/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2014 The OpenLDAP Foundation.
+ * Copyright 1998-2017 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
#include "ldap-int.h"
-/*
- * ldap_sasl_bind - bind to the ldap server (and X.500).
- * The dn (usually NULL), mechanism, and credentials are provided.
- * The message id of the request initiated is provided upon successful
- * (LDAP_SUCCESS) return.
- *
- * Example:
- * ldap_sasl_bind( ld, NULL, "mechanism",
- * cred, NULL, NULL, &msgid )
- */
-
-int
-ldap_sasl_bind(
+BerElement *
+ldap_build_bind_req(
LDAP *ld,
LDAP_CONST char *dn,
LDAP_CONST char *mechanism,
struct berval *cred,
LDAPControl **sctrls,
LDAPControl **cctrls,
- int *msgidp )
+ ber_int_t *msgidp )
{
BerElement *ber;
int rc;
- ber_int_t id;
-
- Debug( LDAP_DEBUG_TRACE, "ldap_sasl_bind\n", 0, 0, 0 );
-
- assert( ld != NULL );
- assert( LDAP_VALID( ld ) );
- assert( msgidp != NULL );
-
- /* check client controls */
- rc = ldap_int_client_controls( ld, cctrls );
- if( rc != LDAP_SUCCESS ) return rc;
if( mechanism == LDAP_SASL_SIMPLE ) {
if( dn == NULL && cred != NULL && cred->bv_len ) {
} else if( ld->ld_version < LDAP_VERSION3 ) {
ld->ld_errno = LDAP_NOT_SUPPORTED;
- return ld->ld_errno;
+ return( NULL );
}
if ( dn == NULL ) {
/* create a message to send */
if ( (ber = ldap_alloc_ber_with_options( ld )) == NULL ) {
- ld->ld_errno = LDAP_NO_MEMORY;
- return ld->ld_errno;
+ return( NULL );
}
- assert( LBER_VALID( ber ) );
-
- LDAP_NEXT_MSGID( ld, id );
+ LDAP_NEXT_MSGID( ld, *msgidp );
if( mechanism == LDAP_SASL_SIMPLE ) {
/* simple bind */
rc = ber_printf( ber, "{it{istON}" /*}*/,
- id, LDAP_REQ_BIND,
+ *msgidp, LDAP_REQ_BIND,
ld->ld_version, dn, LDAP_AUTH_SIMPLE,
cred );
} else if ( cred == NULL || cred->bv_val == NULL ) {
/* SASL bind w/o credentials */
rc = ber_printf( ber, "{it{ist{sN}N}" /*}*/,
- id, LDAP_REQ_BIND,
+ *msgidp, LDAP_REQ_BIND,
ld->ld_version, dn, LDAP_AUTH_SASL,
mechanism );
} else {
/* SASL bind w/ credentials */
rc = ber_printf( ber, "{it{ist{sON}N}" /*}*/,
- id, LDAP_REQ_BIND,
+ *msgidp, LDAP_REQ_BIND,
ld->ld_version, dn, LDAP_AUTH_SASL,
mechanism, cred );
}
if( rc == -1 ) {
ld->ld_errno = LDAP_ENCODING_ERROR;
ber_free( ber, 1 );
- return( -1 );
+ return( NULL );
}
/* Put Server Controls */
if( ldap_int_put_controls( ld, sctrls, ber ) != LDAP_SUCCESS ) {
ber_free( ber, 1 );
- return ld->ld_errno;
+ return( NULL );
}
if ( ber_printf( ber, /*{*/ "N}" ) == -1 ) {
ld->ld_errno = LDAP_ENCODING_ERROR;
ber_free( ber, 1 );
- return ld->ld_errno;
+ return( NULL );
}
+ return( ber );
+}
+
+/*
+ * ldap_sasl_bind - bind to the ldap server (and X.500).
+ * The dn (usually NULL), mechanism, and credentials are provided.
+ * The message id of the request initiated is provided upon successful
+ * (LDAP_SUCCESS) return.
+ *
+ * Example:
+ * ldap_sasl_bind( ld, NULL, "mechanism",
+ * cred, NULL, NULL, &msgid )
+ */
+
+int
+ldap_sasl_bind(
+ LDAP *ld,
+ LDAP_CONST char *dn,
+ LDAP_CONST char *mechanism,
+ struct berval *cred,
+ LDAPControl **sctrls,
+ LDAPControl **cctrls,
+ int *msgidp )
+{
+ BerElement *ber;
+ int rc;
+ ber_int_t id;
+
+ Debug( LDAP_DEBUG_TRACE, "ldap_sasl_bind\n", 0, 0, 0 );
+
+ assert( ld != NULL );
+ assert( LDAP_VALID( ld ) );
+ assert( msgidp != NULL );
+
+ /* check client controls */
+ rc = ldap_int_client_controls( ld, cctrls );
+ if( rc != LDAP_SUCCESS ) return rc;
+
+ ber = ldap_build_bind_req( ld, dn, mechanism, cred, sctrls, cctrls, &id );
+ if( !ber )
+ return ld->ld_errno;
/* send the message */
*msgidp = ldap_send_initial_request( ld, LDAP_REQ_BIND, dn, ber, id );
ret = sb_sasl_generic_pkt_length(p, (unsigned char *) p->sec_buf_in.buf_base,
sbiod->sbiod_sb->sb_debug );
- /* Grow the packet buffer if neccessary */
+ /* Grow the packet buffer if necessary */
if ( ( p->sec_buf_in.buf_size < (ber_len_t) ret ) &&
ber_pvt_sb_grow_buffer( &p->sec_buf_in, ret ) < 0 )
{