From 100facedf3c9ec241121a5e3ad7aa059a7c57bc2 Mon Sep 17 00:00:00 2001 From: Kurt Zeilenga Date: Sat, 27 Mar 2004 22:47:31 +0000 Subject: [PATCH] Don't return subordinate referrals (per RFC 3296) --- servers/slapd/back-bdb/bind.c | 35 +++----------------------------- servers/slapd/back-ldbm/bind.c | 37 ++++------------------------------ 2 files changed, 7 insertions(+), 65 deletions(-) diff --git a/servers/slapd/back-bdb/bind.c b/servers/slapd/back-bdb/bind.c index 24e2d8d892..9739773aea 100644 --- a/servers/slapd/back-bdb/bind.c +++ b/servers/slapd/back-bdb/bind.c @@ -93,31 +93,13 @@ dn2entry_retry: e = ei->bei_e; if ( rs->sr_err == DB_NOTFOUND ) { if( e != NULL ) { - rs->sr_ref = is_entry_referral( e ) - ? get_entry_referrals( op, e ) - : NULL; - if (rs->sr_ref) { - rs->sr_matched = ch_strdup( e->e_name.bv_val ); - rs->sr_flags |= REP_MATCHED_MUSTBEFREED; - } - bdb_cache_return_entry_r( bdb->bi_dbenv, &bdb->bi_cache, e, &lock ); e = NULL; - } else { - rs->sr_ref = referral_rewrite( default_referral, - NULL, &op->o_req_dn, LDAP_SCOPE_DEFAULT ); } - if ( rs->sr_ref != NULL ) { - rs->sr_err = LDAP_REFERRAL; - send_ldap_result( op, rs ); - ber_bvarray_free( rs->sr_ref ); - rs->sr_ref = NULL; - } else { - rs->sr_err = LDAP_INVALID_CREDENTIALS; - send_ldap_result( op, rs ); - } + rs->sr_err = LDAP_INVALID_CREDENTIALS; + send_ldap_result( op, rs ); LOCK_ID_FREE(bdb->bi_dbenv, locker); @@ -137,7 +119,6 @@ dn2entry_retry: Debug( LDAP_DEBUG_TRACE, "entry is subentry\n", 0, 0, 0 ); #endif - rs->sr_err = LDAP_INVALID_CREDENTIALS; goto done; } @@ -164,9 +145,6 @@ dn2entry_retry: #endif if ( is_entry_referral( e ) ) { - /* entry is a referral, don't allow bind */ - rs->sr_ref = get_entry_referrals( op, e ); - #ifdef NEW_LOGGING LDAP_LOG ( OPERATION, DETAIL1, "bdb_bind: entry is referral\n", 0, 0, 0 ); @@ -174,14 +152,7 @@ dn2entry_retry: Debug( LDAP_DEBUG_TRACE, "entry is referral\n", 0, 0, 0 ); #endif - - if( rs->sr_ref != NULL ) { - rs->sr_err = LDAP_REFERRAL; - rs->sr_matched = ch_strdup( e->e_name.bv_val ); - rs->sr_flags |= REP_MATCHED_MUSTBEFREED; - } else { - rs->sr_err = LDAP_INVALID_CREDENTIALS; - } + rs->sr_err = LDAP_INVALID_CREDENTIALS; goto done; } diff --git a/servers/slapd/back-ldbm/bind.c b/servers/slapd/back-ldbm/bind.c index 4c13224859..02ca82df89 100644 --- a/servers/slapd/back-ldbm/bind.c +++ b/servers/slapd/back-ldbm/bind.c @@ -65,33 +65,14 @@ ldbm_back_bind( /* get entry with reader lock */ if ( (e = dn2entry_r( op->o_bd, &op->o_req_ndn, &matched )) == NULL ) { if( matched != NULL ) { - rs->sr_matched = ch_strdup( matched->e_dn ); - rs->sr_flags |= REP_MATCHED_MUSTBEFREED; - - rs->sr_ref = is_entry_referral( matched ) - ? get_entry_referrals( op, matched ) - : NULL; - cache_return_entry_r( &li->li_cache, matched ); - - } else { - rs->sr_ref = referral_rewrite( default_referral, - NULL, &op->o_req_dn, LDAP_SCOPE_DEFAULT ); } - ldap_pvt_thread_rdwr_runlock(&li->li_giant_rwlock); /* allow noauth binds */ rc = 1; - if ( rs->sr_ref != NULL ) { - rs->sr_err = LDAP_REFERRAL; - } else { - rs->sr_err = LDAP_INVALID_CREDENTIALS; - } + rs->sr_err = LDAP_INVALID_CREDENTIALS; send_ldap_result( op, rs ); - - if ( rs->sr_ref ) ber_bvarray_free( rs->sr_ref ); - rs->sr_ref = NULL; return rs->sr_err; } @@ -132,24 +113,14 @@ ldbm_back_bind( if ( is_entry_referral( e ) ) { /* entry is a referral, don't allow bind */ - rs->sr_ref = get_entry_referrals( op, e ); - #ifdef NEW_LOGGING LDAP_LOG( BACK_LDBM, INFO, - "ldbm_back_bind: entry(%s) is a referral.\n", e->e_dn, 0, 0 ); + "ldbm_back_bind: entry(%s) is a referral.\n", e->e_dn, 0, 0 ); #else - Debug( LDAP_DEBUG_TRACE, "entry is referral\n", 0, - 0, 0 ); + Debug( LDAP_DEBUG_TRACE, "entry is referral\n", 0, 0, 0 ); #endif - if( rs->sr_ref != NULL ) { - rc = LDAP_REFERRAL; - rs->sr_matched = ch_strdup( e->e_name.bv_val ); - rs->sr_flags |= REP_MATCHED_MUSTBEFREED; - - } else { - rc = LDAP_INVALID_CREDENTIALS; - } + rc = LDAP_INVALID_CREDENTIALS; goto return_results; } -- 2.39.5