]> git.sur5r.net Git - openldap/blobdiff - servers/slapd/back-bdb/bind.c
projects / openldap / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Cancel exop updates
[openldap] / servers / slapd / back-bdb / bind.c
diff --git a/servers/slapd/back-bdb/bind.c b/servers/slapd/back-bdb/bind.c
index 88a90ee113740977df7dba90192af4d5869ef7e9..f03ea7487d6e372167da1d64805bbddac5c195f8 100644 (file)
--- a/servers/slapd/back-bdb/bind.c
+++ b/servers/slapd/back-bdb/bind.c
@@ -1,7 +1,7 @@
 /* bind.c - bdb backend bind routine */
 /* $OpenLDAP$ */
 /*
- * Copyright 1998-2000 The OpenLDAP Foundation, All Rights Reserved.
+ * Copyright 1998-2003 The OpenLDAP Foundation, All Rights Reserved.
  * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
  */
 
@@ -13,17 +13,18 @@
 #include <ac/unistd.h>
 
 #include "back-bdb.h"
+#include "external.h"
 
 int
 bdb_bind(
-    Backend            *be,
-    Connection         *conn,
-    Operation          *op,
-    const char         *dn,
-    const char         *ndn,
-    int                        method,
-    struct berval      *cred,
-       char**  edn
+       Backend         *be,
+       Connection              *conn,
+       Operation               *op,
+       struct berval           *dn,
+       struct berval           *ndn,
+       int                     method,
+       struct berval   *cred,
+       struct berval   *edn
 )
 {
        struct bdb_info *bdb = (struct bdb_info *) be->be_private;
@@ -39,27 +40,52 @@ bdb_bind(
 
        AttributeDescription *password = slap_schema.si_ad_userPassword;
 
-       Debug( LDAP_DEBUG_ARGS, "==> bdb_bind: dn: %s\n", dn, 0, 0);
+       u_int32_t       locker;
+       DB_LOCK         lock;
 
-       *edn = NULL;
+#ifdef NEW_LOGGING
+       LDAP_LOG ( OPERATION, ARGS, "==> bdb_bind: dn: %s\n", dn->bv_val, 0, 0 );
+#else
+       Debug( LDAP_DEBUG_ARGS, "==> bdb_bind: dn: %s\n", dn->bv_val, 0, 0);
+#endif
 
-       /* fetch entry */
-       rc = dn2entry_r( be, NULL, ndn, &e, &matched );
+       rc = LOCK_ID(bdb->bi_dbenv, &locker);
+       switch(rc) {
+       case 0:
+               break;
+       default:
+               send_ldap_result( conn, op, rc=LDAP_OTHER,
+                       NULL, "internal error", NULL, NULL );
+               return rc;
+       }
+
+dn2entry_retry:
+       /* get entry */
+       rc = bdb_dn2entry_r( be, NULL, ndn, &e, &matched, 0, locker, &lock );
 
        switch(rc) {
        case DB_NOTFOUND:
        case 0:
                break;
+       case LDAP_BUSY:
+               send_ldap_result( conn, op, LDAP_BUSY,
+                       NULL, "ldap server busy", NULL, NULL );
+               LOCK_ID_FREE(bdb->bi_dbenv, locker);
+               return LDAP_BUSY;
+       case DB_LOCK_DEADLOCK:
+       case DB_LOCK_NOTGRANTED:
+               goto dn2entry_retry;
        default:
                send_ldap_result( conn, op, rc=LDAP_OTHER,
-                   NULL, "internal error", NULL, NULL );
+                       NULL, "internal error", NULL, NULL );
+               LOCK_ID_FREE(bdb->bi_dbenv, locker);
                return rc;
        }
 
        /* get entry with reader lock */
        if ( e == NULL ) {
                char *matched_dn = NULL;
-               struct berval **refs = NULL;
+               BerVarray refs;
 
                if( matched != NULL ) {
                        matched_dn = ch_strdup( matched->e_dn );
@@ -68,16 +94,19 @@ bdb_bind(
                                ? get_entry_referrals( be, conn, op, matched )
                                : NULL;
 
-                       bdb_entry_return( be, matched );
+                       bdb_cache_return_entry_r( bdb->bi_dbenv, &bdb->bi_cache, matched, &lock );
+                       matched = NULL;
+
                } else {
-                       refs = default_referral;
+                       refs = referral_rewrite( default_referral,
+                               NULL, dn, LDAP_SCOPE_DEFAULT );
                }
 
                /* allow noauth binds */
                rc = 1;
                if ( method == LDAP_AUTH_SIMPLE ) {
                        if ( be_isroot_pw( be, conn, ndn, cred ) ) {
-                               *edn = ch_strdup( be_root_dn( be ) );
+                               ber_dupbv( edn, be_root_dn( be ) );
                                rc = LDAP_SUCCESS; /* front end will send result */
 
                        } else if ( refs != NULL ) {
@@ -98,36 +127,64 @@ bdb_bind(
                                NULL, NULL, NULL, NULL );
                }
 
-               if ( matched != NULL ) {
-                       ber_bvecfree( refs );
-                       free( matched_dn );
-               }
+               LOCK_ID_FREE(bdb->bi_dbenv, locker);
+
+               ber_bvarray_free( refs );
+               free( matched_dn );
 
                return rc;
        }
 
-       *edn = ch_strdup( e->e_dn );
+       ber_dupbv( edn, &e->e_name );
 
        /* check for deleted */
+#ifdef BDB_SUBENTRIES
+       if ( is_entry_subentry( e ) ) {
+               /* entry is an subentry, don't allow bind */
+#ifdef NEW_LOGGING
+               LDAP_LOG ( OPERATION, DETAIL1, 
+                       "bdb_bind: entry is subentry\n", 0, 0, 0 );
+#else
+               Debug( LDAP_DEBUG_TRACE, "entry is subentry\n", 0,
+                       0, 0 );
+#endif
 
+               send_ldap_result( conn, op, rc = LDAP_INVALID_CREDENTIALS,
+                       NULL, NULL, NULL, NULL );
+
+               goto done;
+       }
+#endif
+
+#ifdef BDB_ALIASES
        if ( is_entry_alias( e ) ) {
                /* entry is an alias, don't allow bind */
+#ifdef NEW_LOGGING
+               LDAP_LOG ( OPERATION, DETAIL1, "bdb_bind: entry is alias\n", 0, 0, 0 );
+#else
                Debug( LDAP_DEBUG_TRACE, "entry is alias\n", 0,
-                   0, 0 );
+                       0, 0 );
+#endif
 
                send_ldap_result( conn, op, rc = LDAP_ALIAS_PROBLEM,
-                   NULL, "entry is alias", NULL, NULL );
+                       NULL, "entry is alias", NULL, NULL );
 
                goto done;
        }
+#endif
 
        if ( is_entry_referral( e ) ) {
                /* entry is a referral, don't allow bind */
-               struct berval **refs = get_entry_referrals( be,
+               BerVarray refs = get_entry_referrals( be,
                        conn, op, e );
 
+#ifdef NEW_LOGGING
+               LDAP_LOG ( OPERATION, DETAIL1, 
+                       "bdb_bind: entry is referral\n", 0, 0, 0 );
+#else
                Debug( LDAP_DEBUG_TRACE, "entry is referral\n", 0,
-                   0, 0 );
+                       0, 0 );
+#endif
 
                if( refs != NULL ) {
                        send_ldap_result( conn, op, rc = LDAP_REFERRAL,
@@ -138,7 +195,7 @@ bdb_bind(
                                NULL, NULL, NULL, NULL );
                }
 
-               ber_bvecfree( refs );
+               ber_bvarray_free( refs );
 
                goto done;
        }
@@ -146,17 +203,17 @@ bdb_bind(
        switch ( method ) {
        case LDAP_AUTH_SIMPLE:
                /* check for root dn/passwd */
-               if ( be_isroot_pw( be, conn, dn, cred ) ) {
+               if ( be_isroot_pw( be, conn, ndn, cred ) ) {
                        /* front end will send result */
-                       if(*edn != NULL) free( *edn );
-                       *edn = ch_strdup( be_root_dn( be ) );
+                       if(edn->bv_val != NULL) free( edn->bv_val );
+                       ber_dupbv( edn, be_root_dn( be ) );
                        rc = LDAP_SUCCESS;
                        goto done;
                }
 
-               if ( ! access_allowed( be, conn, op, e,
-                       password, NULL, ACL_AUTH ) )
-               {
+               rc = access_allowed( be, conn, op, e,
+                       password, NULL, ACL_AUTH, NULL );
+               if ( ! rc ) {
                        send_ldap_result( conn, op, rc = LDAP_INSUFFICIENT_ACCESS,
                                NULL, NULL, NULL, NULL );
                        goto done;
@@ -164,7 +221,7 @@ bdb_bind(
 
                if ( (a = attr_find( e->e_attrs, password )) == NULL ) {
                        send_ldap_result( conn, op, rc = LDAP_INAPPROPRIATE_AUTH,
-                           NULL, NULL, NULL, NULL );
+                               NULL, NULL, NULL, NULL );
                        goto done;
                }
 
@@ -181,31 +238,31 @@ bdb_bind(
        case LDAP_AUTH_KRBV41:
                if ( krbv4_ldap_auth( be, cred, &ad ) != LDAP_SUCCESS ) {
                        send_ldap_result( conn, op, rc = LDAP_INVALID_CREDENTIALS,
-                           NULL, NULL, NULL, NULL );
+                               NULL, NULL, NULL, NULL );
                        goto done;
                }
 
-               if ( ! access_allowed( be, conn, op, e,
-                       krbattr, NULL, ACL_AUTH ) )
-               {
+               rc = access_allowed( be, conn, op, e,
+                       krbattr, NULL, ACL_AUTH, NULL );
+               if ( ! rc ) {
                        send_ldap_result( conn, op, rc = LDAP_INSUFFICIENT_ACCESS,
                                NULL, NULL, NULL, NULL );
                        goto done;
                }
 
                sprintf( krbname, "%s%s%s@%s", ad.pname, *ad.pinst ? "."
-                   : "", ad.pinst, ad.prealm );
+                       : "", ad.pinst, ad.prealm );
 
                if ( (a = attr_find( e->e_attrs, krbattr )) == NULL ) {
                        /*
-                        * no krbname values present:  check against DN
+                        * no krbname values present: check against DN
                         */
                        if ( strcasecmp( dn, krbname ) == 0 ) {
                                rc = 0;
                                break;
                        }
                        send_ldap_result( conn, op, rc = LDAP_INAPPROPRIATE_AUTH,
-                           NULL, NULL, NULL, NULL );
+                               NULL, NULL, NULL, NULL );
                        goto done;
 
                } else {        /* look for krbname match */
@@ -216,7 +273,7 @@ bdb_bind(
 
                        if ( value_find( a->a_desc, a->a_vals, &krbval ) != 0 ) {
                                send_ldap_result( conn, op,
-                                   rc = LDAP_INVALID_CREDENTIALS,
+                                       rc = LDAP_INVALID_CREDENTIALS,
                                        NULL, NULL, NULL, NULL );
                                goto done;
                        }
@@ -233,14 +290,18 @@ bdb_bind(
 
        default:
                send_ldap_result( conn, op, rc = LDAP_STRONG_AUTH_NOT_SUPPORTED,
-                   NULL, "authentication method not supported", NULL, NULL );
+                       NULL, "authentication method not supported", NULL, NULL );
                goto done;
        }
 
 done:
        /* free entry and reader lock */
-       bdb_entry_return( be, e );
+       if( e != NULL ) {
+               bdb_cache_return_entry_r( bdb->bi_dbenv, &bdb->bi_cache, e, &lock );
+       }
+
+       LOCK_ID_FREE(bdb->bi_dbenv, locker);
 
-       /* front end with send result on success (rc==0) */
+       /* front end will send result on success (rc==0) */
        return rc;
-}
\ No newline at end of file
+}
Cloned from git://git.openldap.org/openldap.git