X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=servers%2Fslapd%2Fback-ldbm%2Fbind.c;h=66dfddbceb55fff38dc5908f1f2c953635238a09;hb=76ed17f7942d4e3810fa90b46143e615af311167;hp=be453f8e5dd8f47c2e944d2cf66889a0956e765a;hpb=58ea169c92679eb5b0598c2420c95c626ccac27d;p=openldap diff --git a/servers/slapd/back-ldbm/bind.c b/servers/slapd/back-ldbm/bind.c index be453f8e5d..66dfddbceb 100644 --- a/servers/slapd/back-ldbm/bind.c +++ b/servers/slapd/back-ldbm/bind.c @@ -6,6 +6,7 @@ #include #include "slap.h" #include "back-ldbm.h" +#include "proto-back-ldbm.h" #ifdef KERBEROS #ifdef KERBEROS_V #include @@ -32,7 +33,6 @@ extern char *crypt (char *key, char *salt); #include -extern Entry *dn2entry(); extern Attribute *attr_find(); #ifdef KERBEROS @@ -140,7 +140,10 @@ ldbm_back_bind( AUTH_DAT ad; #endif - if ( (e = dn2entry( be, dn, &matched )) == NULL ) { + Debug(LDAP_DEBUG_ARGS, "==> ldbm_back_bind: dn: %s\n", dn, 0, 0); + + /* get entry with reader lock */ + if ( (e = dn2entry_r( be, dn, &matched )) == NULL ) { /* allow noauth binds */ if ( method == LDAP_AUTH_SIMPLE && cred->bv_len == 0 ) { /* @@ -153,8 +156,7 @@ ldbm_back_bind( /* front end will send result */ rc = 0; } else { - send_ldap_result( conn, op, LDAP_NO_SUCH_OBJECT, - matched, NULL ); + send_ldap_result( conn, op, LDAP_NO_SUCH_OBJECT, matched, NULL ); rc = 1; } if ( matched != NULL ) { @@ -163,25 +165,32 @@ ldbm_back_bind( return( rc ); } + /* check for deleted */ + switch ( method ) { case LDAP_AUTH_SIMPLE: if ( cred->bv_len == 0 ) { send_ldap_result( conn, op, LDAP_SUCCESS, NULL, NULL ); - return( 1 ); + + /* stop front end from sending result */ + rc = 1; + goto return_results; } else if ( be_isroot_pw( be, dn, cred ) ) { /* front end will send result */ - return( 0 ); + rc = 0; + goto return_results; } if ( (a = attr_find( e->e_attrs, "userpassword" )) == NULL ) { if ( be_isroot_pw( be, dn, cred ) ) { /* front end will send result */ - return( 0 ); + rc = 0; + goto return_results; } send_ldap_result( conn, op, LDAP_INAPPROPRIATE_AUTH, NULL, NULL ); - cache_return_entry( &li->li_cache, e ); - return( 1 ); + rc = 1; + goto return_results; } #ifdef LDAP_CRYPT @@ -189,16 +198,18 @@ ldbm_back_bind( #else if ( value_find( a->a_vals, cred, a->a_syntax, 0 ) != 0 ) #endif -{ + { if ( be_isroot_pw( be, dn, cred ) ) { /* front end will send result */ - return( 0 ); + rc = 0; + goto return_results; } send_ldap_result( conn, op, LDAP_INVALID_CREDENTIALS, NULL, NULL ); - cache_return_entry( &li->li_cache, e ); - return( 1 ); + rc = 1; + goto return_results; } + rc = 0; break; #ifdef KERBEROS @@ -206,8 +217,8 @@ ldbm_back_bind( if ( krbv4_ldap_auth( be, cred, &ad ) != LDAP_SUCCESS ) { send_ldap_result( conn, op, LDAP_INVALID_CREDENTIALS, NULL, NULL ); - cache_return_entry( &li->li_cache, e ); - return( 1 ); + rc = 0; + goto return_results; } sprintf( krbname, "%s%s%s@%s", ad.pname, *ad.pinst ? "." : "", ad.pinst, ad.prealm ); @@ -216,43 +227,47 @@ ldbm_back_bind( * no krbName values present: check against DN */ if ( strcasecmp( dn, krbname ) == 0 ) { + rc = 0; /* XXX wild ass guess */ break; } send_ldap_result( conn, op, LDAP_INAPPROPRIATE_AUTH, NULL, NULL ); - cache_return_entry( &li->li_cache, e ); - return( 1 ); + rc = 1; + goto return_results; } else { /* look for krbName match */ struct berval krbval; krbval.bv_val = krbname; krbval.bv_len = strlen( krbname ); - if ( value_find( a->a_vals, &krbval, a->a_syntax, 3 ) - != 0 ) { + if ( value_find( a->a_vals, &krbval, a->a_syntax, 3 ) != 0 ) { send_ldap_result( conn, op, LDAP_INVALID_CREDENTIALS, NULL, NULL ); - cache_return_entry( &li->li_cache, e ); - return( 1 ); + rc = 1; + goto return_results; } } break; case LDAP_AUTH_KRBV42: send_ldap_result( conn, op, LDAP_SUCCESS, NULL, NULL ); - cache_return_entry( &li->li_cache, e ); - return( 1 ); + /* stop front end from sending result */ + rc = 1; + goto return_results; #endif default: send_ldap_result( conn, op, LDAP_STRONG_AUTH_NOT_SUPPORTED, NULL, "auth method not supported" ); - cache_return_entry( &li->li_cache, e ); - return( 1 ); + rc = 1; + goto return_results; } - cache_return_entry( &li->li_cache, e ); +return_results:; + /* free entry and reader lock */ + cache_return_entry_r( &li->li_cache, e ); - /* success: front end will send result */ - return( 0 ); + /* front end with send result on success (rc==0) */ + return( rc ); } +