Backend *be,
Connection *conn,
Operation *op,
- const char *extoid,
+ const void *opdata,
const char **text )
{
int rc;
return LDAP_OTHER;
}
- if (( extoid == NULL || strcmp( extoid, LDAP_EXOP_START_TLS ) ) ) {
+ if ( op->o_tag != LDAP_REQ_EXTENDED
+ || strcmp( (const char *) opdata, LDAP_EXOP_START_TLS ) )
+ {
/* these checks don't apply to StartTLS */
if( op->o_tag == LDAP_REQ_EXTENDED ) {
updateop++;
}
- if( op->o_ssf < ssf->sss_ssf ) {
- *text = "confidentiality required";
- return LDAP_CONFIDENTIALITY_REQUIRED;
- }
if( op->o_transport_ssf < ssf->sss_transport ) {
*text = "transport confidentiality required";
return LDAP_CONFIDENTIALITY_REQUIRED;
}
+
if( op->o_tls_ssf < ssf->sss_tls ) {
*text = "TLS confidentiality required";
return LDAP_CONFIDENTIALITY_REQUIRED;
}
- if( op->o_sasl_ssf < ssf->sss_sasl ) {
- *text = "SASL confidentiality required";
- return LDAP_CONFIDENTIALITY_REQUIRED;
- }
- if( updateop ) {
- if( op->o_ssf < ssf->sss_update_ssf ) {
- *text = "update confidentiality required";
+ if( op->o_tag != LDAP_REQ_BIND || opdata == NULL ) {
+ /* these checks don't apply to SASL bind */
+
+ if( op->o_sasl_ssf < ssf->sss_sasl ) {
+ *text = "SASL confidentiality required";
return LDAP_CONFIDENTIALITY_REQUIRED;
}
+
+ if( op->o_ssf < ssf->sss_ssf ) {
+ *text = "confidentiality required";
+ return LDAP_CONFIDENTIALITY_REQUIRED;
+ }
+ }
+
+ if( updateop ) {
if( op->o_transport_ssf < ssf->sss_update_transport ) {
*text = "transport update confidentiality required";
return LDAP_CONFIDENTIALITY_REQUIRED;
}
+
if( op->o_tls_ssf < ssf->sss_update_tls ) {
*text = "TLS update confidentiality required";
return LDAP_CONFIDENTIALITY_REQUIRED;
}
+
if( op->o_sasl_ssf < ssf->sss_update_sasl ) {
*text = "SASL update confidentiality required";
return LDAP_CONFIDENTIALITY_REQUIRED;
}
+
+ if( op->o_ssf < ssf->sss_update_ssf ) {
+ *text = "update confidentiality required";
+ return LDAP_CONFIDENTIALITY_REQUIRED;
+ }
}
}
- if (( extoid == NULL || strcmp( extoid, LDAP_EXOP_START_TLS ) )
- || op->o_tag == LDAP_REQ_BIND )
+ if ( op->o_tag != LDAP_REQ_BIND && ( op->o_tag != LDAP_REQ_EXTENDED ||
+ strcmp( (const char *) opdata, LDAP_EXOP_START_TLS ) ) )
{
- /* these checks don't apply to StartTLS or Bind */
+ /* these checks don't apply to Bind or StartTLS */
if( requires & SLAP_REQUIRE_STRONG ) {
/* should check mechanism */
goto cleanup;
}
+ /* check restrictions */
+ rc = backend_check_restrictions( NULL, conn, op, mech, &text );
+ if( rc != LDAP_SUCCESS ) {
+ send_ldap_result( conn, op, rc,
+ NULL, text, NULL, NULL );
+ goto cleanup;
+ }
+
ldap_pvt_thread_mutex_lock( &conn->c_mutex );
if ( conn->c_sasl_bind_mech != NULL ) {
/* disallow */
rc = LDAP_INAPPROPRIATE_AUTH;
text = "anonymous bind disallowed";
+
+ } else {
+ rc = backend_check_restrictions( NULL, conn, op, mech, &text );
}
/*
}
/* check restrictions */
- rc = backend_check_restrictions( be, conn, op, NULL, &text ) ;
+ rc = backend_check_restrictions( be, conn, op, NULL, &text );
if( rc != LDAP_SUCCESS ) {
send_ldap_result( conn, op, rc,
NULL, text, NULL, NULL );
Backend *be,
Connection *conn,
Operation *op,
- const char *extoid,
+ const void *opdata,
const char **text ));
LDAP_SLAPD_F( int ) backend_check_referrals LDAP_P((
LDAP_SLAPD_F (int) global_schemacheck;
LDAP_SLAPD_F (char) *global_host;
LDAP_SLAPD_F (char) *global_realm;
+LDAP_SLAPD_F (int) sasl_external_x509dn_convert;
LDAP_SLAPD_F (char) *default_passwd_hash;
LDAP_SLAPD_F (int) lber_debug;
LDAP_SLAPD_F (int) ldap_syslog;
int
do_search(
- Connection *conn, /* where to send results */
+ Connection *conn, /* where to send results */
Operation *op /* info about the op to which we're responding */
) {
int i;
goto return_results;
}
- rc = 0;
+ rc = LDAP_SUCCESS;
Debug( LDAP_DEBUG_ARGS, " attrs:", 0, 0, 0 );
"conn=%ld op=%d SRCH base=\"%s\" scope=%d filter=\"%s\"\n",
op->o_connid, op->o_opid, base, scope, fstr );
+ manageDSAit = get_manageDSAit( op );
+
if ( scope == LDAP_SCOPE_BASE ) {
Entry *entry = NULL;
if ( strcasecmp( nbase, LDAP_ROOT_DSE ) == 0 ) {
+ /* check restrictions */
+ rc = backend_check_restrictions( NULL, conn, op, NULL, &text ) ;
+ if( rc != LDAP_SUCCESS ) {
+ send_ldap_result( conn, op, rc,
+ NULL, text, NULL, NULL );
+ goto return_results;
+ }
+
rc = root_dse_info( conn, &entry, &text );
}
#if defined( SLAPD_MONITOR_DN )
else if ( strcasecmp( nbase, SLAPD_MONITOR_DN ) == 0 ) {
+ /* check restrictions */
+ rc = backend_check_restrictions( NULL, conn, op, NULL, &text ) ;
+ if( rc != LDAP_SUCCESS ) {
+ send_ldap_result( conn, op, rc,
+ NULL, text, NULL, NULL );
+ goto return_results;
+ }
+
rc = monitor_info( &entry, &text );
}
#endif
#if defined( SLAPD_CONFIG_DN )
else if ( strcasecmp( nbase, SLAPD_CONFIG_DN ) == 0 ) {
+ /* check restrictions */
+ rc = backend_check_restrictions( NULL, conn, op, NULL, &text ) ;
+ if( rc != LDAP_SUCCESS ) {
+ send_ldap_result( conn, op, rc,
+ NULL, text, NULL, NULL );
+ goto return_results;
+ }
+
rc = config_info( &entry, &text );
}
#endif
#if defined( SLAPD_SCHEMA_DN )
else if ( strcasecmp( nbase, SLAPD_SCHEMA_DN ) == 0 ) {
- rc= schema_info( &entry, &text );
+ /* check restrictions */
+ rc = backend_check_restrictions( NULL, conn, op, NULL, &text ) ;
+ if( rc != LDAP_SUCCESS ) {
+ send_ldap_result( conn, op, rc,
+ NULL, text, NULL, NULL );
+ goto return_results;
+ }
+
+ rc = schema_info( &entry, &text );
}
#endif
nbase = ch_strdup( default_search_nbase );
}
- manageDSAit = get_manageDSAit( op );
-
/*
* We could be serving multiple database backends. Select the
* appropriate one, or send a referral to our "referral server"
projects / thirdparty / openldap.git / commitdiff
