1 /* bind.c - ldbm backend bind and unbind routines */
6 #include <sys/socket.h>
13 extern Entry *dn2entry();
14 extern Attribute *attr_find();
17 extern int krbv4_ldap_auth();
30 struct ldbminfo *li = (struct ldbminfo *) be->be_private;
36 char krbname[MAX_K_NAME_SZ + 1];
40 if ( (e = dn2entry( be, dn, &matched )) == NULL ) {
41 /* allow noauth binds */
42 if ( method == LDAP_AUTH_SIMPLE && cred->bv_len == 0 ) {
44 * bind successful, but return 1 so we don't
45 * authorize based on noauth credentials
47 send_ldap_result( conn, op, LDAP_SUCCESS, NULL, NULL );
49 } else if ( be_isroot_pw( be, dn, cred ) ) {
50 /* front end will send result */
53 send_ldap_result( conn, op, LDAP_NO_SUCH_OBJECT,
57 if ( matched != NULL ) {
64 case LDAP_AUTH_SIMPLE:
65 if ( cred->bv_len == 0 ) {
66 send_ldap_result( conn, op, LDAP_SUCCESS, NULL, NULL );
68 } else if ( be_isroot_pw( be, dn, cred ) ) {
69 /* front end will send result */
73 if ( (a = attr_find( e->e_attrs, "userpassword" )) == NULL ) {
74 if ( be_isroot_pw( be, dn, cred ) ) {
75 /* front end will send result */
78 send_ldap_result( conn, op, LDAP_INAPPROPRIATE_AUTH,
80 cache_return_entry( &li->li_cache, e );
84 if ( value_find( a->a_vals, cred, a->a_syntax, 0 ) != 0 ) {
85 if ( be_isroot_pw( be, dn, cred ) ) {
86 /* front end will send result */
89 send_ldap_result( conn, op, LDAP_INVALID_CREDENTIALS,
91 cache_return_entry( &li->li_cache, e );
97 case LDAP_AUTH_KRBV41:
98 if ( krbv4_ldap_auth( be, cred, &ad ) != LDAP_SUCCESS ) {
99 send_ldap_result( conn, op, LDAP_INVALID_CREDENTIALS,
101 cache_return_entry( &li->li_cache, e );
104 sprintf( krbname, "%s%s%s@%s", ad.pname, *ad.pinst ? "."
105 : "", ad.pinst, ad.prealm );
106 if ( (a = attr_find( e->e_attrs, "krbname" )) == NULL ) {
108 * no krbName values present: check against DN
110 if ( strcasecmp( dn, krbname ) == 0 ) {
113 send_ldap_result( conn, op, LDAP_INAPPROPRIATE_AUTH,
115 cache_return_entry( &li->li_cache, e );
117 } else { /* look for krbName match */
118 struct berval krbval;
120 krbval.bv_val = krbname;
121 krbval.bv_len = strlen( krbname );
123 if ( value_find( a->a_vals, &krbval, a->a_syntax, 3 )
125 send_ldap_result( conn, op,
126 LDAP_INVALID_CREDENTIALS, NULL, NULL );
127 cache_return_entry( &li->li_cache, e );
133 case LDAP_AUTH_KRBV42:
134 send_ldap_result( conn, op, LDAP_SUCCESS, NULL, NULL );
135 cache_return_entry( &li->li_cache, e );
140 send_ldap_result( conn, op, LDAP_STRONG_AUTH_NOT_SUPPORTED,
141 NULL, "auth method not supported" );
142 cache_return_entry( &li->li_cache, e );
146 cache_return_entry( &li->li_cache, e );
148 /* success: front end will send result */