Code clean-up.

[openldap] / servers / slapd / back-ldbm / bind.c

diff --git a/servers/slapd/back-ldbm/bind.c b/servers/slapd/back-ldbm/bind.c
index 3ab224136a72688bbdf65504295b32de640cadda..ac461e7668f04296c1d3a498d063864ba0eae960 100644 (file)
--- a/servers/slapd/back-ldbm/bind.c
+++ b/servers/slapd/back-ldbm/bind.c
@@ -1,43 +1,24 @@
 /* bind.c - ldbm backend bind and unbind routines */
 
+#include "portable.h"
+
 #include <stdio.h>
-#include <string.h>
-#include <sys/types.h>
-#include <sys/socket.h>
-#include "slap.h"
-#include "back-ldbm.h"
-#ifdef KERBEROS
-#include "krb.h"
-#endif
 
-#ifdef LDAP_CRYPT
-/* change for crypted passwords -- lukeh */
-#ifdef __NeXT__
-extern char *crypt (char *key, char *salt);
-#else
-#include <unistd.h>
-#endif
-#endif /* LDAP_CRYPT */
+#include <ac/krb.h>
+#include <ac/socket.h>
+#include <ac/string.h>
+#include <ac/unistd.h>
 
-#ifdef LDAP_SHA1
-#include <sha1.h>
-#endif /* LDAP_SHA1 */
-#ifdef LDAP_MD5
-#include <lutil_md5.h>
-#endif /* LDAP_MD5 */
+#include "slap.h"
+#include "back-ldbm.h"
+#include "proto-back-ldbm.h"
 
 #include <lutil.h>
 
-extern Entry           *dn2entry();
-extern Attribute       *attr_find();
-
-#ifdef KERBEROS
+#ifdef HAVE_KERBEROS
 extern int     krbv4_ldap_auth();
 #endif
 
-#ifdef LDAP_CRYPT
-pthread_mutex_t crypt_mutex;
-
 static int
 crypted_value_find(
        struct berval       **vals,
@@ -49,62 +30,23 @@ crypted_value_find(
 {
        int     i;
        for ( i = 0; vals[i] != NULL; i++ ) {
-               if ( syntax != SYNTAX_BIN && strncasecmp( "{CRYPT}",
-                       vals[i]->bv_val, (sizeof("{CRYPT}") - 1 ) ) == 0 ) {
-                               char *userpassword = vals[i]->bv_val + sizeof("{CRYPT}") - 1;
-                               pthread_mutex_lock( &crypt_mutex );
-                               if (strcmp(userpassword, crypt(cred->bv_val,
-                                               userpassword)) == 0) {
-                                       pthread_mutex_unlock( &crypt_mutex );
-                                       return ( 0 );
-                               }
-                               pthread_mutex_unlock( &crypt_mutex );
-#ifdef LDAP_MD5
-               } else if ( syntax != SYNTAX_BIN && strncasecmp( "{MD5}",
-                       vals[i]->bv_val, (sizeof("{MD5}") - 1 ) ) == 0 ) {
-                               MD5_CTX MD5context;
-                               unsigned char MD5digest[20];
-                               char base64digest[29];  /* ceiling(sizeof(input)/3) * 4 + 1 */
-
-                               char *userpassword = vals[i]->bv_val + sizeof("{MD5}") - 1;
-
-                               MD5Init(&MD5context);
-                               MD5Update(&MD5context, cred->bv_val, strlen(cred->bv_val));
-                               MD5Final(MD5digest, &MD5context);
-
-                               if (b64_ntop(MD5digest, sizeof(MD5digest),
-                                       base64digest, sizeof(base64digest)) < 0)
-                               {
-                                       return ( 1 );
-                               }
-
-                               if (strcmp(userpassword, base64digest) == 0) {
-                                       return ( 0 );
-                               }
-#endif /* LDAP_MD5 */
-#ifdef LDAP_SHA1
-               } else if ( syntax != SYNTAX_BIN && strncasecmp( "{SHA}",
-                       vals[i]->bv_val, (sizeof("{SHA}") - 1 ) ) == 0 ) {
-                               SHA1_CTX SHA1context;
-                               unsigned char SHA1digest[20];
-                               char base64digest[29];  /* ceiling(sizeof(input)/3) * 4 + 1 */
-
-                               char *userpassword = vals[i]->bv_val + sizeof("{SHA}") - 1;
-
-                               SHA1Init(&SHA1context);
-                               SHA1Update(&SHA1context, cred->bv_val, strlen(cred->bv_val));
-                               SHA1Final(SHA1digest, &SHA1context);
-
-                               if (b64_ntop(SHA1digest, sizeof(SHA1digest),
-                                       base64digest, sizeof(base64digest)) < 0)
-                               {
-                                       return ( 1 );
-                               }
-
-                               if (strcmp(userpassword, base64digest) == 0) {
-                                       return ( 0 );
-                               }
-#endif /* LDAP_SHA1 */
+               if ( syntax != SYNTAX_BIN ) {
+                       int result;
+
+#ifdef SLAPD_CRYPT
+                       ldap_pvt_thread_mutex_lock( &crypt_mutex );
+#endif
+
+                       result = lutil_passwd(
+                               (char*) cred->bv_val,
+                               (char*) vals[i]->bv_val);
+
+#ifdef SLAPD_CRYPT
+                       ldap_pvt_thread_mutex_unlock( &crypt_mutex );
+#endif
+
+                       return result;
+
                } else {
                 if ( value_cmp( vals[i], v, syntax, normalize ) == 0 ) {
                         return( 0 );
@@ -114,7 +56,6 @@ crypted_value_find(
 
        return( 1 );
 }
-#endif /* LDAP_CRYPT */
 
 int
 ldbm_back_bind(
@@ -123,20 +64,26 @@ ldbm_back_bind(
     Operation          *op,
     char               *dn,
     int                        method,
-    struct berval      *cred
+    struct berval      *cred,
+       char**  edn
 )
 {
        struct ldbminfo *li = (struct ldbminfo *) be->be_private;
        Entry           *e;
        Attribute       *a;
        int             rc;
-       char            *matched = NULL;
-#ifdef KERBEROS
+       char            *matched;
+#ifdef HAVE_KERBEROS
        char            krbname[MAX_K_NAME_SZ + 1];
        AUTH_DAT        ad;
 #endif
 
-       if ( (e = dn2entry( be, dn, &matched )) == NULL ) {
+       Debug(LDAP_DEBUG_ARGS, "==> ldbm_back_bind: dn: %s\n", dn, 0, 0);
+
+       *edn = NULL;
+
+       /* get entry with reader lock */
+       if ( (e = dn2entry_r( be, dn, &matched )) == NULL ) {
                /* allow noauth binds */
                if ( method == LDAP_AUTH_SIMPLE && cred->bv_len == 0 ) {
                        /*
@@ -147,10 +94,10 @@ ldbm_back_bind(
                        rc = 1;
                } else if ( be_isroot_pw( be, dn, cred ) ) {
                        /* front end will send result */
+                       *edn = ch_strdup( be_root_dn( be ) );
                        rc = 0;
                } else {
-                       send_ldap_result( conn, op, LDAP_NO_SUCH_OBJECT,
-                           matched, NULL );
+                       send_ldap_result( conn, op, LDAP_NO_SUCH_OBJECT, matched, NULL );
                        rc = 1;
                }
                if ( matched != NULL ) {
@@ -159,51 +106,61 @@ ldbm_back_bind(
                return( rc );
        }
 
+       *edn = ch_strdup( e->e_dn );
+
+       /* check for deleted */
+
        switch ( method ) {
        case LDAP_AUTH_SIMPLE:
                if ( cred->bv_len == 0 ) {
                        send_ldap_result( conn, op, LDAP_SUCCESS, NULL, NULL );
-                       return( 1 );
+
+                       /* stop front end from sending result */
+                       rc = 1;
+                       goto return_results;
                } else if ( be_isroot_pw( be, dn, cred ) ) {
                        /* front end will send result */
-                       return( 0 );
+                       *edn = ch_strdup( be_root_dn( be ) );
+                       rc = 0;
+                       goto return_results;
                }
 
                if ( (a = attr_find( e->e_attrs, "userpassword" )) == NULL ) {
                        if ( be_isroot_pw( be, dn, cred ) ) {
                                /* front end will send result */
-                               return( 0 );
+                               *edn = ch_strdup( be_root_dn( be ) );
+                               rc = 0;
+                               goto return_results;
                        }
                        send_ldap_result( conn, op, LDAP_INAPPROPRIATE_AUTH,
                            NULL, NULL );
-                       cache_return_entry( &li->li_cache, e );
-                       return( 1 );
+                       rc = 1;
+                       goto return_results;
                }
 
-#ifdef LDAP_CRYPT
                if ( crypted_value_find( a->a_vals, cred, a->a_syntax, 0, cred ) != 0 )
-#else
-               if ( value_find( a->a_vals, cred, a->a_syntax, 0 ) != 0 )
-#endif
-{
+               {
                        if ( be_isroot_pw( be, dn, cred ) ) {
                                /* front end will send result */
-                               return( 0 );
+                               *edn = ch_strdup( be_root_dn( be ) );
+                               rc = 0;
+                               goto return_results;
                        }
                        send_ldap_result( conn, op, LDAP_INVALID_CREDENTIALS,
                                NULL, NULL );
-                       cache_return_entry( &li->li_cache, e );
-                       return( 1 );
+                       rc = 1;
+                       goto return_results;
                }
+               rc = 0;
                break;
 
-#ifdef KERBEROS
+#ifdef HAVE_KERBEROS
        case LDAP_AUTH_KRBV41:
                if ( krbv4_ldap_auth( be, cred, &ad ) != LDAP_SUCCESS ) {
                        send_ldap_result( conn, op, LDAP_INVALID_CREDENTIALS,
                            NULL, NULL );
-                       cache_return_entry( &li->li_cache, e );
-                       return( 1 );
+                       rc = 0;
+                       goto return_results;
                }
                sprintf( krbname, "%s%s%s@%s", ad.pname, *ad.pinst ? "."
                    : "", ad.pinst, ad.prealm );
@@ -212,43 +169,48 @@ ldbm_back_bind(
                         * no krbName values present:  check against DN
                         */
                        if ( strcasecmp( dn, krbname ) == 0 ) {
+                               rc = 0; /* XXX wild ass guess */
                                break;
                        }
                        send_ldap_result( conn, op, LDAP_INAPPROPRIATE_AUTH,
                            NULL, NULL );
-                       cache_return_entry( &li->li_cache, e );
-                       return( 1 );
+                       rc = 1;
+                       goto return_results;
                } else {        /* look for krbName match */
                        struct berval   krbval;
 
                        krbval.bv_val = krbname;
                        krbval.bv_len = strlen( krbname );
 
-                       if ( value_find( a->a_vals, &krbval, a->a_syntax, 3 )
-                           != 0 ) {
+                       if ( value_find( a->a_vals, &krbval, a->a_syntax, 3 ) != 0 ) {
                                send_ldap_result( conn, op,
                                    LDAP_INVALID_CREDENTIALS, NULL, NULL );
-                               cache_return_entry( &li->li_cache, e );
-                               return( 1 );
+                               rc = 1;
+                               goto return_results;
                        }
                }
+               rc = 0;
                break;
 
        case LDAP_AUTH_KRBV42:
                send_ldap_result( conn, op, LDAP_SUCCESS, NULL, NULL );
-               cache_return_entry( &li->li_cache, e );
-               return( 1 );
+               /* stop front end from sending result */
+               rc = 1;
+               goto return_results;
 #endif
 
        default:
                send_ldap_result( conn, op, LDAP_STRONG_AUTH_NOT_SUPPORTED,
                    NULL, "auth method not supported" );
-               cache_return_entry( &li->li_cache, e );
-               return( 1 );
+               rc = 1;
+               goto return_results;
        }
 
-       cache_return_entry( &li->li_cache, e );
+return_results:;
+       /* free entry and reader lock */
+       cache_return_entry_r( &li->li_cache, e );
 
-       /* success:  front end will send result */
-       return( 0 );
+       /* front end with send result on success (rc==0) */
+       return( rc );
 }
+