/* chain.c - chain LDAP operations */
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software .
*
* Copyright 2003 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted only as authorized by the OpenLDAP
* Public License.
*
* A copy of this license is available in the file LICENSE in the
* top-level directory of the distribution or, alternatively, at
* .
*/
/* ACKNOWLEDGEMENTS:
* This work was initially developed by the Howard Chu for inclusion
* in OpenLDAP Software.
*/
/* This is an altered version */
/*
* Copyright 2003, Howard Chu, All rights reserved.
*
* Permission is granted to anyone to use this software for any purpose
* on any computer system, and to alter it and redistribute it, subject
* to the following restrictions:
*
* 1. The author is not responsible for the consequences of use of this
* software, no matter how awful, even if they arise from flaws in it.
*
* 2. The origin of this software must not be misrepresented, either by
* explicit claim or by omission. Since few users ever read sources,
* credits should appear in the documentation.
*
* 3. Altered versions must be plainly marked as such, and must not be
* misrepresented as being the original software. Since few users
* ever read sources, credits should appear in the documentation.
*
* 4. This notice may not be removed or altered.
*/
#include "portable.h"
#include
#include
#include
#include "slap.h"
#include "back-ldap.h"
static int
ldap_chain_response( Operation *op, SlapReply *rs )
{
slap_overinst *on = (slap_overinst *) op->o_bd->bd_info;
void *private = op->o_bd->be_private;
slap_callback *sc = op->o_callback;
LDAPControl **prev = op->o_ctrls;
LDAPControl **ctrls = NULL, authz;
int i, nctrls, rc;
int cache = op->o_do_not_cache;
char *authzid = NULL;
BerVarray ref;
struct berval ndn = op->o_ndn;
if ( rs->sr_err != LDAP_REFERRAL )
return SLAP_CB_CONTINUE;
/* currently we assume only one referral destination.
* we'll have to parse this in the future.
*/
ref = rs->sr_ref;
rs->sr_ref = NULL;
op->o_bd->be_private = on->on_bi.bi_private;
op->o_callback = NULL;
/* Chaining is performed by a privileged user on behalf
* of a normal user, using the ProxyAuthz control. However,
* Binds are done separately, on an anonymous session.
*/
if ( op->o_tag != LDAP_REQ_BIND ) {
for (i=0; prev && prev[i]; i++);
nctrls = i;
/* Add an extra NULL slot */
if (!prev) i++;
ctrls = op->o_tmpalloc((i+1)*sizeof(LDAPControl *),
op->o_tmpmemctx);
for (i=0; i o_dn;
if ( op->o_dn.bv_len ) {
authzid = op->o_tmpalloc( op->o_dn.bv_len+4,
op->o_tmpmemctx );
strcpy(authzid, "dn: ");
strcpy(authzid+4, op->o_dn.bv_val);
authz.ldctl_value.bv_len = op->o_dn.bv_len + 4;
authz.ldctl_value.bv_val = authzid;
}
op->o_ctrls = ctrls;
op->o_ndn = op->o_bd->be_rootndn;
}
switch( op->o_tag ) {
case LDAP_REQ_BIND: {
struct berval rndn = op->o_req_ndn;
Connection *conn = op->o_conn;
op->o_req_ndn = slap_empty_bv;
op->o_conn = NULL;
rc = ldap_back_bind( op, rs );
op->o_req_ndn = rndn;
op->o_conn = conn;
}
break;
case LDAP_REQ_ADD:
rc = ldap_back_add( op, rs );
break;
case LDAP_REQ_DELETE:
rc = ldap_back_delete( op, rs );
break;
case LDAP_REQ_MODRDN:
rc = ldap_back_modrdn( op, rs );
break;
case LDAP_REQ_MODIFY:
rc = ldap_back_modify( op, rs );
break;
case LDAP_REQ_COMPARE:
rc = ldap_back_compare( op, rs );
break;
case LDAP_REQ_SEARCH:
rc = ldap_back_search( op, rs );
break;
case LDAP_REQ_EXTENDED:
rc = ldap_back_extended( op, rs );
break;
default:
rc = SLAP_CB_CONTINUE;
break;
}
op->o_do_not_cache = cache;
op->o_ctrls = prev;
op->o_bd->be_private = private;
op->o_callback = sc;
op->o_ndn = ndn;
if ( ctrls ) op->o_tmpfree( ctrls, op->o_tmpmemctx );
if ( authzid ) op->o_tmpfree( authzid, op->o_tmpmemctx );
rs->sr_ref = ref;
return rc;
}
static int ldap_chain_config(
BackendDB *be,
const char *fname,
int lineno,
int argc,
char **argv
)
{
slap_overinst *on = (slap_overinst *) be->bd_info;
void *private = be->be_private;
int rc;
be->be_private = on->on_bi.bi_private;
rc = ldap_back_db_config( be, fname, lineno, argc, argv );
be->be_private = private;
return rc;
}
static int ldap_chain_init(
BackendDB *be
)
{
slap_overinst *on = (slap_overinst *) be->bd_info;
void *private = be->be_private;
int rc;
be->be_private = NULL;
rc = ldap_back_db_init( be );
on->on_bi.bi_private = be->be_private;
be->be_private = private;
return rc;
}
static int ldap_chain_destroy(
BackendDB *be
)
{
slap_overinst *on = (slap_overinst *) be->bd_info;
void *private = be->be_private;
int rc;
be->be_private = on->on_bi.bi_private;
rc = ldap_back_db_destroy( be );
on->on_bi.bi_private = be->be_private;
be->be_private = private;
return rc;
}
static slap_overinst ldapchain;
int ldap_chain_setup()
{
ldapchain.on_bi.bi_type = "chain";
ldapchain.on_bi.bi_db_init = ldap_chain_init;
ldapchain.on_bi.bi_db_config = ldap_chain_config;
ldapchain.on_bi.bi_db_destroy = ldap_chain_destroy;
ldapchain.on_response = ldap_chain_response;
return overlay_register( &ldapchain );
}