#include "ldap-int.h"
-
/*
* ldap_sasl_bind - bind to the ldap server (and X.500).
* The dn (usually NULL), mechanism, and credentials are provided.
assert( LDAP_VALID( ld ) );
assert( msgidp != NULL );
+ /* check client controls */
+ rc = ldap_int_client_controls( ld, cctrls );
+ if( rc != LDAP_SUCCESS ) return rc;
+
if( msgidp == NULL ) {
ld->ld_errno = LDAP_PARAM_ERROR;
return ld->ld_errno;
return ld->ld_errno;
}
- assert( BER_VALID( ber ) );
+ assert( LBER_VALID( ber ) );
if( mechanism == LDAP_SASL_SIMPLE ) {
/* simple bind */
ld->ld_version, dn, LDAP_AUTH_SIMPLE,
cred );
- } else if ( cred == NULL ) {
+ } else if ( cred == NULL || !cred->bv_len ) {
/* SASL bind w/o creditials */
rc = ber_printf( ber, "{it{ist{sN}N}" /*}*/,
++ld->ld_msgid, LDAP_REQ_BIND,
return( rc );
}
+#ifdef LDAP_CONNECTIONLESS
+ if (LDAP_IS_UDP(ld)) {
+ return( rc );
+ }
+#endif
+
if ( ldap_result( ld, msgid, 1, NULL, &result ) == -1 ) {
return( ld->ld_errno ); /* ldap_result sets ld_errno */
}
Debug( LDAP_DEBUG_TRACE, "ldap_pvt_sasl_getmech\n", 0, 0, 0 );
- rc = ldap_search_s( ld, NULL, LDAP_SCOPE_BASE,
+ rc = ldap_search_s( ld, "", LDAP_SCOPE_BASE,
NULL, attrs, 0, &res );
if ( rc != LDAP_SUCCESS ) {
e = ldap_first_entry( ld, res );
if ( e == NULL ) {
+ ldap_msgfree( res );
if ( ld->ld_errno == LDAP_SUCCESS ) {
- ld->ld_errno = LDAP_UNAVAILABLE;
+ ld->ld_errno = LDAP_NO_SUCH_OBJECT;
}
return ld->ld_errno;
}
values = ldap_get_values( ld, e, "supportedSASLMechanisms" );
if ( values == NULL ) {
- ld->ld_errno = LDAP_NO_SUCH_ATTRIBUTE;
ldap_msgfree( res );
+ ld->ld_errno = LDAP_NO_SUCH_ATTRIBUTE;
return ld->ld_errno;
}
mechlist = ldap_charray2str( values, " " );
if ( mechlist == NULL ) {
- ld->ld_errno = LDAP_NO_MEMORY;
LDAP_VFREE( values );
ldap_msgfree( res );
+ ld->ld_errno = LDAP_NO_MEMORY;
return ld->ld_errno;
}
LDAP_CONST char *mechs,
LDAPControl **serverControls,
LDAPControl **clientControls,
+ unsigned flags,
LDAP_SASL_INTERACT_PROC *interact,
void *defaults )
{
int rc;
+#if defined( LDAP_R_COMPILE ) && defined( HAVE_CYRUS_SASL )
+ ldap_pvt_thread_mutex_lock( &ldap_int_sasl_mutex );
+#endif
+#ifdef LDAP_CONNECTIONLESS
+ if( LDAP_IS_UDP(ld) ) {
+ /* Just force it to simple bind, silly to make the user
+ * ask all the time. No, we don't ever actually bind, but I'll
+ * let the final bind handler take care of saving the cdn.
+ */
+ rc = ldap_simple_bind(ld, dn, NULL);
+ return rc < 0 ? rc : 0;
+ } else
+#endif
if( mechs == NULL || *mechs == '\0' ) {
char *smechs;
rc = ldap_pvt_sasl_getmechs( ld, &smechs );
if( rc != LDAP_SUCCESS ) {
- return rc;
+ goto done;
}
Debug( LDAP_DEBUG_TRACE,
rc = ldap_int_sasl_bind( ld, dn, mechs,
serverControls, clientControls,
- interact, defaults );
+ flags, interact, defaults );
+
+done:
+#if defined( LDAP_R_COMPILE ) && defined( HAVE_CYRUS_SASL )
+ ldap_pvt_thread_mutex_unlock( &ldap_int_sasl_mutex );
+#endif
return rc;
}
projects / openldap / blobdiff