#define PRINT_CONNTREE 0
+static LDAP_REBIND_PROC ldap_back_rebind;
+
int
ldap_back_bind(
Backend *be,
mdn.bv_val = ( char * )dn->bv_val;
}
#ifdef NEW_LOGGING
- LDAP_LOG(( "backend", LDAP_LEVEL_DETAIL1,
- "[rw] bindDn: \"%s\" -> \"%s\"\n", dn->bv_val, mdn.bv_val ));
+ LDAP_LOG( BACK_LDAP, DETAIL1,
+ "[rw] bindDn: \"%s\" -> \"%s\"\n", dn->bv_val, mdn.bv_val, 0 );
#else /* !NEW_LOGGING */
Debug( LDAP_DEBUG_ARGS, "rw> bindDn: \"%s\" -> \"%s\"\n%s",
dn->bv_val, mdn.bv_val, "" );
return( -1 );
case REWRITE_REGEXEC_ERR:
- send_ldap_result( conn, op, LDAP_OPERATIONS_ERROR,
+ send_ldap_result( conn, op, LDAP_OTHER,
NULL, "Operations error", NULL, NULL );
return( -1 );
}
lc->bound = 1;
}
+ if ( li->savecred ) {
+ if ( lc->cred.bv_val )
+ ch_free( lc->cred.bv_val );
+ ber_dupbv( &lc->cred, cred );
+ ldap_set_rebind_proc( lc->ld, ldap_back_rebind, lc );
+ }
+
+ if ( lc->bound_dn.bv_val )
+ ch_free( lc->bound_dn.bv_val );
if ( mdn.bv_val != dn->bv_val ) {
- free( mdn.bv_val );
+ lc->bound_dn = mdn;
+ } else {
+ ber_dupbv( &lc->bound_dn, dn );
}
return( rc );
lc->conn = conn;
lc->ld = ld;
+ lc->cred.bv_len = 0;
+ lc->cred.bv_val = NULL;
+
#ifdef ENABLE_REWRITE
/*
* Sets a cookie for the rewrite session
( void )rewrite_session_init( li->rwinfo, conn );
#endif /* ENABLE_REWRITE */
- if ( lc->conn->c_cdn.bv_len != 0 ) {
+ if ( lc->conn->c_dn.bv_len != 0 ) {
/*
* Rewrite the bind dn if needed
lc->bound_dn.bv_val = NULL;
lc->bound_dn.bv_len = 0;
switch ( rewrite_session( li->rwinfo, "bindDn",
- lc->conn->c_cdn.bv_val, conn,
+ lc->conn->c_dn.bv_val, conn,
&lc->bound_dn.bv_val ) ) {
case REWRITE_REGEXEC_OK:
if ( lc->bound_dn.bv_val == NULL ) {
- ber_dupbv( &lc->bound_dn, &lc->conn->c_cdn );
+ ber_dupbv( &lc->bound_dn, &lc->conn->c_dn );
}
#ifdef NEW_LOGGING
- LDAP_LOG(( "backend", LDAP_LEVEL_DETAIL1,
- "[rw] bindDn: \"%s\" ->"
+ LDAP_LOG( BACK_LDAP, DETAIL1,
+ "[rw] bindDn: \"%s\" ->"
" \"%s\"\n%s",
- lc->conn->c_cdn.bv_val,
- lc->bound_dn.bv_val ));
+ lc->conn->c_dn.bv_val,
+ lc->bound_dn.bv_val, "" );
#else /* !NEW_LOGGING */
Debug( LDAP_DEBUG_ARGS,
"rw> bindDn: \"%s\" ->"
" \"%s\"\n%s",
- lc->conn->c_cdn.bv_val,
+ lc->conn->c_dn.bv_val,
lc->bound_dn.bv_val, "" );
#endif /* !NEW_LOGGING */
break;
case REWRITE_REGEXEC_ERR:
send_ldap_result( conn, op,
- LDAP_OPERATIONS_ERROR,
+ LDAP_OTHER,
NULL, "Operations error",
NULL, NULL );
return( NULL );
}
#else /* !ENABLE_REWRITE */
struct berval bv;
- ldap_back_dn_massage( li, &lc->conn->c_cdn, &bv, 0, 1 );
- if ( bv.bv_val == lc->conn->c_cdn.bv_val )
+ ldap_back_dn_massage( li, &lc->conn->c_dn, &bv, 0, 1 );
+ if ( bv.bv_val == lc->conn->c_dn.bv_val )
ber_dupbv( &lc->bound_dn, &bv );
else
lc->bound_dn = bv;
ldap_pvt_thread_mutex_unlock( &li->conn_mutex );
#ifdef NEW_LOGGING
- LDAP_LOG(( "backend", LDAP_LEVEL_INFO,
- "ldap_back_getconn: conn %ld inserted\n",
- lc->conn->c_connid ));
+ LDAP_LOG( BACK_LDAP, INFO,
+ "ldap_back_getconn: conn %ld inserted\n", lc->conn->c_connid, 0, 0);
#else /* !NEW_LOGGING */
Debug( LDAP_DEBUG_TRACE,
"=>ldap_back_getconn: conn %ld inserted\n%s%s",
/* Err could be -1 in case a duplicate ldapconn is inserted */
if ( err != 0 ) {
- send_ldap_result( conn, op, LDAP_OPERATIONS_ERROR,
+ send_ldap_result( conn, op, LDAP_OTHER,
NULL, "internal server error", NULL, NULL );
/* better destroy the ldapconn struct? */
return( NULL );
}
} else {
#ifdef NEW_LOGGING
- LDAP_LOG(( "backend", LDAP_LEVEL_INFO,
- "ldap_back_getconn: conn %ld inserted\n",
- lc->conn->c_connid ));
+ LDAP_LOG( BACK_LDAP, INFO,
+ "ldap_back_getconn: conn %ld inserted\n",
+ lc->conn->c_connid, 0, 0 );
#else /* !NEW_LOGGING */
Debug( LDAP_DEBUG_TRACE,
"=>ldap_back_getconn: conn %ld fetched%s%s\n",
return( lc->bound );
}
- if (ldap_bind_s(lc->ld, lc->bound_dn.bv_val, NULL, LDAP_AUTH_SIMPLE) !=
+ if (ldap_bind_s(lc->ld, lc->bound_dn.bv_val, lc->cred.bv_val, LDAP_AUTH_SIMPLE) !=
LDAP_SUCCESS) {
ldap_back_op_result(lc, op);
return( 0 );
return( lc->bound = 1 );
}
+/*
+ * ldap_back_rebind
+ *
+ * This is a callback used for chasing referrals using the same
+ * credentials as the original user on this session.
+ */
+static int
+ldap_back_rebind( LDAP *ld, LDAP_CONST char *url, ber_tag_t request,
+ ber_int_t msgid, void *params )
+{
+ struct ldapconn *lc = params;
+
+ return ldap_bind_s( ld, lc->bound_dn.bv_val, lc->cred.bv_val, LDAP_AUTH_SIMPLE );
+}
+
/* Map API errors to protocol errors... */
int
case LDAP_SERVER_DOWN:
return LDAP_UNAVAILABLE;
case LDAP_LOCAL_ERROR:
- return LDAP_OPERATIONS_ERROR;
+ return LDAP_OTHER;
case LDAP_ENCODING_ERROR:
case LDAP_DECODING_ERROR:
return LDAP_PROTOCOL_ERROR;
case LDAP_AUTH_UNKNOWN:
return LDAP_AUTH_METHOD_NOT_SUPPORTED;
case LDAP_FILTER_ERROR:
- return LDAP_OPERATIONS_ERROR;
+ return LDAP_OTHER;
case LDAP_USER_CANCELLED:
- return LDAP_OPERATIONS_ERROR;
+ return LDAP_OTHER;
case LDAP_PARAM_ERROR:
return LDAP_PROTOCOL_ERROR;
case LDAP_NO_MEMORY:
- return LDAP_OPERATIONS_ERROR;
+ return LDAP_OTHER;
case LDAP_CONNECT_ERROR:
return LDAP_UNAVAILABLE;
case LDAP_NOT_SUPPORTED: