X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=libraries%2Flibldap%2Fkbind.c;h=5e63698ddc7e2d4fbf58fe7286a97d05cbc224c7;hb=613bf0b077ee2afdd254f073b876098519643c00;hp=2831226ed8cde851a96525d06931cfd6cbff263e;hpb=2a869f5a99f537b246ba8640502e2a86117cb6e8;p=openldap diff --git a/libraries/libldap/kbind.c b/libraries/libldap/kbind.c index 2831226ed8..5e63698ddc 100644 --- a/libraries/libldap/kbind.c +++ b/libraries/libldap/kbind.c @@ -1,32 +1,50 @@ /* + * Copyright 1998-1999 The OpenLDAP Foundation, All Rights Reserved. + * COPYING RESTRICTIONS APPLY, see COPYRIGHT file + */ +/* Portions * Copyright (c) 1993 Regents of the University of Michigan. * All rights reserved. * * kbind.c */ -#include "portable.h" - -#ifndef lint -static char copyright[] = "@(#) Copyright (c) 1993 Regents of the University of Michigan.\nAll rights reserved.\n"; +/* + * BindRequest ::= SEQUENCE { + * version INTEGER, + * name DistinguishedName, -- who + * authentication CHOICE { + * simple [0] OCTET STRING -- passwd +#ifdef HAVE_KERBEROS + * krbv42ldap [1] OCTET STRING + * krbv42dsa [2] OCTET STRING #endif + * sasl [3] SaslCredentials -- LDAPv3 + * } + * } + * + * BindResponse ::= SEQUENCE { + * COMPONENTS OF LDAPResult, + * serverSaslCreds OCTET STRING OPTIONAL -- LDAPv3 + * } + * + */ + +#include "portable.h" #ifdef HAVE_KERBEROS #include -#include +#include #include #include #include #include -#include "lber.h" -#include "ldap.h" #include "ldap-int.h" - /* * ldap_kerberos_bind1 - initiate a bind to the ldap server using * kerberos authentication. The dn is supplied. It is assumed the user @@ -38,29 +56,16 @@ static char copyright[] = "@(#) Copyright (c) 1993 Regents of the University of * ldap_kerberos_bind1( ld, "cn=manager, o=university of michigan, c=us" ) */ int -ldap_kerberos_bind1( LDAP *ld, char *dn ) +ldap_kerberos_bind1( LDAP *ld, LDAP_CONST char *dn ) { BerElement *ber; char *cred; - int rc, credlen; - char *ldap_get_kerberosv4_credentials(); + int rc; + ber_len_t credlen; #ifdef STR_TRANSLATION int str_translation_on; #endif /* STR_TRANSLATION */ - /* - * The bind request looks like this: - * BindRequest ::= SEQUENCE { - * version INTEGER, - * name DistinguishedName, - * authentication CHOICE { - * krbv42ldap [1] OCTET STRING - * krbv42dsa [2] OCTET STRING - * } - * } - * all wrapped up in an LDAPMessage sequence. - */ - Debug( LDAP_DEBUG_TRACE, "ldap_kerberos_bind1\n", 0, 0, 0 ); if ( dn == NULL ) @@ -72,8 +77,8 @@ ldap_kerberos_bind1( LDAP *ld, char *dn ) } /* create a message to send */ - if ( (ber = ldap_alloc_ber_with_options( ld )) == NULLBER ) { - free( cred ); + if ( (ber = ldap_alloc_ber_with_options( ld )) == NULL ) { + LDAP_FREE( cred ); return( -1 ); } @@ -95,13 +100,13 @@ ldap_kerberos_bind1( LDAP *ld, char *dn ) #endif /* STR_TRANSLATION */ if ( rc == -1 ) { - free( cred ); + LDAP_FREE( cred ); ber_free( ber, 1 ); ld->ld_errno = LDAP_ENCODING_ERROR; return( -1 ); } - free( cred ); + LDAP_FREE( cred ); #ifndef LDAP_NOCACHE if ( ld->ld_cache != NULL ) { @@ -114,7 +119,7 @@ ldap_kerberos_bind1( LDAP *ld, char *dn ) } int -ldap_kerberos_bind1_s( LDAP *ld, char *dn ) +ldap_kerberos_bind1_s( LDAP *ld, LDAP_CONST char *dn ) { int msgid; LDAPMessage *res; @@ -145,12 +150,12 @@ ldap_kerberos_bind1_s( LDAP *ld, char *dn ) * ldap_kerberos_bind2( ld, "cn=manager, o=university of michigan, c=us" ) */ int -ldap_kerberos_bind2( LDAP *ld, char *dn ) +ldap_kerberos_bind2( LDAP *ld, LDAP_CONST char *dn ) { BerElement *ber; char *cred; - int rc, credlen; - char *ldap_get_kerberosv4_credentials(); + int rc; + ber_len_t credlen; #ifdef STR_TRANSLATION int str_translation_on; #endif /* STR_TRANSLATION */ @@ -166,8 +171,8 @@ ldap_kerberos_bind2( LDAP *ld, char *dn ) } /* create a message to send */ - if ( (ber = ldap_alloc_ber_with_options( ld )) == NULLBER ) { - free( cred ); + if ( (ber = ldap_alloc_ber_with_options( ld )) == NULL ) { + LDAP_FREE( cred ); return( -1 ); } @@ -189,7 +194,7 @@ ldap_kerberos_bind2( LDAP *ld, char *dn ) } #endif /* STR_TRANSLATION */ - free( cred ); + LDAP_FREE( cred ); if ( rc == -1 ) { ber_free( ber, 1 ); @@ -203,7 +208,7 @@ ldap_kerberos_bind2( LDAP *ld, char *dn ) /* synchronous bind to DSA using kerberos */ int -ldap_kerberos_bind2_s( LDAP *ld, char *dn ) +ldap_kerberos_bind2_s( LDAP *ld, LDAP_CONST char *dn ) { int msgid; LDAPMessage *res; @@ -225,7 +230,7 @@ ldap_kerberos_bind2_s( LDAP *ld, char *dn ) /* synchronous bind to ldap and DSA using kerberos */ int -ldap_kerberos_bind_s( LDAP *ld, char *dn ) +ldap_kerberos_bind_s( LDAP *ld, LDAP_CONST char *dn ) { int err; @@ -246,7 +251,11 @@ ldap_kerberos_bind_s( LDAP *ld, char *dn ) */ char * -ldap_get_kerberosv4_credentials( LDAP *ld, char *who, char *service, int *len ) +ldap_get_kerberosv4_credentials( + LDAP *ld, + LDAP_CONST char *who, + LDAP_CONST char *service, + ber_len_t *len ) { KTEXT_ST ktxt; int err; @@ -263,11 +272,7 @@ ldap_get_kerberosv4_credentials( LDAP *ld, char *who, char *service, int *len ) return( NULL ); } -#ifdef LDAP_REFERRALS krbinstance = ld->ld_defconn->lconn_krbinstance; -#else /* LDAP_REFERRALS */ - krbinstance = ld->ld_host; -#endif /* LDAP_REFERRALS */ if ( (err = krb_mk_req( &ktxt, service, krbinstance, realm, 0 )) != KSUCCESS ) { @@ -278,7 +283,7 @@ ldap_get_kerberosv4_credentials( LDAP *ld, char *who, char *service, int *len ) return( NULL ); } - if ( ( cred = malloc( ktxt.length )) == NULL ) { + if ( ( cred = LDAP_MALLOC( ktxt.length )) == NULL ) { ld->ld_errno = LDAP_NO_MEMORY; return( NULL ); }