ITS#2825 fix SASL internal searches

author Howard Chu <hyc@openldap.org>

Thu, 13 Nov 2003 21:42:28 +0000 (21:42 +0000)

committer Howard Chu <hyc@openldap.org>

Thu, 13 Nov 2003 21:42:28 +0000 (21:42 +0000)
author Howard Chu <hyc@openldap.org>
Thu, 13 Nov 2003 21:42:28 +0000 (21:42 +0000)
committer Howard Chu <hyc@openldap.org>
Thu, 13 Nov 2003 21:42:28 +0000 (21:42 +0000)
diff --git a/servers/slapd/sasl.c b/servers/slapd/sasl.c

index 34c5aadffb39cf4c80f24bef6bb3a83157470261..06254e3f12645b4dc02e260f8dee14792b24d79a 100644 (file)
--- a/servers/slapd/sasl.c
+++ b/servers/slapd/sasl.c
@@ -297,6 +297,7 @@ static const char *slap_propnames[] = {
         "*slapConn", "*authcDN", "*authzDN", NULL };
  
  static Filter generic_filter = { LDAP_FILTER_PRESENT };
+static struct berval generic_filterstr = BER_BVC("(objectclass=*)");
  
  #define        PROP_CONN       0
  #define        PROP_AUTHC      1
@@ -449,10 +450,12 @@ slap_auxprop_lookup(
  #endif
                         op.o_conn = conn;
                         op.o_connid = conn->c_connid;
+                       op.o_req_dn = op.o_req_ndn;
                         op.ors_scope = LDAP_SCOPE_BASE;
                         op.ors_deref = LDAP_DEREF_NEVER;
                         op.ors_slimit = 1;
                         op.ors_filter = &generic_filter;
+                       op.ors_filterstr = generic_filterstr;
  
                         op.o_bd->be_search( &op, &rs );
                 }
@@ -577,10 +580,12 @@ slap_sasl_checkpass(
  #endif
                 op.o_conn = conn;
                 op.o_connid = conn->c_connid;
+               op.o_req_dn = op.o_req_ndn;
                 op.ors_scope = LDAP_SCOPE_BASE;
                 op.ors_deref = LDAP_DEREF_NEVER;
                 op.ors_slimit = 1;
                 op.ors_filter = &generic_filter;
+               op.ors_filterstr = generic_filterstr;
  
                 op.o_bd->be_search( &op, &rs );
         }
diff --git a/servers/slapd/saslauthz.c b/servers/slapd/saslauthz.c

index b536580930fa7020c354d33962dec96649f4c968..ba3cfe1291a6a27e79d86d2d54aa0d5830884e60 100644 (file)
--- a/servers/slapd/saslauthz.c
+++ b/servers/slapd/saslauthz.c
@@ -66,15 +66,20 @@ int slap_sasl_setpolicy( const char *arg )
  }
  
  static int slap_parseURI( Operation *op, struct berval *uri,
-       struct berval *searchbase, int *scope, Filter **filter )
+       struct berval *base, struct berval *nbase,
+       int *scope, Filter **filter, struct berval *fstr )
  {
         struct berval bv;
         int rc;
         LDAPURLDesc *ludp;
  
         assert( uri != NULL && uri->bv_val != NULL );
-       searchbase->bv_val = NULL;
-       searchbase->bv_len = 0;
+       base->bv_val = NULL;
+       base->bv_len = 0;
+       nbase->bv_val = NULL;
+       nbase->bv_len = 0;
+       fstr->bv_val = NULL;
+       fstr->bv_len = 0;
         *scope = -1;
         *filter = NULL;
  
@@ -93,7 +98,7 @@ static int slap_parseURI( Operation *op, struct berval *uri,
  
  is_dn: bv.bv_len = uri->bv_len - (bv.bv_val - uri->bv_val);
  
-               rc = dnNormalize( 0, NULL, NULL, &bv, searchbase, op->o_tmpmemctx );
+               rc = dnNormalize( 0, NULL, NULL, &bv, nbase, op->o_tmpmemctx );
                 if( rc == LDAP_SUCCESS ) {
                         *scope = LDAP_SCOPE_BASE;
                 }
@@ -129,16 +134,24 @@ is_dn:    bv.bv_len = uri->bv_len - (bv.bv_val - uri->bv_val);
                         rc = LDAP_PROTOCOL_ERROR;
                         goto done;
                 }
+               ber_str2bv( ludp->lud_filter, 0, 0, fstr );
         }
  
         /* Grab the searchbase */
-       bv.bv_val = ludp->lud_dn;
-       bv.bv_len = strlen( bv.bv_val );
-       rc = dnNormalize( 0, NULL, NULL, &bv, searchbase, op->o_tmpmemctx );
+       ber_str2bv( ludp->lud_dn, 0, 0, base );
+       rc = dnNormalize( 0, NULL, NULL, base, nbase, op->o_tmpmemctx );
  
  done:
         if( rc != LDAP_SUCCESS ) {
                 if( *filter ) filter_free_x( op, *filter );
+               base->bv_val = NULL;
+               base->bv_len = 0;
+               fstr->bv_val = NULL;
+               fstr->bv_len = 0;
+       } else {
+               /* Don't free these, return them to caller */
+               ludp->lud_filter = NULL;
+               ludp->lud_dn= NULL;
         }
  
         ldap_free_urldesc( ludp );
@@ -405,8 +418,9 @@ int slap_sasl_match( Operation *opx, struct berval *rule,
                 assertDN->bv_val, rule->bv_val, 0 );
  #endif
  
-       rc = slap_parseURI( opx, rule,
-               &op.o_req_ndn, &op.oq_search.rs_scope, &op.oq_search.rs_filter );
+       rc = slap_parseURI( opx, rule, &op.o_req_dn,
+               &op.o_req_ndn, &op.oq_search.rs_scope, &op.oq_search.rs_filter,
+               &op.ors_filterstr );
         if( rc != LDAP_SUCCESS ) goto CONCLUDED;
  
         /* Massive shortcut: search scope == base */
@@ -462,6 +476,7 @@ int slap_sasl_match( Operation *opx, struct berval *rule,
  #endif
         op.o_conn = opx->o_conn;
         op.o_connid = opx->o_connid;
+       op.o_req_dn = op.o_req_ndn;
  
         op.o_bd->be_search( &op, &rs );
  
@@ -472,8 +487,10 @@ int slap_sasl_match( Operation *opx, struct berval *rule,
         }
  
  CONCLUDED:
+       if( op.o_req_dn.bv_len ) ch_free( op.o_req_dn.bv_val );
         if( op.o_req_ndn.bv_len ) sl_free( op.o_req_ndn.bv_val, opx->o_tmpmemctx );
         if( op.oq_search.rs_filter ) filter_free_x( opx, op.oq_search.rs_filter );
+       if( op.ors_filterstr.bv_len ) ch_free( op.ors_filterstr.bv_val );
  
  #ifdef NEW_LOGGING
         LDAP_LOG( TRANSPORT, ENTRY, 
@@ -580,8 +597,9 @@ void slap_sasl2dn( Operation *opx,
                 goto FINISHED;
         }
  
-       rc = slap_parseURI( opx, &regout,
-               &op.o_req_ndn, &op.oq_search.rs_scope, &op.oq_search.rs_filter );
+       rc = slap_parseURI( opx, &regout, &op.o_req_dn,
+               &op.o_req_ndn, &op.oq_search.rs_scope, &op.oq_search.rs_filter,
+               &op.ors_filterstr );
         if( regout.bv_val ) sl_free( regout.bv_val, opx->o_tmpmemctx );
         if( rc != LDAP_SUCCESS ) {
                 goto FINISHED;
@@ -630,6 +648,7 @@ void slap_sasl2dn( Operation *opx,
         op.oq_search.rs_deref = LDAP_DEREF_NEVER;
         op.oq_search.rs_slimit = 1;
         op.oq_search.rs_attrsonly = 1;
+       op.o_req_dn = op.o_req_ndn;
  
         op.o_bd->be_search( &op, &rs );
         
@@ -637,8 +656,10 @@ FINISHED:
         if( sasldn->bv_len ) {
                 opx->o_conn->c_authz_backend = op.o_bd;
         }
-       if( op.o_req_ndn.bv_len ) ch_free( op.o_req_ndn.bv_val );
+       if( op.o_req_dn.bv_len ) ch_free( op.o_req_dn.bv_val );
+       if( op.o_req_ndn.bv_len ) sl_free( op.o_req_ndn.bv_val, opx->o_tmpmemctx );
         if( op.oq_search.rs_filter ) filter_free_x( opx, op.oq_search.rs_filter );
+       if( op.ors_filterstr.bv_len ) ch_free( op.ors_filterstr.bv_val );
  
  #ifdef NEW_LOGGING
         LDAP_LOG( TRANSPORT, ENTRY,
author	Howard Chu <hyc@openldap.org>
	Thu, 13 Nov 2003 21:42:28 +0000 (21:42 +0000)
committer	Howard Chu <hyc@openldap.org>
	Thu, 13 Nov 2003 21:42:28 +0000 (21:42 +0000)
servers/slapd/sasl.c		patch \| blob \| history
servers/slapd/saslauthz.c		patch \| blob \| history