X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=servers%2Fslapd%2Fback-ldbm%2Fbind.c;h=dce317876a1ff38e561713b5a045f244f8f78f0c;hb=4a107089d82ecdaca788fc6ecdef34d3d4fc19df;hp=32ade6e953fdc61dc0fb398fcbf862df2d697d4b;hpb=9f5667c703fafe3be66c64aa7af9aae2bcd5cec6;p=openldap

diff --git a/servers/slapd/back-ldbm/bind.c b/servers/slapd/back-ldbm/bind.c
index 32ade6e953..dce317876a 100644
--- a/servers/slapd/back-ldbm/bind.c
+++ b/servers/slapd/back-ldbm/bind.c
@@ -2,7 +2,7 @@
 /* $OpenLDAP$ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -45,12 +45,8 @@ ldbm_back_bind(
 
 	AttributeDescription *password = slap_schema.si_ad_userPassword;
 
-#ifdef NEW_LOGGING
-	LDAP_LOG( BACK_LDBM, ENTRY, 
-		"ldbm_back_bind: dn: %s.\n", op->o_req_dn.bv_val, 0, 0 );
-#else
-	Debug(LDAP_DEBUG_ARGS, "==> ldbm_back_bind: dn: %s\n", op->o_req_dn.bv_val, 0, 0);
-#endif
+	Debug(LDAP_DEBUG_ARGS,
+		"==> ldbm_back_bind: dn: %s\n", op->o_req_dn.bv_val, 0, 0);
 
 	if ( op->oq_bind.rb_method == LDAP_AUTH_SIMPLE && be_isroot_pw( op ) ) {
 		ber_dupbv( &op->oq_bind.rb_edn, be_root_dn( op->o_bd ) );
@@ -64,33 +60,14 @@ ldbm_back_bind(
 	/* get entry with reader lock */
 	if ( (e = dn2entry_r( op->o_bd, &op->o_req_ndn, &matched )) == NULL ) {
 		if( matched != NULL ) {
-			rs->sr_matched = ch_strdup( matched->e_dn );
-			rs->sr_flags |= REP_MATCHED_MUSTBEFREED;
-
-			rs->sr_ref = is_entry_referral( matched )
-				? get_entry_referrals( op, matched )
-				: NULL;
-
 			cache_return_entry_r( &li->li_cache, matched );
-
-		} else {
-			rs->sr_ref = referral_rewrite( default_referral,
-				NULL, &op->o_req_dn, LDAP_SCOPE_DEFAULT );
 		}
-
 		ldap_pvt_thread_rdwr_runlock(&li->li_giant_rwlock);
 
 		/* allow noauth binds */
 		rc = 1;
-		if ( rs->sr_ref != NULL ) {
-			rs->sr_err = LDAP_REFERRAL;
-		} else {
-			rs->sr_err = LDAP_INVALID_CREDENTIALS;
-		}
+		rs->sr_err = LDAP_INVALID_CREDENTIALS;
 		send_ldap_result( op, rs );
-
-		if ( rs->sr_ref ) ber_bvarray_free( rs->sr_ref );
-		rs->sr_ref = NULL;
 		return rs->sr_err;
 	}
 
@@ -98,13 +75,8 @@ ldbm_back_bind(
 #ifdef LDBM_SUBENTRIES
 	if ( is_entry_subentry( e ) ) {
 		/* entry is an subentry, don't allow bind */
-#ifdef NEW_LOGGING
-		LDAP_LOG ( OPERATION, DETAIL1,
-				"bdb_bind: entry is subentry\n", 0, 0, 0 );
-#else
 		Debug( LDAP_DEBUG_TRACE,
 				"entry is subentry\n", 0, 0, 0 );
-#endif
 		rc = LDAP_INVALID_CREDENTIALS;
 		goto return_results;
 	}
@@ -112,59 +84,37 @@ ldbm_back_bind(
 
 	if ( is_entry_alias( e ) ) {
 		/* entry is an alias, don't allow bind */
-#ifdef NEW_LOGGING
-		LDAP_LOG( BACK_LDBM, INFO, 
-			"ldbm_back_bind: entry (%s) is an alias.\n", e->e_name.bv_val, 0, 0 );
+		Debug( LDAP_DEBUG_TRACE, "entry is alias\n", 0, 0, 0 );
+
+#if 1
+		rc = LDAP_INVALID_CREDENTIALS;
 #else
-		Debug( LDAP_DEBUG_TRACE, "entry is alias\n", 0,
-		    0, 0 );
-#endif
 		rs->sr_text = "entry is alias";
 		rc = LDAP_ALIAS_PROBLEM;
+#endif
 		goto return_results;
 	}
 
 	if ( is_entry_referral( e ) ) {
 		/* entry is a referral, don't allow bind */
-		rs->sr_ref = get_entry_referrals( op, e );
-
-#ifdef NEW_LOGGING
-		LDAP_LOG( BACK_LDBM, INFO, 
-			   "ldbm_back_bind: entry(%s) is a referral.\n", e->e_dn, 0, 0 );
-#else
-		Debug( LDAP_DEBUG_TRACE, "entry is referral\n", 0,
-		    0, 0 );
-#endif
-
+		Debug( LDAP_DEBUG_TRACE, "entry is referral\n", 0, 0, 0 );
 
-		if( rs->sr_ref != NULL ) {
-			rc = LDAP_REFERRAL;
-			rs->sr_matched = ch_strdup( e->e_name.bv_val );
-			rs->sr_flags |= REP_MATCHED_MUSTBEFREED;
-
-		} else {
-			rc = LDAP_INVALID_CREDENTIALS;
-		}
+		rc = LDAP_INVALID_CREDENTIALS;
 		goto return_results;
 	}
 
 	switch ( op->oq_bind.rb_method ) {
 	case LDAP_AUTH_SIMPLE:
-		if ( ! access_allowed( op, e,
-			password, NULL, ACL_AUTH, NULL ) )
-		{
-			rc = LDAP_INSUFFICIENT_ACCESS;
-			goto return_results;
-		}
-
 		if ( (a = attr_find( e->e_attrs, password )) == NULL ) {
 			/* stop front end from sending result */
-			rc = LDAP_INAPPROPRIATE_AUTH;
+			rc = LDAP_INVALID_CREDENTIALS;
 			goto return_results;
 		}
 
-		if ( slap_passwd_check( op->o_conn, a, &op->oq_bind.rb_cred, &rs->sr_text ) != 0 ) {
-			/* stop front end from sending result */
+		if ( slap_passwd_check( op, e, a, &op->oq_bind.rb_cred,
+					&rs->sr_text ) != 0 )
+		{
+			/* failure; stop front end from sending result */
 			rc = LDAP_INVALID_CREDENTIALS;
 			goto return_results;
 		}
@@ -174,7 +124,9 @@ ldbm_back_bind(
 
 #ifdef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND
 	case LDAP_AUTH_KRBV41:
-		if ( krbv4_ldap_auth( op->o_bd, &op->oq_bind.rb_cred, &ad ) != LDAP_SUCCESS ) {
+		if ( krbv4_ldap_auth( op->o_bd, &op->oq_bind.rb_cred, &ad )
+			!= LDAP_SUCCESS )
+		{
 			rc = LDAP_INVALID_CREDENTIALS;
 			goto return_results;
 		}
@@ -213,15 +165,10 @@ ldbm_back_bind(
 		}
 		rc = 0;
 		break;
-
-	case LDAP_AUTH_KRBV42:
-		rs->sr_text = "Kerberos bind step 2 not supported";
-		/* stop front end from sending result */
-		rc = LDAP_UNWILLING_TO_PERFORM;
-		goto return_results;
 #endif
 
 	default:
+		assert( 0 ); /* should not be reachable */
 		rs->sr_text = "authentication method not supported";
 		rc = LDAP_STRONG_AUTH_NOT_SUPPORTED;
 		goto return_results;