From: Pierangelo Masarati Date: Thu, 15 Jun 2006 23:43:09 +0000 (+0000) Subject: more cleanup for previous commit X-Git-Tag: OPENLDAP_REL_ENG_2_4_3ALPHA~9^2~97 X-Git-Url: https://git.sur5r.net/?a=commitdiff_plain;h=a5b520477cc44db5e88f5fa6a6c7b5812b41f212;p=openldap more cleanup for previous commit --- diff --git a/servers/slapd/back-ldap/config.c b/servers/slapd/back-ldap/config.c index 05846e015e..154f4c305a 100644 --- a/servers/slapd/back-ldap/config.c +++ b/servers/slapd/back-ldap/config.c @@ -515,7 +515,6 @@ slap_retry_info_destroy( static int slap_idassert_authzfrom_parse( ConfigArgs *c, slap_idassert_t *si ) { - ldapinfo_t *li = ( ldapinfo_t * )c->be->be_private; struct berval bv; struct berval in; int rc; @@ -529,7 +528,7 @@ slap_idassert_authzfrom_parse( ConfigArgs *c, slap_idassert_t *si ) Debug( LDAP_DEBUG_ANY, "%s: %s.\n", c->log, c->msg, 0 ); return 1; } - ber_bvarray_add( &li->li_idassert_authz, &bv ); + ber_bvarray_add( &si->si_authz, &bv ); return 0; } @@ -664,13 +663,14 @@ int slap_idassert_authzfrom_parse_cf( const char *fname, int lineno, const char *arg, slap_idassert_t *si ) { ConfigArgs c = { 0 }; - char *argv[ 2 ]; + char *argv[ 3 ]; snprintf( c.log, sizeof( c.log ), "%s: line %d", fname, lineno ); c.argc = 2; c.argv = argv; - argv[ 0 ] = arg; - argv[ 1 ] = NULL; + argv[ 0 ] = "idassert-authzFrom"; + argv[ 1 ] = (char *)arg; + argv[ 2 ] = NULL; return slap_idassert_authzfrom_parse( &c, si ); } diff --git a/servers/slapd/back-meta/back-meta.h b/servers/slapd/back-meta/back-meta.h index 9d42fae474..7300c482b8 100644 --- a/servers/slapd/back-meta/back-meta.h +++ b/servers/slapd/back-meta/back-meta.h @@ -386,14 +386,6 @@ meta_back_quarantine( SlapReply *rs, int candidate ); -extern int -meta_back_single_bind( - Operation *op, - SlapReply *rs, - metaconn_t *mc, - int candidate, - int massage ); - extern int meta_back_dobind( Operation *op, diff --git a/servers/slapd/back-meta/bind.c b/servers/slapd/back-meta/bind.c index 9f5c009229..243a615879 100644 --- a/servers/slapd/back-meta/bind.c +++ b/servers/slapd/back-meta/bind.c @@ -44,6 +44,13 @@ meta_back_proxy_authz_bind( SlapReply *rs, ldap_back_send_t sendok ); +static int +meta_back_single_bind( + Operation *op, + SlapReply *rs, + metaconn_t *mc, + int candidate ); + int meta_back_bind( Operation *op, SlapReply *rs ) { @@ -122,8 +129,6 @@ meta_back_bind( Operation *op, SlapReply *rs ) for ( i = 0; i < mi->mi_ntargets; i++ ) { metatarget_t *mt = mi->mi_targets[ i ]; int lerr; - Operation op2 = *op; - int massage = 1; /* * Skip non-candidates @@ -174,20 +179,13 @@ meta_back_bind( Operation *op, SlapReply *rs ) continue; } - /* FIXME: if sb_method == LDAP_AUTH_SASL things differ a bit */ - if ( mt->mt_idassert_authmethod == LDAP_AUTH_SASL ) { - /* ### */ - } - - op2.o_req_dn = mt->mt_idassert_authcDN; - op2.o_req_ndn = mt->mt_idassert_authcDN; - op2.orb_cred = mt->mt_idassert_passwd; - op2.orb_method = LDAP_AUTH_SIMPLE; + + (void)meta_back_proxy_authz_bind( mc, i, op, rs, LDAP_BACK_DONTSEND ); + lerr = rs->sr_err; - massage = 0; + } else { + lerr = meta_back_single_bind( op, rs, mc, i ); } - - lerr = meta_back_single_bind( &op2, rs, mc, i, massage ); if ( lerr != LDAP_SUCCESS ) { rc = rs->sr_err = lerr; @@ -373,19 +371,19 @@ retry:; * * attempts to perform a bind with creds */ -int +static int meta_back_single_bind( Operation *op, SlapReply *rs, metaconn_t *mc, - int candidate, - int massage ) + int candidate ) { metainfo_t *mi = ( metainfo_t * )op->o_bd->be_private; metatarget_t *mt = mi->mi_targets[ candidate ]; struct berval mdn = BER_BVNULL; metasingleconn_t *msc = &mc->mc_conns[ candidate ]; int msgid; + dncookie dc; if ( !BER_BVISNULL( &msc->msc_bound_ndn ) ) { ch_free( msc->msc_bound_ndn.bv_val ); @@ -402,22 +400,15 @@ meta_back_single_bind( /* * Rewrite the bind dn if needed */ - if ( massage ) { - dncookie dc; - - dc.target = mt; - dc.conn = op->o_conn; - dc.rs = rs; - dc.ctx = "bindDN"; - - if ( ldap_back_dn_massage( &dc, &op->o_req_dn, &mdn ) ) { - rs->sr_text = "DN rewrite error"; - rs->sr_err = LDAP_OTHER; - return rs->sr_err; - } - - } else { - mdn = op->o_req_dn; + dc.target = mt; + dc.conn = op->o_conn; + dc.rs = rs; + dc.ctx = "bindDN"; + + if ( ldap_back_dn_massage( &dc, &op->o_req_dn, &mdn ) ) { + rs->sr_text = "DN rewrite error"; + rs->sr_err = LDAP_OTHER; + return rs->sr_err; } /* FIXME: this fixes the bind problem right now; we need diff --git a/servers/slapd/back-meta/config.c b/servers/slapd/back-meta/config.c index e5230859e8..3fd0b2dbed 100644 --- a/servers/slapd/back-meta/config.c +++ b/servers/slapd/back-meta/config.c @@ -72,6 +72,13 @@ meta_back_new_target( ldap_pvt_thread_mutex_init( &mt->mt_uri_mutex ); + mt->mt_idassert_mode = LDAP_BACK_IDASSERT_LEGACY; + mt->mt_idassert_authmethod = LDAP_AUTH_NONE; + mt->mt_idassert_tls = SB_TLS_DEFAULT; + + /* by default, use proxyAuthz control on each operation */ + mt->mt_idassert_flags = LDAP_BACK_AUTH_PRESCRIPTIVE; + *mtp = mt; return 0; @@ -942,7 +949,6 @@ meta_back_db_config( /* name to use as pseudo-root dn */ } else if ( strcasecmp( argv[ 0 ], "pseudorootdn" ) == 0 ) { int i = mi->mi_ntargets - 1; - struct berval dn; if ( i < 0 ) { Debug( LDAP_DEBUG_ANY, diff --git a/servers/slapd/back-meta/conn.c b/servers/slapd/back-meta/conn.c index 82cb41b403..b2a4cf882b 100644 --- a/servers/slapd/back-meta/conn.c +++ b/servers/slapd/back-meta/conn.c @@ -492,7 +492,7 @@ retry:; } } else { - ber_dupbv( &msc->msc_bound_ndn, &slap_empty_bv ); + ber_dupbv( &msc->msc_bound_ndn, (struct berval *)&slap_empty_bv ); } }