X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=libraries%2Flibldap%2Fkbind.c;h=5e63698ddc7e2d4fbf58fe7286a97d05cbc224c7;hb=613bf0b077ee2afdd254f073b876098519643c00;hp=e900cc881f9b899e1cb2d6ecef70825ff65559c0;hpb=13bd786abf3248e39428a8edac67c27772cb8dc0;p=openldap diff --git a/libraries/libldap/kbind.c b/libraries/libldap/kbind.c index e900cc881f..5e63698ddc 100644 --- a/libraries/libldap/kbind.c +++ b/libraries/libldap/kbind.c @@ -1,31 +1,50 @@ /* + * Copyright 1998-1999 The OpenLDAP Foundation, All Rights Reserved. + * COPYING RESTRICTIONS APPLY, see COPYRIGHT file + */ +/* Portions * Copyright (c) 1993 Regents of the University of Michigan. * All rights reserved. * * kbind.c */ -#include "portable.h" - -#ifndef lint -static char copyright[] = "@(#) Copyright (c) 1993 Regents of the University of Michigan.\nAll rights reserved.\n"; +/* + * BindRequest ::= SEQUENCE { + * version INTEGER, + * name DistinguishedName, -- who + * authentication CHOICE { + * simple [0] OCTET STRING -- passwd +#ifdef HAVE_KERBEROS + * krbv42ldap [1] OCTET STRING + * krbv42dsa [2] OCTET STRING #endif + * sasl [3] SaslCredentials -- LDAPv3 + * } + * } + * + * BindResponse ::= SEQUENCE { + * COMPONENTS OF LDAPResult, + * serverSaslCreds OCTET STRING OPTIONAL -- LDAPv3 + * } + * + */ + +#include "portable.h" -#ifdef KERBEROS +#ifdef HAVE_KERBEROS #include -#include +#include #include #include #include +#include -#include "lber.h" -#include "ldap.h" #include "ldap-int.h" - /* * ldap_kerberos_bind1 - initiate a bind to the ldap server using * kerberos authentication. The dn is supplied. It is assumed the user @@ -37,29 +56,16 @@ static char copyright[] = "@(#) Copyright (c) 1993 Regents of the University of * ldap_kerberos_bind1( ld, "cn=manager, o=university of michigan, c=us" ) */ int -ldap_kerberos_bind1( LDAP *ld, char *dn ) +ldap_kerberos_bind1( LDAP *ld, LDAP_CONST char *dn ) { BerElement *ber; char *cred; - int rc, credlen; - char *ldap_get_kerberosv4_credentials(); + int rc; + ber_len_t credlen; #ifdef STR_TRANSLATION int str_translation_on; #endif /* STR_TRANSLATION */ - /* - * The bind request looks like this: - * BindRequest ::= SEQUENCE { - * version INTEGER, - * name DistinguishedName, - * authentication CHOICE { - * krbv42ldap [1] OCTET STRING - * krbv42dsa [2] OCTET STRING - * } - * } - * all wrapped up in an LDAPMessage sequence. - */ - Debug( LDAP_DEBUG_TRACE, "ldap_kerberos_bind1\n", 0, 0, 0 ); if ( dn == NULL ) @@ -71,8 +77,8 @@ ldap_kerberos_bind1( LDAP *ld, char *dn ) } /* create a message to send */ - if ( (ber = ldap_alloc_ber_with_options( ld )) == NULLBER ) { - free( cred ); + if ( (ber = ldap_alloc_ber_with_options( ld )) == NULL ) { + LDAP_FREE( cred ); return( -1 ); } @@ -94,26 +100,26 @@ ldap_kerberos_bind1( LDAP *ld, char *dn ) #endif /* STR_TRANSLATION */ if ( rc == -1 ) { - free( cred ); + LDAP_FREE( cred ); ber_free( ber, 1 ); ld->ld_errno = LDAP_ENCODING_ERROR; return( -1 ); } - free( cred ); + LDAP_FREE( cred ); -#ifndef NO_CACHE +#ifndef LDAP_NOCACHE if ( ld->ld_cache != NULL ) { ldap_flush_cache( ld ); } -#endif /* !NO_CACHE */ +#endif /* !LDAP_NOCACHE */ /* send the message */ return ( ldap_send_initial_request( ld, LDAP_REQ_BIND, dn, ber )); } int -ldap_kerberos_bind1_s( LDAP *ld, char *dn ) +ldap_kerberos_bind1_s( LDAP *ld, LDAP_CONST char *dn ) { int msgid; LDAPMessage *res; @@ -144,12 +150,12 @@ ldap_kerberos_bind1_s( LDAP *ld, char *dn ) * ldap_kerberos_bind2( ld, "cn=manager, o=university of michigan, c=us" ) */ int -ldap_kerberos_bind2( LDAP *ld, char *dn ) +ldap_kerberos_bind2( LDAP *ld, LDAP_CONST char *dn ) { BerElement *ber; char *cred; - int rc, credlen; - char *ldap_get_kerberosv4_credentials(); + int rc; + ber_len_t credlen; #ifdef STR_TRANSLATION int str_translation_on; #endif /* STR_TRANSLATION */ @@ -165,8 +171,8 @@ ldap_kerberos_bind2( LDAP *ld, char *dn ) } /* create a message to send */ - if ( (ber = ldap_alloc_ber_with_options( ld )) == NULLBER ) { - free( cred ); + if ( (ber = ldap_alloc_ber_with_options( ld )) == NULL ) { + LDAP_FREE( cred ); return( -1 ); } @@ -188,7 +194,7 @@ ldap_kerberos_bind2( LDAP *ld, char *dn ) } #endif /* STR_TRANSLATION */ - free( cred ); + LDAP_FREE( cred ); if ( rc == -1 ) { ber_free( ber, 1 ); @@ -202,7 +208,7 @@ ldap_kerberos_bind2( LDAP *ld, char *dn ) /* synchronous bind to DSA using kerberos */ int -ldap_kerberos_bind2_s( LDAP *ld, char *dn ) +ldap_kerberos_bind2_s( LDAP *ld, LDAP_CONST char *dn ) { int msgid; LDAPMessage *res; @@ -224,7 +230,7 @@ ldap_kerberos_bind2_s( LDAP *ld, char *dn ) /* synchronous bind to ldap and DSA using kerberos */ int -ldap_kerberos_bind_s( LDAP *ld, char *dn ) +ldap_kerberos_bind_s( LDAP *ld, LDAP_CONST char *dn ) { int err; @@ -245,7 +251,11 @@ ldap_kerberos_bind_s( LDAP *ld, char *dn ) */ char * -ldap_get_kerberosv4_credentials( LDAP *ld, char *who, char *service, int *len ) +ldap_get_kerberosv4_credentials( + LDAP *ld, + LDAP_CONST char *who, + LDAP_CONST char *service, + ber_len_t *len ) { KTEXT_ST ktxt; int err; @@ -254,30 +264,26 @@ ldap_get_kerberosv4_credentials( LDAP *ld, char *who, char *service, int *len ) Debug( LDAP_DEBUG_TRACE, "ldap_get_kerberosv4_credentials\n", 0, 0, 0 ); if ( (err = krb_get_tf_realm( tkt_string(), realm )) != KSUCCESS ) { -#ifndef NO_USERINTERFACE +#ifdef LDAP_LIBUI fprintf( stderr, "krb_get_tf_realm failed (%s)\n", krb_err_txt[err] ); -#endif /* NO_USERINTERFACE */ +#endif /* LDAP_LIBUI */ ld->ld_errno = LDAP_INVALID_CREDENTIALS; return( NULL ); } -#ifdef LDAP_REFERRALS krbinstance = ld->ld_defconn->lconn_krbinstance; -#else /* LDAP_REFERRALS */ - krbinstance = ld->ld_host; -#endif /* LDAP_REFERRALS */ if ( (err = krb_mk_req( &ktxt, service, krbinstance, realm, 0 )) != KSUCCESS ) { -#ifndef NO_USERINTERFACE +#ifdef LDAP_LIBUI fprintf( stderr, "krb_mk_req failed (%s)\n", krb_err_txt[err] ); -#endif /* NO_USERINTERFACE */ +#endif /* LDAP_LIBUI */ ld->ld_errno = LDAP_INVALID_CREDENTIALS; return( NULL ); } - if ( ( cred = malloc( ktxt.length )) == NULL ) { + if ( ( cred = LDAP_MALLOC( ktxt.length )) == NULL ) { ld->ld_errno = LDAP_NO_MEMORY; return( NULL ); } @@ -289,4 +295,4 @@ ldap_get_kerberosv4_credentials( LDAP *ld, char *who, char *service, int *len ) } #endif /* !AUTHMAN */ -#endif /* KERBEROS */ +#endif /* HAVE_KERBEROS */