mirror of
https://git.openldap.org/openldap/openldap.git
synced 2026-02-03 20:40:05 -05:00
cleanup identity assertion; ready for porting to back-meta
This commit is contained in:
Pierangelo Masarati
parent
6bd9aa3755
commit
31a004840d
9 changed files with 19 additions and 19 deletions
|
|
@ -93,7 +93,7 @@ ldap_back_add(
|
|||
attrs[ i ] = NULL;
|
||||
|
||||
ctrls = op->o_ctrls;
|
||||
rs->sr_err = ldap_back_proxy_authz_ctrl( lc, op, rs, &ctrls );
|
||||
rs->sr_err = ldap_back_proxy_authz_ctrl( &lc->lc_bound_ndn, op, rs, &ctrls );
|
||||
if ( rs->sr_err != LDAP_SUCCESS ) {
|
||||
send_ldap_result( op, rs );
|
||||
goto cleanup;
|
||||
|
|
|
|||
|
|
@ -33,7 +33,7 @@
|
|||
#include "slap.h"
|
||||
#include "back-ldap.h"
|
||||
|
||||
#include <lutil_ldap.h>
|
||||
#include "lutil_ldap.h"
|
||||
|
||||
#ifndef PRINT_CONNTREE
|
||||
#define PRINT_CONNTREE 0
|
||||
|
|
@ -1478,6 +1478,11 @@ ldap_back_proxy_authz_bind( ldapconn_t *lc, Operation *op, SlapReply *rs, ldap_b
|
|||
/* fall thru */
|
||||
|
||||
default:
|
||||
rs->sr_err = LDAP_UNWILLING_TO_PERFORM;
|
||||
if ( sendok & LDAP_BACK_SENDERR ) {
|
||||
send_ldap_result( op, rs );
|
||||
}
|
||||
LDAP_BACK_CONN_ISBOUND_CLEAR( lc );
|
||||
goto done;
|
||||
}
|
||||
|
||||
|
|
@ -1737,7 +1742,7 @@ done:;
|
|||
*/
|
||||
int
|
||||
ldap_back_proxy_authz_ctrl(
|
||||
ldapconn_t *lc,
|
||||
struct berval *bound_ndn,
|
||||
Operation *op,
|
||||
SlapReply *rs,
|
||||
LDAPControl ***pctrls )
|
||||
|
|
@ -1810,7 +1815,7 @@ ldap_back_proxy_authz_ctrl(
|
|||
goto done;
|
||||
}
|
||||
|
||||
if ( !BER_BVISNULL( &lc->lc_bound_ndn ) ) {
|
||||
if ( !BER_BVISNULL( bound_ndn ) ) {
|
||||
goto done;
|
||||
}
|
||||
|
||||
|
|
@ -1823,14 +1828,9 @@ ldap_back_proxy_authz_ctrl(
|
|||
}
|
||||
|
||||
} else if ( li->li_idassert_authmethod == LDAP_AUTH_SASL ) {
|
||||
if ( ( li->li_idassert_flags & LDAP_BACK_AUTH_NATIVE_AUTHZ )
|
||||
/* && ( !BER_BVISNULL( &ndn )
|
||||
|| LDAP_BACK_CONN_ISBOUND( lc ) ) */ )
|
||||
if ( ( li->li_idassert_flags & LDAP_BACK_AUTH_NATIVE_AUTHZ ) )
|
||||
{
|
||||
/* already asserted in SASL via native authz */
|
||||
/* NOTE: the test on lc->lc_bound is used to trap
|
||||
* native authorization of anonymous users,
|
||||
* since in that case ndn is NULL */
|
||||
goto done;
|
||||
}
|
||||
|
||||
|
|
@ -1927,7 +1927,7 @@ ldap_back_proxy_authz_ctrl(
|
|||
}
|
||||
|
||||
/* don't idassert the bound DN (ITS#4497) */
|
||||
if ( dn_match( &assertedID, &lc->lc_bound_ndn ) ) {
|
||||
if ( dn_match( &assertedID, bound_ndn ) ) {
|
||||
goto done;
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -49,7 +49,7 @@ ldap_back_compare(
|
|||
}
|
||||
|
||||
ctrls = op->o_ctrls;
|
||||
rc = ldap_back_proxy_authz_ctrl( lc, op, rs, &ctrls );
|
||||
rc = ldap_back_proxy_authz_ctrl( &lc->lc_bound_ndn, op, rs, &ctrls );
|
||||
if ( rc != LDAP_SUCCESS ) {
|
||||
send_ldap_result( op, rs );
|
||||
goto cleanup;
|
||||
|
|
|
|||
|
|
@ -51,7 +51,7 @@ ldap_back_delete(
|
|||
}
|
||||
|
||||
ctrls = op->o_ctrls;
|
||||
rc = ldap_back_proxy_authz_ctrl( lc, op, rs, &ctrls );
|
||||
rc = ldap_back_proxy_authz_ctrl( &lc->lc_bound_ndn, op, rs, &ctrls );
|
||||
if ( rc != LDAP_SUCCESS ) {
|
||||
send_ldap_result( op, rs );
|
||||
rc = rs->sr_err;
|
||||
|
|
|
|||
|
|
@ -56,7 +56,7 @@ ldap_back_extended_one( Operation *op, SlapReply *rs, BI_op_extended exop )
|
|||
}
|
||||
|
||||
oldctrls = op->o_ctrls;
|
||||
if ( ldap_back_proxy_authz_ctrl( lc, op, rs, &op->o_ctrls ) ) {
|
||||
if ( ldap_back_proxy_authz_ctrl( &lc->lc_bound_ndn, op, rs, &op->o_ctrls ) ) {
|
||||
op->o_ctrls = oldctrls;
|
||||
send_ldap_extended( op, rs );
|
||||
rs->sr_text = NULL;
|
||||
|
|
|
|||
|
|
@ -99,7 +99,7 @@ ldap_back_modify(
|
|||
modv[ i ] = 0;
|
||||
|
||||
ctrls = op->o_ctrls;
|
||||
rc = ldap_back_proxy_authz_ctrl( lc, op, rs, &ctrls );
|
||||
rc = ldap_back_proxy_authz_ctrl( &lc->lc_bound_ndn, op, rs, &ctrls );
|
||||
if ( rc != LDAP_SUCCESS ) {
|
||||
send_ldap_result( op, rs );
|
||||
rc = -1;
|
||||
|
|
|
|||
|
|
@ -74,7 +74,7 @@ ldap_back_modrdn(
|
|||
}
|
||||
|
||||
ctrls = op->o_ctrls;
|
||||
rc = ldap_back_proxy_authz_ctrl( lc, op, rs, &ctrls );
|
||||
rc = ldap_back_proxy_authz_ctrl( &lc->lc_bound_ndn, op, rs, &ctrls );
|
||||
if ( rc != LDAP_SUCCESS ) {
|
||||
send_ldap_result( op, rs );
|
||||
rc = -1;
|
||||
|
|
|
|||
|
|
@ -67,7 +67,7 @@ extern void ldap_back_conn_free( void *c );
|
|||
|
||||
extern int
|
||||
ldap_back_proxy_authz_ctrl(
|
||||
ldapconn_t *lc,
|
||||
struct berval *bound_ndn,
|
||||
Operation *op,
|
||||
SlapReply *rs,
|
||||
LDAPControl ***pctrls );
|
||||
|
|
|
|||
|
|
@ -203,7 +203,7 @@ ldap_back_search(
|
|||
}
|
||||
|
||||
ctrls = op->o_ctrls;
|
||||
rc = ldap_back_proxy_authz_ctrl( lc, op, rs, &ctrls );
|
||||
rc = ldap_back_proxy_authz_ctrl( &lc->lc_bound_ndn, op, rs, &ctrls );
|
||||
if ( rc != LDAP_SUCCESS ) {
|
||||
goto finish;
|
||||
}
|
||||
|
|
@ -762,7 +762,7 @@ ldap_back_entry_get(
|
|||
}
|
||||
|
||||
ctrls = op->o_ctrls;
|
||||
rc = ldap_back_proxy_authz_ctrl( lc, op, &rs, &ctrls );
|
||||
rc = ldap_back_proxy_authz_ctrl( &lc->lc_bound_ndn, op, &rs, &ctrls );
|
||||
if ( rc != LDAP_SUCCESS ) {
|
||||
goto cleanup;
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in a new issue