X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=servers%2Fslapd%2Fbind.c;h=2678c18b4883fc22779ace536c51107881d57a68;hb=6e602b549420181bfe6ad55d863963a5b11544d1;hp=1c6c29612e5982fe0a955be6983d2460362e8b1d;hpb=ece7452b05fcbbb14823e113b683365a59f81f05;p=openldap diff --git a/servers/slapd/bind.c b/servers/slapd/bind.c index 1c6c29612e..2678c18b48 100644 --- a/servers/slapd/bind.c +++ b/servers/slapd/bind.c @@ -43,7 +43,7 @@ do_bind( struct berval mech = { 0, NULL }; struct berval dn = { 0, NULL }; ber_tag_t tag; - Backend *be; + Backend *be = NULL; #ifdef LDAP_SLAPI Slapi_PBlock *pb = op->o_pb; @@ -64,7 +64,7 @@ do_bind( /* log authorization identity demotion */ if ( op->o_conn->c_dn.bv_len ) { Statslog( LDAP_DEBUG_STATS, - "conn=%lu op=%lu BIND anonymous mech=implicit ssf=0", + "conn=%lu op=%lu BIND anonymous mech=implicit ssf=0\n", op->o_connid, op->o_opid, 0, 0, 0 ); } @@ -161,6 +161,10 @@ do_bind( goto cleanup; } + /* We use the tmpmemctx here because it speeds up normalization. + * However, we must dup with regular malloc when storing any + * resulting DNs in the op or conn structures. + */ rs->sr_err = dnPrettyNormal( NULL, &dn, &op->o_req_dn, &op->o_req_ndn, op->o_tmpmemctx ); if ( rs->sr_err != LDAP_SUCCESS ) { #ifdef NEW_LOGGING @@ -292,11 +296,14 @@ do_bind( ldap_pvt_thread_mutex_lock( &op->o_conn->c_mutex ); if( rs->sr_err == LDAP_SUCCESS ) { - op->o_conn->c_dn = op->orb_edn; + ber_dupbv(&op->o_conn->c_dn, &op->orb_edn); if( op->orb_edn.bv_len != 0 ) { /* edn is always normalized already */ ber_dupbv( &op->o_conn->c_ndn, &op->o_conn->c_dn ); } + op->o_tmpfree( op->orb_edn.bv_val, op->o_tmpmemctx ); + op->orb_edn.bv_val = NULL; + op->orb_edn.bv_len = 0; op->o_conn->c_authmech = op->o_conn->c_sasl_bind_mech; op->o_conn->c_sasl_bind_mech.bv_val = NULL; op->o_conn->c_sasl_bind_mech.bv_len = 0; @@ -428,7 +435,7 @@ do_bind( { rs->sr_err = LDAP_CONFIDENTIALITY_REQUIRED; rs->sr_text = "unwilling to perform simple authentication " - "without confidentilty protection"; + "without confidentiality protection"; send_ldap_result( op, rs ); @@ -521,7 +528,7 @@ do_bind( slapi_pblock_set( pb, SLAPI_MANAGEDSAIT, (void *)(0) ); rs->sr_err = doPluginFNs( op->o_bd, SLAPI_PLUGIN_PRE_BIND_FN, pb ); - if ( rs->sr_err != SLAPI_BIND_SUCCESS ) { + if ( rs->sr_err < 0 ) { /* * Binding is a special case for SLAPI plugins. It is * possible for a bind plugin to be successful *and* @@ -533,22 +540,26 @@ do_bind( */ int ldapRc; - if ( slapi_pblock_get( pb, SLAPI_RESULT_CODE, (void *)&ldapRc ) != 0 ) + if ( ( slapi_pblock_get( op->o_pb, SLAPI_RESULT_CODE, (void *)&ldapRc ) != 0 ) || + ldapRc == LDAP_SUCCESS ) { ldapRc = LDAP_OTHER; - + } op->orb_edn.bv_val = NULL; op->orb_edn.bv_len = 0; if ( rs->sr_err != SLAPI_BIND_FAIL && ldapRc == LDAP_SUCCESS ) { /* Set the new connection DN. */ if ( rs->sr_err != SLAPI_BIND_ANONYMOUS ) { slapi_pblock_get( pb, SLAPI_CONN_DN, (void *)&op->orb_edn.bv_val ); + if ( op->orb_edn.bv_val ) op->orb_edn.bv_len = strlen( op->orb_edn.bv_val ); } rs->sr_err = dnPrettyNormal( NULL, &op->orb_edn, &op->o_req_dn, &op->o_req_ndn, op->o_tmpmemctx ); ldap_pvt_thread_mutex_lock( &op->o_conn->c_mutex ); - op->o_conn->c_dn = op->o_req_dn; - op->o_conn->c_ndn = op->o_req_ndn; + ber_dupbv(&op->o_conn->c_dn, &op->o_req_dn); + ber_dupbv(&op->o_conn->c_ndn, &op->o_req_ndn); + op->o_tmpfree( op->o_req_dn.bv_val, op->o_tmpmemctx ); op->o_req_dn.bv_val = NULL; op->o_req_dn.bv_len = 0; + op->o_tmpfree( op->o_req_ndn.bv_val, op->o_tmpmemctx ); op->o_req_ndn.bv_val = NULL; op->o_req_ndn.bv_len = 0; if ( op->o_conn->c_dn.bv_len != 0 ) { @@ -585,6 +596,7 @@ do_bind( op->o_conn->c_authz_backend = op->o_bd; } + /* be_bind returns regular/global edn */ if(op->orb_edn.bv_len) { op->o_conn->c_dn = op->orb_edn; } else { @@ -630,7 +642,7 @@ do_bind( } #if defined( LDAP_SLAPI ) - if ( doPluginFNs( op->o_bd, SLAPI_PLUGIN_POST_BIND_FN, pb ) != 0 ) { + if ( doPluginFNs( op->o_bd, SLAPI_PLUGIN_POST_BIND_FN, pb ) < 0 ) { #ifdef NEW_LOGGING LDAP_LOG( OPERATION, INFO, "do_bind: Bind postoperation plugins failed\n", 0, 0, 0);