]> git.sur5r.net Git - openldap/blobdiff - servers/slapd/back-bdb/bind.c
plug leaks
[openldap] / servers / slapd / back-bdb / bind.c
index 3f4c558c852905eeb648b584d7a1aa13802200f7..ef72666535b75a47de487bdc30968a08d836bee9 100644 (file)
@@ -2,7 +2,7 @@
 /* $OpenLDAP$ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2000-2004 The OpenLDAP Foundation.
+ * Copyright 2000-2006 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -43,7 +43,8 @@ bdb_bind( Operation *op, SlapReply *rs )
        DB_LOCK         lock;
 
        Debug( LDAP_DEBUG_ARGS,
-               "==> bdb_bind: dn: %s\n", op->o_req_dn.bv_val, 0, 0);
+               "==> " LDAP_XSTRING(bdb_bind) ": dn: %s\n",
+               op->o_req_dn.bv_val, 0, 0);
 
        /* allow noauth binds */
        if ( op->oq_bind.rb_method == LDAP_AUTH_SIMPLE && be_isroot_pw( op )) {
@@ -103,7 +104,6 @@ dn2entry_retry:
        ber_dupbv( &op->oq_bind.rb_edn, &e->e_name );
 
        /* check for deleted */
-#ifdef BDB_SUBENTRIES
        if ( is_entry_subentry( e ) ) {
                /* entry is an subentry, don't allow bind */
                Debug( LDAP_DEBUG_TRACE, "entry is subentry\n", 0,
@@ -111,7 +111,6 @@ dn2entry_retry:
                rs->sr_err = LDAP_INVALID_CREDENTIALS;
                goto done;
        }
-#endif
 
        if ( is_entry_alias( e ) ) {
                /* entry is an alias, don't allow bind */
@@ -129,25 +128,20 @@ dn2entry_retry:
 
        switch ( op->oq_bind.rb_method ) {
        case LDAP_AUTH_SIMPLE:
-               rs->sr_err = access_allowed( op, e,
-                       password, NULL, ACL_AUTH, NULL );
-               if ( ! rs->sr_err ) {
-                       rs->sr_err = LDAP_INVALID_CREDENTIALS;
-                       goto done;
-               }
-
-               if ( (a = attr_find( e->e_attrs, password )) == NULL ) {
+               a = attr_find( e->e_attrs, password );
+               if ( a == NULL ) {
                        rs->sr_err = LDAP_INVALID_CREDENTIALS;
                        goto done;
                }
 
-               if ( slap_passwd_check( op->o_conn,
-                       a, &op->oq_bind.rb_cred, &rs->sr_text ) != 0 )
+               if ( slap_passwd_check( op, e, a, &op->oq_bind.rb_cred,
+                                       &rs->sr_text ) != 0 )
                {
+                       /* failure; stop front end from sending result */
                        rs->sr_err = LDAP_INVALID_CREDENTIALS;
                        goto done;
                }
-
+                       
                rs->sr_err = 0;
                break;