X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=servers%2Fslapd%2Fback-shell%2Fbind.c;h=cb749cfdf820448489bdcdf7b274116f3cae6a59;hb=2b1b64f02197157543decc0c1862c566341c3e10;hp=024c41f6635af6a60590e482283fbf969d1ab377;hpb=15e6a98bbab60c132cb3470bff83e886c51597ca;p=openldap

diff --git a/servers/slapd/back-shell/bind.c b/servers/slapd/back-shell/bind.c
index 024c41f663..cb749cfdf8 100644
--- a/servers/slapd/back-shell/bind.c
+++ b/servers/slapd/back-shell/bind.c
@@ -1,8 +1,31 @@
 /* bind.c - shell backend bind function */
 /* $OpenLDAP$ */
-/*
- * Copyright 1998-2002 The OpenLDAP Foundation, All Rights Reserved.
- * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2012 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* Portions Copyright (c) 1995 Regents of the University of Michigan.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms are permitted
+ * provided that this notice is preserved and that due credit is given
+ * to the University of Michigan at Ann Arbor. The name of the University
+ * may not be used to endorse or promote products derived from this
+ * software without specific prior written permission. This software
+ * is provided ``as is'' without express or implied warranty.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This work was originally developed by the University of Michigan
+ * (as part of U-MICH LDAP).
  */
 
 #include "portable.h"
@@ -17,46 +40,65 @@
 
 int
 shell_back_bind(
-    Backend		*be,
-    Connection		*conn,
     Operation		*op,
-    struct berval	*dn,
-    struct berval	*ndn,
-    int			method,
-    struct berval	*cred,
-    struct berval	*edn
-)
+    SlapReply		*rs )
 {
-	struct shellinfo	*si = (struct shellinfo *) be->be_private;
+	struct shellinfo	*si = (struct shellinfo *) op->o_bd->be_private;
+	AttributeDescription *entry = slap_schema.si_ad_entry;
+	Entry e;
 	FILE			*rfp, *wfp;
 	int			rc;
 
+	/* allow rootdn as a means to auth without the need to actually
+ 	 * contact the proxied DSA */
+	switch ( be_rootdn_bind( op, rs ) ) {
+	case SLAP_CB_CONTINUE:
+		break;
+
+	default:
+		return rs->sr_err;
+	}
+
 	if ( si->si_bind == NULL ) {
-		send_ldap_result( conn, op, LDAP_UNWILLING_TO_PERFORM, NULL,
-		    "bind not implemented", NULL, NULL );
+		send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM,
+		    "bind not implemented" );
 		return( -1 );
 	}
 
-	if ( (op->o_private = (void *) forkandexec( si->si_bind, &rfp, &wfp ))
-	    == (void *) -1 ) {
-		send_ldap_result( conn, op, LDAP_OPERATIONS_ERROR, NULL,
-		    "could not fork/exec", NULL, NULL );
+	e.e_id = NOID;
+	e.e_name = op->o_req_dn;
+	e.e_nname = op->o_req_ndn;
+	e.e_attrs = NULL;
+	e.e_ocflags = 0;
+	e.e_bv.bv_len = 0;
+	e.e_bv.bv_val = NULL;
+	e.e_private = NULL;
+
+	if ( ! access_allowed( op, &e,
+		entry, NULL, ACL_AUTH, NULL ) )
+	{
+		send_ldap_error( op, rs, LDAP_INSUFFICIENT_ACCESS, NULL );
+		return -1;
+	}
+
+	if ( forkandexec( si->si_bind, &rfp, &wfp ) == (pid_t)-1 ) {
+		send_ldap_error( op, rs, LDAP_OTHER,
+		    "could not fork/exec" );
 		return( -1 );
 	}
 
 	/* write out the request to the bind process */
 	fprintf( wfp, "BIND\n" );
-	fprintf( wfp, "opid: %ld/%ld\n", op->o_connid, (long) op->o_msgid );
 	fprintf( wfp, "msgid: %ld\n", (long) op->o_msgid );
-	print_suffixes( wfp, be );
-	fprintf( wfp, "dn: %s\n", dn->bv_val );
-	fprintf( wfp, "method: %d\n", method );
-	fprintf( wfp, "credlen: %lu\n", cred->bv_len );
-	fprintf( wfp, "cred: %s\n", cred->bv_val ); /* XXX */
+	print_suffixes( wfp, op->o_bd );
+	fprintf( wfp, "dn: %s\n", op->o_req_dn.bv_val );
+	fprintf( wfp, "method: %d\n", op->oq_bind.rb_method );
+	fprintf( wfp, "credlen: %lu\n", op->oq_bind.rb_cred.bv_len );
+	fprintf( wfp, "cred: %s\n", op->oq_bind.rb_cred.bv_val ); /* XXX */
 	fclose( wfp );
 
 	/* read in the results and send them along */
-	rc = read_and_send_results( be, conn, op, rfp, NULL, 0 );
+	rc = read_and_send_results( op, rs, rfp );
 	fclose( rfp );
 
 	return( rc );