X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=libraries%2Flibldap%2Fbind.c;h=db7d0fcf18fc2aa436ae8dfa1b2b92c10fa8bc73;hb=7d13ef7e42f1514dd99878835a13a700da4f4b69;hp=8fe3b358b35b0615981d6c019c088322cc8568a2;hpb=21c70857f1029309d6bc5a5b6a93d7537494b742;p=openldap
diff --git a/libraries/libldap/bind.c b/libraries/libldap/bind.c
index 8fe3b358b3..db7d0fcf18 100644
--- a/libraries/libldap/bind.c
+++ b/libraries/libldap/bind.c
@@ -1,12 +1,20 @@
-/*
- * Copyright 1998-1999 The OpenLDAP Foundation, All Rights Reserved.
- * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
- */
-/* Portions
- * Copyright (c) 1990 Regents of the University of Michigan.
- * All rights reserved.
+/* bind.c */
+/* $OpenLDAP$ */
+/* This work is part of OpenLDAP Software .
+ *
+ * Copyright 1998-2012 The OpenLDAP Foundation.
+ * All rights reserved.
*
- * bind.c
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * .
+ */
+/* Portions Copyright (c) 1990 Regents of the University of Michigan.
+ * All rights reserved.
*/
#include "portable.h"
@@ -20,14 +28,33 @@
#include
#include "ldap-int.h"
+#include "ldap_log.h"
+/*
+ * BindRequest ::= SEQUENCE {
+ * version INTEGER,
+ * name DistinguishedName, -- who
+ * authentication CHOICE {
+ * simple [0] OCTET STRING -- passwd
+ * krbv42ldap [1] OCTET STRING -- OBSOLETE
+ * krbv42dsa [2] OCTET STRING -- OBSOLETE
+ * sasl [3] SaslCredentials -- LDAPv3
+ * }
+ * }
+ *
+ * BindResponse ::= SEQUENCE {
+ * COMPONENTS OF LDAPResult,
+ * serverSaslCreds OCTET STRING OPTIONAL -- LDAPv3
+ * }
+ *
+ * (Source: RFC 2251)
+ */
/*
* ldap_bind - bind to the ldap server (and X.500). The dn and password
* of the entry to which to bind are supplied, along with the authentication
* method to use. The msgid of the bind request is returned on success,
- * -1 if there's trouble. Note, the kerberos support assumes the user already
- * has a valid tgt for now. ldap_result() should be called to find out the
+ * -1 if there's trouble. ldap_result() should be called to find out the
* outcome of the bind request.
*
* Example:
@@ -38,36 +65,21 @@
int
ldap_bind( LDAP *ld, LDAP_CONST char *dn, LDAP_CONST char *passwd, int authmethod )
{
- /*
- * The bind request looks like this:
- * BindRequest ::= SEQUENCE {
- * version INTEGER,
- * name DistinguishedName, -- who
- * authentication CHOICE {
- * simple [0] OCTET STRING -- passwd
-#ifdef HAVE_KERBEROS
- * krbv42ldap [1] OCTET STRING
- * krbv42dsa [2] OCTET STRING
-#endif
- * }
- * }
- * all wrapped up in an LDAPMessage sequence.
- */
-
Debug( LDAP_DEBUG_TRACE, "ldap_bind\n", 0, 0, 0 );
switch ( authmethod ) {
case LDAP_AUTH_SIMPLE:
return( ldap_simple_bind( ld, dn, passwd ) );
-#ifdef HAVE_KERBEROS
- case LDAP_AUTH_KRBV41:
- return( ldap_kerberos_bind1( ld, dn ) );
-
- case LDAP_AUTH_KRBV42:
- return( ldap_kerberos_bind2( ld, dn ) );
+#ifdef HAVE_GSSAPI
+ case LDAP_AUTH_NEGOTIATE:
+ return( ldap_gssapi_bind_s( ld, dn, passwd) );
#endif
+ case LDAP_AUTH_SASL:
+ /* user must use ldap_sasl_bind */
+ /* FALL-THRU */
+
default:
ld->ld_errno = LDAP_AUTH_UNKNOWN;
return( -1 );
@@ -79,8 +91,7 @@ ldap_bind( LDAP *ld, LDAP_CONST char *dn, LDAP_CONST char *passwd, int authmetho
* of the entry to which to bind are supplied, along with the authentication
* method to use. This routine just calls whichever bind routine is
* appropriate and returns the result of the bind (e.g. LDAP_SUCCESS or
- * some other error indication). Note, the kerberos support assumes the
- * user already has a valid tgt for now.
+ * some other error indication).
*
* Examples:
* ldap_bind_s( ld, "cn=manager, o=university of michigan, c=us",
@@ -101,26 +112,16 @@ ldap_bind_s(
case LDAP_AUTH_SIMPLE:
return( ldap_simple_bind_s( ld, dn, passwd ) );
-#ifdef HAVE_KERBEROS
- case LDAP_AUTH_KRBV4:
- return( ldap_kerberos_bind_s( ld, dn ) );
-
- case LDAP_AUTH_KRBV41:
- return( ldap_kerberos_bind1_s( ld, dn ) );
-
- case LDAP_AUTH_KRBV42:
- return( ldap_kerberos_bind2_s( ld, dn ) );
+#ifdef HAVE_GSSAPI
+ case LDAP_AUTH_NEGOTIATE:
+ return( ldap_gssapi_bind_s( ld, dn, passwd) );
#endif
+ case LDAP_AUTH_SASL:
+ /* user must use ldap_sasl_bind */
+ /* FALL-THRU */
+
default:
return( ld->ld_errno = LDAP_AUTH_UNKNOWN );
}
}
-
-
-void
-ldap_set_rebind_proc( LDAP *ld, int (*rebindproc)( LDAP *ld, char **dnp,
- char **passwdp, int *authmethodp, int freeit ))
-{
- ld->ld_rebindproc = rebindproc;
-}