X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;ds=sidebyside;f=servers%2Fslapd%2Fbind.c;h=29abd7869e58c45dd55980d48ea7cbb62165eff1;hb=029069d84a38aa3e77bec5757e43fb1ea32b53fc;hp=562ce5b54ab6c08665074201735a7ab76cc798a2;hpb=42e0d83cb3a1a1c5b25183f1ab74ce7edbe25de7;p=openldap

diff --git a/servers/slapd/bind.c b/servers/slapd/bind.c
index 562ce5b54a..29abd7869e 100644
--- a/servers/slapd/bind.c
+++ b/servers/slapd/bind.c
@@ -12,15 +12,14 @@
  * is provided ``as is'' without express or implied warranty.
  */
 
+#include "portable.h"
+
 #include <stdio.h>
-#include <string.h>
-#include <sys/types.h>
-#include <sys/socket.h>
-#include "slap.h"
 
-extern Backend	*select_backend();
+#include <ac/string.h>
+#include <ac/socket.h>
 
-extern char	*default_referral;
+#include "slap.h"
 
 void
 do_bind(
@@ -29,8 +28,9 @@ do_bind(
 )
 {
 	BerElement	*ber = op->o_ber;
-	int		version, method, len, rc;
-	char		*dn;
+	int		version, method, len;
+	char		*cdn, *ndn;
+	unsigned long	rc;
 	struct berval	cred;
 	Backend		*be;
 
@@ -50,7 +50,7 @@ do_bind(
 	 *	}
 	 */
 
-#ifdef COMPAT30
+#ifdef LDAP_COMPAT30
 	/*
 	 * in version 3.0 there is an extra SEQUENCE tag after the
 	 * BindRequest SEQUENCE tag.
@@ -65,27 +65,28 @@ do_bind(
 	if ( ber_peek_tag( &tber, &tlen ) == LBER_SEQUENCE ) {
 		Debug( LDAP_DEBUG_ANY, "version 3.0 detected\n", 0, 0, 0 );
 		conn->c_version = 30;
-		rc = ber_scanf(ber, "{{iato}}", &version, &dn, &method, &cred);
+		rc = ber_scanf(ber, "{{iato}}", &version, &cdn, &method, &cred);
 	} else {
-		rc = ber_scanf( ber, "{iato}", &version, &dn, &method, &cred );
+		rc = ber_scanf( ber, "{iato}", &version, &cdn, &method, &cred );
 	}
 	}
 #else
-	rc = ber_scanf( ber, "{iato}", &version, &dn, &method, &cred );
+	rc = ber_scanf( ber, "{iato}", &version, &cdn, &method, &cred );
 #endif
+
 	if ( rc == LBER_ERROR ) {
 		Debug( LDAP_DEBUG_ANY, "ber_scanf failed\n", 0, 0, 0 );
 		send_ldap_result( conn, op, LDAP_PROTOCOL_ERROR, NULL,
 		    "decoding error" );
 		return;
 	}
-#ifdef COMPAT30
+#ifdef LDAP_COMPAT30
 	if ( conn->c_version == 30 ) {
 		switch ( method ) {
 		case LDAP_AUTH_SIMPLE_30:
 			method = LDAP_AUTH_SIMPLE;
 			break;
-#ifdef KERBEROS
+#ifdef HAVE_KERBEROS
 		case LDAP_AUTH_KRBV41_30:
 			method = LDAP_AUTH_KRBV41;
 			break;
@@ -96,14 +97,21 @@ do_bind(
 		}
 	}
 #endif /* compat30 */
-	dn_normalize( dn );
+
+	Debug( LDAP_DEBUG_TRACE, "do_bind: version %d dn (%s) method %d\n",
+	    version, cdn, method );
+
+	ndn = dn_normalize_case( ch_strdup( cdn ) );
 
 	Statslog( LDAP_DEBUG_STATS, "conn=%d op=%d BIND dn=\"%s\" method=%d\n",
-	    conn->c_connid, op->o_opid, dn, method, 0 );
+	    conn->c_connid, op->o_opid, ndn, method, 0 );
 
 	if ( version != LDAP_VERSION2 ) {
-		if ( dn != NULL ) {
-			free( dn );
+		if ( cdn != NULL ) {
+			free( cdn );
+		}
+		if ( ndn != NULL ) {
+			free( ndn );
 		}
 		if ( cred.bv_val != NULL ) {
 			free( cred.bv_val );
@@ -115,13 +123,13 @@ do_bind(
 		return;
 	}
 
-	Debug( LDAP_DEBUG_TRACE, "do_bind: version %d dn (%s) method %d\n",
-	    version, dn, method );
-
 	/* accept null binds */
-	if ( dn == NULL || *dn == '\0' ) {
-		if ( dn != NULL ) {
-			free( dn );
+	if ( ndn == NULL || *ndn == '\0' ) {
+		if ( cdn != NULL ) {
+			free( cdn );
+		}
+		if ( ndn != NULL ) {
+			free( ndn );
 		}
 		if ( cred.bv_val != NULL ) {
 			free( cred.bv_val );
@@ -137,38 +145,76 @@ do_bind(
 	 * if we don't hold it.
 	 */
 
-	if ( (be = select_backend( dn )) == NULL ) {
-		free( dn );
+	if ( (be = select_backend( ndn )) == NULL ) {
+		free( cdn );
+		free( ndn );
 		if ( cred.bv_val != NULL ) {
 			free( cred.bv_val );
 		}
 		if ( cred.bv_len == 0 ) {
-			send_ldap_result( conn, op, LDAP_SUCCESS, NULL, NULL );
+			send_ldap_result( conn, op, LDAP_SUCCESS,
+				NULL, NULL );
+		} else if ( default_referral && *default_referral ) {
+			send_ldap_result( conn, op, LDAP_PARTIAL_RESULTS,
+				NULL, default_referral );
 		} else {
-			send_ldap_result( conn, op, LDAP_PARTIAL_RESULTS, NULL,
-			    default_referral );
+			send_ldap_result( conn, op, LDAP_INVALID_CREDENTIALS,
+				NULL, default_referral );
 		}
 		return;
 	}
 
 	if ( be->be_bind != NULL ) {
-		if ( (*be->be_bind)( be, conn, op, dn, method, &cred ) == 0 ) {
+		/* alias suffix */
+		char *edn;
+
+		ndn = suffixAlias( ndn, op, be );
+		dn_normalize_case( ndn );
+
+		if ( (*be->be_bind)( be, conn, op, ndn, method, &cred, &edn ) == 0 ) {
 			pthread_mutex_lock( &conn->c_dnmutex );
-			if ( conn->c_dn != NULL ) {
+
+			if ( conn->c_cdn != NULL ) {
+				free( conn->c_cdn );
+			}
+
+			conn->c_cdn = cdn;
+			cdn = NULL;
+
+			if ( conn->c_cdn != NULL ) {
 				free( conn->c_dn );
 			}
-			conn->c_dn = strdup( dn );
+
+			if(edn != NULL) {
+				conn->c_dn = edn;
+			} else {
+				conn->c_dn = ndn;
+				ndn = NULL;
+			}
+
+			Debug( LDAP_DEBUG_TRACE, "do_bind: bound \"%s\" to \"%s\"\n",
+	    		conn->c_cdn, conn->c_dn, method );
+
 			pthread_mutex_unlock( &conn->c_dnmutex );
 
 			/* send this here to avoid a race condition */
 			send_ldap_result( conn, op, LDAP_SUCCESS, NULL, NULL );
+
+		} else if (edn != NULL) {
+			free( edn );
 		}
+
 	} else {
 		send_ldap_result( conn, op, LDAP_UNWILLING_TO_PERFORM, NULL,
 		    "Function not implemented" );
 	}
 
-	free( dn );
+	if( cdn != NULL ) {
+		free( cdn );
+	}
+	if( ndn != NULL ) {
+		free( ndn );
+	}
 	if ( cred.bv_val != NULL ) {
 		free( cred.bv_val );
 	}