Commit 59291ba4 authored by Ondřej Kuzník's avatar Ondřej Kuzník Committed by Ondřej Kuzník
Browse files

Proxyauthz support

parent 9309bc94
......@@ -171,7 +171,18 @@ request_bind_as_vc( Operation *op )
if ( !BER_BVISNULL( &c->c_auth ) ) {
ber_memfree( c->c_auth.bv_val );
}
ber_dupbv( &c->c_auth, &binddn );
if ( !BER_BVISEMPTY( &binddn ) ) {
char *ptr;
c->c_auth.bv_len = STRLENOF("dn:") + binddn.bv_len;
c->c_auth.bv_val = ch_malloc( c->c_auth.bv_len + 1 );
ptr = lutil_strcopy( c->c_auth.bv_val, "dn:" );
ptr = lutil_strncopy( ptr, binddn.bv_val, binddn.bv_len );
*ptr = '\0';
} else {
BER_BVZERO( &c->c_auth );
}
if ( !BER_BVISNULL( &c->c_sasl_bind_mech ) ) {
ber_memfree( c->c_sasl_bind_mech.bv_val );
BER_BVZERO( &c->c_sasl_bind_mech );
......
......@@ -472,6 +472,8 @@ config_backend( ConfigArgs *c )
}
}
bindconf_tls_defaults( &b->b_bindconf );
if ( b->b_bindconf.sb_method == LDAP_AUTH_SASL ) {
#ifndef HAVE_CYRUS_SASL
Debug( LDAP_DEBUG_ANY, "config_backend: "
......
......@@ -298,12 +298,38 @@ request_process( void *ctx, void *arg )
op->o_upstream_msgid = msgid = c->c_next_msgid++;
rc = tavl_insert( &c->c_ops, op, operation_upstream_cmp, avl_dup_error );
assert( rc == LDAP_SUCCESS );
ldap_pvt_thread_mutex_unlock( &c->c_mutex );
ber_printf( output, "t{titOtO}", LDAP_TAG_MESSAGE,
LDAP_TAG_MSGID, msgid,
op->o_tag, &op->o_request,
LDAP_TAG_CONTROLS, BER_BV_OPTIONAL( &op->o_ctrls ) );
if ( lload_features & LLOAD_FEATURE_PROXYAUTHZ ) {
Debug( LDAP_DEBUG_TRACE, "request_process: "
"proxying identity %s to upstream\n",
c->c_auth.bv_val );
ber_printf( output, "t{titOt{{sbO}" /* "}}" */, LDAP_TAG_MESSAGE,
LDAP_TAG_MSGID, msgid,
op->o_tag, &op->o_request,
LDAP_TAG_CONTROLS,
LDAP_CONTROL_PROXY_AUTHZ, 1, &c->c_auth );
if ( !BER_BVISNULL( &op->o_ctrls ) ) {
BerElement *control_ber = ber_alloc();
BerValue controls;
if ( !control_ber ) {
goto fail;
}
ber_init2( control_ber, &op->o_ctrls, 0 );
ber_peek_element( control_ber, &controls );
ber_write( output, controls.bv_val, controls.bv_len, 0 );
ber_free( control_ber, 0 );
}
ber_printf( output, /* "{{" */ "}}" );
} else {
ber_printf( output, "t{titOtO}", LDAP_TAG_MESSAGE,
LDAP_TAG_MSGID, msgid,
op->o_tag, &op->o_request,
LDAP_TAG_CONTROLS, BER_BV_OPTIONAL( &op->o_ctrls ) );
}
ldap_pvt_thread_mutex_unlock( &c->c_mutex );
ldap_pvt_thread_mutex_unlock( &c->c_io_mutex );
upstream_write_cb( -1, 0, c );
......
......@@ -78,6 +78,7 @@ LDAP_SLAPD_F (int) read_config( const char *fname, const char *dir );
LDAP_SLAPD_F (void) config_destroy( void );
LDAP_SLAPD_F (int) verb_to_mask( const char *word, slap_verbmasks *v );
LDAP_SLAPD_F (int) str2loglevel( const char *s, int *l );
LDAP_SLAPD_F (void) bindconf_tls_defaults( slap_bindconf *bc );
LDAP_SLAPD_F (void) bindconf_free( slap_bindconf *bc );
/*
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment