be = glue_back_select (b0, ndn->bv_val);
if (be && be->be_bind) {
- conn->c_authz_backend = be;
rc = be->be_bind (be, conn, op, dn, ndn, method, cred, edn);
+
+ if( rc == LDAP_SUCCESS ) {
+ ldap_pvt_thread_mutex_lock( &conn->c_mutex );
+ if( conn->c_authz_backend == NULL ) {
+ conn->c_authz_backend = be;
+ }
+ ldap_pvt_thread_mutex_unlock( &conn->c_mutex );
+ }
} else {
rc = LDAP_UNWILLING_TO_PERFORM;
send_ldap_result (conn, op, rc, NULL, "No bind target found",
void connection2anonymous( Connection *c )
{
- assert( connections != NULL );
- assert( c != NULL );
+ assert( connections != NULL );
+ assert( c != NULL );
{
ber_len_t max = sockbuf_max_incoming;
}
c->c_authmech.bv_len = 0;
- if(c->c_dn.bv_val != NULL) {
- free(c->c_dn.bv_val);
- c->c_dn.bv_val = NULL;
- }
- c->c_dn.bv_len = 0;
- if(c->c_ndn.bv_val != NULL) {
- free(c->c_ndn.bv_val);
- c->c_ndn.bv_val = NULL;
- }
- c->c_ndn.bv_len = 0;
+ if(c->c_dn.bv_val != NULL) {
+ free(c->c_dn.bv_val);
+ c->c_dn.bv_val = NULL;
+ }
+ c->c_dn.bv_len = 0;
+ if(c->c_ndn.bv_val != NULL) {
+ free(c->c_ndn.bv_val);
+ c->c_ndn.bv_val = NULL;
+ }
+ c->c_ndn.bv_len = 0;
if(c->c_cdn.bv_val != NULL) {
free(c->c_cdn.bv_val);
c->c_cdn.bv_len = 0;
c->c_authz_backend = NULL;
-
- {
- GroupAssertion *g, *n;
- for (g = c->c_groups; g; g=n)
+
{
- n = g->ga_next;
- free(g);
+ GroupAssertion *g, *n;
+ for (g = c->c_groups; g; g=n) {
+ n = g->ga_next;
+ free(g);
+ }
+ c->c_groups = NULL;
}
- c->c_groups = NULL;
- }
-
}
static void
const char **text,
BerVarray *refs )
{
+ Backend *be;
int rc;
assert( reqoid != NULL );
return LDAP_STRONG_AUTH_REQUIRED;
}
- if( conn->c_authz_backend == NULL || !conn->c_authz_backend->be_extended ) {
+ ldap_pvt_thread_mutex_lock( &conn->c_mutex );
+ be = conn->c_authz_backend;
+ ldap_pvt_thread_mutex_unlock( &conn->c_mutex );
+
+ if( be == NULL ) {
+ *text = "operation not supported for SASL user";
+ return LDAP_UNWILLING_TO_PERFORM;
+ }
+
+ if( !be->be_extended ) {
*text = "operation not supported for current user";
return LDAP_UNWILLING_TO_PERFORM;
}
{
struct berval passwd = BER_BVC( LDAP_EXOP_MODIFY_PASSWD );
- rc = backend_check_restrictions( conn->c_authz_backend,
- conn, op, &passwd, text );
+ rc = backend_check_restrictions( be, conn, op, &passwd, text );
}
if( rc != LDAP_SUCCESS ) {
return rc;
}
- if( conn->c_authz_backend->be_update_ndn.bv_len ) {
+ if( be->be_update_ndn.bv_len ) {
/* we SHOULD return a referral in this case */
- *refs = referral_rewrite( conn->c_authz_backend->be_update_refs,
+ *refs = referral_rewrite( be->be_update_refs,
NULL, NULL, LDAP_SCOPE_DEFAULT );
rc = LDAP_REFERRAL;
} else {
- rc = conn->c_authz_backend->be_extended(
- conn->c_authz_backend, conn, op,
+ rc = be->be_extended(
+ be, conn, op,
reqoid, reqdata,
rspoid, rspdata, rspctrls,
text, refs );
struct berval *ndn = o->o_callback->sc_private;
/* We only want to be called once */
- if (ndn->bv_val) {
+ if( ndn->bv_val ) {
free(ndn->bv_val);
ndn->bv_val = NULL;
+
#ifdef NEW_LOGGING
- LDAP_LOG(( "sasl", LDAP_LEVEL_DETAIL1,
- "slap_sasl2dn: search DN returned more than 1 entry\n" ));
+ LDAP_LOG(( "sasl", LDAP_LEVEL_DETAIL1,
+ "slap_sasl2dn: search DN returned more than 1 entry\n" ));
#else
- Debug( LDAP_DEBUG_TRACE,
- "slap_sasl2dn: search DN returned more than 1 entry\n", 0,0,0 );
+ Debug( LDAP_DEBUG_TRACE,
+ "slap_sasl2dn: search DN returned more than 1 entry\n", 0,0,0 );
#endif
return -1;
- } else {
- ber_dupbv(ndn, &e->e_nname);
- return 0;
}
+
+ ber_dupbv(ndn, &e->e_nname);
+ return 0;
}
/*
LDAP_LOG(( "sasl", LDAP_LEVEL_ENTRY,
"slap_sasl2dn: converting SASL name %s to DN.\n", saslname->bv_val ));
#else
- Debug( LDAP_DEBUG_TRACE,
- "==>slap_sasl2dn: Converting SASL name %s to a DN\n", saslname->bv_val, 0,0 );
+ Debug( LDAP_DEBUG_TRACE, "==>slap_sasl2dn: "
+ "converting SASL name %s to a DN\n", saslname->bv_val, 0,0 );
#endif
+
dn->bv_val = NULL;
dn->bv_len = 0;
cb.sc_private = dn;
be = select_backend( &uri.dn, 0, 1 );
- conn->c_authz_backend = be;
-
/* Massive shortcut: search scope == base */
if( uri.scope == LDAP_SCOPE_BASE ) {
*dn = uri.dn;
#ifdef NEW_LOGGING
LDAP_LOG(( "sasl", LDAP_LEVEL_DETAIL1,
- "slap_sasl2dn: performing internal search (base=%s, scope=%d)\n",
- uri.dn.bv_val, uri.scope ));
+ "slap_sasl2dn: performing internal search (base=%s, scope=%d)\n",
+ uri.dn.bv_val, uri.scope ));
#else
Debug( LDAP_DEBUG_TRACE,
"slap_sasl2dn: performing internal search (base=%s, scope=%d)\n",
uri.dn.bv_val, uri.scope, 0 );
#endif
- if(( be == NULL ) || ( be->be_search == NULL))
+ if(( be == NULL ) || ( be->be_search == NULL)) {
goto FINISHED;
+ }
suffix_alias( be, &uri.dn );
op.o_tag = LDAP_REQ_SEARCH;
op.o_callback = &cb;
op.o_time = slap_get_time();
- (*be->be_search)( be, /*conn*/NULL, &op, /*base*/NULL, &uri.dn,
- uri.scope, /*deref=*/1, /*sizelimit=*/1, /*time=*/0, filter, /*fstr=*/NULL,
- /*attrs=*/NULL, /*attrsonly=*/0 );
+ (*be->be_search)( be, NULL, &op, NULL, &uri.dn,
+ uri.scope, LDAP_DEREF_NEVER, 1, 0,
+ filter, NULL, NULL, 1 );
+ if( dn->bv_len ) {
+ conn->c_authz_backend = be;
+ }
+
FINISHED:
if( uri.dn.bv_len ) ch_free( uri.dn.bv_val );
if( uri.filter.bv_len ) ch_free( uri.filter.bv_val );
projects / openldap / commitdiff