Commit e112b832 authored by Quanah Gibson-Mount's avatar Quanah Gibson-Mount
Browse files

ITS#5355

parent 56cdfc22
......@@ -30,6 +30,7 @@ OpenLDAP 2.4.8 Engineering
Fixed slapd-bdb modrdn to same dn (ITS#5319)
Added slapd-bdb/slapd-hdb DB encryption (ITS#5359)
Fixed slapd-ldif delete (ITS#5265)
Fixed slapd-meta link to slapd-ldap (ITS#5355)
Fixed slapd-monitor crash (ITS#5311)
Fixed slapd-relay compare (ITS#4937)
Added slapd-sock (ITS#4094)
......
......@@ -424,6 +424,12 @@ typedef enum ldap_back_send_t {
#define LDAP_BACK_PRINT_CONNTREE 0
#endif /* !LDAP_BACK_PRINT_CONNTREE */
typedef struct ldap_extra_t {
int (*proxy_authz_ctrl)( Operation *op, SlapReply *rs, struct berval *bound_ndn,
int version, slap_idassert_t *si, LDAPControl *ctrl );
int (*controls_free)( Operation *op, SlapReply *rs, LDAPControl ***pctrls );
} ldap_extra_t;
LDAP_END_DECL
#include "proto-ldap.h"
......
......@@ -32,6 +32,11 @@
#include "config.h"
#include "back-ldap.h"
static const ldap_extra_t ldap_extra = {
ldap_back_proxy_authz_ctrl,
ldap_back_controls_free
};
int
ldap_back_open( BackendInfo *bi )
{
......@@ -83,6 +88,8 @@ ldap_back_initialize( BackendInfo *bi )
bi->bi_connection_init = 0;
bi->bi_connection_destroy = ldap_back_conn_destroy;
bi->bi_extra = (void *)&ldap_extra;
rc = chain_initialize();
if ( rc ) {
return rc;
......
......@@ -183,13 +183,13 @@ retry:;
do_retry = 0;
if ( meta_back_retry( op, rs, &mc, candidate, LDAP_BACK_SENDERR ) ) {
/* if the identity changed, there might be need to re-authz */
(void)ldap_back_controls_free( op, rs, &ctrls );
(void)mi->mi_ldap_extra->controls_free( op, rs, &ctrls );
goto retry;
}
}
cleanup:;
(void)ldap_back_controls_free( op, rs, &ctrls );
(void)mi->mi_ldap_extra->controls_free( op, rs, &ctrls );
for ( --i; i >= 0; --i ) {
free( attrs[ i ]->mod_bvalues );
......
......@@ -397,6 +397,9 @@ typedef struct metainfo_t {
time_t mi_idle_timeout;
struct timeval mi_bind_timeout;
time_t mi_timeout[ SLAP_OP_LAST ];
ldap_extra_t *mi_ldap_extra;
} metainfo_t;
typedef enum meta_op_type {
......
......@@ -509,7 +509,7 @@ meta_back_single_bind(
ldap_pvt_thread_yield();
}
ldap_back_controls_free( op, rs, &ctrls );
mi->mi_ldap_extra->controls_free( op, rs, &ctrls );
meta_back_bind_op_result( op, rs, mc, candidate, msgid, LDAP_BACK_DONTSEND );
if ( rs->sr_err != LDAP_SUCCESS ) {
......@@ -1553,7 +1553,7 @@ meta_back_proxy_authz_bind( metaconn_t *mc, int candidate, Operation *op, SlapRe
*
* if any needs to be added, it is prepended to existing ones,
* in a newly allocated array. The companion function
* ldap_back_controls_free() must be used to restore the original
* mi->mi_ldap_extra->controls_free() must be used to restore the original
* status of op->o_ctrls.
*/
int
......@@ -1595,7 +1595,7 @@ meta_back_controls_add(
/* put controls that go __before__ existing ones here */
/* proxyAuthz for identity assertion */
switch ( ldap_back_proxy_authz_ctrl( op, rs, &msc->msc_bound_ndn,
switch ( mi->mi_ldap_extra->proxy_authz_ctrl( op, rs, &msc->msc_bound_ndn,
mt->mt_version, &mt->mt_idassert, &c[ j1 ] ) )
{
case SLAP_CB_CONTINUE:
......
......@@ -129,13 +129,13 @@ retry:;
do_retry = 0;
if ( meta_back_retry( op, rs, &mc, candidate, LDAP_BACK_SENDERR ) ) {
/* if the identity changed, there might be need to re-authz */
(void)ldap_back_controls_free( op, rs, &ctrls );
(void)mi->mi_ldap_extra->controls_free( op, rs, &ctrls );
goto retry;
}
}
cleanup:;
(void)ldap_back_controls_free( op, rs, &ctrls );
(void)mi->mi_ldap_extra->controls_free( op, rs, &ctrls );
if ( mdn.bv_val != op->o_req_dn.bv_val ) {
free( mdn.bv_val );
......
......@@ -81,13 +81,13 @@ retry:;
do_retry = 0;
if ( meta_back_retry( op, rs, &mc, candidate, LDAP_BACK_SENDERR ) ) {
/* if the identity changed, there might be need to re-authz */
(void)ldap_back_controls_free( op, rs, &ctrls );
(void)mi->mi_ldap_extra->controls_free( op, rs, &ctrls );
goto retry;
}
}
cleanup:;
(void)ldap_back_controls_free( op, rs, &ctrls );
(void)mi->mi_ldap_extra->controls_free( op, rs, &ctrls );
if ( mdn.bv_val != op->o_req_dn.bv_val ) {
free( mdn.bv_val );
......
......@@ -134,6 +134,7 @@ meta_back_db_open(
ConfigReply *cr )
{
metainfo_t *mi = (metainfo_t *)be->be_private;
BackendInfo *bi;
int i,
not_always = 0,
......@@ -148,6 +149,15 @@ meta_back_db_open(
return 1;
}
bi = backend_info( "ldap" );
if ( !bi || !bi->bi_extra ) {
Debug( LDAP_DEBUG_ANY,
"meta_back_db_open: needs back-ldap\n",
0, 0, 0 );
return 1;
}
mi->mi_ldap_extra = (ldap_extra_t *)bi->bi_extra;
for ( i = 0; i < mi->mi_ntargets; i++ ) {
slap_bindconf sb = { BER_BVNULL };
metatarget_t *mt = mi->mi_targets[ i ];
......
......@@ -192,13 +192,13 @@ retry:;
do_retry = 0;
if ( meta_back_retry( op, rs, &mc, candidate, LDAP_BACK_SENDERR ) ) {
/* if the identity changed, there might be need to re-authz */
(void)ldap_back_controls_free( op, rs, &ctrls );
(void)mi->mi_ldap_extra->controls_free( op, rs, &ctrls );
goto retry;
}
}
cleanup:;
(void)ldap_back_controls_free( op, rs, &ctrls );
(void)mi->mi_ldap_extra->controls_free( op, rs, &ctrls );
if ( mdn.bv_val != op->o_req_dn.bv_val ) {
free( mdn.bv_val );
......
......@@ -136,13 +136,13 @@ retry:;
do_retry = 0;
if ( meta_back_retry( op, rs, &mc, candidate, LDAP_BACK_SENDERR ) ) {
/* if the identity changed, there might be need to re-authz */
(void)ldap_back_controls_free( op, rs, &ctrls );
(void)mi->mi_ldap_extra->controls_free( op, rs, &ctrls );
goto retry;
}
}
cleanup:;
(void)ldap_back_controls_free( op, rs, &ctrls );
(void)mi->mi_ldap_extra->controls_free( op, rs, &ctrls );
if ( mdn.bv_val != op->o_req_dn.bv_val ) {
free( mdn.bv_val );
......
......@@ -624,7 +624,7 @@ retry:;
if ( nretries && meta_back_retry( op, rs, mcp, candidate, LDAP_BACK_DONTSEND ) ) {
nretries = 0;
/* if the identity changed, there might be need to re-authz */
(void)ldap_back_controls_free( op, rs, &ctrls );
(void)mi->mi_ldap_extra->controls_free( op, rs, &ctrls );
goto retry;
}
......@@ -641,7 +641,7 @@ retry:;
}
done:;
(void)ldap_back_controls_free( op, rs, &ctrls );
(void)mi->mi_ldap_extra->controls_free( op, rs, &ctrls );
if ( mapped_attrs ) {
free( mapped_attrs );
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment