+++ /dev/null
-/* chain.c - chain LDAP operations */
-/* $OpenLDAP$ */
-/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
- *
- * Copyright 2003-2004 The OpenLDAP Foundation.
- * Portions Copyright 2003 Howard Chu.
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted only as authorized by the OpenLDAP
- * Public License.
- *
- * A copy of this license is available in the file LICENSE in the
- * top-level directory of the distribution or, alternatively, at
- * <http://www.OpenLDAP.org/license.html>.
- */
-/* ACKNOWLEDGEMENTS:
- * This work was initially developed by the Howard Chu for inclusion
- * in OpenLDAP Software.
- */
-
-#include "portable.h"
-
-#include <stdio.h>
-
-#include <ac/string.h>
-#include <ac/socket.h>
-
-#include "slap.h"
-#include "back-ldap.h"
-
-static int
-ldap_chain_response( Operation *op, SlapReply *rs )
-{
- slap_overinst *on = (slap_overinst *) op->o_bd->bd_info;
- void *private = op->o_bd->be_private;
- slap_callback *sc = op->o_callback;
- LDAPControl **prev = op->o_ctrls;
- LDAPControl **ctrls = NULL, authz;
- int i, nctrls, rc;
- int cache = op->o_do_not_cache;
- char *authzid = NULL;
- BerVarray ref;
- struct berval ndn = op->o_ndn;
-
- if ( rs->sr_err != LDAP_REFERRAL )
- return SLAP_CB_CONTINUE;
-
- /* currently we assume only one referral destination.
- * we'll have to parse this in the future.
- */
- ref = rs->sr_ref;
- rs->sr_ref = NULL;
-
- op->o_bd->be_private = on->on_bi.bi_private;
- op->o_callback = NULL;
-
- /* Chaining is performed by a privileged user on behalf
- * of a normal user, using the ProxyAuthz control. However,
- * Binds are done separately, on an anonymous session.
- */
- if ( op->o_tag != LDAP_REQ_BIND ) {
- for (i=0; prev && prev[i]; i++);
- nctrls = i;
-
- /* Add an extra NULL slot */
- if (!prev) i++;
-
- ctrls = op->o_tmpalloc((i+1)*sizeof(LDAPControl *),
- op->o_tmpmemctx);
- for (i=0; i <nctrls; i++)
- ctrls[i] = prev[i];
- ctrls[nctrls] = &authz;
- ctrls[nctrls+1] = NULL;
- authz.ldctl_oid = LDAP_CONTROL_PROXY_AUTHZ;
- authz.ldctl_iscritical = 1;
- authz.ldctl_value = op->o_dn;
- if ( op->o_dn.bv_len ) {
- authzid = op->o_tmpalloc( op->o_dn.bv_len+4,
- op->o_tmpmemctx );
- strcpy(authzid, "dn: ");
- strcpy(authzid+4, op->o_dn.bv_val);
- authz.ldctl_value.bv_len = op->o_dn.bv_len + 4;
- authz.ldctl_value.bv_val = authzid;
- }
- op->o_ctrls = ctrls;
- op->o_ndn = op->o_bd->be_rootndn;
- }
-
- switch( op->o_tag ) {
- case LDAP_REQ_BIND: {
- struct berval rndn = op->o_req_ndn;
- Connection *conn = op->o_conn;
- op->o_req_ndn = slap_empty_bv;
- op->o_conn = NULL;
- rc = ldap_back_bind( op, rs );
- op->o_req_ndn = rndn;
- op->o_conn = conn;
- }
- break;
- case LDAP_REQ_ADD:
- rc = ldap_back_add( op, rs );
- break;
- case LDAP_REQ_DELETE:
- rc = ldap_back_delete( op, rs );
- break;
- case LDAP_REQ_MODRDN:
- rc = ldap_back_modrdn( op, rs );
- break;
- case LDAP_REQ_MODIFY:
- rc = ldap_back_modify( op, rs );
- break;
- case LDAP_REQ_COMPARE:
- rc = ldap_back_compare( op, rs );
- break;
- case LDAP_REQ_SEARCH:
- rc = ldap_back_search( op, rs );
- break;
- case LDAP_REQ_EXTENDED:
- rc = ldap_back_extended( op, rs );
- break;
- default:
- rc = SLAP_CB_CONTINUE;
- break;
- }
- op->o_do_not_cache = cache;
- op->o_ctrls = prev;
- op->o_bd->be_private = private;
- op->o_callback = sc;
- op->o_ndn = ndn;
- if ( ctrls ) op->o_tmpfree( ctrls, op->o_tmpmemctx );
- if ( authzid ) op->o_tmpfree( authzid, op->o_tmpmemctx );
- rs->sr_ref = ref;
-
- return rc;
-}
-
-static int ldap_chain_config(
- BackendDB *be,
- const char *fname,
- int lineno,
- int argc,
- char **argv
-)
-{
- slap_overinst *on = (slap_overinst *) be->bd_info;
- void *private = be->be_private;
- int rc;
-
- be->be_private = on->on_bi.bi_private;
- rc = ldap_back_db_config( be, fname, lineno, argc, argv );
- be->be_private = private;
- return rc;
-}
-
-static int ldap_chain_init(
- BackendDB *be
-)
-{
- slap_overinst *on = (slap_overinst *) be->bd_info;
- void *private = be->be_private;
- int rc;
-
- be->be_private = NULL;
- rc = ldap_back_db_init( be );
- on->on_bi.bi_private = be->be_private;
- be->be_private = private;
- return rc;
-}
-
-static int ldap_chain_destroy(
- BackendDB *be
-)
-{
- slap_overinst *on = (slap_overinst *) be->bd_info;
- void *private = be->be_private;
- int rc;
-
- be->be_private = on->on_bi.bi_private;
- rc = ldap_back_db_destroy( be );
- on->on_bi.bi_private = be->be_private;
- be->be_private = private;
- return rc;
-}
-
-static slap_overinst ldapchain;
-
-int ldap_chain_setup()
-{
- ldapchain.on_bi.bi_type = "chain";
- ldapchain.on_bi.bi_db_init = ldap_chain_init;
- ldapchain.on_bi.bi_db_config = ldap_chain_config;
- ldapchain.on_bi.bi_db_destroy = ldap_chain_destroy;
- ldapchain.on_response = ldap_chain_response;
-
- return overlay_register( &ldapchain );
-}
projects / openldap / commitdiff