git.sur5r.net Git - openldap/blob - servers/slapd/back-sql/bind.c

   1 /*
   2  *       Copyright 1999, Dmitry Kovalev <mit@openldap.org>, All rights reserved.
   3  *
   4  *       Redistribution and use in source and binary forms are permitted only
   5  *       as authorized by the OpenLDAP Public License.  A copy of this
   6  *       license is available at http://www.OpenLDAP.org/license.html or
   7  *       in file LICENSE in the top-level directory of the distribution.
   8  */
   9
  10 #include "portable.h"
  11
  12 #ifdef SLAPD_SQL
  13
  14 #include <stdio.h>
  15 #include <sys/types.h>
  16 #include "slap.h"
  17 #include "back-sql.h"
  18 #include "sql-wrap.h"
  19 #include "util.h"
  20 #include "entry-id.h"
  21
  22 int
  23 backsql_bind(
  24         BackendDB       *be,
  25         Connection      *conn,
  26         Operation       *op,
  27         struct berval   *dn,
  28         struct berval   *ndn,
  29         int method,
  30         struct berval   *cred,
  31         struct berval   *edn )
  32 {
  33         backsql_info            *bi = (backsql_info*)be->be_private;
  34         backsql_entryID         user_id;
  35         SQLHDBC                 dbh;
  36         AttributeDescription    *password = slap_schema.si_ad_userPassword;
  37         Entry                   *e, user_entry;
  38         Attribute               *a;
  39         backsql_srch_info       bsi;
  40         int                     rc;
  41
  42         Debug( LDAP_DEBUG_TRACE, "==>backsql_bind()\n", 0, 0, 0 );
  43
  44         if ( be_isroot_pw( be, conn, ndn, cred ) ) {
  45                 ber_dupbv( edn, be_root_dn( be ) );
  46                 Debug( LDAP_DEBUG_TRACE, "<==backsql_bind() root bind\n",
  47                                 0, 0, 0 );
  48                 return LDAP_SUCCESS;
  49         }
  50
  51         ber_dupbv( edn, ndn );
  52
  53         if ( method != LDAP_AUTH_SIMPLE ) {
  54                 send_ldap_result( conn, op, LDAP_STRONG_AUTH_NOT_SUPPORTED,
  55                         NULL, "authentication method not supported",
  56                         NULL, NULL );
  57                 return 1;
  58         }
  59
  60         /*
  61          * method = LDAP_AUTH_SIMPLE
  62          */
  63         rc = backsql_get_db_conn( be, conn, &dbh );
  64         if (!dbh) {
  65                 Debug( LDAP_DEBUG_TRACE, "backsql_bind(): "
  66                         "could not get connection handle - exiting\n",
  67                         0, 0, 0 );
  68                 send_ldap_result( conn, op, rc, "",
  69                                 rc == LDAP_OTHER ? "SQL-backend error" : "",
  70                                 NULL, NULL );
  71                 return 1;
  72         }
  73
  74         if ( backsql_dn2id( bi, &user_id, dbh, ndn ) != LDAP_SUCCESS ) {
  75                 Debug( LDAP_DEBUG_TRACE, "backsql_bind(): "
  76                         "could not retrieve bind dn id - no such entry\n",
  77                         0, 0, 0 );
  78                 send_ldap_result( conn, op, LDAP_INVALID_CREDENTIALS,
  79                                 NULL, NULL, NULL, NULL );
  80                 return 1;
  81         }
  82
  83         backsql_init_search( &bsi, bi, ndn, LDAP_SCOPE_BASE, -1, -1, -1,
  84                         NULL, dbh, be, conn, op, NULL );
  85         e = backsql_id2entry( &bsi, &user_entry, &user_id );
  86         if ( e == NULL ) {
  87                 Debug( LDAP_DEBUG_TRACE, "backsql_bind(): "
  88                         "error in backsql_id2entry() - auth failed\n",
  89                         0, 0, 0 );
  90                 send_ldap_result( conn, op, LDAP_OTHER,
  91                                 NULL, NULL, NULL, NULL );
  92                 return 1;
  93         }
  94
  95         if ( ! access_allowed( be, conn, op, e, password, NULL,
  96                                 ACL_AUTH, NULL ) ) {
  97                 send_ldap_result( conn, op, LDAP_INSUFFICIENT_ACCESS,
  98                                 NULL, NULL, NULL, NULL );
  99                 return 1;
 100         }
 101
 102         if ( ( a = attr_find( e->e_attrs, password ) ) == NULL ) {
 103                 send_ldap_result( conn, op, LDAP_INAPPROPRIATE_AUTH,
 104                                 NULL, NULL, NULL, NULL );
 105                 return 1;
 106         }
 107
 108         if ( slap_passwd_check( conn, a, cred ) != 0 ) {
 109                 send_ldap_result( conn, op, LDAP_INVALID_CREDENTIALS,
 110                                 NULL, NULL, NULL, NULL );
 111                 return 1;
 112         }
 113
 114         Debug(LDAP_DEBUG_TRACE,"<==backsql_bind()\n",0,0,0);
 115         return 0;
 116 }
 117
 118 int
 119 backsql_unbind(
 120         BackendDB       *be,
 121         Connection      *conn,
 122         Operation       *op )
 123 {
 124         Debug( LDAP_DEBUG_TRACE, "==>backsql_unbind()\n", 0, 0, 0 );
 125         send_ldap_result( conn, op, LDAP_SUCCESS, NULL, NULL, NULL, 0 );
 126         Debug( LDAP_DEBUG_TRACE, "<==backsql_unbind()\n", 0, 0, 0 );
 127         return 0;
 128 }
 129
 130 #endif /* SLAPD_SQL */
 131