Initial implementation of Kerberos password verification for

[openldap] / servers / slurpd / ldap_op.c

diff --git a/servers/slurpd/ldap_op.c b/servers/slurpd/ldap_op.c
index 404f321ef4f7966db123ea7b648cf889385c5536..6671ac6adefe25d4e04fdd051ab8354d52ea2161 100644 (file)
--- a/servers/slurpd/ldap_op.c
+++ b/servers/slurpd/ldap_op.c
@@ -1,3 +1,4 @@
+/* $OpenLDAP$ */
 /*
  * Copyright (c) 1996 Regents of the University of Michigan.
  * All rights reserved.
@@ -28,6 +29,11 @@
 
 #include <ac/krb.h>
 
+#if defined( STR_TRANSLATION ) && defined( LDAP_DEFAULT_CHARSET )
+/* Get LDAP->ld_lberoptions.  Must precede slurp.h, both define ldap_debug. */
+#include "../../libraries/libldap/ldap-int.h"
+#endif
+
 #include <lber.h>
 #include <ldap.h>
 
@@ -45,7 +51,9 @@ static void free_ldmarr LDAP_P(( LDAPMod ** ));
 static int getmodtype LDAP_P(( char * ));
 static void dump_ldm_array LDAP_P(( LDAPMod ** ));
 static char **read_krbnames LDAP_P(( Ri * ));
+#ifdef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND
 static void upcase LDAP_P(( char * ));
+#endif
 static int do_bind LDAP_P(( Ri *, int * ));
 static int do_unbind LDAP_P(( Ri * ));
 
@@ -81,8 +89,10 @@ do_ldap(
     while ( retry > 0 ) {
        if ( ri->ri_ldp == NULL ) {
            rc = do_bind( ri, &lderr );
+
            if ( rc != BIND_OK ) {
-               return DO_LDAP_ERR_RETRYABLE;
+                       (void) do_unbind( ri );
+                       return DO_LDAP_ERR_RETRYABLE;
            }
        }
 
@@ -350,9 +360,12 @@ op_ldap_delete(
 /*
  * Perform an ldap modrdn operation.
  */
-#define        GOT_NEWRDN              1
-#define        GOT_DRDNFLAGSTR         2
-#define        GOT_ALLNEWRDNFLAGS      ( GOT_NEWRDN | GOT_DRDNFLAGSTR )
+#define        GOT_NEWRDN              0x1
+#define        GOT_DELOLDRDN   0x2
+#define GOT_NEWSUP             0x4
+
+#define GOT_MODDN_REQ  (GOT_NEWRDN|GOT_DELOLDRDN)
+#define        GOT_ALL_MODDN(f)        (((f) & GOT_MODDN_REQ) == GOT_MODDN_REQ)
 static int
 op_ldap_modrdn(
     Ri         *ri,
@@ -367,6 +380,7 @@ op_ldap_modrdn(
     int                state = 0;
     int                drdnflag = -1;
     char       *newrdn;
+       char    *newsup = NULL;
 
     if ( re->re_mods == NULL ) {
        *errmsg = "No arguments given";
@@ -380,10 +394,27 @@ op_ldap_modrdn(
      */
     for ( mi = re->re_mods, i = 0; mi[ i ].mi_type != NULL; i++ ) {
        if ( !strcmp( mi[ i ].mi_type, T_NEWRDNSTR )) {
+               if( state & GOT_NEWRDN ) {
+               Debug( LDAP_DEBUG_ANY,
+                       "Error: op_ldap_modrdn: multiple newrdn arg \"%s\"\n",
+                       mi[ i ].mi_val, 0, 0 );
+               *errmsg = "Multiple newrdn argument";
+               return -1;
+               }
+
            newrdn = mi[ i ].mi_val;
            state |= GOT_NEWRDN;
-       } else if ( !strcmp( mi[ i ].mi_type, T_DRDNFLAGSTR )) {
-           state |= GOT_DRDNFLAGSTR;
+
+       } else if ( !strcmp( mi[ i ].mi_type, T_DELOLDRDNSTR )) {
+               if( state & GOT_DELOLDRDN ) {
+               Debug( LDAP_DEBUG_ANY,
+                       "Error: op_ldap_modrdn: multiple deleteoldrdn arg \"%s\"\n",
+                       mi[ i ].mi_val, 0, 0 );
+               *errmsg = "Multiple newrdn argument";
+               return -1;
+               }
+
+           state |= GOT_DELOLDRDN;
            if ( !strcmp( mi[ i ].mi_val, "0" )) {
                drdnflag = 0;
            } else if ( !strcmp( mi[ i ].mi_val, "1" )) {
@@ -395,6 +426,19 @@ op_ldap_modrdn(
                *errmsg = "Incorrect argument to deleteoldrdn";
                return -1;
            }
+
+       } else if ( !strcmp( mi[ i ].mi_type, T_NEWSUPSTR )) {
+               if( state & GOT_NEWSUP ) {
+               Debug( LDAP_DEBUG_ANY,
+                       "Error: op_ldap_modrdn: multiple newsuperior arg \"%s\"\n",
+                       mi[ i ].mi_val, 0, 0 );
+               *errmsg = "Multiple newrdn argument";
+               return -1;
+               }
+
+               newrdn = mi[ i ].mi_val;
+           state |= GOT_NEWSUP;
+
        } else {
            Debug( LDAP_DEBUG_ANY, "Error: op_ldap_modrdn: bad type \"%s\"\n",
                    mi[ i ].mi_type, 0, 0 );
@@ -406,7 +450,7 @@ op_ldap_modrdn(
     /*
      * Punt if we don't have all the args.
      */
-    if ( state != GOT_ALLNEWRDNFLAGS ) {
+    if ( GOT_ALL_MODDN(state) ) {
        Debug( LDAP_DEBUG_ANY, "Error: op_ldap_modrdn: missing arguments\n",
                0, 0, 0 );
        *errmsg = "Missing argument: requires \"newrdn\" and \"deleteoldrdn\"";
@@ -429,7 +473,7 @@ op_ldap_modrdn(
 #endif /* LDAP_DEBUG */
 
     /* Do the modrdn */
-    rc = ldap_modrdn2_s( ri->ri_ldp, re->re_dn, mi->mi_val, drdnflag );
+    rc = ldap_rename2_s( ri->ri_ldp, re->re_dn, mi->mi_val, newsup, drdnflag );
 
        ldap_get_option( ri->ri_ldp, LDAP_OPT_ERROR_NUMBER, &lderr);
     return( lderr );
@@ -583,7 +627,7 @@ do_bind(
 )
 {
     int                ldrc;
-#ifdef HAVE_KERBEROS
+#ifdef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND
     int rc;
     int retval = 0;
     int kni, got_tgt;
@@ -592,7 +636,7 @@ do_bind(
     char realm[ REALM_SZ ];
     char name[ ANAME_SZ ];
     char instance[ INST_SZ ];
-#endif /* HAVE_KERBEROS */
+#endif /* LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND */
 
     *lderr = 0;
 
@@ -638,12 +682,12 @@ do_bind(
 
     switch ( ri->ri_bind_method ) {
     case AUTH_KERBEROS:
-#ifndef HAVE_KERBEROS
+#ifndef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND
        Debug( LDAP_DEBUG_ANY,
            "Error: Kerberos bind for %s:%d, but not compiled w/kerberos\n",
            ri->ri_hostname, ri->ri_port, 0 );
        return( BIND_ERR_KERBEROS_FAILED );
-#else /* HAVE_KERBEROS */
+#else /* LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND */
        /*
         * Bind using kerberos.
         * If "bindprincipal" was given in the config file, then attempt
@@ -719,7 +763,7 @@ kexit:      if ( krbnames != NULL ) {
        }
        return( retval);
        break;
-#endif /* HAVE_KERBEROS */
+#endif /* LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND */
     case AUTH_SIMPLE:
        /*
         * Bind with a plaintext password.
@@ -846,6 +890,7 @@ read_krbnames(
 }
 
 
+#ifdef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND
 
 /*
  * upcase a string
@@ -861,3 +906,5 @@ upcase(
            *p = TOUPPER( (unsigned char) *p );
     }
 }
+
+#endif /* LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND */