* }
*
* SaslCredentials ::= SEQUENCE {
- * mechanism LDAPString,
- * credentials OCTET STRING OPTIONAL
+ * mechanism LDAPString,
+ * credentials OCTET STRING OPTIONAL
* }
*/
}
#if defined( LDAP_SLAPI )
- slapi_backend_set_pb( pb, be );
- slapi_connection_set_pb( pb, conn );
- slapi_operation_set_pb( pb, op );
+ slapi_x_backend_set_pb( pb, be );
+ slapi_x_connection_set_pb( pb, conn );
+ slapi_x_operation_set_pb( pb, op );
slapi_pblock_set( pb, SLAPI_BIND_TARGET, (void *)dn.bv_val );
slapi_pblock_set( pb, SLAPI_BIND_METHOD, (void *)method );
+ slapi_pblock_set( pb, SLAPI_BIND_CREDENTIALS, (void *)&cred );
slapi_pblock_set( pb, SLAPI_MANAGEDSAIT, (void *)(1) );
rc = doPluginFNs( be, SLAPI_PLUGIN_PRE_BIND_FN, pb );
- if ( rc != 0 && rc != LDAP_OTHER ) {
+ if ( rc != SLAPI_BIND_SUCCESS ) {
/*
- * either there is no preOp (bind) plugins
- * or a plugin failed. Just log it
- *
- * FIXME: is this correct?
+ * Binding is a special case for SLAPI plugins. It is
+ * possible for a bind plugin to be successful *and*
+ * abort further processing; this means it has handled
+ * a bind request authoritatively. If we have reached
+ * here, a result has been sent to the client (XXX
+ * need to check with Sun whether SLAPI_BIND_ANONYMOUS
+ * means a result has been sent).
*/
+ int ldapRc;
+
+ if ( slapi_pblock_get( pb, SLAPI_RESULT_CODE, (void *)&ldapRc ) != 0 )
+ ldapRc = LDAP_OPERATIONS_ERROR;
+
+ edn.bv_val = NULL;
+ edn.bv_len = 0;
+ if ( rc != SLAPI_BIND_FAIL && ldapRc == LDAP_SUCCESS ) {
+ /* Set the new connection DN. */
+ if ( rc != SLAPI_BIND_ANONYMOUS ) {
+ slapi_pblock_get( pb, SLAPI_CONN_DN, (void *)&edn.bv_val );
+ }
+ rc = dnPrettyNormal( NULL, &edn, &pdn, &ndn );
+ ldap_pvt_thread_mutex_lock( &conn->c_mutex );
+ conn->c_dn = pdn;
+ conn->c_ndn = ndn;
+ pdn.bv_val = NULL;
+ pdn.bv_len = 0;
+ ndn.bv_val = NULL;
+ ndn.bv_len = 0;
+ if ( conn->c_dn.bv_len != 0 ) {
+ ber_len_t max = sockbuf_max_incoming_auth;
+ ber_sockbuf_ctrl( conn->c_sb, LBER_SB_OPT_SET_MAX_INCOMING, &max );
+ }
+ /* log authorization identity */
+ Statslog( LDAP_DEBUG_STATS,
+ "conn=%lu op=%lu AUTHZ dn=\"%s\" mech=simple (SLAPI) ssf=0\n",
+ op->o_connid, op->o_opid,
+ conn->c_dn.bv_val, 0, 0 );
+ ldap_pvt_thread_mutex_unlock( &conn->c_mutex );
+ }
#ifdef NEW_LOGGING
- LDAP_LOG( OPERATION, INFO, "do_bind: Bind preOps failed\n",
- 0, 0, 0);
+ LDAP_LOG( OPERATION, INFO, "do_bind: Bind preoperation plugin returned %d\n",
+ rc, 0, 0);
#else
- Debug(LDAP_DEBUG_TRACE, "do_bind: Bind preOps failed.\n",
- 0, 0, 0);
+ Debug(LDAP_DEBUG_TRACE, "do_bind: Bind preoperation plugin returned %d.\n",
+ rc, 0, 0);
#endif
+ rc = ldapRc;
+ goto cleanup;
}
#endif /* defined( LDAP_SLAPI ) */
}
#if defined( LDAP_SLAPI )
- rc = doPluginFNs( be, SLAPI_PLUGIN_POST_BIND_FN, pb );
- if ( rc != 0 && rc != LDAP_OTHER ) {
- /*
- * either there is no pretOp (bind) plugins
- * or a plugin failed. Just log it
- *
- * FIXME: is this correct?
- */
+ if ( doPluginFNs( be, SLAPI_PLUGIN_POST_BIND_FN, pb ) != 0 ) {
#ifdef NEW_LOGGING
- LDAP_LOG( OPERATION, INFO, "do_bind: Bind postOps failed\n",
+ LDAP_LOG( OPERATION, INFO, "do_bind: Bind postoperation plugins failed\n",
0, 0, 0);
#else
- Debug(LDAP_DEBUG_TRACE, "do_bind: Bind postOps failed.\n",
+ Debug(LDAP_DEBUG_TRACE, "do_bind: Bind postoperation plugins failed.\n",
0, 0, 0);
#endif
}