Skip to content
GitLab
Projects
Groups
Snippets
/
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Sign in / Register
Toggle navigation
Menu
Open sidebar
Joe Martin
OpenLDAP
Commits
5ee4b676
Commit
5ee4b676
authored
Sep 27, 2017
by
Ondřej Kuzník
Committed by
Ondřej Kuzník
Nov 17, 2020
Browse files
Move bind handling to bind.c
parent
abab7e46
Changes
3
Hide whitespace changes
Inline
Side-by-side
servers/lloadd/bind.c
View file @
5ee4b676
...
...
@@ -332,3 +332,214 @@ request_bind( Connection *client, Operation *op )
return
rc
;
}
int
handle_bind_response
(
Operation
*
op
,
BerElement
*
ber
)
{
Connection
*
client
=
op
->
o_client
,
*
upstream
=
op
->
o_upstream
;
BerValue
response
;
BerElement
*
copy
;
ber_int_t
result
;
ber_tag_t
tag
;
int
rc
=
LDAP_SUCCESS
;
if
(
(
copy
=
ber_alloc
())
==
NULL
)
{
rc
=
-
1
;
goto
done
;
}
tag
=
ber_peek_element
(
ber
,
&
response
);
assert
(
tag
==
LDAP_RES_BIND
);
ber_init2
(
copy
,
&
response
,
0
);
tag
=
ber_get_enum
(
copy
,
&
result
);
ber_free
(
copy
,
0
);
if
(
tag
==
LBER_ERROR
)
{
rc
=
-
1
;
goto
done
;
}
Debug
(
LDAP_DEBUG_STATS
,
"handle_bind_response: "
"received response for bind request msgid=%d by client "
"connid=%lu, result=%d
\n
"
,
op
->
o_client_msgid
,
op
->
o_client_connid
,
result
);
CONNECTION_LOCK
(
upstream
);
if
(
result
!=
LDAP_SASL_BIND_IN_PROGRESS
)
{
upstream
->
c_state
=
LLOAD_C_READY
;
}
CONNECTION_UNLOCK
(
upstream
);
CONNECTION_LOCK
(
client
);
if
(
client
->
c_state
==
LLOAD_C_BINDING
)
{
switch
(
result
)
{
case
LDAP_SASL_BIND_IN_PROGRESS
:
break
;
case
LDAP_SUCCESS
:
default:
{
client
->
c_state
=
LLOAD_C_READY
;
client
->
c_type
=
LLOAD_C_OPEN
;
if
(
result
!=
LDAP_SUCCESS
)
{
ber_memfree
(
client
->
c_auth
.
bv_val
);
BER_BVZERO
(
&
client
->
c_auth
);
}
else
if
(
!
ber_bvstrcasecmp
(
&
client
->
c_auth
,
&
lloadd_identity
)
)
{
client
->
c_type
=
LLOAD_C_PRIVILEGED
;
}
if
(
!
BER_BVISNULL
(
&
client
->
c_sasl_bind_mech
)
)
{
ber_memfree
(
client
->
c_sasl_bind_mech
.
bv_val
);
BER_BVZERO
(
&
client
->
c_sasl_bind_mech
);
}
break
;
}
}
}
else
{
assert
(
client
->
c_state
==
LLOAD_C_INVALID
||
client
->
c_state
==
LLOAD_C_CLOSING
);
}
CONNECTION_UNLOCK
(
client
);
done:
if
(
rc
)
{
operation_send_reject
(
op
,
LDAP_OTHER
,
"internal error"
,
0
);
ber_free
(
ber
,
1
);
return
LDAP_SUCCESS
;
}
return
forward_final_response
(
op
,
ber
);
}
#ifdef LDAP_API_FEATURE_VERIFY_CREDENTIALS
int
handle_vc_bind_response
(
Operation
*
op
,
BerElement
*
ber
)
{
Connection
*
c
=
op
->
o_client
;
BerElement
*
output
;
BerValue
matched
,
diagmsg
,
creds
=
BER_BVNULL
,
controls
=
BER_BVNULL
;
ber_int_t
result
;
ber_tag_t
tag
;
ber_len_t
len
;
int
rc
=
0
;
tag
=
ber_scanf
(
ber
,
"{emm"
/* "}" */
,
&
result
,
&
matched
,
&
diagmsg
);
if
(
tag
==
LBER_ERROR
)
{
rc
=
-
1
;
goto
done
;
}
tag
=
ber_peek_tag
(
ber
,
&
len
);
if
(
result
==
LDAP_PROTOCOL_ERROR
)
{
Connection
*
upstream
=
op
->
o_upstream
;
Backend
*
b
;
CONNECTION_LOCK
(
upstream
);
b
=
(
Backend
*
)
upstream
->
c_private
;
Debug
(
LDAP_DEBUG_ANY
,
"handle_vc_bind_response: "
"VC extended operation not supported on backend %s
\n
"
,
b
->
b_uri
.
bv_val
);
CONNECTION_UNLOCK
(
upstream
);
}
Debug
(
LDAP_DEBUG_STATS
,
"handle_vc_bind_response: "
"received response for bind request msgid=%d by client "
"connid=%lu, result=%d
\n
"
,
op
->
o_client_msgid
,
op
->
o_client_connid
,
result
);
CONNECTION_LOCK
(
c
);
if
(
tag
==
LDAP_TAG_EXOP_VERIFY_CREDENTIALS_COOKIE
)
{
if
(
!
BER_BVISNULL
(
&
c
->
c_vc_cookie
)
)
{
ber_memfree
(
c
->
c_vc_cookie
.
bv_val
);
}
tag
=
ber_scanf
(
ber
,
"o"
,
&
c
->
c_vc_cookie
);
if
(
tag
==
LBER_ERROR
)
{
rc
=
-
1
;
CONNECTION_UNLOCK_INCREF
(
c
);
goto
done
;
}
tag
=
ber_peek_tag
(
ber
,
&
len
);
}
if
(
tag
==
LDAP_TAG_EXOP_VERIFY_CREDENTIALS_SCREDS
)
{
tag
=
ber_scanf
(
ber
,
"m"
,
&
creds
);
if
(
tag
==
LBER_ERROR
)
{
rc
=
-
1
;
CONNECTION_UNLOCK_INCREF
(
c
);
goto
done
;
}
tag
=
ber_peek_tag
(
ber
,
&
len
);
}
if
(
tag
==
LDAP_TAG_EXOP_VERIFY_CREDENTIALS_CONTROLS
)
{
tag
=
ber_scanf
(
ber
,
"m"
,
&
controls
);
if
(
tag
==
LBER_ERROR
)
{
rc
=
-
1
;
CONNECTION_UNLOCK_INCREF
(
c
);
goto
done
;
}
}
if
(
c
->
c_state
==
LLOAD_C_BINDING
)
{
switch
(
result
)
{
case
LDAP_SASL_BIND_IN_PROGRESS
:
break
;
case
LDAP_SUCCESS
:
default:
{
c
->
c_state
=
LLOAD_C_READY
;
c
->
c_type
=
LLOAD_C_OPEN
;
if
(
result
!=
LDAP_SUCCESS
)
{
ber_memfree
(
c
->
c_auth
.
bv_val
);
BER_BVZERO
(
&
c
->
c_auth
);
}
else
if
(
!
ber_bvstrcasecmp
(
&
c
->
c_auth
,
&
lloadd_identity
)
)
{
c
->
c_type
=
LLOAD_C_PRIVILEGED
;
}
if
(
!
BER_BVISNULL
(
&
c
->
c_vc_cookie
)
)
{
ber_memfree
(
c
->
c_vc_cookie
.
bv_val
);
BER_BVZERO
(
&
c
->
c_vc_cookie
);
}
if
(
!
BER_BVISNULL
(
&
c
->
c_sasl_bind_mech
)
)
{
ber_memfree
(
c
->
c_sasl_bind_mech
.
bv_val
);
BER_BVZERO
(
&
c
->
c_sasl_bind_mech
);
}
break
;
}
}
}
else
{
assert
(
c
->
c_state
==
LLOAD_C_INVALID
||
c
->
c_state
==
LLOAD_C_CLOSING
);
}
CONNECTION_UNLOCK_INCREF
(
c
);
ldap_pvt_thread_mutex_lock
(
&
c
->
c_io_mutex
);
output
=
c
->
c_pendingber
;
if
(
output
==
NULL
&&
(
output
=
ber_alloc
())
==
NULL
)
{
rc
=
-
1
;
ldap_pvt_thread_mutex_unlock
(
&
c
->
c_io_mutex
);
goto
done
;
}
c
->
c_pendingber
=
output
;
rc
=
ber_printf
(
output
,
"t{tit{eOOtO}tO}"
,
LDAP_TAG_MESSAGE
,
LDAP_TAG_MSGID
,
op
->
o_client_msgid
,
LDAP_RES_BIND
,
result
,
&
matched
,
&
diagmsg
,
LDAP_TAG_SASL_RES_CREDS
,
BER_BV_OPTIONAL
(
&
creds
),
LDAP_TAG_CONTROLS
,
BER_BV_OPTIONAL
(
&
controls
)
);
ldap_pvt_thread_mutex_unlock
(
&
c
->
c_io_mutex
);
if
(
rc
>=
0
)
{
connection_write_cb
(
-
1
,
0
,
c
);
rc
=
0
;
}
done:
CONNECTION_LOCK_DECREF
(
c
);
operation_destroy_from_client
(
op
);
CONNECTION_UNLOCK_OR_DESTROY
(
c
);
ber_free
(
ber
,
1
);
return
rc
;
}
#endif
/* LDAP_API_FEATURE_VERIFY_CREDENTIALS */
servers/lloadd/proto-slap.h
View file @
5ee4b676
...
...
@@ -65,6 +65,8 @@ LDAP_SLAPD_F (void) ch_free( void * );
* bind.c
*/
LDAP_SLAPD_F
(
int
)
request_bind
(
Connection
*
c
,
Operation
*
op
);
LDAP_SLAPD_F
(
int
)
handle_bind_response
(
Operation
*
op
,
BerElement
*
ber
);
LDAP_SLAPD_F
(
int
)
handle_vc_bind_response
(
Operation
*
op
,
BerElement
*
ber
);
/*
* client.c
...
...
@@ -196,6 +198,8 @@ LDAP_SLAPD_F (void *) slap_sl_context( void *ptr );
/*
* upstream.c
*/
LDAP_SLAPD_F
(
int
)
forward_final_response
(
Operation
*
op
,
BerElement
*
ber
);
LDAP_SLAPD_F
(
int
)
forward_response
(
Operation
*
op
,
BerElement
*
ber
);
LDAP_SLAPD_F
(
Connection
*
)
upstream_init
(
ber_socket_t
s
,
Backend
*
b
);
LDAP_SLAPD_F
(
void
)
upstream_destroy
(
Connection
*
c
);
...
...
servers/lloadd/upstream.c
View file @
5ee4b676
...
...
@@ -24,7 +24,7 @@
#include
"lutil.h"
#include
"slap.h"
static
int
int
forward_response
(
Operation
*
op
,
BerElement
*
ber
)
{
Connection
*
c
=
op
->
o_client
;
...
...
@@ -66,7 +66,7 @@ forward_response( Operation *op, BerElement *ber )
return
0
;
}
static
int
int
forward_final_response
(
Operation
*
op
,
BerElement
*
ber
)
{
int
rc
;
...
...
@@ -83,217 +83,6 @@ forward_final_response( Operation *op, BerElement *ber )
return
rc
;
}
static
int
handle_bind_response
(
Operation
*
op
,
BerElement
*
ber
)
{
Connection
*
client
=
op
->
o_client
,
*
upstream
=
op
->
o_upstream
;
BerValue
response
;
BerElement
*
copy
;
ber_int_t
result
;
ber_tag_t
tag
;
int
rc
=
LDAP_SUCCESS
;
if
(
(
copy
=
ber_alloc
())
==
NULL
)
{
rc
=
-
1
;
goto
done
;
}
tag
=
ber_peek_element
(
ber
,
&
response
);
assert
(
tag
==
LDAP_RES_BIND
);
ber_init2
(
copy
,
&
response
,
0
);
tag
=
ber_get_enum
(
copy
,
&
result
);
ber_free
(
copy
,
0
);
if
(
tag
==
LBER_ERROR
)
{
rc
=
-
1
;
goto
done
;
}
Debug
(
LDAP_DEBUG_STATS
,
"handle_bind_response: "
"received response for bind request msgid=%d by client "
"connid=%lu, result=%d
\n
"
,
op
->
o_client_msgid
,
op
->
o_client_connid
,
result
);
CONNECTION_LOCK
(
upstream
);
if
(
result
!=
LDAP_SASL_BIND_IN_PROGRESS
)
{
upstream
->
c_state
=
LLOAD_C_READY
;
}
CONNECTION_UNLOCK
(
upstream
);
CONNECTION_LOCK
(
client
);
if
(
client
->
c_state
==
LLOAD_C_BINDING
)
{
switch
(
result
)
{
case
LDAP_SASL_BIND_IN_PROGRESS
:
break
;
case
LDAP_SUCCESS
:
default:
{
client
->
c_state
=
LLOAD_C_READY
;
client
->
c_type
=
LLOAD_C_OPEN
;
if
(
result
!=
LDAP_SUCCESS
)
{
ber_memfree
(
client
->
c_auth
.
bv_val
);
BER_BVZERO
(
&
client
->
c_auth
);
}
else
if
(
!
ber_bvstrcasecmp
(
&
client
->
c_auth
,
&
lloadd_identity
)
)
{
client
->
c_type
=
LLOAD_C_PRIVILEGED
;
}
if
(
!
BER_BVISNULL
(
&
client
->
c_sasl_bind_mech
)
)
{
ber_memfree
(
client
->
c_sasl_bind_mech
.
bv_val
);
BER_BVZERO
(
&
client
->
c_sasl_bind_mech
);
}
break
;
}
}
}
else
{
assert
(
client
->
c_state
==
LLOAD_C_INVALID
||
client
->
c_state
==
LLOAD_C_CLOSING
);
}
CONNECTION_UNLOCK
(
client
);
done:
if
(
rc
)
{
operation_send_reject
(
op
,
LDAP_OTHER
,
"internal error"
,
0
);
ber_free
(
ber
,
1
);
return
LDAP_SUCCESS
;
}
return
forward_final_response
(
op
,
ber
);
}
#ifdef LDAP_API_FEATURE_VERIFY_CREDENTIALS
static
int
handle_vc_bind_response
(
Operation
*
op
,
BerElement
*
ber
)
{
Connection
*
c
=
op
->
o_client
;
BerElement
*
output
;
BerValue
matched
,
diagmsg
,
creds
=
BER_BVNULL
,
controls
=
BER_BVNULL
;
ber_int_t
result
;
ber_tag_t
tag
;
ber_len_t
len
;
int
rc
=
0
;
tag
=
ber_scanf
(
ber
,
"{emm"
/* "}" */
,
&
result
,
&
matched
,
&
diagmsg
);
if
(
tag
==
LBER_ERROR
)
{
rc
=
-
1
;
goto
done
;
}
tag
=
ber_peek_tag
(
ber
,
&
len
);
if
(
result
==
LDAP_PROTOCOL_ERROR
)
{
Connection
*
upstream
=
op
->
o_upstream
;
Backend
*
b
;
CONNECTION_LOCK
(
upstream
);
b
=
(
Backend
*
)
upstream
->
c_private
;
Debug
(
LDAP_DEBUG_ANY
,
"handle_vc_bind_response: "
"VC extended operation not supported on backend %s
\n
"
,
b
->
b_uri
.
bv_val
);
CONNECTION_UNLOCK
(
upstream
);
}
Debug
(
LDAP_DEBUG_STATS
,
"handle_vc_bind_response: "
"received response for bind request msgid=%d by client "
"connid=%lu, result=%d
\n
"
,
op
->
o_client_msgid
,
op
->
o_client_connid
,
result
);
CONNECTION_LOCK
(
c
);
if
(
tag
==
LDAP_TAG_EXOP_VERIFY_CREDENTIALS_COOKIE
)
{
if
(
!
BER_BVISNULL
(
&
c
->
c_vc_cookie
)
)
{
ber_memfree
(
c
->
c_vc_cookie
.
bv_val
);
}
tag
=
ber_scanf
(
ber
,
"o"
,
&
c
->
c_vc_cookie
);
if
(
tag
==
LBER_ERROR
)
{
rc
=
-
1
;
CONNECTION_UNLOCK_INCREF
(
c
);
goto
done
;
}
tag
=
ber_peek_tag
(
ber
,
&
len
);
}
if
(
tag
==
LDAP_TAG_EXOP_VERIFY_CREDENTIALS_SCREDS
)
{
tag
=
ber_scanf
(
ber
,
"m"
,
&
creds
);
if
(
tag
==
LBER_ERROR
)
{
rc
=
-
1
;
CONNECTION_UNLOCK_INCREF
(
c
);
goto
done
;
}
tag
=
ber_peek_tag
(
ber
,
&
len
);
}
if
(
tag
==
LDAP_TAG_EXOP_VERIFY_CREDENTIALS_CONTROLS
)
{
tag
=
ber_scanf
(
ber
,
"m"
,
&
controls
);
if
(
tag
==
LBER_ERROR
)
{
rc
=
-
1
;
CONNECTION_UNLOCK_INCREF
(
c
);
goto
done
;
}
}
if
(
c
->
c_state
==
LLOAD_C_BINDING
)
{
switch
(
result
)
{
case
LDAP_SASL_BIND_IN_PROGRESS
:
break
;
case
LDAP_SUCCESS
:
default:
{
c
->
c_state
=
LLOAD_C_READY
;
c
->
c_type
=
LLOAD_C_OPEN
;
if
(
result
!=
LDAP_SUCCESS
)
{
ber_memfree
(
c
->
c_auth
.
bv_val
);
BER_BVZERO
(
&
c
->
c_auth
);
}
else
if
(
!
ber_bvstrcasecmp
(
&
c
->
c_auth
,
&
lloadd_identity
)
)
{
c
->
c_type
=
LLOAD_C_PRIVILEGED
;
}
if
(
!
BER_BVISNULL
(
&
c
->
c_vc_cookie
)
)
{
ber_memfree
(
c
->
c_vc_cookie
.
bv_val
);
BER_BVZERO
(
&
c
->
c_vc_cookie
);
}
if
(
!
BER_BVISNULL
(
&
c
->
c_sasl_bind_mech
)
)
{
ber_memfree
(
c
->
c_sasl_bind_mech
.
bv_val
);
BER_BVZERO
(
&
c
->
c_sasl_bind_mech
);
}
break
;
}
}
}
else
{
assert
(
c
->
c_state
==
LLOAD_C_INVALID
||
c
->
c_state
==
LLOAD_C_CLOSING
);
}
CONNECTION_UNLOCK_INCREF
(
c
);
ldap_pvt_thread_mutex_lock
(
&
c
->
c_io_mutex
);
output
=
c
->
c_pendingber
;
if
(
output
==
NULL
&&
(
output
=
ber_alloc
())
==
NULL
)
{
rc
=
-
1
;
ldap_pvt_thread_mutex_unlock
(
&
c
->
c_io_mutex
);
goto
done
;
}
c
->
c_pendingber
=
output
;
rc
=
ber_printf
(
output
,
"t{tit{eOOtO}tO}"
,
LDAP_TAG_MESSAGE
,
LDAP_TAG_MSGID
,
op
->
o_client_msgid
,
LDAP_RES_BIND
,
result
,
&
matched
,
&
diagmsg
,
LDAP_TAG_SASL_RES_CREDS
,
BER_BV_OPTIONAL
(
&
creds
),
LDAP_TAG_CONTROLS
,
BER_BV_OPTIONAL
(
&
controls
)
);
ldap_pvt_thread_mutex_unlock
(
&
c
->
c_io_mutex
);
if
(
rc
>=
0
)
{
connection_write_cb
(
-
1
,
0
,
c
);
rc
=
0
;
}
done:
CONNECTION_LOCK_DECREF
(
c
);
operation_destroy_from_client
(
op
);
CONNECTION_UNLOCK_OR_DESTROY
(
c
);
ber_free
(
ber
,
1
);
return
rc
;
}
#endif
/* LDAP_API_FEATURE_VERIFY_CREDENTIALS */
static
int
handle_unsolicited
(
Connection
*
c
,
BerElement
*
ber
)
{
...
...
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment