/* bind.c - ldap backend bind function */
/* $OpenLDAP$ */
/*
- * Copyright 1998-2000 The OpenLDAP Foundation, All Rights Reserved.
+ * Copyright 1998-2002 The OpenLDAP Foundation, All Rights Reserved.
* COPYING RESTRICTIONS APPLY, see COPYRIGHT file
*/
/* This is an altered version */
#define PRINT_CONNTREE 0
+static LDAP_REBIND_PROC ldap_back_rebind;
+
int
ldap_back_bind(
Backend *be,
Connection *conn,
Operation *op,
- const char *dn,
- const char *ndn,
+ struct berval *dn,
+ struct berval *ndn,
int method,
struct berval *cred,
- char **edn
+ struct berval *edn
)
{
struct ldapinfo *li = (struct ldapinfo *) be->be_private;
struct ldapconn *lc;
- char *mdn = NULL;
+ struct berval mdn = { 0, NULL };
int rc = 0;
- *edn = NULL;
-
lc = ldap_back_getconn(li, conn, op);
if ( !lc ) {
return( -1 );
* Rewrite the bind dn if needed
*/
#ifdef ENABLE_REWRITE
- switch ( rewrite_session( li->rwinfo, "bindDn", dn, conn, &mdn ) ) {
+ switch ( rewrite_session( li->rwinfo, "bindDn", dn->bv_val, conn, &mdn.bv_val ) ) {
case REWRITE_REGEXEC_OK:
- if ( mdn == NULL ) {
- mdn = ( char * )dn;
+ if ( mdn.bv_val == NULL ) {
+ mdn.bv_val = ( char * )dn->bv_val;
}
+#ifdef NEW_LOGGING
+ LDAP_LOG(( "backend", LDAP_LEVEL_DETAIL1,
+ "[rw] bindDn: \"%s\" -> \"%s\"\n", dn->bv_val, mdn.bv_val ));
+#else /* !NEW_LOGGING */
Debug( LDAP_DEBUG_ARGS, "rw> bindDn: \"%s\" -> \"%s\"\n%s",
- dn, mdn, "" );
+ dn->bv_val, mdn.bv_val, "" );
+#endif /* !NEW_LOGGING */
break;
case REWRITE_REGEXEC_UNWILLING:
send_ldap_result( conn, op, LDAP_UNWILLING_TO_PERFORM,
NULL, "Unwilling to perform", NULL, NULL );
+ return( -1 );
case REWRITE_REGEXEC_ERR:
+ send_ldap_result( conn, op, LDAP_OPERATIONS_ERROR,
+ NULL, "Operations error", NULL, NULL );
return( -1 );
}
#else /* !ENABLE_REWRITE */
- mdn = ldap_back_dn_massage( li, ch_strdup( dn ), 0 );
+ ldap_back_dn_massage( li, dn, &mdn, 0, 1 );
#endif /* !ENABLE_REWRITE */
- rc = ldap_bind_s(lc->ld, mdn, cred->bv_val, method);
+ rc = ldap_bind_s(lc->ld, mdn.bv_val, cred->bv_val, method);
if (rc != LDAP_SUCCESS) {
rc = ldap_back_op_result( lc, op );
} else {
lc->bound = 1;
}
-#ifdef ENABLE_REWRITE
- if ( mdn != dn ) {
-#endif /* ENABLE_REWRITE */
- free( mdn );
-#ifdef ENABLE_REWRITE
+ if ( li->savecred ) {
+ if ( lc->cred.bv_val )
+ ch_free( lc->cred.bv_val );
+ ber_dupbv( &lc->cred, cred );
+ ldap_set_rebind_proc( lc->ld, ldap_back_rebind, lc );
+ }
+
+ if ( lc->bound_dn.bv_val )
+ ch_free( lc->bound_dn.bv_val );
+ if ( mdn.bv_val != dn->bv_val ) {
+ lc->bound_dn = mdn;
+ } else {
+ ber_dupbv( &lc->bound_dn, dn );
}
-#endif /* ENABLE_REWRITE */
return( rc );
}
const void *c2
)
{
- struct ldapconn *lc1 = (struct ldapconn *)c1;
- struct ldapconn *lc2 = (struct ldapconn *)c2;
+ const struct ldapconn *lc1 = (const struct ldapconn *)c1;
+ const struct ldapconn *lc2 = (const struct ldapconn *)c2;
return ( ( lc1->conn < lc2->conn ) ? -1 : ( ( lc1->conn > lc2-> conn ) ? 1 : 0 ) );
}
lc->conn = conn;
lc->ld = ld;
+ lc->cred.bv_len = 0;
+ lc->cred.bv_val = NULL;
+
#ifdef ENABLE_REWRITE
/*
* Sets a cookie for the rewrite session
( void )rewrite_session_init( li->rwinfo, conn );
#endif /* ENABLE_REWRITE */
- if ( lc->conn->c_cdn != NULL && lc->conn->c_cdn[0] != '\0' ) {
+ if ( lc->conn->c_cdn.bv_len != 0 ) {
/*
* Rewrite the bind dn if needed
*/
#ifdef ENABLE_REWRITE
- lc->bound_dn = NULL;
+ lc->bound_dn.bv_val = NULL;
+ lc->bound_dn.bv_len = 0;
switch ( rewrite_session( li->rwinfo, "bindDn",
- lc->conn->c_cdn, conn,
- &lc->bound_dn ) ) {
+ lc->conn->c_cdn.bv_val, conn,
+ &lc->bound_dn.bv_val ) ) {
case REWRITE_REGEXEC_OK:
- if ( lc->bound_dn == NULL ) {
- lc->bound_dn =
- ch_strdup( lc->conn->c_cdn );
+ if ( lc->bound_dn.bv_val == NULL ) {
+ ber_dupbv( &lc->bound_dn, &lc->conn->c_cdn );
}
+#ifdef NEW_LOGGING
+ LDAP_LOG(( "backend", LDAP_LEVEL_DETAIL1,
+ "[rw] bindDn: \"%s\" ->"
+ " \"%s\"\n%s",
+ lc->conn->c_cdn.bv_val,
+ lc->bound_dn.bv_val ));
+#else /* !NEW_LOGGING */
Debug( LDAP_DEBUG_ARGS,
"rw> bindDn: \"%s\" ->"
- " \"%s\"\n%s",
- lc->conn->c_cdn,
- lc->bound_dn, "" );
+ " \"%s\"\n%s",
+ lc->conn->c_cdn.bv_val,
+ lc->bound_dn.bv_val, "" );
+#endif /* !NEW_LOGGING */
break;
case REWRITE_REGEXEC_UNWILLING:
LDAP_UNWILLING_TO_PERFORM,
NULL, "Unwilling to perform",
NULL, NULL );
+ return( NULL );
case REWRITE_REGEXEC_ERR:
+ send_ldap_result( conn, op,
+ LDAP_OPERATIONS_ERROR,
+ NULL, "Operations error",
+ NULL, NULL );
return( NULL );
}
#else /* !ENABLE_REWRITE */
- lc->bound_dn = ldap_back_dn_massage( li,
- ch_strdup( lc->conn->c_cdn ), 0 );
+ struct berval bv;
+ ldap_back_dn_massage( li, &lc->conn->c_cdn, &bv, 0, 1 );
+ if ( bv.bv_val == lc->conn->c_cdn.bv_val )
+ ber_dupbv( &lc->bound_dn, &bv );
+ else
+ lc->bound_dn = bv;
#endif /* !ENABLE_REWRITE */
} else {
- lc->bound_dn = NULL;
+ lc->bound_dn.bv_val = NULL;
+ lc->bound_dn.bv_len = 0;
}
lc->bound = 0;
ldap_pvt_thread_mutex_unlock( &li->conn_mutex );
+#ifdef NEW_LOGGING
+ LDAP_LOG(( "backend", LDAP_LEVEL_INFO,
+ "ldap_back_getconn: conn %ld inserted\n",
+ lc->conn->c_connid ));
+#else /* !NEW_LOGGING */
Debug( LDAP_DEBUG_TRACE,
- "=>ldap_back_getconn: conn %ld inserted%s%s\n",
+ "=>ldap_back_getconn: conn %ld inserted\n%s%s",
lc->conn->c_connid, "", "" );
+#endif /* !NEW_LOGGING */
/* Err could be -1 in case a duplicate ldapconn is inserted */
if ( err != 0 ) {
return( NULL );
}
} else {
+#ifdef NEW_LOGGING
+ LDAP_LOG(( "backend", LDAP_LEVEL_INFO,
+ "ldap_back_getconn: conn %ld inserted\n",
+ lc->conn->c_connid ));
+#else /* !NEW_LOGGING */
Debug( LDAP_DEBUG_TRACE,
"=>ldap_back_getconn: conn %ld fetched%s%s\n",
lc->conn->c_connid, "", "" );
+#endif /* !NEW_LOGGING */
}
return( lc );
return( lc->bound );
}
- if (ldap_bind_s(lc->ld, lc->bound_dn, NULL, LDAP_AUTH_SIMPLE) !=
+ if (ldap_bind_s(lc->ld, lc->bound_dn.bv_val, lc->cred.bv_val, LDAP_AUTH_SIMPLE) !=
LDAP_SUCCESS) {
ldap_back_op_result(lc, op);
return( 0 );
return( lc->bound = 1 );
}
+/*
+ * ldap_back_rebind
+ *
+ * This is a callback used for chasing referrals using the same
+ * credentials as the original user on this session.
+ */
+static int
+ldap_back_rebind( LDAP *ld, LDAP_CONST char *url, ber_tag_t request,
+ ber_int_t msgid, void *params )
+{
+ struct ldapconn *lc = params;
+
+ return ldap_bind_s( ld, lc->bound_dn.bv_val, lc->cred.bv_val, LDAP_AUTH_SIMPLE );
+}
+
/* Map API errors to protocol errors... */
int
#ifdef ENABLE_REWRITE
/*
- * need rewrite info; mmmh ...
+ * FIXME: need rewrite info for match; mmmh ...
*/
+ send_ldap_result( lc->conn, op, err, match, msg, NULL, NULL );
+ /* better test the pointers before freeing? */
+ if ( match ) {
+ free( match );
+ }
#else /* !ENABLE_REWRITE */
if ( match ) {
free( match );
}
+
#endif /* !ENABLE_REWRITE */
if ( msg ) free( msg );