git.sur5r.net Git - openldap/blob - servers/slapd/back-sql/bind.c

   1 /*
   2  *       Copyright 1999, Dmitry Kovalev <mit@openldap.org>, All rights reserved.
   3  *
   4  *       Redistribution and use in source and binary forms are permitted only
   5  *       as authorized by the OpenLDAP Public License.  A copy of this
   6  *       license is available at http://www.OpenLDAP.org/license.html or
   7  *       in file LICENSE in the top-level directory of the distribution.
   8  */
   9
  10 #include "portable.h"
  11
  12 #ifdef SLAPD_SQL
  13
  14 #include <stdio.h>
  15 #include <sys/types.h>
  16 #include "slap.h"
  17 #include "back-sql.h"
  18 #include "sql-wrap.h"
  19 #include "util.h"
  20 #include "entry-id.h"
  21
  22 int
  23 backsql_bind(
  24         BackendDB       *be,
  25         Connection      *conn,
  26         Operation       *op,
  27         struct berval   *dn,
  28         struct berval   *ndn,
  29         int method,
  30         struct berval   *cred,
  31         struct berval   *edn )
  32 {
  33         backsql_info            *bi = (backsql_info*)be->be_private;
  34         backsql_entryID         user_id;
  35         SQLHDBC                 dbh;
  36         AttributeDescription    *password = slap_schema.si_ad_userPassword;
  37         Entry                   *e, user_entry;
  38         Attribute               *a;
  39         backsql_srch_info       bsi;
  40
  41         Debug( LDAP_DEBUG_TRACE, "==>backsql_bind()\n", 0, 0, 0 );
  42
  43         if ( be_isroot_pw( be, conn, ndn, cred ) ) {
  44                 ber_dupbv( edn, be_root_dn( be ) );
  45                 Debug( LDAP_DEBUG_TRACE, "<==backsql_bind() root bind\n",
  46                                 0, 0, 0 );
  47                 return LDAP_SUCCESS;
  48         }
  49
  50         ber_dupbv( edn, ndn );
  51
  52         if ( method != LDAP_AUTH_SIMPLE ) {
  53                 send_ldap_result( conn, op, LDAP_STRONG_AUTH_NOT_SUPPORTED,
  54                         NULL, "authentication method not supported",
  55                         NULL, NULL );
  56                 return 1;
  57         }
  58
  59         /*
  60          * method = LDAP_AUTH_SIMPLE
  61          */
  62         dbh = backsql_get_db_conn( be, conn );
  63         if (!dbh) {
  64                 Debug( LDAP_DEBUG_TRACE, "backsql_bind(): "
  65                         "could not get connection handle - exiting\n",
  66                         0, 0, 0 );
  67                 send_ldap_result( conn, op, LDAP_OTHER, "",
  68                                 "SQL-backend error", NULL, NULL );
  69                 return 1;
  70         }
  71
  72         if ( backsql_dn2id( bi, &user_id, dbh, ndn ) != LDAP_SUCCESS ) {
  73                 Debug( LDAP_DEBUG_TRACE, "backsql_bind(): "
  74                         "could not retrieve bind dn id - no such entry\n",
  75                         0, 0, 0 );
  76                 send_ldap_result( conn, op, LDAP_INVALID_CREDENTIALS,
  77                                 NULL, NULL, NULL, NULL );
  78                 return 1;
  79         }
  80
  81         backsql_init_search( &bsi, bi, ndn, LDAP_SCOPE_BASE, -1, -1, -1,
  82                         NULL, dbh, be, conn, op, NULL );
  83         e = backsql_id2entry( &bsi, &user_entry, &user_id );
  84         if ( e == NULL ) {
  85                 Debug( LDAP_DEBUG_TRACE, "backsql_bind(): "
  86                         "error in backsql_id2entry() - auth failed\n",
  87                         0, 0, 0 );
  88                 send_ldap_result( conn, op, LDAP_OTHER,
  89                                 NULL, NULL, NULL, NULL );
  90                 return 1;
  91         }
  92
  93         if ( ! access_allowed( be, conn, op, e, password, NULL,
  94                                 ACL_AUTH, NULL ) ) {
  95                 send_ldap_result( conn, op, LDAP_INSUFFICIENT_ACCESS,
  96                                 NULL, NULL, NULL, NULL );
  97                 return 1;
  98         }
  99
 100         if ( ( a = attr_find( e->e_attrs, password ) ) == NULL ) {
 101                 send_ldap_result( conn, op, LDAP_INAPPROPRIATE_AUTH,
 102                                 NULL, NULL, NULL, NULL );
 103                 return 1;
 104         }
 105
 106         if ( slap_passwd_check( conn, a, cred ) != 0 ) {
 107                 send_ldap_result( conn, op, LDAP_INVALID_CREDENTIALS,
 108                                 NULL, NULL, NULL, NULL );
 109                 return 1;
 110         }
 111
 112         Debug(LDAP_DEBUG_TRACE,"<==backsql_bind()\n",0,0,0);
 113         return 0;
 114 }
 115
 116 int
 117 backsql_unbind(
 118         BackendDB       *be,
 119         Connection      *conn,
 120         Operation       *op )
 121 {
 122         Debug( LDAP_DEBUG_TRACE, "==>backsql_unbind()\n", 0, 0, 0 );
 123         send_ldap_result( conn, op, LDAP_SUCCESS, NULL, NULL, NULL, 0 );
 124         Debug( LDAP_DEBUG_TRACE, "<==backsql_unbind()\n", 0, 0, 0 );
 125         return 0;
 126 }
 127
 128 #endif /* SLAPD_SQL */
 129