X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=servers%2Fslapd%2Fback-bdb%2Fbind.c;h=ef72666535b75a47de487bdc30968a08d836bee9;hb=0af1940f3fb59fe57b2281ef253fe1341c505c2c;hp=3f4c558c852905eeb648b584d7a1aa13802200f7;hpb=be32dce97f174f1660456949688dfb285bc6a44a;p=openldap diff --git a/servers/slapd/back-bdb/bind.c b/servers/slapd/back-bdb/bind.c index 3f4c558c85..ef72666535 100644 --- a/servers/slapd/back-bdb/bind.c +++ b/servers/slapd/back-bdb/bind.c @@ -2,7 +2,7 @@ /* $OpenLDAP$ */ /* This work is part of OpenLDAP Software . * - * Copyright 2000-2004 The OpenLDAP Foundation. + * Copyright 2000-2006 The OpenLDAP Foundation. * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -43,7 +43,8 @@ bdb_bind( Operation *op, SlapReply *rs ) DB_LOCK lock; Debug( LDAP_DEBUG_ARGS, - "==> bdb_bind: dn: %s\n", op->o_req_dn.bv_val, 0, 0); + "==> " LDAP_XSTRING(bdb_bind) ": dn: %s\n", + op->o_req_dn.bv_val, 0, 0); /* allow noauth binds */ if ( op->oq_bind.rb_method == LDAP_AUTH_SIMPLE && be_isroot_pw( op )) { @@ -103,7 +104,6 @@ dn2entry_retry: ber_dupbv( &op->oq_bind.rb_edn, &e->e_name ); /* check for deleted */ -#ifdef BDB_SUBENTRIES if ( is_entry_subentry( e ) ) { /* entry is an subentry, don't allow bind */ Debug( LDAP_DEBUG_TRACE, "entry is subentry\n", 0, @@ -111,7 +111,6 @@ dn2entry_retry: rs->sr_err = LDAP_INVALID_CREDENTIALS; goto done; } -#endif if ( is_entry_alias( e ) ) { /* entry is an alias, don't allow bind */ @@ -129,25 +128,20 @@ dn2entry_retry: switch ( op->oq_bind.rb_method ) { case LDAP_AUTH_SIMPLE: - rs->sr_err = access_allowed( op, e, - password, NULL, ACL_AUTH, NULL ); - if ( ! rs->sr_err ) { - rs->sr_err = LDAP_INVALID_CREDENTIALS; - goto done; - } - - if ( (a = attr_find( e->e_attrs, password )) == NULL ) { + a = attr_find( e->e_attrs, password ); + if ( a == NULL ) { rs->sr_err = LDAP_INVALID_CREDENTIALS; goto done; } - if ( slap_passwd_check( op->o_conn, - a, &op->oq_bind.rb_cred, &rs->sr_text ) != 0 ) + if ( slap_passwd_check( op, e, a, &op->oq_bind.rb_cred, + &rs->sr_text ) != 0 ) { + /* failure; stop front end from sending result */ rs->sr_err = LDAP_INVALID_CREDENTIALS; goto done; } - + rs->sr_err = 0; break;