1 /* chain.c - chain LDAP operations */
3 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
5 * Copyright 2003-2004 The OpenLDAP Foundation.
6 * Portions Copyright 2003 Howard Chu.
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted only as authorized by the OpenLDAP
13 * A copy of this license is available in the file LICENSE in the
14 * top-level directory of the distribution or, alternatively, at
15 * <http://www.OpenLDAP.org/license.html>.
18 * This work was initially developed by the Howard Chu for inclusion
19 * in OpenLDAP Software.
24 #if defined(SLAPD_LDAP)
26 #ifdef SLAPD_OVER_CHAIN
30 #include <ac/string.h>
31 #include <ac/socket.h>
34 #include "../back-ldap/back-ldap.h"
37 ldap_chain_response( Operation *op, SlapReply *rs )
39 slap_overinst *on = (slap_overinst *) op->o_bd->bd_info;
40 void *private = op->o_bd->be_private;
41 slap_callback *sc = op->o_callback;
42 LDAPControl **prev = op->o_ctrls;
43 LDAPControl **ctrls = NULL, authz;
45 int cache = op->o_do_not_cache;
48 struct berval ndn = op->o_ndn;
50 if ( rs->sr_err != LDAP_REFERRAL )
51 return SLAP_CB_CONTINUE;
53 /* currently we assume only one referral destination.
54 * we'll have to parse this in the future.
59 op->o_bd->be_private = on->on_bi.bi_private;
60 op->o_callback = NULL;
62 /* Chaining is performed by a privileged user on behalf
63 * of a normal user, using the ProxyAuthz control. However,
64 * Binds are done separately, on an anonymous session.
66 if ( op->o_tag != LDAP_REQ_BIND ) {
67 for (i=0; prev && prev[i]; i++);
70 /* Add an extra NULL slot */
73 ctrls = op->o_tmpalloc((i+1)*sizeof(LDAPControl *),
75 for (i=0; i <nctrls; i++)
77 ctrls[nctrls] = &authz;
78 ctrls[nctrls+1] = NULL;
79 authz.ldctl_oid = LDAP_CONTROL_PROXY_AUTHZ;
80 authz.ldctl_iscritical = 1;
81 authz.ldctl_value = op->o_dn;
82 if ( op->o_dn.bv_len ) {
83 authzid = op->o_tmpalloc( op->o_dn.bv_len+4,
85 strcpy(authzid, "dn: ");
86 strcpy(authzid+4, op->o_dn.bv_val);
87 authz.ldctl_value.bv_len = op->o_dn.bv_len + 4;
88 authz.ldctl_value.bv_val = authzid;
91 op->o_ndn = op->o_bd->be_rootndn;
96 struct berval rndn = op->o_req_ndn;
97 Connection *conn = op->o_conn;
98 op->o_req_ndn = slap_empty_bv;
100 rc = ldap_back_bind( op, rs );
101 op->o_req_ndn = rndn;
106 rc = ldap_back_add( op, rs );
108 case LDAP_REQ_DELETE:
109 rc = ldap_back_delete( op, rs );
111 case LDAP_REQ_MODRDN:
112 rc = ldap_back_modrdn( op, rs );
114 case LDAP_REQ_MODIFY:
115 rc = ldap_back_modify( op, rs );
117 case LDAP_REQ_COMPARE:
118 rc = ldap_back_compare( op, rs );
120 case LDAP_REQ_SEARCH:
121 rc = ldap_back_search( op, rs );
123 case LDAP_REQ_EXTENDED:
124 rc = ldap_back_extended( op, rs );
127 rc = SLAP_CB_CONTINUE;
130 op->o_do_not_cache = cache;
132 op->o_bd->be_private = private;
135 if ( ctrls ) op->o_tmpfree( ctrls, op->o_tmpmemctx );
136 if ( authzid ) op->o_tmpfree( authzid, op->o_tmpmemctx );
142 static int ldap_chain_config(
150 slap_overinst *on = (slap_overinst *) be->bd_info;
151 void *private = be->be_private;
155 be->be_private = on->on_bi.bi_private;
156 if ( strncasecmp( argv[ 0 ], "chain-", sizeof( "chain-" ) - 1 ) == 0 ) {
158 argv[ 0 ] = &argv[ 0 ][ sizeof( "chain-" ) - 1 ];
160 rc = ldap_back_db_config( be, fname, lineno, argc, argv );
165 be->be_private = private;
169 static int ldap_chain_init(
173 slap_overinst *on = (slap_overinst *) be->bd_info;
174 void *private = be->be_private;
177 be->be_private = NULL;
178 rc = ldap_back_db_init( be );
179 on->on_bi.bi_private = be->be_private;
180 be->be_private = private;
184 static int ldap_chain_destroy(
188 slap_overinst *on = (slap_overinst *) be->bd_info;
189 void *private = be->be_private;
192 be->be_private = on->on_bi.bi_private;
193 rc = ldap_back_db_destroy( be );
194 on->on_bi.bi_private = be->be_private;
195 be->be_private = private;
199 static slap_overinst ldapchain;
203 ldapchain.on_bi.bi_type = "chain";
204 ldapchain.on_bi.bi_db_init = ldap_chain_init;
205 ldapchain.on_bi.bi_db_config = ldap_chain_config;
206 ldapchain.on_bi.bi_db_destroy = ldap_chain_destroy;
207 ldapchain.on_response = ldap_chain_response;
209 return overlay_register( &ldapchain );
212 #if SLAPD_OVER_CHAIN == SLAPD_MOD_DYNAMIC
213 int init_module(int argc, char *argv[]) {
216 #endif /* SLAPD_OVER_CHAIN == SLAPD_MOD_DYNAMIC */
218 #endif /* SLAPD_OVER_CHAIN */
220 #endif /* ! defined(SLAPD_LDAP) */