more cleanup for previous commit

2025-12-24 00:29:35 -05:00 · 2006-06-15 23:43:09 +00:00 · 2006-06-15 23:43:09 +00:00 · a5b520477c
commit a5b520477c
parent 658489a967
5 changed files with 36 additions and 47 deletions
--- a/servers/slapd/back-ldap/config.c
+++ b/servers/slapd/back-ldap/config.c
@ -515,7 +515,6 @@ slap_retry_info_destroy(
 static int
 slap_idassert_authzfrom_parse( ConfigArgs *c, slap_idassert_t *si )
 {
-	ldapinfo_t	*li = ( ldapinfo_t * )c->be->be_private;
 	struct berval	bv;
 	struct berval	in;
 	int		rc;
@ -529,7 +528,7 @@ slap_idassert_authzfrom_parse( ConfigArgs *c, slap_idassert_t *si )
 		Debug( LDAP_DEBUG_ANY, "%s: %s.\n", c->log, c->msg, 0 );
 		return 1;
 	}
-	ber_bvarray_add( &li->li_idassert_authz, &bv );
+	ber_bvarray_add( &si->si_authz, &bv );

 	return 0;
 }
@ -664,13 +663,14 @@ int
 slap_idassert_authzfrom_parse_cf( const char *fname, int lineno, const char *arg, slap_idassert_t *si )
 {
 	ConfigArgs	c = { 0 };
-	char		*argv[ 2 ];
+	char		*argv[ 3 ];

 	snprintf( c.log, sizeof( c.log ), "%s: line %d", fname, lineno );
 	c.argc = 2;
 	c.argv = argv;
-	argv[ 0 ] = arg;
-	argv[ 1 ] = NULL;
+	argv[ 0 ] = "idassert-authzFrom";
+	argv[ 1 ] = (char *)arg;
+	argv[ 2 ] = NULL;

 	return slap_idassert_authzfrom_parse( &c, si );
 }
--- a/servers/slapd/back-meta/back-meta.h
+++ b/servers/slapd/back-meta/back-meta.h
@ -386,14 +386,6 @@ meta_back_quarantine(
 	SlapReply		*rs,
 	int			candidate );

-extern int
-meta_back_single_bind(
-	Operation		*op,
-	SlapReply		*rs,
-	metaconn_t		*mc,
-	int			candidate,
-	int			massage );
-
 extern int
 meta_back_dobind(
 	Operation		*op,
--- a/servers/slapd/back-meta/bind.c
+++ b/servers/slapd/back-meta/bind.c
@ -44,6 +44,13 @@ meta_back_proxy_authz_bind(
 	SlapReply		*rs,
 	ldap_back_send_t	sendok );

+static int
+meta_back_single_bind(
+	Operation		*op,
+	SlapReply		*rs,
+	metaconn_t		*mc,
+	int			candidate );
+
 int
 meta_back_bind( Operation *op, SlapReply *rs )
 {
@ -122,8 +129,6 @@ meta_back_bind( Operation *op, SlapReply *rs )
 	for ( i = 0; i < mi->mi_ntargets; i++ ) {
 		metatarget_t	*mt = mi->mi_targets[ i ];
 		int		lerr;
-		Operation	op2 = *op;
-		int		massage = 1;

 		/*
 		 * Skip non-candidates
@ -174,20 +179,13 @@ meta_back_bind( Operation *op, SlapReply *rs )
 				continue;
 			}

-			/* FIXME: if sb_method == LDAP_AUTH_SASL things differ a bit */
-			if ( mt->mt_idassert_authmethod == LDAP_AUTH_SASL ) {
-				/* ### */
-			}
+			
+			(void)meta_back_proxy_authz_bind( mc, i, op, rs, LDAP_BACK_DONTSEND );
+			lerr = rs->sr_err;

-			op2.o_req_dn = mt->mt_idassert_authcDN;
-			op2.o_req_ndn = mt->mt_idassert_authcDN;
-			op2.orb_cred = mt->mt_idassert_passwd;
-			op2.orb_method = LDAP_AUTH_SIMPLE;
-
-			massage = 0;
+		} else {
+			lerr = meta_back_single_bind( op, rs, mc, i );
 		}
-		
-		lerr = meta_back_single_bind( &op2, rs, mc, i, massage );

 		if ( lerr != LDAP_SUCCESS ) {
 			rc = rs->sr_err = lerr;
@ -373,19 +371,19 @@ retry:;
 *
 * attempts to perform a bind with creds
 */
-int
+static int
 meta_back_single_bind(
 	Operation		*op,
 	SlapReply		*rs,
 	metaconn_t		*mc,
-	int			candidate,
-	int			massage )
+	int			candidate )
 {
 	metainfo_t		*mi = ( metainfo_t * )op->o_bd->be_private;
 	metatarget_t		*mt = mi->mi_targets[ candidate ];
 	struct berval		mdn = BER_BVNULL;
 	metasingleconn_t	*msc = &mc->mc_conns[ candidate ];
 	int			msgid;
+	dncookie		dc;
 	
 	if ( !BER_BVISNULL( &msc->msc_bound_ndn ) ) {
 		ch_free( msc->msc_bound_ndn.bv_val );
@ -402,22 +400,15 @@ meta_back_single_bind(
 	/*
 	 * Rewrite the bind dn if needed
 	 */
-	if ( massage ) {
-		dncookie		dc;
+	dc.target = mt;
+	dc.conn = op->o_conn;
+	dc.rs = rs;
+	dc.ctx = "bindDN";

-		dc.target = mt;
-		dc.conn = op->o_conn;
-		dc.rs = rs;
-		dc.ctx = "bindDN";
-
-		if ( ldap_back_dn_massage( &dc, &op->o_req_dn, &mdn ) ) {
-			rs->sr_text = "DN rewrite error";
-			rs->sr_err = LDAP_OTHER;
-			return rs->sr_err;
-		}
-
-	} else {
-		mdn = op->o_req_dn;
+	if ( ldap_back_dn_massage( &dc, &op->o_req_dn, &mdn ) ) {
+		rs->sr_text = "DN rewrite error";
+		rs->sr_err = LDAP_OTHER;
+		return rs->sr_err;
 	}

 	/* FIXME: this fixes the bind problem right now; we need
--- a/servers/slapd/back-meta/config.c
+++ b/servers/slapd/back-meta/config.c
@ -72,6 +72,13 @@ meta_back_new_target(

 	ldap_pvt_thread_mutex_init( &mt->mt_uri_mutex );

+	mt->mt_idassert_mode = LDAP_BACK_IDASSERT_LEGACY;
+	mt->mt_idassert_authmethod = LDAP_AUTH_NONE;
+	mt->mt_idassert_tls = SB_TLS_DEFAULT;
+
+	/* by default, use proxyAuthz control on each operation */
+	mt->mt_idassert_flags = LDAP_BACK_AUTH_PRESCRIPTIVE;
+
 	*mtp = mt;

 	return 0;
@ -942,7 +949,6 @@ meta_back_db_config(
 	/* name to use as pseudo-root dn */
 	} else if ( strcasecmp( argv[ 0 ], "pseudorootdn" ) == 0 ) {
 		int 		i = mi->mi_ntargets - 1;
-		struct berval	dn;

 		if ( i < 0 ) {
 			Debug( LDAP_DEBUG_ANY,
--- a/servers/slapd/back-meta/conn.c
+++ b/servers/slapd/back-meta/conn.c
@ -492,7 +492,7 @@ retry:;
 			}

 		} else {
-			ber_dupbv( &msc->msc_bound_ndn, &slap_empty_bv );
+			ber_dupbv( &msc->msc_bound_ndn, (struct berval *)&slap_empty_bv );
 		}
 	}