Commit 925714ce authored by Howard Chu's avatar Howard Chu
Browse files

Experimental cruft to propagate valid Operation to SASL callbacks.

If you have a better way, jupm on in...
parent 1d7ee447
......@@ -231,6 +231,10 @@ do_bind(
goto cleanup;
}
/* Set the bindop for the benefit of in-directory SASL lookups */
ldap_pvt_thread_mutex_lock( &conn->c_sasl_bindmutex );
conn->c_sasl_bindop = op;
if ( method == LDAP_AUTH_SASL ) {
slap_ssf_t ssf = 0;
......@@ -570,6 +574,9 @@ do_bind(
}
cleanup:
conn->c_sasl_bindop = NULL;
ldap_pvt_thread_mutex_unlock( &conn->c_sasl_bindmutex );
if( pdn.bv_val != NULL ) {
free( pdn.bv_val );
}
......
......@@ -139,6 +139,7 @@ int connections_destroy(void)
ber_sockbuf_free( connections[i].c_sb );
ldap_pvt_thread_mutex_destroy( &connections[i].c_mutex );
ldap_pvt_thread_mutex_destroy( &connections[i].c_write_mutex );
ldap_pvt_thread_mutex_destroy( &connections[i].c_sasl_bindmutex );
ldap_pvt_thread_cond_destroy( &connections[i].c_write_cv );
}
}
......@@ -436,6 +437,7 @@ long connection_init(
c->c_sasl_bind_mech.bv_len = 0;
c->c_sasl_context = NULL;
c->c_sasl_extra = NULL;
c->c_sasl_bindop = NULL;
c->c_sb = ber_sockbuf_alloc( );
......@@ -449,6 +451,7 @@ long connection_init(
/* should check status of thread calls */
ldap_pvt_thread_mutex_init( &c->c_mutex );
ldap_pvt_thread_mutex_init( &c->c_write_mutex );
ldap_pvt_thread_mutex_init( &c->c_sasl_bindmutex );
ldap_pvt_thread_cond_init( &c->c_write_cv );
c->c_struct_state = SLAP_C_UNUSED;
......@@ -470,6 +473,7 @@ long connection_init(
assert( c->c_sasl_bind_mech.bv_val == NULL );
assert( c->c_sasl_context == NULL );
assert( c->c_sasl_extra == NULL );
assert( c->c_sasl_bindop == NULL );
assert( c->c_currentber == NULL );
ber_str2bv( url, 0, 1, &c->c_listener_url );
......
......@@ -607,6 +607,7 @@ slap_auxprop_lookup(
op.o_callback = &cb;
op.o_time = slap_get_time();
op.o_do_not_cache = 1;
op.o_threadctx = conn->c_sasl_bindop->o_threadctx;
(*be->be_search)( be, conn, &op, NULL, &dn,
LDAP_SCOPE_BASE, LDAP_DEREF_NEVER, 1, 0,
......@@ -731,6 +732,7 @@ slap_sasl_checkpass(
op.o_callback = &cb;
op.o_time = slap_get_time();
op.o_do_not_cache = 1;
op.o_threadctx = conn->c_sasl_bindop->o_threadctx;
(*be->be_search)( be, conn, &op, NULL, &dn,
LDAP_SCOPE_BASE, LDAP_DEREF_NEVER, 1, 0,
......
......@@ -449,6 +449,7 @@ void slap_sasl2dn( Connection *conn,
op.o_callback = &cb;
op.o_time = slap_get_time();
op.o_do_not_cache = 1;
op.o_threadctx = conn->c_sasl_bindop->o_threadctx;
(*be->be_search)( be, conn, &op, NULL, &dn,
scope, LDAP_DEREF_NEVER, 1, 0,
......@@ -569,6 +570,7 @@ int slap_sasl_match(Connection *conn, struct berval *rule, struct berval *assert
op.o_callback = &cb;
op.o_time = slap_get_time();
op.o_do_not_cache = 1;
op.o_threadctx = conn->c_sasl_bindop->o_threadctx;
(*be->be_search)( be, conn, &op, /*base=*/NULL, &searchbase,
scope, /*deref=*/1, /*sizelimit=*/0, /*time=*/0, filter, /*fstr=*/NULL,
......@@ -622,7 +624,7 @@ slap_sasl_check_authz( Connection *conn,
assertDN->bv_val, ad->ad_cname.bv_val, searchDN->bv_val);
#endif
rc = backend_attribute( NULL, NULL, NULL, NULL, searchDN, ad, &vals );
rc = backend_attribute( NULL, NULL, conn->c_sasl_bindop, NULL, searchDN, ad, &vals );
if( rc != LDAP_SUCCESS )
goto COMPLETE;
......
......@@ -1618,6 +1618,8 @@ typedef struct slap_conn {
int c_sasl_layers; /* true if we need to install SASL i/o handlers */
void *c_sasl_context; /* SASL session context */
void *c_sasl_extra; /* SASL session extra stuff */
struct slap_op *c_sasl_bindop; /* set to current op if it's a bind */
ldap_pvt_thread_mutex_t c_sasl_bindmutex; /* lock for bindop */
PagedResultsState c_pagedresults_state; /* paged result state */
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment