struct berval mdn = { 0, NULL };
int rc = 0;
ber_int_t msgid;
+ dncookie dc;
lc = ldap_back_getconn(op, rs);
if ( !lc ) {
/*
* Rewrite the bind dn if needed
*/
+ dc.rwmap = &li->rwmap;
#ifdef ENABLE_REWRITE
- switch ( rewrite_session( li->rwinfo, "bindDn",
- op->o_req_dn.bv_val,
- op->o_conn, &mdn.bv_val ) ) {
- case REWRITE_REGEXEC_OK:
- if ( mdn.bv_val == NULL ) {
- mdn = op->o_req_dn;
- } else {
- mdn.bv_len = strlen( mdn.bv_val );
- }
-
-#ifdef NEW_LOGGING
- LDAP_LOG( BACK_LDAP, DETAIL1,
- "[rw] bindDn: \"%s\" -> \"%s\"\n",
- op->o_req_dn.bv_val, mdn.bv_val, 0 );
-#else /* !NEW_LOGGING */
- Debug( LDAP_DEBUG_ARGS, "rw> bindDn: \"%s\" -> \"%s\"\n",
- op->o_req_dn.bv_val, mdn.bv_val, 0 );
-#endif /* !NEW_LOGGING */
- break;
-
- case REWRITE_REGEXEC_UNWILLING:
- send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM,
- "Operation not allowed" );
- return( -1 );
-
- case REWRITE_REGEXEC_ERR:
- send_ldap_error( op, rs, LDAP_OTHER,
- "Rewrite error" );
- return( -1 );
+ dc.conn = op->o_conn;
+ dc.rs = rs;
+ dc.ctx = "bindDn";
+#else
+ dc.tofrom = 1;
+ dc.normalized = 0;
+#endif
+ if ( ldap_back_dn_massage( &dc, &op->o_req_dn, &mdn ) ) {
+ send_ldap_result( op, rs );
+ return -1;
}
-#else /* !ENABLE_REWRITE */
- ldap_back_dn_massage( li, &op->o_req_dn, &mdn, 0, 1 );
-#endif /* !ENABLE_REWRITE */
if ( lc->bound_dn.bv_val ) {
ch_free( lc->bound_dn.bv_val );
} else {
ber_dupbv( &lc->bound_dn, &op->o_req_dn );
}
+ mdn.bv_val = NULL;
+
if ( li->savecred ) {
if ( lc->cred.bv_val )
ch_free( lc->cred.bv_val );
}
}
+ if ( mdn.bv_val && mdn.bv_val != op->o_req_dn.bv_val ) {
+ free( mdn.bv_val );
+ }
+
return( rc );
}
} else {
lc_curr.local_dn = op->o_ndn;
}
+
ldap_pvt_thread_mutex_lock( &li->conn_mutex );
lc = (struct ldapconn *)avl_find( li->conntree,
(caddr_t)&lc_curr, ldap_back_conn_cmp );
/* Looks like we didn't get a bind. Open a new session... */
if (!lc) {
- int vers = op->o_conn->c_protocol;
+ int vers = op->o_protocol;
rs->sr_err = ldap_initialize(&ld, li->url);
if (rs->sr_err != LDAP_SUCCESS) {
if (rs->sr_text == NULL) {
rs->sr_text = "ldap_initialize() failed";
}
- send_ldap_result( op, rs );
+ if (op->o_conn) send_ldap_result( op, rs );
+ rs->sr_text = NULL;
return( NULL );
}
/* Set LDAP version. This will always succeed: If the client
* since we may have different entries
* for the same connection
*/
- ( void )rewrite_session_init( li->rwinfo, op->o_conn );
+ ( void )rewrite_session_init( li->rwmap.rwm_rw, op->o_conn );
#endif /* ENABLE_REWRITE */
ldap_pvt_thread_mutex_init( &lc->lc_mutex );
} else {
lc->cred.bv_len = 0;
lc->cred.bv_val = NULL;
- if ( op->o_conn->c_dn.bv_len != 0 ) {
+ lc->bound_dn.bv_val = NULL;
+ lc->bound_dn.bv_len = 0;
+ if ( op->o_conn->c_dn.bv_len != 0
+ && ( op->o_bd == op->o_conn->c_authz_backend ) ) {
+ dncookie dc;
+ struct berval bv;
+
/*
* Rewrite the bind dn if needed
*/
-#ifdef ENABLE_REWRITE
- lc->bound_dn.bv_val = NULL;
- lc->bound_dn.bv_len = 0;
- switch ( rewrite_session( li->rwinfo, "bindDn",
- op->o_conn->c_dn.bv_val,
- op->o_conn,
- &lc->bound_dn.bv_val ) ) {
- case REWRITE_REGEXEC_OK:
- if ( lc->bound_dn.bv_val == NULL ) {
- ber_dupbv( &lc->bound_dn,
- &op->o_conn->c_dn );
- } else {
- lc->bound_dn.bv_len = strlen( lc->bound_dn.bv_val );
- }
-#ifdef NEW_LOGGING
- LDAP_LOG( BACK_LDAP, DETAIL1,
- "[rw] bindDn: \"%s\" ->"
- " \"%s\"\n",
- op->o_conn->c_dn.bv_val,
- lc->bound_dn.bv_val, 0 );
-#else /* !NEW_LOGGING */
- Debug( LDAP_DEBUG_ARGS,
- "rw> bindDn: \"%s\" ->"
- " \"%s\"\n",
- op->o_conn->c_dn.bv_val,
- lc->bound_dn.bv_val, 0 );
-#endif /* !NEW_LOGGING */
- break;
-
- case REWRITE_REGEXEC_UNWILLING:
- send_ldap_error( op, rs,
- LDAP_UNWILLING_TO_PERFORM,
- "Operation not allowed" );
- return( NULL );
-
- case REWRITE_REGEXEC_ERR:
- send_ldap_error( op, rs,
- LDAP_OTHER,
- "Rewrite error" );
- return( NULL );
+ dc.rwmap = &li->rwmap;
+#ifdef ENABLE_REWRITE
+ dc.conn = op->o_conn;
+ dc.rs = rs;
+ dc.ctx = "bindDn";
+#else
+ dc.tofrom = 1;
+ dc.normalized = 0;
+#endif
+
+ if ( ldap_back_dn_massage( &dc, &op->o_conn->c_dn, &bv ) ) {
+ if (op->o_conn) send_ldap_result( op, rs );
+ return NULL;
}
-#else /* !ENABLE_REWRITE */
- struct berval bv;
- ldap_back_dn_massage( li, &op->o_conn->c_dn, &bv, 0, 1 );
if ( bv.bv_val == op->o_conn->c_dn.bv_val ) {
ber_dupbv( &lc->bound_dn, &bv );
} else {
lc->bound_dn = bv;
}
-#endif /* !ENABLE_REWRITE */
-
- } else {
- lc->bound_dn.bv_val = NULL;
- lc->bound_dn.bv_len = 0;
}
}
/* Err could be -1 in case a duplicate ldapconn is inserted */
if ( rs->sr_err != 0 ) {
ldap_back_conn_free( lc );
- send_ldap_error( op, rs, LDAP_OTHER,
- "internal server error" );
+ if (op->o_conn) {
+ send_ldap_error( op, rs, LDAP_OTHER,
+ "internal server error" );
+ }
return( NULL );
}
} else {
struct ldapinfo *li = (struct ldapinfo *)op->o_bd->be_private;
char *match = NULL;
LDAPMessage *res;
- int rc;
char *text = NULL;
rs->sr_text = NULL;
ldap_get_option(lc->ld, LDAP_OPT_ERROR_NUMBER,
&rs->sr_err);
} else {
- rc = ldap_parse_result(lc->ld, res, &rs->sr_err, &match,
- &text, NULL, NULL, 1);
+ int rc = ldap_parse_result(lc->ld, res, &rs->sr_err,
+ &match, &text, NULL, NULL, 1);
rs->sr_text = text;
if (rc != LDAP_SUCCESS) rs->sr_err = rc;
}
rs->sr_err = ldap_back_map_result(rs);
/* internal ops must not reply to client */
- if ( op->o_conn && !op->o_do_not_cache ) {
+ if ( op->o_conn && !op->o_do_not_cache && match ) {
+ struct berval dn, mdn;
+ dncookie dc;
+
+ dc.rwmap = &li->rwmap;
#ifdef ENABLE_REWRITE
- if (match) {
-
- switch(rewrite_session(li->rwinfo, "matchedDn", match, op->o_conn,
- (char **)&rs->sr_matched)) {
- case REWRITE_REGEXEC_OK:
- if (!rs->sr_matched) rs->sr_matched = match; break;
- case REWRITE_REGEXEC_UNWILLING:
- case REWRITE_REGEXEC_ERR:
- break;
- }
- }
+ dc.conn = op->o_conn;
+ dc.rs = rs;
+ dc.ctx = "matchedDn";
#else
- struct berval dn, mdn;
- if (match) {
- ber_str2bv(match, 0, 0, &dn);
- ldap_back_dn_massage(li, &dn, &mdn, 0, 0);
- rs->sr_matched = mdn.bv_val;
- }
+ dc.tofrom = 0;
+ dc.normalized = 0;
#endif
+ ber_str2bv(match, 0, 0, &dn);
+ ldap_back_dn_massage(&dc, &dn, &mdn);
+ rs->sr_matched = mdn.bv_val;
+
}
}
if (op->o_conn && (sendok || rs->sr_err != LDAP_SUCCESS)) {
send_ldap_result( op, rs );
}
- if (rs->sr_matched != match) free((char *)rs->sr_matched);
- rs->sr_matched = NULL;
- if ( match ) ldap_memfree( match );
+ if ( match ) {
+ if ( rs->sr_matched != match ) {
+ free( (char *)rs->sr_matched );
+ }
+ rs->sr_matched = NULL;
+ ldap_memfree( match );
+ }
if ( text ) {
ldap_memfree( text );
}