X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=libraries%2Flibldap%2Fsasl.c;h=a3630e9781bbaa994e99e1909253d6ffee5d807f;hb=a2eec74fc1d535fa9092f4d7b82a669b39eef539;hp=2660a271aad69bed1424ac6f1f41d1596477a918;hpb=d2b05a3858822df66785b4a0939204b10ac1c47f;p=openldap diff --git a/libraries/libldap/sasl.c b/libraries/libldap/sasl.c index 2660a271aa..a3630e9781 100644 --- a/libraries/libldap/sasl.c +++ b/libraries/libldap/sasl.c @@ -37,7 +37,6 @@ #include "ldap-int.h" - /* * ldap_sasl_bind - bind to the ldap server (and X.500). * The dn (usually NULL), mechanism, and credentials are provided. @@ -68,6 +67,10 @@ ldap_sasl_bind( assert( LDAP_VALID( ld ) ); assert( msgidp != NULL ); + /* check client controls */ + rc = ldap_int_client_controls( ld, cctrls ); + if( rc != LDAP_SUCCESS ) return rc; + if( msgidp == NULL ) { ld->ld_errno = LDAP_PARAM_ERROR; return ld->ld_errno; @@ -94,7 +97,7 @@ ldap_sasl_bind( return ld->ld_errno; } - assert( BER_VALID( ber ) ); + assert( LBER_VALID( ber ) ); if( mechanism == LDAP_SASL_SIMPLE ) { /* simple bind */ @@ -103,7 +106,7 @@ ldap_sasl_bind( ld->ld_version, dn, LDAP_AUTH_SIMPLE, cred ); - } else if ( cred == NULL ) { + } else if ( cred == NULL || !cred->bv_len ) { /* SASL bind w/o creditials */ rc = ber_printf( ber, "{it{ist{sN}N}" /*}*/, ++ld->ld_msgid, LDAP_REQ_BIND, @@ -183,6 +186,12 @@ ldap_sasl_bind_s( return( rc ); } +#ifdef LDAP_CONNECTIONLESS + if (LDAP_IS_UDP(ld)) { + return( rc ); + } +#endif + if ( ldap_result( ld, msgid, 1, NULL, &result ) == -1 ) { return( ld->ld_errno ); /* ldap_result sets ld_errno */ } @@ -357,7 +366,7 @@ ldap_pvt_sasl_getmechs ( LDAP *ld, char **pmechlist ) Debug( LDAP_DEBUG_TRACE, "ldap_pvt_sasl_getmech\n", 0, 0, 0 ); - rc = ldap_search_s( ld, NULL, LDAP_SCOPE_BASE, + rc = ldap_search_s( ld, "", LDAP_SCOPE_BASE, NULL, attrs, 0, &res ); if ( rc != LDAP_SUCCESS ) { @@ -366,24 +375,25 @@ ldap_pvt_sasl_getmechs ( LDAP *ld, char **pmechlist ) e = ldap_first_entry( ld, res ); if ( e == NULL ) { + ldap_msgfree( res ); if ( ld->ld_errno == LDAP_SUCCESS ) { - ld->ld_errno = LDAP_UNAVAILABLE; + ld->ld_errno = LDAP_NO_SUCH_OBJECT; } return ld->ld_errno; } values = ldap_get_values( ld, e, "supportedSASLMechanisms" ); if ( values == NULL ) { - ld->ld_errno = LDAP_NO_SUCH_ATTRIBUTE; ldap_msgfree( res ); + ld->ld_errno = LDAP_NO_SUCH_ATTRIBUTE; return ld->ld_errno; } mechlist = ldap_charray2str( values, " " ); if ( mechlist == NULL ) { - ld->ld_errno = LDAP_NO_MEMORY; LDAP_VFREE( values ); ldap_msgfree( res ); + ld->ld_errno = LDAP_NO_MEMORY; return ld->ld_errno; } @@ -410,17 +420,32 @@ ldap_sasl_interactive_bind_s( LDAP_CONST char *mechs, LDAPControl **serverControls, LDAPControl **clientControls, - LDAP_SASL_INTERACT_PROC *interact ) + unsigned flags, + LDAP_SASL_INTERACT_PROC *interact, + void *defaults ) { int rc; +#if defined( LDAP_R_COMPILE ) && defined( HAVE_CYRUS_SASL ) + ldap_pvt_thread_mutex_lock( &ldap_int_sasl_mutex ); +#endif +#ifdef LDAP_CONNECTIONLESS + if( LDAP_IS_UDP(ld) ) { + /* Just force it to simple bind, silly to make the user + * ask all the time. No, we don't ever actually bind, but I'll + * let the final bind handler take care of saving the cdn. + */ + rc = ldap_simple_bind(ld, dn, NULL); + return rc < 0 ? rc : 0; + } else +#endif if( mechs == NULL || *mechs == '\0' ) { char *smechs; rc = ldap_pvt_sasl_getmechs( ld, &smechs ); if( rc != LDAP_SUCCESS ) { - return rc; + goto done; } Debug( LDAP_DEBUG_TRACE, @@ -436,7 +461,13 @@ ldap_sasl_interactive_bind_s( } rc = ldap_int_sasl_bind( ld, dn, mechs, - serverControls, clientControls, interact ); + serverControls, clientControls, + flags, interact, defaults ); + +done: +#if defined( LDAP_R_COMPILE ) && defined( HAVE_CYRUS_SASL ) + ldap_pvt_thread_mutex_unlock( &ldap_int_sasl_mutex ); +#endif return rc; }