-/*
- * Copyright 1998-2003 The OpenLDAP Foundation, All Rights Reserved.
- * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
- *
- * Copyright 2001, Pierangelo Masarati, All rights reserved. <ando@sys-net.it>
- *
- * This work has been developed to fulfill the requirements
- * of SysNet s.n.c. <http:www.sys-net.it> and it has been donated
- * to the OpenLDAP Foundation in the hope that it may be useful
- * to the Open Source community, but WITHOUT ANY WARRANTY.
- *
- * Permission is granted to anyone to use this software for any purpose
- * on any computer system, and to alter it and redistribute it, subject
- * to the following restrictions:
- *
- * 1. The author and SysNet s.n.c. are not responsible for the consequences
- * of use of this software, no matter how awful, even if they arise from
- * flaws in it.
- *
- * 2. The origin of this software must not be misrepresented, either by
- * explicit claim or by omission. Since few users ever read sources,
- * credits should appear in the documentation.
- *
- * 3. Altered versions must be plainly marked as such, and must not be
- * misrepresented as being the original software. Since few users
- * ever read sources, credits should appear in the documentation.
- * SysNet s.n.c. cannot be responsible for the consequences of the
- * alterations.
- *
- * 4. This notice may not be removed or altered.
- *
- *
- * This software is based on the backend back-ldap, implemented
- * by Howard Chu <hyc@highlandsun.com>, and modified by Mark Valence
- * <kurash@sassafras.com>, Pierangelo Masarati <ando@sys-net.it> and other
- * contributors. The contribution of the original software to the present
- * implementation is acknowledged in this copyright statement.
+/* $OpenLDAP$ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * A special acknowledgement goes to Howard for the overall architecture
- * (and for borrowing large pieces of code), and to Mark, who implemented
- * from scratch the attribute/objectclass mapping.
+ * Copyright 1999-2004 The OpenLDAP Foundation.
+ * Portions Copyright 2001-2003 Pierangelo Masarati.
+ * Portions Copyright 1999-2003 Howard Chu.
+ * All rights reserved.
*
- * The original copyright statement follows.
- *
- * Copyright 1999, Howard Chu, All rights reserved. <hyc@highlandsun.com>
- *
- * Permission is granted to anyone to use this software for any purpose
- * on any computer system, and to alter it and redistribute it, subject
- * to the following restrictions:
- *
- * 1. The author is not responsible for the consequences of use of this
- * software, no matter how awful, even if they arise from flaws in it.
- *
- * 2. The origin of this software must not be misrepresented, either by
- * explicit claim or by omission. Since few users ever read sources,
- * credits should appear in the documentation.
- *
- * 3. Altered versions must be plainly marked as such, and must not be
- * misrepresented as being the original software. Since few users
- * ever read sources, credits should appear in the
- * documentation.
- *
- * 4. This notice may not be removed or altered.
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
*
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This work was initially developed by the Howard Chu for inclusion
+ * in OpenLDAP Software and subsequently enhanced by Pierangelo
+ * Masarati.
*/
#include "portable.h"
rs->sr_err = LDAP_SUCCESS;
-#ifdef NEW_LOGGING
- LDAP_LOG( BACK_META, ENTRY, "meta_back_bind: dn: %s.\n",
- op->o_req_dn.bv_val, 0, 0 );
-#else /* !NEW_LOGGING */
Debug( LDAP_DEBUG_ARGS, "meta_back_bind: dn: %s.\n%s%s",
op->o_req_dn.bv_val, "", "" );
-#endif /* !NEW_LOGGING */
if ( op->oq_bind.rb_method == LDAP_AUTH_SIMPLE && be_isroot_pw( op ) ) {
isroot = 1;
lc = meta_back_getconn( op, rs, op_type,
&op->o_req_ndn, NULL );
if ( !lc ) {
-#ifdef NEW_LOGGING
- LDAP_LOG( BACK_META, NOTICE,
- "meta_back_bind: no target for dn %s.\n", dn->bv_val, 0, 0 );
-#else /* !NEW_LOGGING */
Debug( LDAP_DEBUG_ANY,
"meta_back_bind: no target for dn %s.\n%s%s",
op->o_req_dn.bv_val, "", "");
-#endif /* !NEW_LOGGING */
send_ldap_result( op, rs );
return -1;
* A bind operation is expected to have
* ONE CANDIDATE ONLY!
*/
-#ifdef NEW_LOGGING
- LDAP_LOG( BACK_META, WARNING,
- "==>meta_back_bind: more than one"
- " candidate is attempting to bind"
- " ...\n" , 0, 0, 0 );
-#else /* !NEW_LOGGING */
Debug( LDAP_DEBUG_ANY,
"==>meta_back_bind: more than one"
" candidate is attempting to bind"
" ...\n%s%s%s",
"", "", "" );
-#endif /* !NEW_LOGGING */
}
if ( isroot && li->targets[ i ]->pseudorootdn.bv_val != NULL ) {
rs->sr_err = LDAP_INVALID_CREDENTIALS;
}
- rs->sr_err = ldap_back_map_result( rs );
+ rs->sr_err = slap_map_api2result( rs );
send_ldap_result( op, rs );
return -1;
}
)
{
struct metainfo *li = ( struct metainfo * )op->o_bd->be_private;
- struct berval mdn = { 0, NULL };
+ struct berval mdn = BER_BVNULL;
ber_int_t msgid;
dncookie dc;
+ struct metasingleconn *lsc = &lc->conns[ candidate ];
+ LDAPMessage *res;
/*
* Rewrite the bind dn if needed
dc.rwmap = &li->targets[ candidate ]->rwmap;
dc.conn = op->o_conn;
dc.rs = rs;
- dc.ctx = "bindDn";
+ dc.ctx = "bindDN";
if ( ldap_back_dn_massage( &dc, &op->o_req_dn, &mdn ) ) {
send_ldap_result( op, rs );
}
if ( op->o_ctrls ) {
- rs->sr_err = ldap_set_option( lc->conns[ candidate ].ld,
+ rs->sr_err = ldap_set_option( lsc->ld,
LDAP_OPT_SERVER_CONTROLS, op->o_ctrls );
if ( rs->sr_err != LDAP_SUCCESS ) {
- rs->sr_err = ldap_back_map_result( rs );
+ rs->sr_err = slap_map_api2result( rs );
goto return_results;
}
}
-
- rs->sr_err = ldap_sasl_bind(lc->conns[ candidate ].ld, mdn.bv_val,
+
+ /* FIXME: this fixes the bind problem right now; we need
+ * to use the asynchronous version to get the "matched"
+ * and more in case of failure ... */
+ rs->sr_err = ldap_sasl_bind_s(lsc->ld, mdn.bv_val,
LDAP_SASL_SIMPLE, &op->oq_bind.rb_cred,
- op->o_ctrls, NULL, &msgid);
+ op->o_ctrls, NULL, NULL);
if ( rs->sr_err != LDAP_SUCCESS ) {
- rs->sr_err = ldap_back_map_result( rs );
+ rs->sr_err = slap_map_api2result( rs );
+ goto return_results;
+ }
- } else {
- /*
- * FIXME: handle response!!!
- */
- ber_dupbv( &lc->conns[ candidate ].bound_dn, &op->o_req_dn );
- lc->conns[ candidate ].bound = META_BOUND;
- lc->bound_target = candidate;
-
- if ( li->savecred ) {
- if ( lc->conns[ candidate ].cred.bv_val )
- ch_free( lc->conns[ candidate ].cred.bv_val );
- ber_dupbv( &lc->conns[ candidate ].cred,
- &op->oq_bind.rb_cred );
- ldap_set_rebind_proc( lc->conns[ candidate ].ld,
- meta_back_rebind,
- &lc->conns[ candidate ] );
+ /*
+ * FIXME: handle response!!!
+ */
+ if ( lsc->bound_dn.bv_val != NULL ) {
+ ber_memfree( lsc->bound_dn.bv_val );
+ }
+ ber_dupbv( &lsc->bound_dn, &op->o_req_dn );
+ lsc->bound = META_BOUND;
+ lc->bound_target = candidate;
+
+ if ( li->savecred ) {
+ if ( lsc->cred.bv_val ) {
+ memset( lsc->cred.bv_val, 0, lsc->cred.bv_len );
+ ber_memfree( lsc->cred.bv_val );
}
+ ber_dupbv( &lsc->cred, &op->oq_bind.rb_cred );
+ ldap_set_rebind_proc( lsc->ld, meta_back_rebind, lsc );
+ }
- if ( li->cache.ttl != META_DNCACHE_DISABLED
- && op->o_req_ndn.bv_len != 0 ) {
- ( void )meta_dncache_update_entry( &li->cache,
- &op->o_req_ndn, candidate );
- }
+ if ( li->cache.ttl != META_DNCACHE_DISABLED
+ && op->o_req_ndn.bv_len != 0 ) {
+ ( void )meta_dncache_update_entry( &li->cache,
+ &op->o_req_ndn, candidate );
}
return_results:;
}
for ( i = 0, lsc = lc->conns; !META_LAST(lsc); ++i, ++lsc ) {
- int rc;
+ int rc;
+ struct berval cred = BER_BVC("");
/*
* Not a candidate or something wrong with this target ...
* bind clears the previous bind).
*/
if ( lsc->bound_dn.bv_val ) {
- ch_free( lsc->bound_dn.bv_val );
+ ber_memfree( lsc->bound_dn.bv_val );
lsc->bound_dn.bv_val = NULL;
lsc->bound_dn.bv_len = 0;
}
+ if ( /* FIXME: need li ... li->savecred && */
+ lsc->cred.bv_val ) {
+ memset( lsc->cred.bv_val, 0, lsc->cred.bv_len );
+ ber_memfree( lsc->cred.bv_val );
+ lsc->cred.bv_val = NULL;
+ lsc->cred.bv_len = 0;
+ }
- rc = ldap_bind_s( lsc->ld, 0, NULL, LDAP_AUTH_SIMPLE );
+ rc = ldap_sasl_bind_s(lsc->ld, "", LDAP_SASL_SIMPLE, &cred,
+ op->o_ctrls, NULL, NULL);
if ( rc != LDAP_SUCCESS ) {
-#ifdef NEW_LOGGING
- LDAP_LOG( BACK_META, WARNING,
- "meta_back_dobind: (anonymous)"
- " bind failed"
- " with error %d (%s)\n",
- rc, ldap_err2string( rc ), 0 );
-#else /* !NEW_LOGGING */
Debug( LDAP_DEBUG_ANY,
"==>meta_back_dobind: (anonymous)"
" bind failed"
" with error %d (%s)\n",
rc, ldap_err2string( rc ), 0 );
-#endif /* !NEW_LOGGING */
/*
* null cred bind should always succeed
struct metasingleconn *lsc;
char *rmsg = NULL;
char *rmatch = NULL;
+ int free_rmsg = 0, free_rmatch = 0;
for ( i = 0, lsc = lc->conns; !META_LAST(lsc); ++i, ++lsc ) {
char *msg = NULL;
LDAP_OPT_ERROR_STRING, &msg );
ldap_get_option( lsc->ld,
LDAP_OPT_MATCHED_DN, &match );
- rs->sr_err = ldap_back_map_result( rs );
+ rs->sr_err = slap_map_api2result( rs );
-#ifdef NEW_LOGGING
- LDAP_LOG( BACK_META, RESULTS,
- "meta_back_op_result: target"
- " <%d> sending msg \"%s\""
- " (matched \"%s\")\n",
- i, ( msg ? msg : "" ),
- ( match ? match : "" ) );
-#else /* !NEW_LOGGING */
Debug(LDAP_DEBUG_ANY,
"==> meta_back_op_result: target"
" <%d> sending msg \"%s\""
" (matched \"%s\")\n",
i, ( msg ? msg : "" ),
( match ? match : "" ) );
-#endif /* !NEW_LOGGING */
/*
* FIXME: need to rewrite "match" (need rwinfo)
switch ( rs->sr_err ) {
default:
rerr = rs->sr_err;
+ if ( rmsg ) {
+ ber_memfree( rmsg );
+ }
rmsg = msg;
+ free_rmsg = 1;
msg = NULL;
+ if ( rmatch ) {
+ ber_memfree( rmatch );
+ }
rmatch = match;
+ free_rmatch = 1;
match = NULL;
break;
}
rs->sr_text = rmsg;
rs->sr_matched = rmatch;
send_ldap_result( op, rs );
+ if ( free_rmsg ) {
+ ber_memfree( rmsg );
+ }
+ if ( free_rmatch ) {
+ ber_memfree( rmatch );
+ }
rs->sr_text = NULL;
rs->sr_matched = NULL;