2 * Copyright 1998-1999 The OpenLDAP Foundation, All Rights Reserved.
3 * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
7 * BindRequest ::= SEQUENCE {
9 * name DistinguishedName, -- who
10 * authentication CHOICE {
11 * simple [0] OCTET STRING -- passwd
13 * krbv42ldap [1] OCTET STRING
14 * krbv42dsa [2] OCTET STRING
16 * sasl [3] SaslCredentials -- LDAPv3
20 * BindResponse ::= SEQUENCE {
21 * COMPONENTS OF LDAPResult,
22 * serverSaslCreds OCTET STRING OPTIONAL -- LDAPv3
31 #include <ac/socket.h>
32 #include <ac/string.h>
39 * ldap_sasl_bind - bind to the ldap server (and X.500). The dn, mechanism, and
40 * credentials of the entry to which to bind are supplied. The message id
41 * of the request initiated is provided upon successful (LDAP_SUCCESS) return.
44 * ldap_sasl_bind( ld, "cn=manager, o=university of michigan, c=us",
45 * "mechanism", "secret", NULL, NULL, &msgid )
52 LDAP_CONST char *mechanism,
61 Debug( LDAP_DEBUG_TRACE, "ldap_sasl_bind\n", 0, 0, 0 );
64 assert( LDAP_VALID( ld ) );
65 assert( msgidp != NULL );
67 if( msgidp == NULL ) {
68 ld->ld_errno = LDAP_PARAM_ERROR;
72 if( mechanism != LDAP_SASL_SIMPLE
73 && ld->ld_version < LDAP_VERSION3)
75 ld->ld_errno = LDAP_NOT_SUPPORTED;
82 /* create a message to send */
83 if ( (ber = ldap_alloc_ber_with_options( ld )) == NULL ) {
84 ld->ld_errno = LDAP_NO_MEMORY;
88 assert( BER_VALID( ber ) );
90 if( mechanism == LDAP_SASL_SIMPLE ) {
92 rc = ber_printf( ber, "{it{istO}" /*}*/,
93 ++ld->ld_msgid, LDAP_REQ_BIND,
94 ld->ld_version, dn, LDAP_AUTH_SIMPLE,
97 } else if ( cred == NULL ) {
98 /* SASL bind w/o creditials */
99 rc = ber_printf( ber, "{it{ist{s}}" /*}*/,
100 ++ld->ld_msgid, LDAP_REQ_BIND,
101 ld->ld_version, dn, LDAP_AUTH_SASL,
105 /* SASL bind w/ creditials */
106 rc = ber_printf( ber, "{it{ist{sO}}" /*}*/,
107 ++ld->ld_msgid, LDAP_REQ_BIND,
108 ld->ld_version, dn, LDAP_AUTH_SASL,
113 ld->ld_errno = LDAP_ENCODING_ERROR;
118 /* Put Server Controls */
119 if( ldap_int_put_controls( ld, sctrls, ber ) != LDAP_SUCCESS ) {
124 if ( ber_printf( ber, /*{*/ "}" ) == -1 ) {
125 ld->ld_errno = LDAP_ENCODING_ERROR;
131 if ( ld->ld_cache != NULL ) {
132 ldap_flush_cache( ld );
134 #endif /* !LDAP_NOCACHE */
136 /* send the message */
137 *msgidp = ldap_send_initial_request( ld, LDAP_REQ_BIND, dn, ber );
146 * ldap_sasl_bind_s - bind to the ldap server (and X.500) using simple
147 * authentication. The dn and password of the entry to which to bind are
148 * supplied. LDAP_SUCCESS is returned upon success, the ldap error code
152 * ldap_sasl_bind_s( ld, "cn=manager, o=university of michigan, c=us",
153 * "mechanism", "secret", NULL, NULL, &servercred )
160 LDAP_CONST char *mechanism,
162 LDAPControl **sctrls,
163 LDAPControl **cctrls,
164 struct berval **servercredp )
168 struct berval *scredp = NULL;
170 Debug( LDAP_DEBUG_TRACE, "ldap_sasl_bind_s\n", 0, 0, 0 );
172 /* do a quick !LDAPv3 check... ldap_sasl_bind will do the rest. */
173 if( servercredp != NULL ) {
174 if (ld->ld_version < LDAP_VERSION3) {
175 ld->ld_errno = LDAP_NOT_SUPPORTED;
181 rc = ldap_sasl_bind( ld, dn, mechanism, cred, sctrls, cctrls, &msgid );
183 if ( rc != LDAP_SUCCESS ) {
187 if ( ldap_result( ld, msgid, 1, NULL, &result ) == -1 ) {
188 return( ld->ld_errno ); /* ldap_result sets ld_errno */
191 /* parse the results */
193 if( servercredp != NULL ) {
194 rc = ldap_parse_sasl_bind_result( ld, result, &scredp, 0 );
197 if( rc != LDAP_SUCCESS ) {
198 ldap_msgfree( result );
202 rc = ldap_result2error( ld, result, 1 );
204 if( rc == LDAP_SUCCESS ) {
205 if( servercredp != NULL ) {
206 *servercredp = scredp;
209 } else if (scredp != NULL ) {
218 * Parse BindResponse:
220 * BindResponse ::= [APPLICATION 1] SEQUENCE {
221 * COMPONENTS OF LDAPResult,
222 * serverSaslCreds [7] OCTET STRING OPTIONAL }
224 * LDAPResult ::= SEQUENCE {
225 * resultCode ENUMERATED,
227 * errorMessage LDAPString,
228 * referral [3] Referral OPTIONAL }
232 ldap_parse_sasl_bind_result(
235 struct berval **servercredp,
239 struct berval* scred;
244 Debug( LDAP_DEBUG_TRACE, "ldap_parse_sasl_bind_result\n", 0, 0, 0 );
246 assert( ld != NULL );
247 assert( LDAP_VALID( ld ) );
248 assert( res != NULL );
250 if ( ld == NULL || res == NULL ) {
251 return LDAP_PARAM_ERROR;
254 if(servercredp != NULL) {
255 if( ld->ld_version < LDAP_VERSION2 ) {
256 return LDAP_NOT_SUPPORTED;
261 if( res->lm_msgtype == LDAP_RES_BIND ) {
262 ld->ld_errno = LDAP_PARAM_ERROR;
266 errcode = LDAP_SUCCESS;
269 if ( ld->ld_error ) {
270 LDAP_FREE( ld->ld_error );
273 if ( ld->ld_matched ) {
274 LDAP_FREE( ld->ld_matched );
275 ld->ld_matched = NULL;
280 ber = ber_dup( res->lm_ber );
282 if ( ld->ld_version < LDAP_VERSION2 ) {
283 tag = ber_scanf( ber, "{ia}",
284 &errcode, &ld->ld_error );
289 tag = ber_scanf( ber, "{iaa" /*}*/,
290 &errcode, &ld->ld_matched, &ld->ld_error );
292 if( tag != LBER_ERROR ) {
293 tag = ber_peek_tag(ber, &len);
296 if( tag == LDAP_TAG_REFERRAL ) {
298 tag = ber_scanf( ber, "x" );
300 if( tag != LBER_ERROR ) {
301 tag = ber_peek_tag(ber, &len);
305 /* need to clean out misc items */
306 if( tag == LDAP_TAG_SASL_RES_CREDS ) {
307 tag = ber_scanf( ber, "O", &scred );
311 if ( tag == LBER_ERROR ) {
312 errcode = LDAP_DECODING_ERROR;
320 if ( errcode == LDAP_SUCCESS && servercredp != NULL ) {
321 *servercredp = scred;
323 } else if ( scred != NULL ) {
331 ld->ld_errno = errcode;
332 return( ld->ld_errno );