X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=servers%2Fslapd%2Fback-ldap%2Fbind.c;h=92d5856fa1ff00c248a15e707f036e3d4ad69d10;hb=82540c5cc1be5bf17b22f3a41d12d1bc56180654;hp=064bca788eea1f9ede2b0fc37a3f501bb0b9f3bb;hpb=4a8ab5dbf2ba037b0824d64bb3217ca06671884a;p=openldap

diff --git a/servers/slapd/back-ldap/bind.c b/servers/slapd/back-ldap/bind.c
index 064bca788e..92d5856fa1 100644
--- a/servers/slapd/back-ldap/bind.c
+++ b/servers/slapd/back-ldap/bind.c
@@ -49,6 +49,8 @@
 
 #define PRINT_CONNTREE 0
 
+static LDAP_REBIND_PROC	ldap_back_rebind;
+
 int
 ldap_back_bind(
     Backend		*be,
@@ -82,8 +84,8 @@ ldap_back_bind(
 			mdn.bv_val = ( char * )dn->bv_val;
 		}
 #ifdef NEW_LOGGING
-		LDAP_LOG(( "backend", LDAP_LEVEL_DETAIL1,
-				"[rw] bindDn: \"%s\" -> \"%s\"\n", dn->bv_val, mdn.bv_val ));
+		LDAP_LOG( BACK_LDAP, DETAIL1, 
+			"[rw] bindDn: \"%s\" -> \"%s\"\n", dn->bv_val, mdn.bv_val, 0 );
 #else /* !NEW_LOGGING */
 		Debug( LDAP_DEBUG_ARGS, "rw> bindDn: \"%s\" -> \"%s\"\n%s",
 				dn->bv_val, mdn.bv_val, "" );
@@ -96,7 +98,7 @@ ldap_back_bind(
 		return( -1 );
 
 	case REWRITE_REGEXEC_ERR:
-		send_ldap_result( conn, op, LDAP_OPERATIONS_ERROR,
+		send_ldap_result( conn, op, LDAP_OTHER,
 				NULL, "Operations error", NULL, NULL );
 		return( -1 );
 	}
@@ -111,8 +113,19 @@ ldap_back_bind(
 		lc->bound = 1;
 	}
 
+	if ( li->savecred ) {
+		if ( lc->cred.bv_val )
+			ch_free( lc->cred.bv_val );
+		ber_dupbv( &lc->cred, cred );
+		ldap_set_rebind_proc( lc->ld, ldap_back_rebind, lc );
+	}
+
+	if ( lc->bound_dn.bv_val )
+		ch_free( lc->bound_dn.bv_val );
 	if ( mdn.bv_val != dn->bv_val ) {
-		free( mdn.bv_val );
+		lc->bound_dn = mdn;
+	} else {
+		ber_dupbv( &lc->bound_dn, dn );
 	}
 	
 	return( rc );
@@ -219,6 +232,9 @@ ldap_back_getconn(struct ldapinfo *li, Connection *conn, Operation *op)
 		lc->conn = conn;
 		lc->ld = ld;
 
+		lc->cred.bv_len = 0;
+		lc->cred.bv_val = NULL;
+
 #ifdef ENABLE_REWRITE
 		/*
 		 * Sets a cookie for the rewrite session
@@ -226,7 +242,7 @@ ldap_back_getconn(struct ldapinfo *li, Connection *conn, Operation *op)
 		( void )rewrite_session_init( li->rwinfo, conn );
 #endif /* ENABLE_REWRITE */
 
-		if ( lc->conn->c_cdn.bv_len != 0 ) {
+		if ( lc->conn->c_dn.bv_len != 0 ) {
 			
 			/*
 			 * Rewrite the bind dn if needed
@@ -235,23 +251,23 @@ ldap_back_getconn(struct ldapinfo *li, Connection *conn, Operation *op)
 			lc->bound_dn.bv_val = NULL;
 			lc->bound_dn.bv_len = 0;
 			switch ( rewrite_session( li->rwinfo, "bindDn",
-						lc->conn->c_cdn.bv_val, conn,
+						lc->conn->c_dn.bv_val, conn,
 						&lc->bound_dn.bv_val ) ) {
 			case REWRITE_REGEXEC_OK:
 				if ( lc->bound_dn.bv_val == NULL ) {
-					ber_dupbv( &lc->bound_dn, &lc->conn->c_cdn );
+					ber_dupbv( &lc->bound_dn, &lc->conn->c_dn );
 				}
 #ifdef NEW_LOGGING
-				LDAP_LOG(( "backend", LDAP_LEVEL_DETAIL1,
-						"[rw] bindDn: \"%s\" ->"
+				LDAP_LOG( BACK_LDAP, DETAIL1, 
+						"[rw] bindDn: \"%s\" ->" 
 						" \"%s\"\n%s",
-						lc->conn->c_cdn.bv_val,
-						lc->bound_dn.bv_val ));
+						lc->conn->c_dn.bv_val, 
+						lc->bound_dn.bv_val, "" );
 #else /* !NEW_LOGGING */
 				Debug( LDAP_DEBUG_ARGS,
 					       	"rw> bindDn: \"%s\" ->"
 						" \"%s\"\n%s",
-						lc->conn->c_cdn.bv_val,
+						lc->conn->c_dn.bv_val,
 						lc->bound_dn.bv_val, "" );
 #endif /* !NEW_LOGGING */
 				break;
@@ -265,15 +281,15 @@ ldap_back_getconn(struct ldapinfo *li, Connection *conn, Operation *op)
 				
 			case REWRITE_REGEXEC_ERR:
 				send_ldap_result( conn, op,
-						LDAP_OPERATIONS_ERROR,
+						LDAP_OTHER,
 						NULL, "Operations error",
 						NULL, NULL );
 				return( NULL );
 			}
 #else /* !ENABLE_REWRITE */
 			struct berval bv;
-			ldap_back_dn_massage( li, &lc->conn->c_cdn, &bv, 0, 1 );
-			if ( bv.bv_val == lc->conn->c_cdn.bv_val )
+			ldap_back_dn_massage( li, &lc->conn->c_dn, &bv, 0, 1 );
+			if ( bv.bv_val == lc->conn->c_dn.bv_val )
 				ber_dupbv( &lc->bound_dn, &bv );
 			else
 				lc->bound_dn = bv;
@@ -296,9 +312,8 @@ ldap_back_getconn(struct ldapinfo *li, Connection *conn, Operation *op)
 		ldap_pvt_thread_mutex_unlock( &li->conn_mutex );
 
 #ifdef NEW_LOGGING
-		LDAP_LOG(( "backend", LDAP_LEVEL_INFO,
-				"ldap_back_getconn: conn %ld inserted\n",
-				lc->conn->c_connid ));
+		LDAP_LOG( BACK_LDAP, INFO, 
+			"ldap_back_getconn: conn %ld inserted\n", lc->conn->c_connid, 0, 0);
 #else /* !NEW_LOGGING */
 		Debug( LDAP_DEBUG_TRACE,
 			"=>ldap_back_getconn: conn %ld inserted\n%s%s",
@@ -307,16 +322,16 @@ ldap_back_getconn(struct ldapinfo *li, Connection *conn, Operation *op)
 		
 		/* Err could be -1 in case a duplicate ldapconn is inserted */
 		if ( err != 0 ) {
-			send_ldap_result( conn, op, LDAP_OPERATIONS_ERROR,
+			send_ldap_result( conn, op, LDAP_OTHER,
 			NULL, "internal server error", NULL, NULL );
 			/* better destroy the ldapconn struct? */
 			return( NULL );
 		}
 	} else {
 #ifdef NEW_LOGGING
-		LDAP_LOG(( "backend", LDAP_LEVEL_INFO,
-				"ldap_back_getconn: conn %ld inserted\n",
-				lc->conn->c_connid ));
+		LDAP_LOG( BACK_LDAP, INFO, 
+			"ldap_back_getconn: conn %ld inserted\n", 
+			lc->conn->c_connid, 0, 0 );
 #else /* !NEW_LOGGING */
 		Debug( LDAP_DEBUG_TRACE,
 			"=>ldap_back_getconn: conn %ld fetched%s%s\n",
@@ -341,7 +356,7 @@ ldap_back_dobind(struct ldapconn *lc, Operation *op)
 		return( lc->bound );
 	}
 
-	if (ldap_bind_s(lc->ld, lc->bound_dn.bv_val, NULL, LDAP_AUTH_SIMPLE) !=
+	if (ldap_bind_s(lc->ld, lc->bound_dn.bv_val, lc->cred.bv_val, LDAP_AUTH_SIMPLE) !=
 		LDAP_SUCCESS) {
 		ldap_back_op_result(lc, op);
 		return( 0 );
@@ -349,6 +364,21 @@ ldap_back_dobind(struct ldapconn *lc, Operation *op)
 	return( lc->bound = 1 );
 }
 
+/*
+ * ldap_back_rebind
+ *
+ * This is a callback used for chasing referrals using the same
+ * credentials as the original user on this session.
+ */
+static int 
+ldap_back_rebind( LDAP *ld, LDAP_CONST char *url, ber_tag_t request,
+	ber_int_t msgid, void *params )
+{
+	struct ldapconn *lc = params;
+
+	return ldap_bind_s( ld, lc->bound_dn.bv_val, lc->cred.bv_val, LDAP_AUTH_SIMPLE );
+}
+
 /* Map API errors to protocol errors... */
 
 int
@@ -359,7 +389,7 @@ ldap_back_map_result(int err)
 	case LDAP_SERVER_DOWN:
 		return LDAP_UNAVAILABLE;
 	case LDAP_LOCAL_ERROR:
-		return LDAP_OPERATIONS_ERROR;
+		return LDAP_OTHER;
 	case LDAP_ENCODING_ERROR:
 	case LDAP_DECODING_ERROR:
 		return LDAP_PROTOCOL_ERROR;
@@ -368,13 +398,13 @@ ldap_back_map_result(int err)
 	case LDAP_AUTH_UNKNOWN:
 		return LDAP_AUTH_METHOD_NOT_SUPPORTED;
 	case LDAP_FILTER_ERROR:
-		return LDAP_OPERATIONS_ERROR;
+		return LDAP_OTHER;
 	case LDAP_USER_CANCELLED:
-		return LDAP_OPERATIONS_ERROR;
+		return LDAP_OTHER;
 	case LDAP_PARAM_ERROR:
 		return LDAP_PROTOCOL_ERROR;
 	case LDAP_NO_MEMORY:
-		return LDAP_OPERATIONS_ERROR;
+		return LDAP_OTHER;
 	case LDAP_CONNECT_ERROR:
 		return LDAP_UNAVAILABLE;
 	case LDAP_NOT_SUPPORTED: