struct berval mech = { 0, NULL };
struct berval dn = { 0, NULL };
ber_tag_t tag;
- Backend *be;
+ Backend *be = NULL;
#ifdef LDAP_SLAPI
Slapi_PBlock *pb = op->o_pb;
op->o_protocol = version;
if( method != LDAP_AUTH_SASL ) {
- tag = ber_scanf( ber, /*{*/ "m}", &op->oq_bind.rb_cred );
+ tag = ber_scanf( ber, /*{*/ "m}", &op->orb_cred );
} else {
tag = ber_scanf( ber, "{m" /*}*/, &mech );
tag = ber_peek_tag( ber, &len );
if ( tag == LDAP_TAG_LDAPCRED ) {
- tag = ber_scanf( ber, "m", &op->oq_bind.rb_cred );
+ tag = ber_scanf( ber, "m", &op->orb_cred );
} else {
tag = LDAP_TAG_LDAPCRED;
- op->oq_bind.rb_cred.bv_val = NULL;
- op->oq_bind.rb_cred.bv_len = 0;
+ op->orb_cred.bv_val = NULL;
+ op->orb_cred.bv_len = 0;
}
if ( tag != LBER_ERROR ) {
goto cleanup;
}
- rs->sr_err = dnPrettyNormal( NULL, &dn, &op->o_req_dn, &op->o_req_ndn );
+ /* We use the tmpmemctx here because it speeds up normalization.
+ * However, we must dup with regular malloc when storing any
+ * resulting DNs in the op or conn structures.
+ */
+ rs->sr_err = dnPrettyNormal( NULL, &dn, &op->o_req_dn, &op->o_req_ndn, op->o_tmpmemctx );
if ( rs->sr_err != LDAP_SUCCESS ) {
#ifdef NEW_LOGGING
LDAP_LOG( OPERATION, INFO,
ldap_pvt_thread_mutex_lock( &op->o_conn->c_mutex );
if( rs->sr_err == LDAP_SUCCESS ) {
- op->o_conn->c_dn = op->oq_bind.rb_edn;
- if( op->oq_bind.rb_edn.bv_len != 0 ) {
+ ber_dupbv(&op->o_conn->c_dn, &op->orb_edn);
+ if( op->orb_edn.bv_len != 0 ) {
/* edn is always normalized already */
ber_dupbv( &op->o_conn->c_ndn, &op->o_conn->c_dn );
}
+ op->o_tmpfree( op->orb_edn.bv_val, op->o_tmpmemctx );
+ op->orb_edn.bv_val = NULL;
+ op->orb_edn.bv_len = 0;
op->o_conn->c_authmech = op->o_conn->c_sasl_bind_mech;
op->o_conn->c_sasl_bind_mech.bv_val = NULL;
op->o_conn->c_sasl_bind_mech.bv_len = 0;
op->o_conn->c_sasl_bind_in_progress = 0;
- op->o_conn->c_sasl_ssf = op->oq_bind.rb_ssf;
- if( op->oq_bind.rb_ssf > op->o_conn->c_ssf ) {
- op->o_conn->c_ssf = op->oq_bind.rb_ssf;
+ op->o_conn->c_sasl_ssf = op->orb_ssf;
+ if( op->orb_ssf > op->o_conn->c_ssf ) {
+ op->o_conn->c_ssf = op->orb_ssf;
}
if( op->o_conn->c_dn.bv_len != 0 ) {
"conn=%lu op=%lu BIND dn=\"%s\" mech=%s ssf=%d\n",
op->o_connid, op->o_opid,
op->o_conn->c_dn.bv_val ? op->o_conn->c_dn.bv_val : "<empty>",
- op->o_conn->c_authmech.bv_val, op->oq_bind.rb_ssf );
+ op->o_conn->c_authmech.bv_val, op->orb_ssf );
#ifdef NEW_LOGGING
LDAP_LOG( OPERATION, DETAIL1,
"do_bind: SASL/%s bind: dn=\"%s\" ssf=%d\n",
op->o_conn->c_authmech.bv_val,
op->o_conn->c_dn.bv_val ? op->o_conn->c_dn.bv_val : "<empty>",
- op->oq_bind.rb_ssf );
+ op->orb_ssf );
#else
Debug( LDAP_DEBUG_TRACE,
"do_bind: SASL/%s bind: dn=\"%s\" ssf=%d\n",
op->o_conn->c_authmech.bv_val,
op->o_conn->c_dn.bv_val ? op->o_conn->c_dn.bv_val : "<empty>",
- op->oq_bind.rb_ssf );
+ op->orb_ssf );
#endif
} else if ( rs->sr_err == LDAP_SASL_BIND_IN_PROGRESS ) {
if ( method == LDAP_AUTH_SIMPLE ) {
/* accept "anonymous" binds */
- if ( op->oq_bind.rb_cred.bv_len == 0 || op->o_req_ndn.bv_len == 0 ) {
+ if ( op->orb_cred.bv_len == 0 || op->o_req_ndn.bv_len == 0 ) {
rs->sr_err = LDAP_SUCCESS;
- if( op->oq_bind.rb_cred.bv_len &&
+ if( op->orb_cred.bv_len &&
!( global_allows & SLAP_ALLOW_BIND_ANON_CRED ))
{
/* cred is not empty, disallow */
{
rs->sr_err = LDAP_CONFIDENTIALITY_REQUIRED;
rs->sr_text = "unwilling to perform simple authentication "
- "without confidentilty protection";
+ "without confidentiality protection";
send_ldap_result( op, rs );
}
#if defined( LDAP_SLAPI )
- slapi_x_backend_set_pb( pb, op->o_bd );
- slapi_x_connection_set_pb( pb, op->o_conn );
- slapi_x_operation_set_pb( pb, op );
+ slapi_x_pblock_set_operation( pb, op );
slapi_pblock_set( pb, SLAPI_BIND_TARGET, (void *)dn.bv_val );
slapi_pblock_set( pb, SLAPI_BIND_METHOD, (void *)method );
- slapi_pblock_set( pb, SLAPI_BIND_CREDENTIALS, (void *)&op->oq_bind.rb_cred );
+ slapi_pblock_set( pb, SLAPI_BIND_CREDENTIALS, (void *)&op->orb_cred );
slapi_pblock_set( pb, SLAPI_MANAGEDSAIT, (void *)(0) );
rs->sr_err = doPluginFNs( op->o_bd, SLAPI_PLUGIN_PRE_BIND_FN, pb );
- if ( rs->sr_err != SLAPI_BIND_SUCCESS ) {
+ if ( rs->sr_err < 0 ) {
/*
* Binding is a special case for SLAPI plugins. It is
* possible for a bind plugin to be successful *and*
if ( slapi_pblock_get( pb, SLAPI_RESULT_CODE, (void *)&ldapRc ) != 0 )
ldapRc = LDAP_OTHER;
- op->oq_bind.rb_edn.bv_val = NULL;
- op->oq_bind.rb_edn.bv_len = 0;
+ op->orb_edn.bv_val = NULL;
+ op->orb_edn.bv_len = 0;
if ( rs->sr_err != SLAPI_BIND_FAIL && ldapRc == LDAP_SUCCESS ) {
/* Set the new connection DN. */
if ( rs->sr_err != SLAPI_BIND_ANONYMOUS ) {
- slapi_pblock_get( pb, SLAPI_CONN_DN, (void *)&op->oq_bind.rb_edn.bv_val );
+ slapi_pblock_get( pb, SLAPI_CONN_DN, (void *)&op->orb_edn.bv_val );
+ if ( op->orb_edn.bv_val ) op->orb_edn.bv_len = strlen( op->orb_edn.bv_val );
}
- rs->sr_err = dnPrettyNormal( NULL, &op->oq_bind.rb_edn, &op->o_req_dn, &op->o_req_ndn );
+ rs->sr_err = dnPrettyNormal( NULL, &op->orb_edn, &op->o_req_dn, &op->o_req_ndn, op->o_tmpmemctx );
ldap_pvt_thread_mutex_lock( &op->o_conn->c_mutex );
- op->o_conn->c_dn = op->o_req_dn;
- op->o_conn->c_ndn = op->o_req_ndn;
+ ber_dupbv(&op->o_conn->c_dn, &op->o_req_dn);
+ ber_dupbv(&op->o_conn->c_ndn, &op->o_req_ndn);
+ op->o_tmpfree( op->o_req_dn.bv_val, op->o_tmpmemctx );
op->o_req_dn.bv_val = NULL;
op->o_req_dn.bv_len = 0;
+ op->o_tmpfree( op->o_req_ndn.bv_val, op->o_tmpmemctx );
op->o_req_ndn.bv_val = NULL;
op->o_req_ndn.bv_len = 0;
if ( op->o_conn->c_dn.bv_len != 0 ) {
#endif /* defined( LDAP_SLAPI ) */
if ( op->o_bd->be_bind ) {
- op->oq_bind.rb_method = method;
+ op->orb_method = method;
rs->sr_err = (op->o_bd->be_bind)( op, rs );
if ( rs->sr_err == 0 ) {
op->o_conn->c_authz_backend = op->o_bd;
}
- if(op->oq_bind.rb_edn.bv_len) {
- op->o_conn->c_dn = op->oq_bind.rb_edn;
+ /* be_bind returns regular/global edn */
+ if(op->orb_edn.bv_len) {
+ op->o_conn->c_dn = op->orb_edn;
} else {
- op->o_conn->c_dn = op->o_req_dn;
- op->o_req_dn.bv_val = NULL;
- op->o_req_dn.bv_len = 0;
+ ber_dupbv(&op->o_conn->c_dn, &op->o_req_dn);
}
- op->o_conn->c_ndn = op->o_req_ndn;
- op->o_req_ndn.bv_val = NULL;
- op->o_req_ndn.bv_len = 0;
+ ber_dupbv( &op->o_conn->c_ndn, &op->o_req_ndn );
if( op->o_conn->c_dn.bv_len != 0 ) {
ber_len_t max = sockbuf_max_incoming_auth;
/* send this here to avoid a race condition */
send_ldap_result( op, rs );
- } else if (op->oq_bind.rb_edn.bv_val != NULL) {
- free( op->oq_bind.rb_edn.bv_val );
+ } else if (op->orb_edn.bv_val != NULL) {
+ free( op->orb_edn.bv_val );
}
} else {
}
#if defined( LDAP_SLAPI )
- if ( doPluginFNs( op->o_bd, SLAPI_PLUGIN_POST_BIND_FN, pb ) != 0 ) {
+ if ( doPluginFNs( op->o_bd, SLAPI_PLUGIN_POST_BIND_FN, pb ) < 0 ) {
#ifdef NEW_LOGGING
LDAP_LOG( OPERATION, INFO, "do_bind: Bind postoperation plugins failed\n",
0, 0, 0);
op->o_conn->c_sasl_bindop = NULL;
if( op->o_req_dn.bv_val != NULL ) {
- free( op->o_req_dn.bv_val );
+ sl_free( op->o_req_dn.bv_val, op->o_tmpmemctx );
+ op->o_req_dn.bv_val = NULL;
}
if( op->o_req_ndn.bv_val != NULL ) {
- free( op->o_req_ndn.bv_val );
+ sl_free( op->o_req_ndn.bv_val, op->o_tmpmemctx );
+ op->o_req_ndn.bv_val = NULL;
}
return rs->sr_err;