X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=servers%2Fslapd%2Fback-ldbm%2Fbind.c;h=dce317876a1ff38e561713b5a045f244f8f78f0c;hb=4a107089d82ecdaca788fc6ecdef34d3d4fc19df;hp=4c13224859c9476aaaed67c90e823da8ccb1344b;hpb=2876b3bb848e211e9e119f27cbead26d40132c81;p=openldap diff --git a/servers/slapd/back-ldbm/bind.c b/servers/slapd/back-ldbm/bind.c index 4c13224859..dce317876a 100644 --- a/servers/slapd/back-ldbm/bind.c +++ b/servers/slapd/back-ldbm/bind.c @@ -2,7 +2,7 @@ /* $OpenLDAP$ */ /* This work is part of OpenLDAP Software . * - * Copyright 1998-2004 The OpenLDAP Foundation. + * Copyright 1998-2005 The OpenLDAP Foundation. * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -45,13 +45,8 @@ ldbm_back_bind( AttributeDescription *password = slap_schema.si_ad_userPassword; -#ifdef NEW_LOGGING - LDAP_LOG( BACK_LDBM, ENTRY, - "ldbm_back_bind: dn: %s.\n", op->o_req_dn.bv_val, 0, 0 ); -#else Debug(LDAP_DEBUG_ARGS, "==> ldbm_back_bind: dn: %s\n", op->o_req_dn.bv_val, 0, 0); -#endif if ( op->oq_bind.rb_method == LDAP_AUTH_SIMPLE && be_isroot_pw( op ) ) { ber_dupbv( &op->oq_bind.rb_edn, be_root_dn( op->o_bd ) ); @@ -65,33 +60,14 @@ ldbm_back_bind( /* get entry with reader lock */ if ( (e = dn2entry_r( op->o_bd, &op->o_req_ndn, &matched )) == NULL ) { if( matched != NULL ) { - rs->sr_matched = ch_strdup( matched->e_dn ); - rs->sr_flags |= REP_MATCHED_MUSTBEFREED; - - rs->sr_ref = is_entry_referral( matched ) - ? get_entry_referrals( op, matched ) - : NULL; - cache_return_entry_r( &li->li_cache, matched ); - - } else { - rs->sr_ref = referral_rewrite( default_referral, - NULL, &op->o_req_dn, LDAP_SCOPE_DEFAULT ); } - ldap_pvt_thread_rdwr_runlock(&li->li_giant_rwlock); /* allow noauth binds */ rc = 1; - if ( rs->sr_ref != NULL ) { - rs->sr_err = LDAP_REFERRAL; - } else { - rs->sr_err = LDAP_INVALID_CREDENTIALS; - } + rs->sr_err = LDAP_INVALID_CREDENTIALS; send_ldap_result( op, rs ); - - if ( rs->sr_ref ) ber_bvarray_free( rs->sr_ref ); - rs->sr_ref = NULL; return rs->sr_err; } @@ -99,13 +75,8 @@ ldbm_back_bind( #ifdef LDBM_SUBENTRIES if ( is_entry_subentry( e ) ) { /* entry is an subentry, don't allow bind */ -#ifdef NEW_LOGGING - LDAP_LOG ( OPERATION, DETAIL1, - "bdb_bind: entry is subentry\n", 0, 0, 0 ); -#else Debug( LDAP_DEBUG_TRACE, "entry is subentry\n", 0, 0, 0 ); -#endif rc = LDAP_INVALID_CREDENTIALS; goto return_results; } @@ -113,13 +84,7 @@ ldbm_back_bind( if ( is_entry_alias( e ) ) { /* entry is an alias, don't allow bind */ -#ifdef NEW_LOGGING - LDAP_LOG( BACK_LDBM, INFO, - "ldbm_back_bind: entry (%s) is an alias.\n", - e->e_name.bv_val, 0, 0 ); -#else Debug( LDAP_DEBUG_TRACE, "entry is alias\n", 0, 0, 0 ); -#endif #if 1 rc = LDAP_INVALID_CREDENTIALS; @@ -132,54 +97,24 @@ ldbm_back_bind( if ( is_entry_referral( e ) ) { /* entry is a referral, don't allow bind */ - rs->sr_ref = get_entry_referrals( op, e ); - -#ifdef NEW_LOGGING - LDAP_LOG( BACK_LDBM, INFO, - "ldbm_back_bind: entry(%s) is a referral.\n", e->e_dn, 0, 0 ); -#else - Debug( LDAP_DEBUG_TRACE, "entry is referral\n", 0, - 0, 0 ); -#endif + Debug( LDAP_DEBUG_TRACE, "entry is referral\n", 0, 0, 0 ); - if( rs->sr_ref != NULL ) { - rc = LDAP_REFERRAL; - rs->sr_matched = ch_strdup( e->e_name.bv_val ); - rs->sr_flags |= REP_MATCHED_MUSTBEFREED; - - } else { - rc = LDAP_INVALID_CREDENTIALS; - } + rc = LDAP_INVALID_CREDENTIALS; goto return_results; } switch ( op->oq_bind.rb_method ) { case LDAP_AUTH_SIMPLE: - if ( ! access_allowed( op, e, - password, NULL, ACL_AUTH, NULL ) ) - { -#if 1 - rc = LDAP_INVALID_CREDENTIALS; -#else - rc = LDAP_INSUFFICIENT_ACCESS; -#endif - goto return_results; - } - if ( (a = attr_find( e->e_attrs, password )) == NULL ) { /* stop front end from sending result */ -#if 1 rc = LDAP_INVALID_CREDENTIALS; -#else - rc = LDAP_INAPPROPRIATE_AUTH; -#endif goto return_results; } - if ( slap_passwd_check( op->o_conn, - a, &op->oq_bind.rb_cred, &rs->sr_text ) != 0 ) + if ( slap_passwd_check( op, e, a, &op->oq_bind.rb_cred, + &rs->sr_text ) != 0 ) { - /* stop front end from sending result */ + /* failure; stop front end from sending result */ rc = LDAP_INVALID_CREDENTIALS; goto return_results; }