.openldap.org/openldap/openldap.git
synced 2025-01-24 13:24:56 +08:00
Rework c_authzid_backend in preparation for sasl_setpass() support
This commit is contained in:
Kurt Zeilenga
parent
4d3b4f9eb8
commit
d6e7f0f630
@ -413,8 +413,15 @@ glue_back_bind (
|
||||
be = glue_back_select (b0, ndn->bv_val);
|
||||
|
||||
if (be && be->be_bind) {
|
||||
conn->c_authz_backend = be;
|
||||
rc = be->be_bind (be, conn, op, dn, ndn, method, cred, edn);
|
||||
|
||||
if( rc == LDAP_SUCCESS ) {
|
||||
ldap_pvt_thread_mutex_lock( &conn->c_mutex );
|
||||
if( conn->c_authz_backend == NULL ) {
|
||||
conn->c_authz_backend = be;
|
||||
}
|
||||
ldap_pvt_thread_mutex_unlock( &conn->c_mutex );
|
||||
}
|
||||
} else {
|
||||
rc = LDAP_UNWILLING_TO_PERFORM;
|
||||
send_ldap_result (conn, op, rc, NULL, "No bind target found",
|
||||
|
||||
@ -478,8 +478,6 @@ do_bind(
|
||||
goto cleanup;
|
||||
}
|
||||
|
||||
conn->c_authz_backend = be;
|
||||
|
||||
if ( be->be_bind ) {
|
||||
int ret;
|
||||
|
||||
@ -492,6 +490,10 @@ do_bind(
|
||||
if ( ret == 0 ) {
|
||||
ldap_pvt_thread_mutex_lock( &conn->c_mutex );
|
||||
|
||||
if( conn->c_authz_backend == NULL ) {
|
||||
conn->c_authz_backend = be;
|
||||
}
|
||||
|
||||
if(edn.bv_len) {
|
||||
conn->c_dn = edn;
|
||||
} else {
|
||||
|
||||
@ -573,8 +573,8 @@ long connection_init(
|
||||
|
||||
void connection2anonymous( Connection *c )
|
||||
{
|
||||
assert( connections != NULL );
|
||||
assert( c != NULL );
|
||||
assert( connections != NULL );
|
||||
assert( c != NULL );
|
||||
|
||||
{
|
||||
ber_len_t max = sockbuf_max_incoming;
|
||||
@ -587,16 +587,16 @@ void connection2anonymous( Connection *c )
|
||||
}
|
||||
c->c_authmech.bv_len = 0;
|
||||
|
||||
if(c->c_dn.bv_val != NULL) {
|
||||
free(c->c_dn.bv_val);
|
||||
c->c_dn.bv_val = NULL;
|
||||
}
|
||||
c->c_dn.bv_len = 0;
|
||||
if(c->c_ndn.bv_val != NULL) {
|
||||
free(c->c_ndn.bv_val);
|
||||
c->c_ndn.bv_val = NULL;
|
||||
}
|
||||
c->c_ndn.bv_len = 0;
|
||||
if(c->c_dn.bv_val != NULL) {
|
||||
free(c->c_dn.bv_val);
|
||||
c->c_dn.bv_val = NULL;
|
||||
}
|
||||
c->c_dn.bv_len = 0;
|
||||
if(c->c_ndn.bv_val != NULL) {
|
||||
free(c->c_ndn.bv_val);
|
||||
c->c_ndn.bv_val = NULL;
|
||||
}
|
||||
c->c_ndn.bv_len = 0;
|
||||
|
||||
if(c->c_cdn.bv_val != NULL) {
|
||||
free(c->c_cdn.bv_val);
|
||||
@ -605,17 +605,15 @@ void connection2anonymous( Connection *c )
|
||||
c->c_cdn.bv_len = 0;
|
||||
|
||||
c->c_authz_backend = NULL;
|
||||
|
||||
{
|
||||
GroupAssertion *g, *n;
|
||||
for (g = c->c_groups; g; g=n)
|
||||
|
||||
{
|
||||
n = g->ga_next;
|
||||
free(g);
|
||||
GroupAssertion *g, *n;
|
||||
for (g = c->c_groups; g; g=n) {
|
||||
n = g->ga_next;
|
||||
free(g);
|
||||
}
|
||||
c->c_groups = NULL;
|
||||
}
|
||||
c->c_groups = NULL;
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
static void
|
||||
|
||||
@ -29,6 +29,7 @@ int passwd_extop(
|
||||
const char **text,
|
||||
BerVarray *refs )
|
||||
{
|
||||
Backend *be;
|
||||
int rc;
|
||||
|
||||
assert( reqoid != NULL );
|
||||
@ -39,7 +40,16 @@ int passwd_extop(
|
||||
return LDAP_STRONG_AUTH_REQUIRED;
|
||||
}
|
||||
|
||||
if( conn->c_authz_backend == NULL || !conn->c_authz_backend->be_extended ) {
|
||||
ldap_pvt_thread_mutex_lock( &conn->c_mutex );
|
||||
be = conn->c_authz_backend;
|
||||
ldap_pvt_thread_mutex_unlock( &conn->c_mutex );
|
||||
|
||||
if( be == NULL ) {
|
||||
*text = "operation not supported for SASL user";
|
||||
return LDAP_UNWILLING_TO_PERFORM;
|
||||
}
|
||||
|
||||
if( !be->be_extended ) {
|
||||
*text = "operation not supported for current user";
|
||||
return LDAP_UNWILLING_TO_PERFORM;
|
||||
}
|
||||
@ -47,23 +57,22 @@ int passwd_extop(
|
||||
{
|
||||
struct berval passwd = BER_BVC( LDAP_EXOP_MODIFY_PASSWD );
|
||||
|
||||
rc = backend_check_restrictions( conn->c_authz_backend,
|
||||
conn, op, &passwd, text );
|
||||
rc = backend_check_restrictions( be, conn, op, &passwd, text );
|
||||
}
|
||||
|
||||
if( rc != LDAP_SUCCESS ) {
|
||||
return rc;
|
||||
}
|
||||
|
||||
if( conn->c_authz_backend->be_update_ndn.bv_len ) {
|
||||
if( be->be_update_ndn.bv_len ) {
|
||||
/* we SHOULD return a referral in this case */
|
||||
*refs = referral_rewrite( conn->c_authz_backend->be_update_refs,
|
||||
*refs = referral_rewrite( be->be_update_refs,
|
||||
NULL, NULL, LDAP_SCOPE_DEFAULT );
|
||||
rc = LDAP_REFERRAL;
|
||||
|
||||
} else {
|
||||
rc = conn->c_authz_backend->be_extended(
|
||||
conn->c_authz_backend, conn, op,
|
||||
rc = be->be_extended(
|
||||
be, conn, op,
|
||||
reqoid, reqdata,
|
||||
rspoid, rspdata, rspctrls,
|
||||
text, refs );
|
||||
|
||||
@ -357,21 +357,22 @@ static int sasl_sc_sasl2dn( BackendDB *be, Connection *conn, Operation *o,
|
||||
struct berval *ndn = o->o_callback->sc_private;
|
||||
|
||||
/* We only want to be called once */
|
||||
if (ndn->bv_val) {
|
||||
if( ndn->bv_val ) {
|
||||
free(ndn->bv_val);
|
||||
ndn->bv_val = NULL;
|
||||
|
||||
#ifdef NEW_LOGGING
|
||||
LDAP_LOG(( "sasl", LDAP_LEVEL_DETAIL1,
|
||||
"slap_sasl2dn: search DN returned more than 1 entry\n" ));
|
||||
LDAP_LOG(( "sasl", LDAP_LEVEL_DETAIL1,
|
||||
"slap_sasl2dn: search DN returned more than 1 entry\n" ));
|
||||
#else
|
||||
Debug( LDAP_DEBUG_TRACE,
|
||||
"slap_sasl2dn: search DN returned more than 1 entry\n", 0,0,0 );
|
||||
Debug( LDAP_DEBUG_TRACE,
|
||||
"slap_sasl2dn: search DN returned more than 1 entry\n", 0,0,0 );
|
||||
#endif
|
||||
return -1;
|
||||
} else {
|
||||
ber_dupbv(ndn, &e->e_nname);
|
||||
return 0;
|
||||
}
|
||||
|
||||
ber_dupbv(ndn, &e->e_nname);
|
||||
return 0;
|
||||
}
|
||||
|
||||
/*
|
||||
@ -396,9 +397,10 @@ void slap_sasl2dn( Connection *conn, struct berval *saslname, struct berval *dn
|
||||
LDAP_LOG(( "sasl", LDAP_LEVEL_ENTRY,
|
||||
"slap_sasl2dn: converting SASL name %s to DN.\n", saslname->bv_val ));
|
||||
#else
|
||||
Debug( LDAP_DEBUG_TRACE,
|
||||
"==>slap_sasl2dn: Converting SASL name %s to a DN\n", saslname->bv_val, 0,0 );
|
||||
Debug( LDAP_DEBUG_TRACE, "==>slap_sasl2dn: "
|
||||
"converting SASL name %s to a DN\n", saslname->bv_val, 0,0 );
|
||||
#endif
|
||||
|
||||
dn->bv_val = NULL;
|
||||
dn->bv_len = 0;
|
||||
cb.sc_private = dn;
|
||||
@ -414,8 +416,6 @@ void slap_sasl2dn( Connection *conn, struct berval *saslname, struct berval *dn
|
||||
|
||||
be = select_backend( &uri.dn, 0, 1 );
|
||||
|
||||
conn->c_authz_backend = be;
|
||||
|
||||
/* Massive shortcut: search scope == base */
|
||||
if( uri.scope == LDAP_SCOPE_BASE ) {
|
||||
*dn = uri.dn;
|
||||
@ -426,16 +426,17 @@ void slap_sasl2dn( Connection *conn, struct berval *saslname, struct berval *dn
|
||||
|
||||
#ifdef NEW_LOGGING
|
||||
LDAP_LOG(( "sasl", LDAP_LEVEL_DETAIL1,
|
||||
"slap_sasl2dn: performing internal search (base=%s, scope=%d)\n",
|
||||
uri.dn.bv_val, uri.scope ));
|
||||
"slap_sasl2dn: performing internal search (base=%s, scope=%d)\n",
|
||||
uri.dn.bv_val, uri.scope ));
|
||||
#else
|
||||
Debug( LDAP_DEBUG_TRACE,
|
||||
"slap_sasl2dn: performing internal search (base=%s, scope=%d)\n",
|
||||
uri.dn.bv_val, uri.scope, 0 );
|
||||
#endif
|
||||
|
||||
if(( be == NULL ) || ( be->be_search == NULL))
|
||||
if(( be == NULL ) || ( be->be_search == NULL)) {
|
||||
goto FINISHED;
|
||||
}
|
||||
suffix_alias( be, &uri.dn );
|
||||
|
||||
op.o_tag = LDAP_REQ_SEARCH;
|
||||
@ -444,10 +445,14 @@ void slap_sasl2dn( Connection *conn, struct berval *saslname, struct berval *dn
|
||||
op.o_callback = &cb;
|
||||
op.o_time = slap_get_time();
|
||||
|
||||
(*be->be_search)( be, /*conn*/NULL, &op, /*base*/NULL, &uri.dn,
|
||||
uri.scope, /*deref=*/1, /*sizelimit=*/1, /*time=*/0, filter, /*fstr=*/NULL,
|
||||
/*attrs=*/NULL, /*attrsonly=*/0 );
|
||||
(*be->be_search)( be, NULL, &op, NULL, &uri.dn,
|
||||
uri.scope, LDAP_DEREF_NEVER, 1, 0,
|
||||
filter, NULL, NULL, 1 );
|
||||
|
||||
if( dn->bv_len ) {
|
||||
conn->c_authz_backend = be;
|
||||
}
|
||||
|
||||
FINISHED:
|
||||
if( uri.dn.bv_len ) ch_free( uri.dn.bv_val );
|
||||
if( uri.filter.bv_len ) ch_free( uri.filter.bv_val );
|
||||
|
||||
Loading…
Reference in New Issue
Block a user