X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=servers%2Fslapd%2Fback-ldap%2Fbind.c;h=92d5856fa1ff00c248a15e707f036e3d4ad69d10;hb=82540c5cc1be5bf17b22f3a41d12d1bc56180654;hp=e6df502d878821a55bf3d7bc2ba17680597de66f;hpb=e2fdaed3c756735547f7bb77c9055667f35b1071;p=openldap

diff --git a/servers/slapd/back-ldap/bind.c b/servers/slapd/back-ldap/bind.c
index e6df502d87..92d5856fa1 100644
--- a/servers/slapd/back-ldap/bind.c
+++ b/servers/slapd/back-ldap/bind.c
@@ -1,7 +1,7 @@
 /* bind.c - ldap backend bind function */
 /* $OpenLDAP$ */
 /*
- * Copyright 1998-2000 The OpenLDAP Foundation, All Rights Reserved.
+ * Copyright 1998-2002 The OpenLDAP Foundation, All Rights Reserved.
  * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
  */
 /* This is an altered version */
@@ -49,6 +49,8 @@
 
 #define PRINT_CONNTREE 0
 
+static LDAP_REBIND_PROC	ldap_back_rebind;
+
 int
 ldap_back_bind(
     Backend		*be,
@@ -64,7 +66,7 @@ ldap_back_bind(
 	struct ldapinfo	*li = (struct ldapinfo *) be->be_private;
 	struct ldapconn *lc;
 
-	char *mdn = NULL;
+	struct berval mdn = { 0, NULL };
 	int rc = 0;
 
 	lc = ldap_back_getconn(li, conn, op);
@@ -76,17 +78,17 @@ ldap_back_bind(
 	 * Rewrite the bind dn if needed
 	 */
 #ifdef ENABLE_REWRITE
-	switch ( rewrite_session( li->rwinfo, "bindDn", dn->bv_val, conn, &mdn ) ) {
+	switch ( rewrite_session( li->rwinfo, "bindDn", dn->bv_val, conn, &mdn.bv_val ) ) {
 	case REWRITE_REGEXEC_OK:
-		if ( mdn == NULL ) {
-			mdn = ( char * )dn->bv_val;
+		if ( mdn.bv_val == NULL ) {
+			mdn.bv_val = ( char * )dn->bv_val;
 		}
 #ifdef NEW_LOGGING
-		LDAP_LOG(( "backend", LDAP_LEVEL_DETAIL1,
-				"[rw] bindDn: \"%s\" -> \"%s\"\n", dn->bv_val, mdn ));
+		LDAP_LOG( BACK_LDAP, DETAIL1, 
+			"[rw] bindDn: \"%s\" -> \"%s\"\n", dn->bv_val, mdn.bv_val, 0 );
 #else /* !NEW_LOGGING */
 		Debug( LDAP_DEBUG_ARGS, "rw> bindDn: \"%s\" -> \"%s\"\n%s",
-				dn->bv_val, mdn, "" );
+				dn->bv_val, mdn.bv_val, "" );
 #endif /* !NEW_LOGGING */
 		break;
 		
@@ -96,28 +98,35 @@ ldap_back_bind(
 		return( -1 );
 
 	case REWRITE_REGEXEC_ERR:
-		send_ldap_result( conn, op, LDAP_OPERATIONS_ERROR,
+		send_ldap_result( conn, op, LDAP_OTHER,
 				NULL, "Operations error", NULL, NULL );
 		return( -1 );
 	}
 #else /* !ENABLE_REWRITE */
-	mdn = ldap_back_dn_massage( li, ch_strdup( dn->bv_val ), 0 );
+	ldap_back_dn_massage( li, dn, &mdn, 0, 1 );
 #endif /* !ENABLE_REWRITE */
 
-	rc = ldap_bind_s(lc->ld, mdn, cred->bv_val, method);
+	rc = ldap_bind_s(lc->ld, mdn.bv_val, cred->bv_val, method);
 	if (rc != LDAP_SUCCESS) {
 		rc = ldap_back_op_result( lc, op );
 	} else {
 		lc->bound = 1;
 	}
 
-#ifdef ENABLE_REWRITE	
-	if ( mdn != dn->bv_val ) {
-#endif /* ENABLE_REWRITE */
-	free( mdn );
-#ifdef ENABLE_REWRITE
+	if ( li->savecred ) {
+		if ( lc->cred.bv_val )
+			ch_free( lc->cred.bv_val );
+		ber_dupbv( &lc->cred, cred );
+		ldap_set_rebind_proc( lc->ld, ldap_back_rebind, lc );
+	}
+
+	if ( lc->bound_dn.bv_val )
+		ch_free( lc->bound_dn.bv_val );
+	if ( mdn.bv_val != dn->bv_val ) {
+		lc->bound_dn = mdn;
+	} else {
+		ber_dupbv( &lc->bound_dn, dn );
 	}
-#endif /* ENABLE_REWRITE */
 	
 	return( rc );
 }
@@ -134,8 +143,8 @@ ldap_back_conn_cmp(
 	const void *c2
 	)
 {
-	struct ldapconn *lc1 = (struct ldapconn *)c1;
-        struct ldapconn *lc2 = (struct ldapconn *)c2;
+	const struct ldapconn *lc1 = (const struct ldapconn *)c1;
+	const struct ldapconn *lc2 = (const struct ldapconn *)c2;
 	
 	return ( ( lc1->conn < lc2->conn ) ? -1 : ( ( lc1->conn > lc2-> conn ) ? 1 : 0 ) );
 }
@@ -223,6 +232,9 @@ ldap_back_getconn(struct ldapinfo *li, Connection *conn, Operation *op)
 		lc->conn = conn;
 		lc->ld = ld;
 
+		lc->cred.bv_len = 0;
+		lc->cred.bv_val = NULL;
+
 #ifdef ENABLE_REWRITE
 		/*
 		 * Sets a cookie for the rewrite session
@@ -230,33 +242,33 @@ ldap_back_getconn(struct ldapinfo *li, Connection *conn, Operation *op)
 		( void )rewrite_session_init( li->rwinfo, conn );
 #endif /* ENABLE_REWRITE */
 
-		if ( lc->conn->c_cdn != NULL && lc->conn->c_cdn[0] != '\0' ) {
+		if ( lc->conn->c_dn.bv_len != 0 ) {
 			
 			/*
 			 * Rewrite the bind dn if needed
 			 */
 #ifdef ENABLE_REWRITE			
-			lc->bound_dn = NULL;
+			lc->bound_dn.bv_val = NULL;
+			lc->bound_dn.bv_len = 0;
 			switch ( rewrite_session( li->rwinfo, "bindDn",
-						lc->conn->c_cdn, conn,
-						&lc->bound_dn ) ) {
+						lc->conn->c_dn.bv_val, conn,
+						&lc->bound_dn.bv_val ) ) {
 			case REWRITE_REGEXEC_OK:
-				if ( lc->bound_dn == NULL ) {
-					lc->bound_dn = 
-						ch_strdup( lc->conn->c_cdn );
+				if ( lc->bound_dn.bv_val == NULL ) {
+					ber_dupbv( &lc->bound_dn, &lc->conn->c_dn );
 				}
 #ifdef NEW_LOGGING
-				LDAP_LOG(( "backend", LDAP_LEVEL_DETAIL1,
-						"[rw] bindDn: \"%s\" ->"
+				LDAP_LOG( BACK_LDAP, DETAIL1, 
+						"[rw] bindDn: \"%s\" ->" 
 						" \"%s\"\n%s",
-						lc->conn->c_cdn,
-						lc->bound_dn ));
+						lc->conn->c_dn.bv_val, 
+						lc->bound_dn.bv_val, "" );
 #else /* !NEW_LOGGING */
 				Debug( LDAP_DEBUG_ARGS,
 					       	"rw> bindDn: \"%s\" ->"
 						" \"%s\"\n%s",
-						lc->conn->c_cdn,
-						lc->bound_dn, "" );
+						lc->conn->c_dn.bv_val,
+						lc->bound_dn.bv_val, "" );
 #endif /* !NEW_LOGGING */
 				break;
 				
@@ -269,17 +281,22 @@ ldap_back_getconn(struct ldapinfo *li, Connection *conn, Operation *op)
 				
 			case REWRITE_REGEXEC_ERR:
 				send_ldap_result( conn, op,
-						LDAP_OPERATIONS_ERROR,
+						LDAP_OTHER,
 						NULL, "Operations error",
 						NULL, NULL );
 				return( NULL );
 			}
 #else /* !ENABLE_REWRITE */
-			lc->bound_dn = ldap_back_dn_massage( li,
-	 				ch_strdup( lc->conn->c_cdn ), 0 );		
+			struct berval bv;
+			ldap_back_dn_massage( li, &lc->conn->c_dn, &bv, 0, 1 );
+			if ( bv.bv_val == lc->conn->c_dn.bv_val )
+				ber_dupbv( &lc->bound_dn, &bv );
+			else
+				lc->bound_dn = bv;
 #endif /* !ENABLE_REWRITE */
 		} else {
-			lc->bound_dn = NULL;
+			lc->bound_dn.bv_val = NULL;
+			lc->bound_dn.bv_len = 0;
 		}
 		lc->bound = 0;
 
@@ -295,9 +312,8 @@ ldap_back_getconn(struct ldapinfo *li, Connection *conn, Operation *op)
 		ldap_pvt_thread_mutex_unlock( &li->conn_mutex );
 
 #ifdef NEW_LOGGING
-		LDAP_LOG(( "backend", LDAP_LEVEL_INFO,
-				"ldap_back_getconn: conn %ld inserted\n",
-				lc->conn->c_connid ));
+		LDAP_LOG( BACK_LDAP, INFO, 
+			"ldap_back_getconn: conn %ld inserted\n", lc->conn->c_connid, 0, 0);
 #else /* !NEW_LOGGING */
 		Debug( LDAP_DEBUG_TRACE,
 			"=>ldap_back_getconn: conn %ld inserted\n%s%s",
@@ -306,16 +322,16 @@ ldap_back_getconn(struct ldapinfo *li, Connection *conn, Operation *op)
 		
 		/* Err could be -1 in case a duplicate ldapconn is inserted */
 		if ( err != 0 ) {
-			send_ldap_result( conn, op, LDAP_OPERATIONS_ERROR,
+			send_ldap_result( conn, op, LDAP_OTHER,
 			NULL, "internal server error", NULL, NULL );
 			/* better destroy the ldapconn struct? */
 			return( NULL );
 		}
 	} else {
 #ifdef NEW_LOGGING
-		LDAP_LOG(( "backend", LDAP_LEVEL_INFO,
-				"ldap_back_getconn: conn %ld inserted\n",
-				lc->conn->c_connid ));
+		LDAP_LOG( BACK_LDAP, INFO, 
+			"ldap_back_getconn: conn %ld inserted\n", 
+			lc->conn->c_connid, 0, 0 );
 #else /* !NEW_LOGGING */
 		Debug( LDAP_DEBUG_TRACE,
 			"=>ldap_back_getconn: conn %ld fetched%s%s\n",
@@ -340,7 +356,7 @@ ldap_back_dobind(struct ldapconn *lc, Operation *op)
 		return( lc->bound );
 	}
 
-	if (ldap_bind_s(lc->ld, lc->bound_dn, NULL, LDAP_AUTH_SIMPLE) !=
+	if (ldap_bind_s(lc->ld, lc->bound_dn.bv_val, lc->cred.bv_val, LDAP_AUTH_SIMPLE) !=
 		LDAP_SUCCESS) {
 		ldap_back_op_result(lc, op);
 		return( 0 );
@@ -348,6 +364,21 @@ ldap_back_dobind(struct ldapconn *lc, Operation *op)
 	return( lc->bound = 1 );
 }
 
+/*
+ * ldap_back_rebind
+ *
+ * This is a callback used for chasing referrals using the same
+ * credentials as the original user on this session.
+ */
+static int 
+ldap_back_rebind( LDAP *ld, LDAP_CONST char *url, ber_tag_t request,
+	ber_int_t msgid, void *params )
+{
+	struct ldapconn *lc = params;
+
+	return ldap_bind_s( ld, lc->bound_dn.bv_val, lc->cred.bv_val, LDAP_AUTH_SIMPLE );
+}
+
 /* Map API errors to protocol errors... */
 
 int
@@ -358,7 +389,7 @@ ldap_back_map_result(int err)
 	case LDAP_SERVER_DOWN:
 		return LDAP_UNAVAILABLE;
 	case LDAP_LOCAL_ERROR:
-		return LDAP_OPERATIONS_ERROR;
+		return LDAP_OTHER;
 	case LDAP_ENCODING_ERROR:
 	case LDAP_DECODING_ERROR:
 		return LDAP_PROTOCOL_ERROR;
@@ -367,13 +398,13 @@ ldap_back_map_result(int err)
 	case LDAP_AUTH_UNKNOWN:
 		return LDAP_AUTH_METHOD_NOT_SUPPORTED;
 	case LDAP_FILTER_ERROR:
-		return LDAP_OPERATIONS_ERROR;
+		return LDAP_OTHER;
 	case LDAP_USER_CANCELLED:
-		return LDAP_OPERATIONS_ERROR;
+		return LDAP_OTHER;
 	case LDAP_PARAM_ERROR:
 		return LDAP_PROTOCOL_ERROR;
 	case LDAP_NO_MEMORY:
-		return LDAP_OPERATIONS_ERROR;
+		return LDAP_OTHER;
 	case LDAP_CONNECT_ERROR:
 		return LDAP_UNAVAILABLE;
 	case LDAP_NOT_SUPPORTED:
@@ -410,8 +441,13 @@ ldap_back_op_result(struct ldapconn *lc, Operation *op)
 #ifdef ENABLE_REWRITE
 	
 	/*
-	 * need rewrite info; mmmh ...
+	 * FIXME: need rewrite info for match; mmmh ...
 	 */
+	send_ldap_result( lc->conn, op, err, match, msg, NULL, NULL );
+	/* better test the pointers before freeing? */
+	if ( match ) {
+		free( match );
+	}
 
 #else /* !ENABLE_REWRITE */
 
@@ -420,6 +456,7 @@ ldap_back_op_result(struct ldapconn *lc, Operation *op)
 	if ( match ) {
 		free( match );
 	}
+
 #endif /* !ENABLE_REWRITE */
 
 	if ( msg ) free( msg );