git.sur5r.net Git - openldap/blob - contrib/slapd-modules/authzid/authzid.c

   1 /* vc.c - LDAP Verify Credentials extop (no spec yet) */
   2 /* $OpenLDAP$ */
   3 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
   4  *
   5  * Copyright 2010 The OpenLDAP Foundation.
   6  * All rights reserved.
   7  *
   8  * Redistribution and use in source and binary forms, with or without
   9  * modification, are permitted only as authorized by the OpenLDAP
  10  * Public License.
  11  *
  12  * A copy of this license is available in the file LICENSE in the
  13  * top-level directory of the distribution or, alternatively, at
  14  * <http://www.OpenLDAP.org/license.html>.
  15  */
  16 /* ACKNOWLEDGEMENTS:
  17  * This work was initially developed by Pierangelo Masarati for inclusion
  18  * in OpenLDAP Software.
  19  */
  20
  21 /*
  22  * RFC 3829 Authzid
  23  */
  24
  25 #include "portable.h"
  26
  27 #include "slap.h"
  28 #include "lutil.h"
  29 #include "ac/string.h"
  30
  31 static int authzid_cid;
  32
  33 static int
  34 authzid_response(
  35         Operation *op,
  36         SlapReply *rs )
  37 {
  38         if ( rs->sr_tag == LDAP_RES_BIND ) {
  39                 LDAPControl **ctrls;
  40                 ber_len_t len = 0;
  41                 int n = 0;
  42
  43                 /* TEMPORARY! */
  44                 if ( rs->sr_err == LDAP_SASL_BIND_IN_PROGRESS ) {
  45                         if ( op->o_ctrlflag[ authzid_cid ] == SLAP_CONTROL_CRITICAL ) {
  46                                 return rs->sr_err = LDAP_UNAVAILABLE_CRITICAL_EXTENSION;
  47                         }
  48
  49                         op->o_ctrlflag[ authzid_cid ] = SLAP_CONTROL_IGNORED;
  50
  51                         return SLAP_CB_CONTINUE;
  52                 }
  53                 /* end of TEMPORARY! */
  54
  55                 if ( !BER_BVISEMPTY( &op->o_conn->c_dn ) ) {
  56                         len = STRLENOF("dn:") + op->o_conn->c_dn.bv_len;
  57                 }
  58
  59                 /* save original controls in sc_private;
  60                  * will be restored by sc_cleanup
  61                  */
  62                 if ( rs->sr_ctrls != NULL ) {
  63                         op->o_callback->sc_private = rs->sr_ctrls;
  64                         for ( ; rs->sr_ctrls[n] != NULL; n++ )
  65                                 ;
  66                 }
  67
  68                 ctrls = op->o_tmpalloc( sizeof( LDAPControl * )*( n + 2 ), op->o_tmpmemctx );
  69                 n = 0;
  70                 if ( rs->sr_ctrls ) {
  71                         for ( ; rs->sr_ctrls[n] != NULL; n++ ) {
  72                                 ctrls[n] = rs->sr_ctrls[n];
  73                         }
  74                 }
  75
  76                 /* anonymous: "", otherwise "dn:<dn>" */
  77                 ctrls[n] = op->o_tmpalloc( sizeof( LDAPControl ) + len + 1, op->o_tmpmemctx );
  78                 ctrls[n]->ldctl_oid = LDAP_CONTROL_AUTHZID_RESPONSE;
  79                 ctrls[n]->ldctl_iscritical = 0;
  80                 ctrls[n]->ldctl_value.bv_len = len;
  81                 ctrls[n]->ldctl_value.bv_val = (char *)&ctrls[n][1];
  82                 if ( len ) {
  83                         char *ptr;
  84
  85                         ptr = lutil_strcopy( ctrls[n]->ldctl_value.bv_val, "dn:" );
  86                         ptr = lutil_strncopy( ptr, op->o_conn->c_dn.bv_val, op->o_conn->c_dn.bv_len );
  87                 }
  88                 ctrls[n]->ldctl_value.bv_val[len] = '\0';
  89                 ctrls[n + 1] = NULL;
  90
  91                 rs->sr_ctrls = ctrls;
  92         }
  93
  94         return SLAP_CB_CONTINUE;
  95 }
  96
  97 static int
  98 authzid_cleanup(
  99         Operation *op,
 100         SlapReply *rs )
 101 {
 102         if ( rs->sr_ctrls ) {
 103                 LDAPControl *ctrl;
 104
 105                 /* if ours, cleanup */
 106                 ctrl = ldap_control_find( LDAP_CONTROL_AUTHZID_RESPONSE, rs->sr_ctrls, NULL );
 107                 if ( ctrl ) {
 108                         op->o_tmpfree( ctrl, op->o_tmpmemctx );
 109                         op->o_tmpfree( rs->sr_ctrls, op->o_tmpmemctx );
 110                 }
 111
 112                 if ( op->o_callback->sc_private != NULL ) {
 113                         rs->sr_ctrls = (LDAPControl **)op->o_callback->sc_private;
 114                         op->o_callback->sc_private = NULL;
 115                 }
 116         }
 117
 118         op->o_tmpfree( op->o_callback, op->o_tmpmemctx );
 119         op->o_callback = NULL;
 120
 121         return SLAP_CB_CONTINUE;
 122 }
 123
 124 static int
 125 parse_authzid_ctrl(
 126         Operation       *op,
 127         SlapReply       *rs,
 128         LDAPControl     *ctrl )
 129 {
 130         slap_callback *sc;
 131
 132         if ( op->o_ctrlflag[ authzid_cid ] != SLAP_CONTROL_NONE ) {
 133                 rs->sr_text = "authzid control specified multiple times";
 134                 return LDAP_PROTOCOL_ERROR;
 135         }
 136
 137         if ( !BER_BVISNULL( &ctrl->ldctl_value ) ) {
 138                 rs->sr_text = "authzid control value not absent";
 139                 return LDAP_PROTOCOL_ERROR;
 140         }
 141
 142         op->o_ctrlflag[ authzid_cid ] = ctrl->ldctl_iscritical ?  SLAP_CONTROL_CRITICAL : SLAP_CONTROL_NONCRITICAL;
 143
 144         sc = op->o_callback;
 145         op->o_callback = op->o_tmpalloc( sizeof( slap_callback ), op->o_tmpmemctx );
 146         op->o_callback->sc_response = authzid_response;
 147         op->o_callback->sc_cleanup = authzid_cleanup;
 148         op->o_callback->sc_private = NULL;
 149         op->o_callback->sc_next = sc;
 150
 151         return LDAP_SUCCESS;
 152 }
 153
 154 static int
 155 authzid_initialize( void )
 156 {
 157         int rc;
 158
 159         rc = register_supported_control( LDAP_CONTROL_AUTHZID_REQUEST,
 160                 SLAP_CTRL_GLOBAL|SLAP_CTRL_BIND|SLAP_CTRL_HIDE, NULL,
 161                 parse_authzid_ctrl, &authzid_cid );
 162         if ( rc != LDAP_SUCCESS ) {
 163                 Debug( LDAP_DEBUG_ANY,
 164                         "authzid_initialize: failed to register control %s (%d)\n",
 165                         LDAP_CONTROL_AUTHZID_REQUEST, rc, 0 );
 166                 return rc;
 167         }
 168
 169         return rc;
 170 }
 171
 172 int
 173 init_module( int argc, char *argv[] )
 174 {
 175         return authzid_initialize();
 176 }
 177