Rework c_authzid_backend in preparation for sasl_setpass() support

d6e7f0f6 · Kurt Zeilenga · 4d3b4f9e · d6e7f0f6 · d6e7f0f6 · d6e7f0f6
Commit d6e7f0f6 authored Jun 11, 2002 by Kurt Zeilenga
--- a/servers/slapd/backglue.c
+++ b/servers/slapd/backglue.c
@@ -413,8 +413,15 @@ glue_back_bind (
 	be = glue_back_select (b0, ndn->bv_val);

 	if (be && be->be_bind) {
-		conn->c_authz_backend = be;
 		rc = be->be_bind (be, conn, op, dn, ndn, method, cred, edn);
+
+		if( rc == LDAP_SUCCESS ) {
+			ldap_pvt_thread_mutex_lock( &conn->c_mutex );
+			if( conn->c_authz_backend == NULL ) {
+				conn->c_authz_backend = be;
+			}
+			ldap_pvt_thread_mutex_unlock( &conn->c_mutex );
+		}
 	} else {
 		rc = LDAP_UNWILLING_TO_PERFORM;
 		send_ldap_result (conn, op, rc, NULL, "No bind target found",

--- a/servers/slapd/bind.c
+++ b/servers/slapd/bind.c
@@ -478,8 +478,6 @@ do_bind(
 		goto cleanup;
 	}

-	conn->c_authz_backend = be;
-
 	if ( be->be_bind ) {
 		int ret;

@@ -492,6 +490,10 @@ do_bind(
 		if ( ret == 0 ) {
 			ldap_pvt_thread_mutex_lock( &conn->c_mutex );

+			if( conn->c_authz_backend == NULL ) {
+				conn->c_authz_backend = be;
+			}
+
 			if(edn.bv_len) {
 				conn->c_dn = edn;
 			} else {

--- a/servers/slapd/connection.c
+++ b/servers/slapd/connection.c
@@ -573,8 +573,8 @@ long connection_init(

 void connection2anonymous( Connection *c )
 {
-    assert( connections != NULL );
-    assert( c != NULL );
+	assert( connections != NULL );
+	assert( c != NULL );

 	{
 		ber_len_t max = sockbuf_max_incoming;
@@ -587,16 +587,16 @@ void connection2anonymous( Connection *c )
 	}
 	c->c_authmech.bv_len = 0;

-    if(c->c_dn.bv_val != NULL) {
-	free(c->c_dn.bv_val);
-	c->c_dn.bv_val = NULL;
-    }
-    c->c_dn.bv_len = 0;
-    if(c->c_ndn.bv_val != NULL) {
-	free(c->c_ndn.bv_val);
-	c->c_ndn.bv_val = NULL;
-    }
-    c->c_ndn.bv_len = 0;
+	if(c->c_dn.bv_val != NULL) {
+		free(c->c_dn.bv_val);
+		c->c_dn.bv_val = NULL;
+	}
+	c->c_dn.bv_len = 0;
+	if(c->c_ndn.bv_val != NULL) {
+		free(c->c_ndn.bv_val);
+		c->c_ndn.bv_val = NULL;
+	}
+	c->c_ndn.bv_len = 0;

 	if(c->c_cdn.bv_val != NULL) {
 		free(c->c_cdn.bv_val);
@@ -605,17 +605,15 @@ void connection2anonymous( Connection *c )
 	c->c_cdn.bv_len = 0;

 	c->c_authz_backend = NULL;
-    
-    {
-	GroupAssertion *g, *n;
-	for (g = c->c_groups; g; g=n)
+	
 	{
-	    n = g->ga_next;
-	    free(g);
+		GroupAssertion *g, *n;
+		for (g = c->c_groups; g; g=n) {
+			n = g->ga_next;
+			free(g);
+		}
+		c->c_groups = NULL;
 	}
-	c->c_groups = NULL;
-    }
-
 }

 static void

--- a/servers/slapd/passwd.c
+++ b/servers/slapd/passwd.c
@@ -29,6 +29,7 @@ int passwd_extop(
 	const char **text,
 	BerVarray *refs )
 {
+	Backend *be;
 	int rc;

 	assert( reqoid != NULL );
@@ -39,7 +40,16 @@ int passwd_extop(
 		return LDAP_STRONG_AUTH_REQUIRED;
 	}

-	if( conn->c_authz_backend == NULL || !conn->c_authz_backend->be_extended ) {
+	ldap_pvt_thread_mutex_lock( &conn->c_mutex );
+	be = conn->c_authz_backend;
+	ldap_pvt_thread_mutex_unlock( &conn->c_mutex );
+
+	if( be == NULL ) {
+		*text = "operation not supported for SASL user";
+		return LDAP_UNWILLING_TO_PERFORM;
+	}
+
+	if( !be->be_extended ) {
 		*text = "operation not supported for current user";
 		return LDAP_UNWILLING_TO_PERFORM;
 	}
@@ -47,23 +57,22 @@ int passwd_extop(
 	{
 		struct berval passwd = BER_BVC( LDAP_EXOP_MODIFY_PASSWD );

-		rc = backend_check_restrictions( conn->c_authz_backend,
-			conn, op, &passwd, text );
+		rc = backend_check_restrictions( be, conn, op, &passwd, text );
 	}

 	if( rc != LDAP_SUCCESS ) {
 		return rc;
 	}

-	if( conn->c_authz_backend->be_update_ndn.bv_len ) {
+	if( be->be_update_ndn.bv_len ) {
 		/* we SHOULD return a referral in this case */
-		*refs = referral_rewrite( conn->c_authz_backend->be_update_refs,
+		*refs = referral_rewrite( be->be_update_refs,
 			NULL, NULL, LDAP_SCOPE_DEFAULT );
 			rc = LDAP_REFERRAL;

 	} else {
-		rc = conn->c_authz_backend->be_extended(
-			conn->c_authz_backend, conn, op,
+		rc = be->be_extended(
+			be, conn, op,
 			reqoid, reqdata,
 			rspoid, rspdata, rspctrls,
 			text, refs );

--- a/servers/slapd/saslauthz.c
+++ b/servers/slapd/saslauthz.c
@@ -357,21 +357,22 @@ static int sasl_sc_sasl2dn( BackendDB *be, Connection *conn, Operation *o,
 	struct berval *ndn = o->o_callback->sc_private;

 	/* We only want to be called once */
-	if (ndn->bv_val) {
+	if( ndn->bv_val ) {
 		free(ndn->bv_val);
 		ndn->bv_val = NULL;
+
 #ifdef NEW_LOGGING
-	LDAP_LOG(( "sasl", LDAP_LEVEL_DETAIL1,
-		   "slap_sasl2dn: search DN returned more than 1 entry\n" ));
+		LDAP_LOG(( "sasl", LDAP_LEVEL_DETAIL1,
+			"slap_sasl2dn: search DN returned more than 1 entry\n" ));
 #else
-	Debug( LDAP_DEBUG_TRACE,
-	   "slap_sasl2dn: search DN returned more than 1 entry\n", 0,0,0 );
+		Debug( LDAP_DEBUG_TRACE,
+			"slap_sasl2dn: search DN returned more than 1 entry\n", 0,0,0 );
 #endif
 		return -1;
-	} else {
-		ber_dupbv(ndn, &e->e_nname);
-		return 0;
 	}
+
+	ber_dupbv(ndn, &e->e_nname);
+	return 0;
 }

 /*
@@ -396,9 +397,10 @@ void slap_sasl2dn( Connection *conn, struct berval *saslname, struct berval *dn
 	LDAP_LOG(( "sasl", LDAP_LEVEL_ENTRY,
 		"slap_sasl2dn: converting SASL name %s to DN.\n", saslname->bv_val ));
 #else
-	Debug( LDAP_DEBUG_TRACE,
-		"==>slap_sasl2dn: Converting SASL name %s to a DN\n", saslname->bv_val, 0,0 );
+	Debug( LDAP_DEBUG_TRACE, "==>slap_sasl2dn: "
+		"converting SASL name %s to a DN\n", saslname->bv_val, 0,0 );
 #endif
+
 	dn->bv_val = NULL;
 	dn->bv_len = 0;
 	cb.sc_private = dn;
@@ -414,8 +416,6 @@ void slap_sasl2dn( Connection *conn, struct berval *saslname, struct berval *dn

 	be = select_backend( &uri.dn, 0, 1 );

-	conn->c_authz_backend = be;
-
 	/* Massive shortcut: search scope == base */
 	if( uri.scope == LDAP_SCOPE_BASE ) {
 		*dn = uri.dn;
@@ -426,16 +426,17 @@ void slap_sasl2dn( Connection *conn, struct berval *saslname, struct berval *dn

 #ifdef NEW_LOGGING
 	LDAP_LOG(( "sasl", LDAP_LEVEL_DETAIL1,
-		   "slap_sasl2dn: performing internal search (base=%s, scope=%d)\n",
-		   uri.dn.bv_val, uri.scope ));
+		"slap_sasl2dn: performing internal search (base=%s, scope=%d)\n",
+		uri.dn.bv_val, uri.scope ));
 #else
 	Debug( LDAP_DEBUG_TRACE,
 	   "slap_sasl2dn: performing internal search (base=%s, scope=%d)\n",
 	   uri.dn.bv_val, uri.scope, 0 );
 #endif

-	if(( be == NULL ) || ( be->be_search == NULL))
+	if(( be == NULL ) || ( be->be_search == NULL)) {
 		goto FINISHED;
+	}
 	suffix_alias( be, &uri.dn );

 	op.o_tag = LDAP_REQ_SEARCH;
@@ -444,10 +445,14 @@ void slap_sasl2dn( Connection *conn, struct berval *saslname, struct berval *dn
 	op.o_callback = &cb;
 	op.o_time = slap_get_time();

-	(*be->be_search)( be, /*conn*/NULL, &op, /*base*/NULL, &uri.dn,
-	   uri.scope, /*deref=*/1, /*sizelimit=*/1, /*time=*/0, filter, /*fstr=*/NULL,
-	   /*attrs=*/NULL, /*attrsonly=*/0 );
+	(*be->be_search)( be, NULL, &op, NULL, &uri.dn,
+		uri.scope, LDAP_DEREF_NEVER, 1, 0,
+		filter, NULL, NULL, 1 );
 	
+	if( dn->bv_len ) {
+		conn->c_authz_backend = be;
+	}
+
 FINISHED:
 	if( uri.dn.bv_len ) ch_free( uri.dn.bv_val );
 	if( uri.filter.bv_len ) ch_free( uri.filter.bv_val );