X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=libraries%2Flibldap%2Fsasl.c;h=ea368ddbc7adfaf3dcd513455dbe931245f08a5f;hb=10566c8be384c6435476ec54e842382841cb84b6;hp=3edde0703ccf7967506499253a6c1869902d64b0;hpb=0a438aaf4361027adf02499ff1eb2ec072e127e3;p=openldap diff --git a/libraries/libldap/sasl.c b/libraries/libldap/sasl.c index 3edde0703c..ea368ddbc7 100644 --- a/libraries/libldap/sasl.c +++ b/libraries/libldap/sasl.c @@ -1,7 +1,7 @@ /* $OpenLDAP$ */ /* This work is part of OpenLDAP Software . * - * Copyright 1998-2013 The OpenLDAP Foundation. + * Copyright 1998-2017 The OpenLDAP Foundation. * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -44,40 +44,18 @@ #include "ldap-int.h" -/* - * ldap_sasl_bind - bind to the ldap server (and X.500). - * The dn (usually NULL), mechanism, and credentials are provided. - * The message id of the request initiated is provided upon successful - * (LDAP_SUCCESS) return. - * - * Example: - * ldap_sasl_bind( ld, NULL, "mechanism", - * cred, NULL, NULL, &msgid ) - */ - -int -ldap_sasl_bind( +BerElement * +ldap_build_bind_req( LDAP *ld, LDAP_CONST char *dn, LDAP_CONST char *mechanism, struct berval *cred, LDAPControl **sctrls, LDAPControl **cctrls, - int *msgidp ) + ber_int_t *msgidp ) { BerElement *ber; int rc; - ber_int_t id; - - Debug( LDAP_DEBUG_TRACE, "ldap_sasl_bind\n", 0, 0, 0 ); - - assert( ld != NULL ); - assert( LDAP_VALID( ld ) ); - assert( msgidp != NULL ); - - /* check client controls */ - rc = ldap_int_client_controls( ld, cctrls ); - if( rc != LDAP_SUCCESS ) return rc; if( mechanism == LDAP_SASL_SIMPLE ) { if( dn == NULL && cred != NULL && cred->bv_len ) { @@ -87,7 +65,7 @@ ldap_sasl_bind( } else if( ld->ld_version < LDAP_VERSION3 ) { ld->ld_errno = LDAP_NOT_SUPPORTED; - return ld->ld_errno; + return( NULL ); } if ( dn == NULL ) { @@ -96,31 +74,28 @@ ldap_sasl_bind( /* create a message to send */ if ( (ber = ldap_alloc_ber_with_options( ld )) == NULL ) { - ld->ld_errno = LDAP_NO_MEMORY; - return ld->ld_errno; + return( NULL ); } - assert( LBER_VALID( ber ) ); - - LDAP_NEXT_MSGID( ld, id ); + LDAP_NEXT_MSGID( ld, *msgidp ); if( mechanism == LDAP_SASL_SIMPLE ) { /* simple bind */ rc = ber_printf( ber, "{it{istON}" /*}*/, - id, LDAP_REQ_BIND, + *msgidp, LDAP_REQ_BIND, ld->ld_version, dn, LDAP_AUTH_SIMPLE, cred ); } else if ( cred == NULL || cred->bv_val == NULL ) { /* SASL bind w/o credentials */ rc = ber_printf( ber, "{it{ist{sN}N}" /*}*/, - id, LDAP_REQ_BIND, + *msgidp, LDAP_REQ_BIND, ld->ld_version, dn, LDAP_AUTH_SASL, mechanism ); } else { /* SASL bind w/ credentials */ rc = ber_printf( ber, "{it{ist{sON}N}" /*}*/, - id, LDAP_REQ_BIND, + *msgidp, LDAP_REQ_BIND, ld->ld_version, dn, LDAP_AUTH_SASL, mechanism, cred ); } @@ -128,21 +103,62 @@ ldap_sasl_bind( if( rc == -1 ) { ld->ld_errno = LDAP_ENCODING_ERROR; ber_free( ber, 1 ); - return( -1 ); + return( NULL ); } /* Put Server Controls */ if( ldap_int_put_controls( ld, sctrls, ber ) != LDAP_SUCCESS ) { ber_free( ber, 1 ); - return ld->ld_errno; + return( NULL ); } if ( ber_printf( ber, /*{*/ "N}" ) == -1 ) { ld->ld_errno = LDAP_ENCODING_ERROR; ber_free( ber, 1 ); - return ld->ld_errno; + return( NULL ); } + return( ber ); +} + +/* + * ldap_sasl_bind - bind to the ldap server (and X.500). + * The dn (usually NULL), mechanism, and credentials are provided. + * The message id of the request initiated is provided upon successful + * (LDAP_SUCCESS) return. + * + * Example: + * ldap_sasl_bind( ld, NULL, "mechanism", + * cred, NULL, NULL, &msgid ) + */ + +int +ldap_sasl_bind( + LDAP *ld, + LDAP_CONST char *dn, + LDAP_CONST char *mechanism, + struct berval *cred, + LDAPControl **sctrls, + LDAPControl **cctrls, + int *msgidp ) +{ + BerElement *ber; + int rc; + ber_int_t id; + + Debug( LDAP_DEBUG_TRACE, "ldap_sasl_bind\n", 0, 0, 0 ); + + assert( ld != NULL ); + assert( LDAP_VALID( ld ) ); + assert( msgidp != NULL ); + + /* check client controls */ + rc = ldap_int_client_controls( ld, cctrls ); + if( rc != LDAP_SUCCESS ) return rc; + + ber = ldap_build_bind_req( ld, dn, mechanism, cred, sctrls, cctrls, &id ); + if( !ber ) + return ld->ld_errno; /* send the message */ *msgidp = ldap_send_initial_request( ld, LDAP_REQ_BIND, dn, ber, id ); @@ -681,7 +697,7 @@ sb_sasl_generic_read( Sockbuf_IO_Desc *sbiod, void *buf, ber_len_t len) ret = sb_sasl_generic_pkt_length(p, (unsigned char *) p->sec_buf_in.buf_base, sbiod->sbiod_sb->sb_debug ); - /* Grow the packet buffer if neccessary */ + /* Grow the packet buffer if necessary */ if ( ( p->sec_buf_in.buf_size < (ber_len_t) ret ) && ber_pvt_sb_grow_buffer( &p->sec_buf_in, ret ) < 0 ) {