git.sur5r.net Git - openldap/blob - contrib/slapd-modules/authzid/authzid.c

   1 /* vc.c - LDAP Verify Credentials extop (no spec yet) */
   2 /* $OpenLDAP$ */
   3 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
   4  *
   5  * Copyright 2010 The OpenLDAP Foundation.
   6  * All rights reserved.
   7  *
   8  * Redistribution and use in source and binary forms, with or without
   9  * modification, are permitted only as authorized by the OpenLDAP
  10  * Public License.
  11  *
  12  * A copy of this license is available in the file LICENSE in the
  13  * top-level directory of the distribution or, alternatively, at
  14  * <http://www.OpenLDAP.org/license.html>.
  15  */
  16 /* ACKNOWLEDGEMENTS:
  17  * This work was initially developed by Pierangelo Masarati for inclusion
  18  * in OpenLDAP Software.
  19  */
  20
  21 /*
  22  * RFC 3829 Authzid
  23  */
  24
  25 #include "portable.h"
  26
  27 #include "slap.h"
  28 #include "lutil.h"
  29 #include "ac/string.h"
  30
  31 static int authzid_cid;
  32
  33 static int
  34 authzid_response(
  35         Operation *op,
  36         SlapReply *rs )
  37 {
  38         if ( rs->sr_tag == LDAP_RES_BIND ) {
  39                 LDAPControl **ctrls;
  40                 ber_len_t len = 0;
  41                 int n = 0;
  42
  43                 /* TEMPORARY! */
  44                 if ( rs->sr_err == LDAP_SASL_BIND_IN_PROGRESS ) {
  45                         if ( op->o_ctrlflag[ authzid_cid ] == SLAP_CONTROL_CRITICAL ) {
  46                                 return rs->sr_err = LDAP_UNAVAILABLE_CRITICAL_EXTENSION;
  47                         }
  48
  49                         op->o_ctrlflag[ authzid_cid ] = SLAP_CONTROL_IGNORED;
  50
  51                         return SLAP_CB_CONTINUE;
  52                 }
  53                 /* end of TEMPORARY! */
  54
  55                 if ( rs->sr_err != LDAP_SUCCESS ) {
  56                         return SLAP_CB_CONTINUE;
  57                 }
  58
  59                 if ( !BER_BVISEMPTY( &op->o_conn->c_dn ) ) {
  60                         len = STRLENOF("dn:") + op->o_conn->c_dn.bv_len;
  61                 }
  62
  63                 /* save original controls in sc_private;
  64                  * will be restored by sc_cleanup
  65                  */
  66                 if ( rs->sr_ctrls != NULL ) {
  67                         op->o_callback->sc_private = rs->sr_ctrls;
  68                         for ( ; rs->sr_ctrls[n] != NULL; n++ )
  69                                 ;
  70                 }
  71
  72                 ctrls = op->o_tmpalloc( sizeof( LDAPControl * )*( n + 2 ), op->o_tmpmemctx );
  73                 n = 0;
  74                 if ( rs->sr_ctrls ) {
  75                         for ( ; rs->sr_ctrls[n] != NULL; n++ ) {
  76                                 ctrls[n] = rs->sr_ctrls[n];
  77                         }
  78                 }
  79
  80                 /* anonymous: "", otherwise "dn:<dn>" */
  81                 ctrls[n] = op->o_tmpalloc( sizeof( LDAPControl ) + len + 1, op->o_tmpmemctx );
  82                 ctrls[n]->ldctl_oid = LDAP_CONTROL_AUTHZID_RESPONSE;
  83                 ctrls[n]->ldctl_iscritical = 0;
  84                 ctrls[n]->ldctl_value.bv_len = len;
  85                 ctrls[n]->ldctl_value.bv_val = (char *)&ctrls[n][1];
  86                 if ( len ) {
  87                         char *ptr;
  88
  89                         ptr = lutil_strcopy( ctrls[n]->ldctl_value.bv_val, "dn:" );
  90                         ptr = lutil_strncopy( ptr, op->o_conn->c_dn.bv_val, op->o_conn->c_dn.bv_len );
  91                 }
  92                 ctrls[n]->ldctl_value.bv_val[len] = '\0';
  93                 ctrls[n + 1] = NULL;
  94
  95                 rs->sr_ctrls = ctrls;
  96         }
  97
  98         return SLAP_CB_CONTINUE;
  99 }
 100
 101 static int
 102 authzid_cleanup(
 103         Operation *op,
 104         SlapReply *rs )
 105 {
 106         if ( rs->sr_ctrls ) {
 107                 LDAPControl *ctrl;
 108
 109                 /* if ours, cleanup */
 110                 ctrl = ldap_control_find( LDAP_CONTROL_AUTHZID_RESPONSE, rs->sr_ctrls, NULL );
 111                 if ( ctrl ) {
 112                         op->o_tmpfree( ctrl, op->o_tmpmemctx );
 113                         op->o_tmpfree( rs->sr_ctrls, op->o_tmpmemctx );
 114                 }
 115
 116                 if ( op->o_callback->sc_private != NULL ) {
 117                         rs->sr_ctrls = (LDAPControl **)op->o_callback->sc_private;
 118                         op->o_callback->sc_private = NULL;
 119                 }
 120         }
 121
 122         op->o_tmpfree( op->o_callback, op->o_tmpmemctx );
 123         op->o_callback = NULL;
 124
 125         return SLAP_CB_CONTINUE;
 126 }
 127
 128 static int
 129 parse_authzid_ctrl(
 130         Operation       *op,
 131         SlapReply       *rs,
 132         LDAPControl     *ctrl )
 133 {
 134         slap_callback *sc;
 135
 136         if ( op->o_ctrlflag[ authzid_cid ] != SLAP_CONTROL_NONE ) {
 137                 rs->sr_text = "authzid control specified multiple times";
 138                 return LDAP_PROTOCOL_ERROR;
 139         }
 140
 141         if ( !BER_BVISNULL( &ctrl->ldctl_value ) ) {
 142                 rs->sr_text = "authzid control value not absent";
 143                 return LDAP_PROTOCOL_ERROR;
 144         }
 145
 146         op->o_ctrlflag[ authzid_cid ] = ctrl->ldctl_iscritical ?  SLAP_CONTROL_CRITICAL : SLAP_CONTROL_NONCRITICAL;
 147
 148         sc = op->o_callback;
 149         op->o_callback = op->o_tmpalloc( sizeof( slap_callback ), op->o_tmpmemctx );
 150         op->o_callback->sc_response = authzid_response;
 151         op->o_callback->sc_cleanup = authzid_cleanup;
 152         op->o_callback->sc_private = NULL;
 153         op->o_callback->sc_next = sc;
 154
 155         return LDAP_SUCCESS;
 156 }
 157
 158 static int
 159 authzid_initialize( void )
 160 {
 161         int rc;
 162
 163         rc = register_supported_control( LDAP_CONTROL_AUTHZID_REQUEST,
 164                 SLAP_CTRL_GLOBAL|SLAP_CTRL_BIND|SLAP_CTRL_HIDE, NULL,
 165                 parse_authzid_ctrl, &authzid_cid );
 166         if ( rc != LDAP_SUCCESS ) {
 167                 Debug( LDAP_DEBUG_ANY,
 168                         "authzid_initialize: failed to register control %s (%d)\n",
 169                         LDAP_CONTROL_AUTHZID_REQUEST, rc, 0 );
 170                 return rc;
 171         }
 172
 173         return rc;
 174 }
 175
 176 int
 177 init_module( int argc, char *argv[] )
 178 {
 179         return authzid_initialize();
 180 }
 181