static int
slap_idassert_authzfrom_parse( ConfigArgs *c, slap_idassert_t *si )
{
- ldapinfo_t *li = ( ldapinfo_t * )c->be->be_private;
struct berval bv;
struct berval in;
int rc;
Debug( LDAP_DEBUG_ANY, "%s: %s.\n", c->log, c->msg, 0 );
return 1;
}
- ber_bvarray_add( &li->li_idassert_authz, &bv );
+ ber_bvarray_add( &si->si_authz, &bv );
return 0;
}
slap_idassert_authzfrom_parse_cf( const char *fname, int lineno, const char *arg, slap_idassert_t *si )
{
ConfigArgs c = { 0 };
- char *argv[ 2 ];
+ char *argv[ 3 ];
snprintf( c.log, sizeof( c.log ), "%s: line %d", fname, lineno );
c.argc = 2;
c.argv = argv;
- argv[ 0 ] = arg;
- argv[ 1 ] = NULL;
+ argv[ 0 ] = "idassert-authzFrom";
+ argv[ 1 ] = (char *)arg;
+ argv[ 2 ] = NULL;
return slap_idassert_authzfrom_parse( &c, si );
}
SlapReply *rs,
ldap_back_send_t sendok );
+static int
+meta_back_single_bind(
+ Operation *op,
+ SlapReply *rs,
+ metaconn_t *mc,
+ int candidate );
+
int
meta_back_bind( Operation *op, SlapReply *rs )
{
for ( i = 0; i < mi->mi_ntargets; i++ ) {
metatarget_t *mt = mi->mi_targets[ i ];
int lerr;
- Operation op2 = *op;
- int massage = 1;
/*
* Skip non-candidates
continue;
}
- /* FIXME: if sb_method == LDAP_AUTH_SASL things differ a bit */
- if ( mt->mt_idassert_authmethod == LDAP_AUTH_SASL ) {
- /* ### */
- }
-
- op2.o_req_dn = mt->mt_idassert_authcDN;
- op2.o_req_ndn = mt->mt_idassert_authcDN;
- op2.orb_cred = mt->mt_idassert_passwd;
- op2.orb_method = LDAP_AUTH_SIMPLE;
+
+ (void)meta_back_proxy_authz_bind( mc, i, op, rs, LDAP_BACK_DONTSEND );
+ lerr = rs->sr_err;
- massage = 0;
+ } else {
+ lerr = meta_back_single_bind( op, rs, mc, i );
}
-
- lerr = meta_back_single_bind( &op2, rs, mc, i, massage );
if ( lerr != LDAP_SUCCESS ) {
rc = rs->sr_err = lerr;
*
* attempts to perform a bind with creds
*/
-int
+static int
meta_back_single_bind(
Operation *op,
SlapReply *rs,
metaconn_t *mc,
- int candidate,
- int massage )
+ int candidate )
{
metainfo_t *mi = ( metainfo_t * )op->o_bd->be_private;
metatarget_t *mt = mi->mi_targets[ candidate ];
struct berval mdn = BER_BVNULL;
metasingleconn_t *msc = &mc->mc_conns[ candidate ];
int msgid;
+ dncookie dc;
if ( !BER_BVISNULL( &msc->msc_bound_ndn ) ) {
ch_free( msc->msc_bound_ndn.bv_val );
/*
* Rewrite the bind dn if needed
*/
- if ( massage ) {
- dncookie dc;
-
- dc.target = mt;
- dc.conn = op->o_conn;
- dc.rs = rs;
- dc.ctx = "bindDN";
-
- if ( ldap_back_dn_massage( &dc, &op->o_req_dn, &mdn ) ) {
- rs->sr_text = "DN rewrite error";
- rs->sr_err = LDAP_OTHER;
- return rs->sr_err;
- }
-
- } else {
- mdn = op->o_req_dn;
+ dc.target = mt;
+ dc.conn = op->o_conn;
+ dc.rs = rs;
+ dc.ctx = "bindDN";
+
+ if ( ldap_back_dn_massage( &dc, &op->o_req_dn, &mdn ) ) {
+ rs->sr_text = "DN rewrite error";
+ rs->sr_err = LDAP_OTHER;
+ return rs->sr_err;
}
/* FIXME: this fixes the bind problem right now; we need
ldap_pvt_thread_mutex_init( &mt->mt_uri_mutex );
+ mt->mt_idassert_mode = LDAP_BACK_IDASSERT_LEGACY;
+ mt->mt_idassert_authmethod = LDAP_AUTH_NONE;
+ mt->mt_idassert_tls = SB_TLS_DEFAULT;
+
+ /* by default, use proxyAuthz control on each operation */
+ mt->mt_idassert_flags = LDAP_BACK_AUTH_PRESCRIPTIVE;
+
*mtp = mt;
return 0;
/* name to use as pseudo-root dn */
} else if ( strcasecmp( argv[ 0 ], "pseudorootdn" ) == 0 ) {
int i = mi->mi_ntargets - 1;
- struct berval dn;
if ( i < 0 ) {
Debug( LDAP_DEBUG_ANY,
projects / openldap / commitdiff