Commit 5ee4b676 authored by Ondřej Kuzník's avatar Ondřej Kuzník Committed by Ondřej Kuzník
Browse files

Move bind handling to bind.c

parent abab7e46
......@@ -332,3 +332,214 @@ request_bind( Connection *client, Operation *op )
return rc;
}
int
handle_bind_response( Operation *op, BerElement *ber )
{
Connection *client = op->o_client, *upstream = op->o_upstream;
BerValue response;
BerElement *copy;
ber_int_t result;
ber_tag_t tag;
int rc = LDAP_SUCCESS;
if ( (copy = ber_alloc()) == NULL ) {
rc = -1;
goto done;
}
tag = ber_peek_element( ber, &response );
assert( tag == LDAP_RES_BIND );
ber_init2( copy, &response, 0 );
tag = ber_get_enum( copy, &result );
ber_free( copy, 0 );
if ( tag == LBER_ERROR ) {
rc = -1;
goto done;
}
Debug( LDAP_DEBUG_STATS, "handle_bind_response: "
"received response for bind request msgid=%d by client "
"connid=%lu, result=%d\n",
op->o_client_msgid, op->o_client_connid, result );
CONNECTION_LOCK(upstream);
if ( result != LDAP_SASL_BIND_IN_PROGRESS ) {
upstream->c_state = LLOAD_C_READY;
}
CONNECTION_UNLOCK(upstream);
CONNECTION_LOCK(client);
if ( client->c_state == LLOAD_C_BINDING ) {
switch ( result ) {
case LDAP_SASL_BIND_IN_PROGRESS:
break;
case LDAP_SUCCESS:
default: {
client->c_state = LLOAD_C_READY;
client->c_type = LLOAD_C_OPEN;
if ( result != LDAP_SUCCESS ) {
ber_memfree( client->c_auth.bv_val );
BER_BVZERO( &client->c_auth );
} else if ( !ber_bvstrcasecmp(
&client->c_auth, &lloadd_identity ) ) {
client->c_type = LLOAD_C_PRIVILEGED;
}
if ( !BER_BVISNULL( &client->c_sasl_bind_mech ) ) {
ber_memfree( client->c_sasl_bind_mech.bv_val );
BER_BVZERO( &client->c_sasl_bind_mech );
}
break;
}
}
} else {
assert( client->c_state == LLOAD_C_INVALID ||
client->c_state == LLOAD_C_CLOSING );
}
CONNECTION_UNLOCK(client);
done:
if ( rc ) {
operation_send_reject( op, LDAP_OTHER, "internal error", 0 );
ber_free( ber, 1 );
return LDAP_SUCCESS;
}
return forward_final_response( op, ber );
}
#ifdef LDAP_API_FEATURE_VERIFY_CREDENTIALS
int
handle_vc_bind_response( Operation *op, BerElement *ber )
{
Connection *c = op->o_client;
BerElement *output;
BerValue matched, diagmsg, creds = BER_BVNULL, controls = BER_BVNULL;
ber_int_t result;
ber_tag_t tag;
ber_len_t len;
int rc = 0;
tag = ber_scanf( ber, "{emm" /* "}" */,
&result, &matched, &diagmsg );
if ( tag == LBER_ERROR ) {
rc = -1;
goto done;
}
tag = ber_peek_tag( ber, &len );
if ( result == LDAP_PROTOCOL_ERROR ) {
Connection *upstream = op->o_upstream;
Backend *b;
CONNECTION_LOCK(upstream);
b = (Backend *)upstream->c_private;
Debug( LDAP_DEBUG_ANY, "handle_vc_bind_response: "
"VC extended operation not supported on backend %s\n",
b->b_uri.bv_val );
CONNECTION_UNLOCK(upstream);
}
Debug( LDAP_DEBUG_STATS, "handle_vc_bind_response: "
"received response for bind request msgid=%d by client "
"connid=%lu, result=%d\n",
op->o_client_msgid, op->o_client_connid, result );
CONNECTION_LOCK(c);
if ( tag == LDAP_TAG_EXOP_VERIFY_CREDENTIALS_COOKIE ) {
if ( !BER_BVISNULL( &c->c_vc_cookie ) ) {
ber_memfree( c->c_vc_cookie.bv_val );
}
tag = ber_scanf( ber, "o", &c->c_vc_cookie );
if ( tag == LBER_ERROR ) {
rc = -1;
CONNECTION_UNLOCK_INCREF(c);
goto done;
}
tag = ber_peek_tag( ber, &len );
}
if ( tag == LDAP_TAG_EXOP_VERIFY_CREDENTIALS_SCREDS ) {
tag = ber_scanf( ber, "m", &creds );
if ( tag == LBER_ERROR ) {
rc = -1;
CONNECTION_UNLOCK_INCREF(c);
goto done;
}
tag = ber_peek_tag( ber, &len );
}
if ( tag == LDAP_TAG_EXOP_VERIFY_CREDENTIALS_CONTROLS ) {
tag = ber_scanf( ber, "m", &controls );
if ( tag == LBER_ERROR ) {
rc = -1;
CONNECTION_UNLOCK_INCREF(c);
goto done;
}
}
if ( c->c_state == LLOAD_C_BINDING ) {
switch ( result ) {
case LDAP_SASL_BIND_IN_PROGRESS:
break;
case LDAP_SUCCESS:
default: {
c->c_state = LLOAD_C_READY;
c->c_type = LLOAD_C_OPEN;
if ( result != LDAP_SUCCESS ) {
ber_memfree( c->c_auth.bv_val );
BER_BVZERO( &c->c_auth );
} else if ( !ber_bvstrcasecmp(
&c->c_auth, &lloadd_identity ) ) {
c->c_type = LLOAD_C_PRIVILEGED;
}
if ( !BER_BVISNULL( &c->c_vc_cookie ) ) {
ber_memfree( c->c_vc_cookie.bv_val );
BER_BVZERO( &c->c_vc_cookie );
}
if ( !BER_BVISNULL( &c->c_sasl_bind_mech ) ) {
ber_memfree( c->c_sasl_bind_mech.bv_val );
BER_BVZERO( &c->c_sasl_bind_mech );
}
break;
}
}
} else {
assert( c->c_state == LLOAD_C_INVALID ||
c->c_state == LLOAD_C_CLOSING );
}
CONNECTION_UNLOCK_INCREF(c);
ldap_pvt_thread_mutex_lock( &c->c_io_mutex );
output = c->c_pendingber;
if ( output == NULL && (output = ber_alloc()) == NULL ) {
rc = -1;
ldap_pvt_thread_mutex_unlock( &c->c_io_mutex );
goto done;
}
c->c_pendingber = output;
rc = ber_printf( output, "t{tit{eOOtO}tO}", LDAP_TAG_MESSAGE,
LDAP_TAG_MSGID, op->o_client_msgid, LDAP_RES_BIND,
result, &matched, &diagmsg,
LDAP_TAG_SASL_RES_CREDS, BER_BV_OPTIONAL( &creds ),
LDAP_TAG_CONTROLS, BER_BV_OPTIONAL( &controls ) );
ldap_pvt_thread_mutex_unlock( &c->c_io_mutex );
if ( rc >= 0 ) {
connection_write_cb( -1, 0, c );
rc = 0;
}
done:
CONNECTION_LOCK_DECREF(c);
operation_destroy_from_client( op );
CONNECTION_UNLOCK_OR_DESTROY(c);
ber_free( ber, 1 );
return rc;
}
#endif /* LDAP_API_FEATURE_VERIFY_CREDENTIALS */
......@@ -65,6 +65,8 @@ LDAP_SLAPD_F (void) ch_free( void * );
* bind.c
*/
LDAP_SLAPD_F (int) request_bind( Connection *c, Operation *op );
LDAP_SLAPD_F (int) handle_bind_response( Operation *op, BerElement *ber );
LDAP_SLAPD_F (int) handle_vc_bind_response( Operation *op, BerElement *ber );
/*
* client.c
......@@ -196,6 +198,8 @@ LDAP_SLAPD_F (void *) slap_sl_context( void *ptr );
/*
* upstream.c
*/
LDAP_SLAPD_F (int) forward_final_response( Operation *op, BerElement *ber );
LDAP_SLAPD_F (int) forward_response( Operation *op, BerElement *ber );
LDAP_SLAPD_F (Connection *) upstream_init( ber_socket_t s, Backend *b );
LDAP_SLAPD_F (void) upstream_destroy( Connection *c );
......
......@@ -24,7 +24,7 @@
#include "lutil.h"
#include "slap.h"
static int
int
forward_response( Operation *op, BerElement *ber )
{
Connection *c = op->o_client;
......@@ -66,7 +66,7 @@ forward_response( Operation *op, BerElement *ber )
return 0;
}
static int
int
forward_final_response( Operation *op, BerElement *ber )
{
int rc;
......@@ -83,217 +83,6 @@ forward_final_response( Operation *op, BerElement *ber )
return rc;
}
static int
handle_bind_response( Operation *op, BerElement *ber )
{
Connection *client = op->o_client, *upstream = op->o_upstream;
BerValue response;
BerElement *copy;
ber_int_t result;
ber_tag_t tag;
int rc = LDAP_SUCCESS;
if ( (copy = ber_alloc()) == NULL ) {
rc = -1;
goto done;
}
tag = ber_peek_element( ber, &response );
assert( tag == LDAP_RES_BIND );
ber_init2( copy, &response, 0 );
tag = ber_get_enum( copy, &result );
ber_free( copy, 0 );
if ( tag == LBER_ERROR ) {
rc = -1;
goto done;
}
Debug( LDAP_DEBUG_STATS, "handle_bind_response: "
"received response for bind request msgid=%d by client "
"connid=%lu, result=%d\n",
op->o_client_msgid, op->o_client_connid, result );
CONNECTION_LOCK(upstream);
if ( result != LDAP_SASL_BIND_IN_PROGRESS ) {
upstream->c_state = LLOAD_C_READY;
}
CONNECTION_UNLOCK(upstream);
CONNECTION_LOCK(client);
if ( client->c_state == LLOAD_C_BINDING ) {
switch ( result ) {
case LDAP_SASL_BIND_IN_PROGRESS:
break;
case LDAP_SUCCESS:
default: {
client->c_state = LLOAD_C_READY;
client->c_type = LLOAD_C_OPEN;
if ( result != LDAP_SUCCESS ) {
ber_memfree( client->c_auth.bv_val );
BER_BVZERO( &client->c_auth );
} else if ( !ber_bvstrcasecmp(
&client->c_auth, &lloadd_identity ) ) {
client->c_type = LLOAD_C_PRIVILEGED;
}
if ( !BER_BVISNULL( &client->c_sasl_bind_mech ) ) {
ber_memfree( client->c_sasl_bind_mech.bv_val );
BER_BVZERO( &client->c_sasl_bind_mech );
}
break;
}
}
} else {
assert( client->c_state == LLOAD_C_INVALID ||
client->c_state == LLOAD_C_CLOSING );
}
CONNECTION_UNLOCK(client);
done:
if ( rc ) {
operation_send_reject( op, LDAP_OTHER, "internal error", 0 );
ber_free( ber, 1 );
return LDAP_SUCCESS;
}
return forward_final_response( op, ber );
}
#ifdef LDAP_API_FEATURE_VERIFY_CREDENTIALS
static int
handle_vc_bind_response( Operation *op, BerElement *ber )
{
Connection *c = op->o_client;
BerElement *output;
BerValue matched, diagmsg, creds = BER_BVNULL, controls = BER_BVNULL;
ber_int_t result;
ber_tag_t tag;
ber_len_t len;
int rc = 0;
tag = ber_scanf( ber, "{emm" /* "}" */,
&result, &matched, &diagmsg );
if ( tag == LBER_ERROR ) {
rc = -1;
goto done;
}
tag = ber_peek_tag( ber, &len );
if ( result == LDAP_PROTOCOL_ERROR ) {
Connection *upstream = op->o_upstream;
Backend *b;
CONNECTION_LOCK(upstream);
b = (Backend *)upstream->c_private;
Debug( LDAP_DEBUG_ANY, "handle_vc_bind_response: "
"VC extended operation not supported on backend %s\n",
b->b_uri.bv_val );
CONNECTION_UNLOCK(upstream);
}
Debug( LDAP_DEBUG_STATS, "handle_vc_bind_response: "
"received response for bind request msgid=%d by client "
"connid=%lu, result=%d\n",
op->o_client_msgid, op->o_client_connid, result );
CONNECTION_LOCK(c);
if ( tag == LDAP_TAG_EXOP_VERIFY_CREDENTIALS_COOKIE ) {
if ( !BER_BVISNULL( &c->c_vc_cookie ) ) {
ber_memfree( c->c_vc_cookie.bv_val );
}
tag = ber_scanf( ber, "o", &c->c_vc_cookie );
if ( tag == LBER_ERROR ) {
rc = -1;
CONNECTION_UNLOCK_INCREF(c);
goto done;
}
tag = ber_peek_tag( ber, &len );
}
if ( tag == LDAP_TAG_EXOP_VERIFY_CREDENTIALS_SCREDS ) {
tag = ber_scanf( ber, "m", &creds );
if ( tag == LBER_ERROR ) {
rc = -1;
CONNECTION_UNLOCK_INCREF(c);
goto done;
}
tag = ber_peek_tag( ber, &len );
}
if ( tag == LDAP_TAG_EXOP_VERIFY_CREDENTIALS_CONTROLS ) {
tag = ber_scanf( ber, "m", &controls );
if ( tag == LBER_ERROR ) {
rc = -1;
CONNECTION_UNLOCK_INCREF(c);
goto done;
}
}
if ( c->c_state == LLOAD_C_BINDING ) {
switch ( result ) {
case LDAP_SASL_BIND_IN_PROGRESS:
break;
case LDAP_SUCCESS:
default: {
c->c_state = LLOAD_C_READY;
c->c_type = LLOAD_C_OPEN;
if ( result != LDAP_SUCCESS ) {
ber_memfree( c->c_auth.bv_val );
BER_BVZERO( &c->c_auth );
} else if ( !ber_bvstrcasecmp(
&c->c_auth, &lloadd_identity ) ) {
c->c_type = LLOAD_C_PRIVILEGED;
}
if ( !BER_BVISNULL( &c->c_vc_cookie ) ) {
ber_memfree( c->c_vc_cookie.bv_val );
BER_BVZERO( &c->c_vc_cookie );
}
if ( !BER_BVISNULL( &c->c_sasl_bind_mech ) ) {
ber_memfree( c->c_sasl_bind_mech.bv_val );
BER_BVZERO( &c->c_sasl_bind_mech );
}
break;
}
}
} else {
assert( c->c_state == LLOAD_C_INVALID ||
c->c_state == LLOAD_C_CLOSING );
}
CONNECTION_UNLOCK_INCREF(c);
ldap_pvt_thread_mutex_lock( &c->c_io_mutex );
output = c->c_pendingber;
if ( output == NULL && (output = ber_alloc()) == NULL ) {
rc = -1;
ldap_pvt_thread_mutex_unlock( &c->c_io_mutex );
goto done;
}
c->c_pendingber = output;
rc = ber_printf( output, "t{tit{eOOtO}tO}", LDAP_TAG_MESSAGE,
LDAP_TAG_MSGID, op->o_client_msgid, LDAP_RES_BIND,
result, &matched, &diagmsg,
LDAP_TAG_SASL_RES_CREDS, BER_BV_OPTIONAL( &creds ),
LDAP_TAG_CONTROLS, BER_BV_OPTIONAL( &controls ) );
ldap_pvt_thread_mutex_unlock( &c->c_io_mutex );
if ( rc >= 0 ) {
connection_write_cb( -1, 0, c );
rc = 0;
}
done:
CONNECTION_LOCK_DECREF(c);
operation_destroy_from_client( op );
CONNECTION_UNLOCK_OR_DESTROY(c);
ber_free( ber, 1 );
return rc;
}
#endif /* LDAP_API_FEATURE_VERIFY_CREDENTIALS */
static int
handle_unsolicited( Connection *c, BerElement *ber )
{
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment