Code clean-up.

[openldap] / servers / slapd / back-ldbm / bind.c
diff --git a/servers/slapd/back-ldbm/bind.c b/servers/slapd/back-ldbm/bind.c

index 66dfddbceb55fff38dc5908f1f2c953635238a09..ac461e7668f04296c1d3a498d063864ba0eae960 100644 (file)
--- a/servers/slapd/back-ldbm/bind.c
+++ b/servers/slapd/back-ldbm/bind.c
@@ -1,47 +1,24 @@
  /* bind.c - ldbm backend bind and unbind routines */
  
+#include "portable.h"
+
  #include <stdio.h>
-#include <string.h>
-#include <sys/types.h>
-#include <sys/socket.h>
+
+#include <ac/krb.h>
+#include <ac/socket.h>
+#include <ac/string.h>
+#include <ac/unistd.h>
+
  #include "slap.h"
  #include "back-ldbm.h"
  #include "proto-back-ldbm.h"
-#ifdef KERBEROS
-#ifdef KERBEROS_V
-#include <kerberosIV/krb.h>
-#else
-#include <krb.h>
-#endif /* KERBEROS_V */
-#endif /* KERBEROS */
-
-#ifdef LDAP_CRYPT
-/* change for crypted passwords -- lukeh */
-#ifdef __NeXT__
-extern char *crypt (char *key, char *salt);
-#else
-#include <unistd.h>
-#endif
-#endif /* LDAP_CRYPT */
-
-#ifdef LDAP_SHA1
-#include <lutil_sha1.h>
-#endif /* LDAP_SHA1 */
-#ifdef LDAP_MD5
-#include <lutil_md5.h>
-#endif /* LDAP_MD5 */
  
  #include <lutil.h>
  
-extern Attribute       *attr_find();
-
-#ifdef KERBEROS
+#ifdef HAVE_KERBEROS
  extern int     krbv4_ldap_auth();
  #endif
  
-#ifdef LDAP_CRYPT
-pthread_mutex_t crypt_mutex;
-
  static int
  crypted_value_find(
         struct berval       **vals,
@@ -53,62 +30,23 @@ crypted_value_find(
  {
         int     i;
         for ( i = 0; vals[i] != NULL; i++ ) {
-               if ( syntax != SYNTAX_BIN && strncasecmp( "{CRYPT}",
-                       vals[i]->bv_val, (sizeof("{CRYPT}") - 1 ) ) == 0 ) {
-                               char *userpassword = vals[i]->bv_val + sizeof("{CRYPT}") - 1;
-                               pthread_mutex_lock( &crypt_mutex );
-                               if (strcmp(userpassword, crypt(cred->bv_val,
-                                               userpassword)) == 0) {
-                                       pthread_mutex_unlock( &crypt_mutex );
-                                       return ( 0 );
-                               }
-                               pthread_mutex_unlock( &crypt_mutex );
-#ifdef LDAP_MD5
-               } else if ( syntax != SYNTAX_BIN && strncasecmp( "{MD5}",
-                       vals[i]->bv_val, (sizeof("{MD5}") - 1 ) ) == 0 ) {
-                               ldap_MD5_CTX MD5context;
-                               unsigned char MD5digest[20];
-                               char base64digest[29];  /* ceiling(sizeof(input)/3) * 4 + 1 */
-
-                               char *userpassword = vals[i]->bv_val + sizeof("{MD5}") - 1;
+               if ( syntax != SYNTAX_BIN ) {
+                       int result;
  
-                               ldap_MD5Init(&MD5context);
-                               ldap_MD5Update(&MD5context, cred->bv_val, strlen(cred->bv_val));
-                               ldap_MD5Final(MD5digest, &MD5context);
-
-                               if (b64_ntop(MD5digest, sizeof(MD5digest),
-                                       base64digest, sizeof(base64digest)) < 0)
-                               {
-                                       return ( 1 );
-                               }
-
-                               if (strcmp(userpassword, base64digest) == 0) {
-                                       return ( 0 );
-                               }
-#endif /* LDAP_MD5 */
-#ifdef LDAP_SHA1
-               } else if ( syntax != SYNTAX_BIN && strncasecmp( "{SHA}",
-                       vals[i]->bv_val, (sizeof("{SHA}") - 1 ) ) == 0 ) {
-                               ldap_SHA1_CTX SHA1context;
-                               unsigned char SHA1digest[20];
-                               char base64digest[29];  /* ceiling(sizeof(input)/3) * 4 + 1 */
+#ifdef SLAPD_CRYPT
+                       ldap_pvt_thread_mutex_lock( &crypt_mutex );
+#endif
  
-                               char *userpassword = vals[i]->bv_val + sizeof("{SHA}") - 1;
+                       result = lutil_passwd(
+                               (char*) cred->bv_val,
+                               (char*) vals[i]->bv_val);
  
-                               ldap_SHA1Init(&SHA1context);
-                               ldap_SHA1Update(&SHA1context, cred->bv_val, strlen(cred->bv_val));
-                               ldap_SHA1Final(SHA1digest, &SHA1context);
+#ifdef SLAPD_CRYPT
+                       ldap_pvt_thread_mutex_unlock( &crypt_mutex );
+#endif
  
-                               if (b64_ntop(SHA1digest, sizeof(SHA1digest),
-                                       base64digest, sizeof(base64digest)) < 0)
-                               {
-                                       return ( 1 );
-                               }
+                       return result;
  
-                               if (strcmp(userpassword, base64digest) == 0) {
-                                       return ( 0 );
-                               }
-#endif /* LDAP_SHA1 */
                 } else {
                  if ( value_cmp( vals[i], v, syntax, normalize ) == 0 ) {
                          return( 0 );
@@ -118,7 +56,6 @@ crypted_value_find(
  
         return( 1 );
  }
-#endif /* LDAP_CRYPT */
  
  int
  ldbm_back_bind(
@@ -127,21 +64,24 @@ ldbm_back_bind(
      Operation          *op,
      char               *dn,
      int                        method,
-    struct berval      *cred
+    struct berval      *cred,
+       char**  edn
  )
  {
         struct ldbminfo *li = (struct ldbminfo *) be->be_private;
         Entry           *e;
         Attribute       *a;
         int             rc;
-       char            *matched = NULL;
-#ifdef KERBEROS
+       char            *matched;
+#ifdef HAVE_KERBEROS
         char            krbname[MAX_K_NAME_SZ + 1];
         AUTH_DAT        ad;
  #endif
  
         Debug(LDAP_DEBUG_ARGS, "==> ldbm_back_bind: dn: %s\n", dn, 0, 0);
  
+       *edn = NULL;
+
         /* get entry with reader lock */
         if ( (e = dn2entry_r( be, dn, &matched )) == NULL ) {
                 /* allow noauth binds */
@@ -154,6 +94,7 @@ ldbm_back_bind(
                         rc = 1;
                 } else if ( be_isroot_pw( be, dn, cred ) ) {
                         /* front end will send result */
+                       *edn = ch_strdup( be_root_dn( be ) );
                         rc = 0;
                 } else {
                         send_ldap_result( conn, op, LDAP_NO_SUCH_OBJECT, matched, NULL );
@@ -165,6 +106,8 @@ ldbm_back_bind(
                 return( rc );
         }
  
+       *edn = ch_strdup( e->e_dn );
+
         /* check for deleted */
  
         switch ( method ) {
@@ -177,6 +120,7 @@ ldbm_back_bind(
                         goto return_results;
                 } else if ( be_isroot_pw( be, dn, cred ) ) {
                         /* front end will send result */
+                       *edn = ch_strdup( be_root_dn( be ) );
                         rc = 0;
                         goto return_results;
                 }
@@ -184,6 +128,7 @@ ldbm_back_bind(
                 if ( (a = attr_find( e->e_attrs, "userpassword" )) == NULL ) {
                         if ( be_isroot_pw( be, dn, cred ) ) {
                                 /* front end will send result */
+                               *edn = ch_strdup( be_root_dn( be ) );
                                 rc = 0;
                                 goto return_results;
                         }
@@ -193,14 +138,11 @@ ldbm_back_bind(
                         goto return_results;
                 }
  
-#ifdef LDAP_CRYPT
                 if ( crypted_value_find( a->a_vals, cred, a->a_syntax, 0, cred ) != 0 )
-#else
-               if ( value_find( a->a_vals, cred, a->a_syntax, 0 ) != 0 )
-#endif
                 {
                         if ( be_isroot_pw( be, dn, cred ) ) {
                                 /* front end will send result */
+                               *edn = ch_strdup( be_root_dn( be ) );
                                 rc = 0;
                                 goto return_results;
                         }
@@ -212,7 +154,7 @@ ldbm_back_bind(
                 rc = 0;
                 break;
  
-#ifdef KERBEROS
+#ifdef HAVE_KERBEROS
         case LDAP_AUTH_KRBV41:
                 if ( krbv4_ldap_auth( be, cred, &ad ) != LDAP_SUCCESS ) {
                         send_ldap_result( conn, op, LDAP_INVALID_CREDENTIALS,
@@ -247,6 +189,7 @@ ldbm_back_bind(
                                 goto return_results;
                         }
                 }
+               rc = 0;
                 break;
  
         case LDAP_AUTH_KRBV42: