/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2003 The OpenLDAP Foundation.
+ * Copyright 1998-2004 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
#include "ldap_pvt.h"
#include "slap.h"
#ifdef LDAP_SLAPI
-#include "slapi.h"
+#include "slapi/slapi.h"
#endif
{
BerElement *ber = op->o_ber;
ber_int_t version;
- ber_tag_t method;
struct berval mech = { 0, NULL };
struct berval dn = { 0, NULL };
ber_tag_t tag;
* }
*/
- tag = ber_scanf( ber, "{imt" /*}*/, &version, &dn, &method );
+ tag = ber_scanf( ber, "{imt" /*}*/, &version, &dn, &op->orb_method );
if ( tag == LBER_ERROR ) {
#ifdef NEW_LOGGING
op->o_protocol = version;
- if( method != LDAP_AUTH_SASL ) {
+ if( op->orb_method != LDAP_AUTH_SASL ) {
tag = ber_scanf( ber, /*{*/ "m}", &op->orb_cred );
} else {
goto cleanup;
}
- if( method == LDAP_AUTH_SASL ) {
+ if( op->orb_method == LDAP_AUTH_SASL ) {
#ifdef NEW_LOGGING
LDAP_LOG( OPERATION, DETAIL1,
"do_sasl_bind: conn %d dn (%s) mech %s\n",
LDAP_LOG( OPERATION, DETAIL1,
"do_bind: version=%ld dn=\"%s\" method=%ld\n",
(unsigned long) version, op->o_req_dn.bv_val,
- (unsigned long) method );
+ (unsigned long) op->orb_method );
#else
Debug( LDAP_DEBUG_TRACE,
"do_bind: version=%ld dn=\"%s\" method=%ld\n",
(unsigned long) version, op->o_req_dn.bv_val,
- (unsigned long) method );
+ (unsigned long) op->orb_method );
#endif
}
Statslog( LDAP_DEBUG_STATS, "conn=%lu op=%lu BIND dn=\"%s\" method=%ld\n",
- op->o_connid, op->o_opid, op->o_req_dn.bv_val, (unsigned long) method,
+ op->o_connid, op->o_opid, op->o_req_dn.bv_val, (unsigned long) op->orb_method,
0 );
if ( version < LDAP_VERSION_MIN || version > LDAP_VERSION_MAX ) {
/* Set the bindop for the benefit of in-directory SASL lookups */
op->o_conn->c_sasl_bindop = op;
- if ( method == LDAP_AUTH_SASL ) {
+ if ( op->orb_method == LDAP_AUTH_SASL ) {
if ( version < LDAP_VERSION3 ) {
#ifdef NEW_LOGGING
LDAP_LOG( OPERATION, INFO,
* SASL bind.
*/
if ( pb ) {
- slapi_x_pblock_set_operation( pb, op );
+ slapi_int_pblock_set_operation( pb, op );
slapi_pblock_set( pb, SLAPI_BIND_TARGET, (void *)dn.bv_val );
- slapi_pblock_set( pb, SLAPI_BIND_METHOD, (void *)method );
+ slapi_pblock_set( pb, SLAPI_BIND_METHOD, (void *)op->orb_method );
slapi_pblock_set( pb, SLAPI_BIND_CREDENTIALS, (void *)&op->orb_cred );
slapi_pblock_set( pb, SLAPI_MANAGEDSAIT, (void *)(0) );
- (void) doPluginFNs( op->o_bd, SLAPI_PLUGIN_POST_BIND_FN, pb );
+ (void) slapi_int_call_plugins( op->o_bd, SLAPI_PLUGIN_POST_BIND_FN, pb );
}
#endif /* LDAP_SLAPI */
ldap_pvt_thread_mutex_unlock( &op->o_conn->c_mutex );
}
- if ( method == LDAP_AUTH_SIMPLE ) {
+ if ( op->orb_method == LDAP_AUTH_SIMPLE ) {
+ ber_str2bv( "SIMPLE", sizeof("SIMPLE")-1, 0, &mech );
/* accept "anonymous" binds */
if ( op->orb_cred.bv_len == 0 || op->o_req_ndn.bv_len == 0 ) {
rs->sr_err = LDAP_SUCCESS;
}
#ifdef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND
- } else if ( method == LDAP_AUTH_KRBV41 || method == LDAP_AUTH_KRBV42 ) {
+ } else if ( op->orb_method == LDAP_AUTH_KRBV41 || op->orb_method == LDAP_AUTH_KRBV42 ) {
if ( global_disallows & SLAP_DISALLOW_BIND_KRBV4 ) {
/* disallow simple authentication */
rs->sr_err = LDAP_UNWILLING_TO_PERFORM;
#endif
goto cleanup;
}
+ ber_str2bv( "KRBV4", sizeof("KRBV4")-1, 0, &mech );
#endif
} else {
#ifdef NEW_LOGGING
LDAP_LOG( OPERATION, INFO,
"do_bind: conn %ld v%d unknown authentication method (%ld)\n",
- op->o_connid, version, method );
+ op->o_connid, version, op->orb_method );
#else
Debug( LDAP_DEBUG_TRACE,
"do_bind: v%d unknown authentication method (%ld)\n",
- version, method, 0 );
+ version, op->orb_method, 0 );
#endif
goto cleanup;
}
#if defined( LDAP_SLAPI )
if ( pb ) {
int rc;
- slapi_x_pblock_set_operation( pb, op );
+ slapi_int_pblock_set_operation( pb, op );
slapi_pblock_set( pb, SLAPI_BIND_TARGET, (void *)dn.bv_val );
- slapi_pblock_set( pb, SLAPI_BIND_METHOD, (void *)method );
+ slapi_pblock_set( pb, SLAPI_BIND_METHOD, (void *)op->orb_method );
slapi_pblock_set( pb, SLAPI_BIND_CREDENTIALS, (void *)&op->orb_cred );
slapi_pblock_set( pb, SLAPI_MANAGEDSAIT, (void *)(0) );
slapi_pblock_set( pb, SLAPI_CONN_DN, (void *)(0) );
- rc = doPluginFNs( op->o_bd, SLAPI_PLUGIN_PRE_BIND_FN, pb );
+ rc = slapi_int_call_plugins( op->o_bd, SLAPI_PLUGIN_PRE_BIND_FN, pb );
#ifdef NEW_LOGGING
LDAP_LOG( OPERATION, INFO,
}
/* log authorization identity */
Statslog( LDAP_DEBUG_STATS,
- "conn=%lu op=%lu BIND dn=\"%s\" mech=simple (SLAPI) ssf=0\n",
+ "conn=%lu op=%lu BIND dn=\"%s\" mech=%s (SLAPI) ssf=0\n",
op->o_connid, op->o_opid,
op->o_conn->c_dn.bv_val ? op->o_conn->c_dn.bv_val : "<empty>",
- 0, 0 );
+ mech.bv_val, 0 );
ldap_pvt_thread_mutex_unlock( &op->o_conn->c_mutex );
}
goto cleanup;
#endif /* defined( LDAP_SLAPI ) */
if( op->o_bd->be_bind ) {
- op->orb_method = method;
rs->sr_err = (op->o_bd->be_bind)( op, rs );
if ( rs->sr_err == 0 ) {
/* log authorization identity */
Statslog( LDAP_DEBUG_STATS,
- "conn=%lu op=%lu BIND dn=\"%s\" mech=simple ssf=0\n",
+ "conn=%lu op=%lu BIND dn=\"%s\" mech=%s ssf=0\n",
op->o_connid, op->o_opid,
- op->o_conn->c_dn.bv_val, 0, 0 );
+ op->o_conn->c_dn.bv_val, mech.bv_val, 0 );
#ifdef NEW_LOGGING
LDAP_LOG( OPERATION, DETAIL1,
}
#if defined( LDAP_SLAPI )
- if ( pb && doPluginFNs( op->o_bd, SLAPI_PLUGIN_POST_BIND_FN, pb ) < 0 ) {
+ if ( pb != NULL && slapi_int_call_plugins( op->o_bd, SLAPI_PLUGIN_POST_BIND_FN, pb ) < 0 ) {
#ifdef NEW_LOGGING
LDAP_LOG( OPERATION, INFO,
"do_bind: Bind postoperation plugins failed\n",
#endif /* defined( LDAP_SLAPI ) */
cleanup:
+ if ( rs->sr_err == LDAP_SUCCESS ) {
+ if ( op->orb_method != LDAP_AUTH_SASL ) {
+ ber_dupbv( &op->o_conn->c_authmech, &mech );
+ }
+ op->o_conn->c_authtype = op->orb_method;
+ }
op->o_conn->c_sasl_bindop = NULL;