Do not return pointers into BerElement we do not own

[openldap] / servers / slapd / back-meta / bind.c

diff --git a/servers/slapd/back-meta/bind.c b/servers/slapd/back-meta/bind.c
index 2a800c5c5c1728c445c48bf48902d70fbe23b2c5..4c1c9bec780612946b88de6645b3c491996cf71a 100644 (file)
--- a/servers/slapd/back-meta/bind.c
+++ b/servers/slapd/back-meta/bind.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1998-2002 The OpenLDAP Foundation, All Rights Reserved.
+ * Copyright 1998-2003 The OpenLDAP Foundation, All Rights Reserved.
  * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
  *
  * Copyright 2001, Pierangelo Masarati, All rights reserved. <ando@sys-net.it>
@@ -77,6 +77,8 @@
 #include "../back-ldap/back-ldap.h"
 #include "back-meta.h"
 
+static LDAP_REBIND_PROC        meta_back_rebind;
+
 static int
 meta_back_do_single_bind(
                struct metainfo         *li,
@@ -247,8 +249,9 @@ meta_back_do_single_bind(
                int                     candidate
 )
 {
-       struct berval mdn = { 0, NULL };
-       int rc;
+       struct berval   mdn = { 0, NULL };
+       int             rc;
+       ber_int_t       msgid;
        
        /*
         * Rewrite the bind dn if needed
@@ -285,7 +288,8 @@ meta_back_do_single_bind(
                }
        }
        
-       rc = ldap_bind_s( lc->conns[ candidate ].ld, mdn.bv_val, cred->bv_val, method );
+       rc = ldap_sasl_bind(lc->conns[ candidate ].ld, mdn.bv_val,
+                       LDAP_SASL_SIMPLE, cred, op->o_ctrls, NULL, &msgid);
        if ( rc != LDAP_SUCCESS ) {
                rc = ldap_back_map_result( rc );
        } else {
@@ -293,6 +297,15 @@ meta_back_do_single_bind(
                lc->conns[ candidate ].bound = META_BOUND;
                lc->bound_target = candidate;
 
+               if ( li->savecred ) {
+                       if ( lc->conns[ candidate ].cred.bv_val )
+                               ch_free( lc->conns[ candidate ].cred.bv_val );
+                       ber_dupbv( &lc->conns[ candidate ].cred, cred );
+                       ldap_set_rebind_proc( lc->conns[ candidate ].ld, 
+                                       meta_back_rebind, 
+                                       &lc->conns[ candidate ] );
+               }
+
                if ( li->cache.ttl != META_DNCACHE_DISABLED
                                && ndn->bv_len != 0 ) {
                        ( void )meta_dncache_update_entry( &li->cache,
@@ -372,17 +385,15 @@ meta_back_dobind( struct metaconn *lc, Operation *op )
 #ifdef NEW_LOGGING
                        LDAP_LOG( BACK_META, WARNING,
                                        "meta_back_dobind: (anonymous)"
-                                       " bind as \"%s\" failed"
-                                       " with error \"%s\"\n",
-                                       lsc->bound_dn.bv_val,
-                                       ldap_err2string( rc ), 0 );
+                                       " bind failed"
+                                       " with error %d (%s)\n",
+                                       rc, ldap_err2string( rc ), 0 );
 #else /* !NEW_LOGGING */
                        Debug( LDAP_DEBUG_ANY,
                                        "==>meta_back_dobind: (anonymous)"
-                                       " bind as \"%s\" failed"
-                                       " with error \"%s\"\n%s",
-                                       lsc->bound_dn.bv_val,
-                                       ldap_err2string( rc ), "" );
+                                       " bind failed"
+                                       " with error %d (%s)\n",
+                                       rc, ldap_err2string( rc ), 0 );
 #endif /* !NEW_LOGGING */
 
                        /*
@@ -428,6 +439,22 @@ meta_back_is_valid( struct metaconn *lc, int candidate )
        return 0;
 }
 
+/*
+ * meta_back_rebind
+ *
+ * This is a callback used for chasing referrals using the same
+ * credentials as the original user on this session.
+ */
+static int 
+meta_back_rebind( LDAP *ld, LDAP_CONST char *url, ber_tag_t request,
+       ber_int_t msgid, void *params )
+{
+       struct metasingleconn *lc = params;
+
+       return ldap_bind_s( ld, lc->bound_dn.bv_val, lc->cred.bv_val,
+                       LDAP_AUTH_SIMPLE );
+}
+
 /*
  * FIXME: error return must be handled in a cleaner way ...
  */