From: Quanah Gibson-Mount Date: Wed, 17 Oct 2007 02:49:53 +0000 (+0000) Subject: draft-wahl-ldap-session: append further instances of the control X-Git-Tag: OPENLDAP_REL_ENG_2_4_6~38 X-Git-Url: https://git.sur5r.net/?a=commitdiff_plain;h=49cb2d785a406a9165b1f8a92a34f206d6c5f501;p=openldap draft-wahl-ldap-session: append further instances of the control --- diff --git a/servers/slapd/back-meta/back-meta.h b/servers/slapd/back-meta/back-meta.h index 2f7b080e8b..00f15521e2 100644 --- a/servers/slapd/back-meta/back-meta.h +++ b/servers/slapd/back-meta/back-meta.h @@ -504,6 +504,14 @@ meta_back_op_result( time_t timeout, ldap_back_send_t sendok ); +extern int +meta_back_controls_add( + Operation *op, + SlapReply *rs, + metaconn_t *mc, + int candidate, + LDAPControl ***pctrls ); + extern int back_meta_LTX_init_module( int argc, diff --git a/servers/slapd/back-meta/bind.c b/servers/slapd/back-meta/bind.c index 41a3539ec7..2f40e6e32f 100644 --- a/servers/slapd/back-meta/bind.c +++ b/servers/slapd/back-meta/bind.c @@ -1584,7 +1584,7 @@ meta_back_controls_add( LDAPControl **ctrls = NULL; /* set to the maximum number of controls this backend can add */ LDAPControl c[ 2 ] = { 0 }; - int i = 0, j = 0; + int n = 0, i, j1 = 0, j2 = 0; *pctrls = NULL; @@ -1605,30 +1605,34 @@ meta_back_controls_add( goto done; } + /* put controls that go __before__ existing ones here */ + /* proxyAuthz for identity assertion */ switch ( ldap_back_proxy_authz_ctrl( op, rs, &msc->msc_bound_ndn, - mt->mt_version, &mt->mt_idassert, &c[ j ] ) ) + mt->mt_version, &mt->mt_idassert, &c[ j1 ] ) ) { case SLAP_CB_CONTINUE: break; case LDAP_SUCCESS: - j++; + j1++; break; default: goto done; } + /* put controls that go __after__ existing ones here */ + #ifdef SLAP_CONTROL_X_SESSION_TRACKING /* session tracking */ if ( META_BACK_TGT_ST_REQUEST( mt ) ) { - switch ( slap_ctrl_session_tracking_request_add( op, rs, &c[ j ] ) ) { + switch ( slap_ctrl_session_tracking_request_add( op, rs, &c[ j1 + j2 ] ) ) { case SLAP_CB_CONTINUE: break; case LDAP_SUCCESS: - j++; + j2++; break; default: @@ -1641,31 +1645,47 @@ meta_back_controls_add( rs->sr_err = LDAP_SUCCESS; } - if ( j == 0 ) { + /* if nothing to do, just bail out */ + if ( j1 == 0 && j2 == 0 ) { goto done; } + assert( j1 + j1 <= sizeof( c )/sizeof(LDAPControl) ); + if ( op->o_ctrls ) { - for ( i = 0; op->o_ctrls[ i ]; i++ ) + for ( n = 0; op->o_ctrls[ n ]; n++ ) /* just count ctrls */ ; } - ctrls = op->o_tmpalloc( sizeof( LDAPControl * ) * (i + j + 1) + j * sizeof( LDAPControl ), + ctrls = op->o_tmpalloc( (n + j1 + j2 + 1) * sizeof( LDAPControl * ) + ( j1 + j2 ) * sizeof( LDAPControl ), op->o_tmpmemctx ); - ctrls[ 0 ] = (LDAPControl *)&ctrls[ i + j + 1 ]; - *ctrls[ 0 ] = c[ 0 ]; - for ( i = 1; i < j; i++ ) { - ctrls[ i ] = &ctrls[ 0 ][ i ]; - *ctrls[ i ] = c[ i ]; + if ( j1 ) { + ctrls[ 0 ] = (LDAPControl *)&ctrls[ n + j1 + j2 + 1 ]; + *ctrls[ 0 ] = c[ 0 ]; + for ( i = 1; i < j1; i++ ) { + ctrls[ i ] = &ctrls[ 0 ][ i ]; + *ctrls[ i ] = c[ i ]; + } } i = 0; if ( op->o_ctrls ) { for ( i = 0; op->o_ctrls[ i ]; i++ ) { - ctrls[ i + j ] = op->o_ctrls[ i ]; + ctrls[ i + j1 ] = op->o_ctrls[ i ]; } } - ctrls[ i + j ] = NULL; + + n += j1; + if ( j2 ) { + ctrls[ n ] = (LDAPControl *)&ctrls[ n + j2 + 1 ] + j1; + *ctrls[ n ] = c[ j1 ]; + for ( i = 1; i < j2; i++ ) { + ctrls[ n + i ] = &ctrls[ n ][ i ]; + *ctrls[ n + i ] = c[ i ]; + } + } + + ctrls[ n + j2 ] = NULL; done:; if ( ctrls == NULL ) { diff --git a/servers/slapd/controls.c b/servers/slapd/controls.c index ed887e5f1a..665e320955 100644 --- a/servers/slapd/controls.c +++ b/servers/slapd/controls.c @@ -1650,6 +1650,9 @@ static int parseSessionTracking( return LDAP_PROTOCOL_ERROR; } + /* TODO: add the capability to determine if a client is allowed + * to use this control, based on identity, ip and so */ + ber = ber_init( &ctrl->ldctl_value ); if ( ber == NULL ) { rs->sr_text = "internal error";