}
/* startup a specific backend database */
-int backend_startup_one(Backend *be, ConfigArgs *ca)
+int backend_startup_one(Backend *be, ConfigReply *cr)
{
int rc = 0;
/* set database controls */
(void)backend_set_controls( be );
+#if 0
+ if ( !BER_BVISEMPTY( &be->be_rootndn )
+ && select_backend( &be->be_rootndn, 0 ) == be
+ && BER_BVISNULL( &be->be_rootpw ) )
+ {
+ /* warning: if rootdn entry is created,
+ * it can take rootdn privileges;
+ * set empty rootpw to prevent */
+ }
+#endif
+
if ( be->bd_info->bi_db_open ) {
- rc = be->bd_info->bi_db_open( be, ca );
+ rc = be->bd_info->bi_db_open( be, cr );
if ( rc == 0 ) {
(void)backend_set_controls( be );
int i;
int rc = 0;
BackendInfo *bi;
+ ConfigReply cr={0, ""};
if( ! ( nBackendDB > 0 ) ) {
/* no databases */
/* append global access controls */
acl_append( &be->be_acl, frontendDB->be_acl, -1 );
- return backend_startup_one( be, NULL );
+ return backend_startup_one( be, &cr );
}
/* open frontend, if required */
/* append global access controls */
acl_append( &be->be_acl, frontendDB->be_acl, -1 );
- rc = backend_startup_one( be, NULL );
+ rc = backend_startup_one( be, &cr );
if ( rc ) return rc;
}
const char *type,
BackendDB *b0,
int idx,
- ConfigArgs *ca)
+ ConfigReply *cr)
{
BackendInfo *bi = backend_info(type);
BackendDB *be = b0;
be->be_max_deref_depth = SLAPD_DEFAULT_MAXDEREFDEPTH;
if ( bi->bi_db_init ) {
- rc = bi->bi_db_init( be, ca );
+ rc = bi->bi_db_init( be, cr );
}
if ( rc != 0 ) {
return 0;
}
+int
+be_issubordinate(
+ Backend *be,
+ struct berval *bvsubordinate )
+{
+ int i;
+
+ if ( be->be_nsuffix == NULL ) {
+ return 0;
+ }
+
+ for ( i = 0; !BER_BVISNULL( &be->be_nsuffix[i] ); i++ ) {
+ if ( dnIsSuffix( bvsubordinate, &be->be_nsuffix[i] ) ) {
+ return 1;
+ }
+ }
+
+ return 0;
+}
+
int
be_isroot_dn( Backend *be, struct berval *ndn )
{
int
be_isroot_pw( Operation *op )
{
- int result;
+ return be_rootdn_bind( op, NULL ) == LDAP_SUCCESS;
+}
- if ( ! be_isroot_dn( op->o_bd, &op->o_req_ndn ) ) {
- return 0;
+/*
+ * checks if binding as rootdn
+ *
+ * return value:
+ * SLAP_CB_CONTINUE if not the rootdn
+ * LDAP_SUCCESS if rootdn & rootpw
+ * LDAP_INVALID_CREDENTIALS if rootdn & !rootpw
+ *
+ * if rs != NULL
+ * if LDAP_SUCCESS, op->orb_edn is set
+ * if LDAP_INVALID_CREDENTIALS, response is sent to client
+ */
+int
+be_rootdn_bind( Operation *op, SlapReply *rs )
+{
+ int rc;
+
+ assert( op->o_tag == LDAP_REQ_BIND );
+ assert( op->orb_method == LDAP_AUTH_SIMPLE );
+
+ if ( !be_isroot_dn( op->o_bd, &op->o_req_ndn ) ) {
+ return SLAP_CB_CONTINUE;
+ }
+
+ if ( BER_BVISNULL( &op->o_bd->be_rootpw ) ) {
+ /* give the database a chance */
+ return SLAP_CB_CONTINUE;
}
if ( BER_BVISEMPTY( &op->o_bd->be_rootpw ) ) {
- return 0;
+ /* rootdn bind explicitly disallowed */
+ rc = LDAP_INVALID_CREDENTIALS;
+ if ( rs ) {
+ goto send_result;
+ }
+
+ return rc;
}
#ifdef SLAPD_SPASSWD
op->o_conn->c_sasl_authctx, NULL );
#endif
- result = lutil_passwd( &op->o_bd->be_rootpw, &op->orb_cred, NULL, NULL );
+ rc = lutil_passwd( &op->o_bd->be_rootpw, &op->orb_cred, NULL, NULL );
#ifdef SLAPD_SPASSWD
ldap_pvt_thread_pool_setkey( op->o_threadctx, slap_sasl_bind, NULL, NULL );
#endif
- return result == 0;
+ rc = ( rc == 0 ? LDAP_SUCCESS : LDAP_INVALID_CREDENTIALS );
+ if ( rs ) {
+send_result:;
+ rs->sr_err = rc;
+
+ Debug( LDAP_DEBUG_TRACE, "%s: rootdn=\"%s\" bind%s\n",
+ op->o_log_prefix, op->o_bd->be_rootdn.bv_val,
+ rc == LDAP_SUCCESS ? " succeeded" : " failed" );
+
+ if ( rc == LDAP_SUCCESS ) {
+ /* Set to the pretty rootdn */
+ ber_dupbv( &op->orb_edn, &op->o_bd->be_rootdn );
+
+ } else {
+ send_ldap_result( op, rs );
+ }
+ }
+
+ return rc;
}
int
op->o_bd = b2;
} else {
- rc = value_find_ex( group_at,
+ rc = attr_valfind( a,
SLAP_MR_ATTRIBUTE_VALUE_NORMALIZED_MATCH |
SLAP_MR_ASSERTED_VALUE_NORMALIZED_MATCH,
- a->a_nvals, op_ndn, op->o_tmpmemctx );
+ op_ndn, NULL, op->o_tmpmemctx );
if ( rc == LDAP_NO_SUCH_ATTRIBUTE ) {
rc = LDAP_COMPARE_FALSE;
}
goto freeit;
}
- for ( i = 0; !BER_BVISNULL( &a->a_vals[i] ); i++ )
- ;
-
+ i = a->a_numvals;
v = op->o_tmpalloc( sizeof(struct berval) * ( i + 1 ),
op->o_tmpmemctx );
for ( i = 0, j = 0; !BER_BVISNULL( &a->a_vals[i] ); i++ )