cleanup bind

[openldap] / servers / slapd / bind.c

diff --git a/servers/slapd/bind.c b/servers/slapd/bind.c
index fca299d6f86860ce145368515886c5db587cbdf5..b8553f7b6fb78576971ccf4dc9f0e24784e4a27b 100644 (file)
--- a/servers/slapd/bind.c
+++ b/servers/slapd/bind.c
@@ -18,7 +18,6 @@
  */
 
 #include "portable.h"
-#include "slapi_common.h"
 
 #include <stdio.h>
 
@@ -27,7 +26,9 @@
 
 #include "ldap_pvt.h"
 #include "slap.h"
+#ifdef LDAP_SLAPI
 #include "slapi.h"
+#endif
 
 
 int
@@ -50,7 +51,9 @@ do_bind(
        struct berval cred = { 0, NULL };
        Backend *be = NULL;
 
+#ifdef LDAP_SLAPI
        Slapi_PBlock *pb = op->o_pb;
+#endif
 
 #ifdef NEW_LOGGING
        LDAP_LOG( OPERATION, ENTRY, "do_bind: conn %d\n", conn->c_connid, 0, 0 );
@@ -67,7 +70,7 @@ do_bind(
        /* log authorization identity demotion */
        if ( conn->c_dn.bv_len ) {
                Statslog( LDAP_DEBUG_STATS,
-                       "conn=%lu op=%lu AUTHZ anonymous mech=implicit ssf=0",
+                       "conn=%lu op=%lu BIND anonymous mech=implicit ssf=0",
                        op->o_connid, op->o_opid, 0, 0, 0 );
        }
 
@@ -102,8 +105,8 @@ do_bind(
         *      }
         *
         *      SaslCredentials ::= SEQUENCE {
-     *         mechanism           LDAPString,
-     *         credentials         OCTET STRING OPTIONAL
+        *              mechanism           LDAPString,
+        *              credentials         OCTET STRING OPTIONAL
         *      }
         */
 
@@ -224,7 +227,8 @@ do_bind(
                version < LDAP_VERSION3 )
        {
                send_ldap_result( conn, op, rc = LDAP_PROTOCOL_ERROR,
-                       NULL, "requested protocol version not allowed", NULL, NULL );
+                       NULL, "historical protocol version requested, use LDAPv3 instead",
+                       NULL, NULL );
                goto cleanup;
        }
 
@@ -330,7 +334,7 @@ do_bind(
 
                        /* log authorization identity */
                        Statslog( LDAP_DEBUG_STATS,
-                               "conn=%lu op=%lu AUTHZ dn=\"%s\" mech=%s ssf=%d\n",
+                               "conn=%lu op=%lu BIND dn=\"%s\" mech=%s ssf=%d\n",
                                op->o_connid, op->o_opid,
                                conn->c_dn.bv_val ? conn->c_dn.bv_val : "<empty>",
                                conn->c_authmech.bv_val, ssf );
@@ -396,7 +400,7 @@ do_bind(
                        {
                                /* DN is not empty, disallow */
                                rc = LDAP_UNWILLING_TO_PERFORM;
-                               text = "unwilling to allow anonymous bind with non-empty DN";
+                               text = "unauthenticated bind (DN with no password) disallowed";
 
                        } else if ( global_disallows & SLAP_DISALLOW_BIND_ANON ) {
                                /* disallow */
@@ -542,7 +546,8 @@ do_bind(
        slapi_x_operation_set_pb( pb, op );
        slapi_pblock_set( pb, SLAPI_BIND_TARGET, (void *)dn.bv_val );
        slapi_pblock_set( pb, SLAPI_BIND_METHOD, (void *)method );
-       slapi_pblock_set( pb, SLAPI_MANAGEDSAIT, (void *)(1) );
+       slapi_pblock_set( pb, SLAPI_BIND_CREDENTIALS, (void *)&cred );
+       slapi_pblock_set( pb, SLAPI_MANAGEDSAIT, (void *)(0) );
 
        rc = doPluginFNs( be, SLAPI_PLUGIN_PRE_BIND_FN, pb );
        if ( rc != SLAPI_BIND_SUCCESS ) {
@@ -558,7 +563,7 @@ do_bind(
                int ldapRc;
 
                if ( slapi_pblock_get( pb, SLAPI_RESULT_CODE, (void *)&ldapRc ) != 0 )
-                       ldapRc = LDAP_OPERATIONS_ERROR;
+                       ldapRc = LDAP_OTHER;
 
                edn.bv_val = NULL;
                edn.bv_len = 0;
@@ -581,7 +586,7 @@ do_bind(
                        }
                        /* log authorization identity */
                        Statslog( LDAP_DEBUG_STATS,
-                               "conn=%lu op=%lu AUTHZ dn=\"%s\" mech=simple (SLAPI) ssf=0\n",
+                               "conn=%lu op=%lu BIND dn=\"%s\" mech=simple (SLAPI) ssf=0\n",
                                op->o_connid, op->o_opid,
                                conn->c_dn.bv_val, 0, 0 );
                        ldap_pvt_thread_mutex_unlock( &conn->c_mutex );
@@ -601,9 +606,6 @@ do_bind(
        if ( be->be_bind ) {
                int ret;
 
-               /* deref suffix alias if appropriate */
-               suffix_alias( be, &ndn );
-
                ret = (*be->be_bind)( be, conn, op,
                        &pdn, &ndn, method, &cred, &edn );
 
@@ -634,7 +636,7 @@ do_bind(
 
                        /* log authorization identity */
                        Statslog( LDAP_DEBUG_STATS,
-                               "conn=%lu op=%lu AUTHZ dn=\"%s\" mech=simple ssf=0\n",
+                               "conn=%lu op=%lu BIND dn=\"%s\" mech=simple ssf=0\n",
                                op->o_connid, op->o_opid,
                                conn->c_dn.bv_val, conn->c_authmech.bv_val, 0 );