X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=servers%2Fslapd%2Fback-sql%2Fbind.c;h=0bc12e5a24c7475f2dfdb53407c06f647258487d;hb=e6ecb77b0e952f88487d0b6a29e48ab9f3ab1bc2;hp=9c112c19605c81742e46e868af662a90d26ac2b7;hpb=115408986c62fea339b99f93dafc820bd8c94062;p=openldap diff --git a/servers/slapd/back-sql/bind.c b/servers/slapd/back-sql/bind.c index 9c112c1960..0bc12e5a24 100644 --- a/servers/slapd/back-sql/bind.c +++ b/servers/slapd/back-sql/bind.c @@ -1,129 +1,124 @@ -/* - * Copyright 1999, Dmitry Kovalev , All rights reserved. +/* $OpenLDAP$ */ +/* This work is part of OpenLDAP Software . * - * Redistribution and use in source and binary forms are permitted only - * as authorized by the OpenLDAP Public License. A copy of this - * license is available at http://www.OpenLDAP.org/license.html or - * in file LICENSE in the top-level directory of the distribution. + * Copyright 1999-2005 The OpenLDAP Foundation. + * Portions Copyright 1999 Dmitry Kovalev. + * Portions Copyright 2002 Pierangelo Masarati. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted only as authorized by the OpenLDAP + * Public License. + * + * A copy of this license is available in the file LICENSE in the + * top-level directory of the distribution or, alternatively, at + * . + */ +/* ACKNOWLEDGEMENTS: + * This work was initially developed by Dmitry Kovalev for inclusion + * by OpenLDAP Software. Additional significant contributors include + * Pierangelo Masarati. */ #include "portable.h" -#ifdef SLAPD_SQL - #include #include + #include "slap.h" -#include "back-sql.h" -#include "sql-wrap.h" -#include "util.h" -#include "entry-id.h" +#include "proto-sql.h" int -backsql_bind( - BackendDB *be, - Connection *conn, - Operation *op, - struct berval *dn, - struct berval *ndn, - int method, - struct berval *cred, - struct berval *edn ) +backsql_bind( Operation *op, SlapReply *rs ) { - backsql_info *bi = (backsql_info*)be->be_private; - backsql_entryID user_id; - SQLHDBC dbh; - AttributeDescription *password = slap_schema.si_ad_userPassword; - Entry *e, user_entry; + SQLHDBC dbh = SQL_NULL_HDBC; + Entry e = { 0 }; Attribute *a; - backsql_srch_info bsi; + backsql_srch_info bsi = { 0 }; + AttributeName anlist[2]; + int rc; Debug( LDAP_DEBUG_TRACE, "==>backsql_bind()\n", 0, 0, 0 ); - if ( be_isroot_pw( be, conn, ndn, cred ) ) { - ber_dupbv( edn, be_root_dn( be ) ); + if ( be_isroot_pw( op ) ) { + ber_dupbv( &op->oq_bind.rb_edn, be_root_dn( op->o_bd ) ); Debug( LDAP_DEBUG_TRACE, "<==backsql_bind() root bind\n", 0, 0, 0 ); return LDAP_SUCCESS; } - ber_dupbv( edn, ndn ); + ber_dupbv( &op->oq_bind.rb_edn, &op->o_req_ndn ); - if ( method != LDAP_AUTH_SIMPLE ) { - send_ldap_result( conn, op, LDAP_STRONG_AUTH_NOT_SUPPORTED, - NULL, "authentication method not supported", - NULL, NULL ); - return 1; + if ( op->oq_bind.rb_method != LDAP_AUTH_SIMPLE ) { + rs->sr_err = LDAP_STRONG_AUTH_NOT_SUPPORTED; + rs->sr_text = "authentication method not supported"; + send_ldap_result( op, rs ); + return rs->sr_err; } /* * method = LDAP_AUTH_SIMPLE */ - dbh = backsql_get_db_conn( be, conn ); - if (!dbh) { + rs->sr_err = backsql_get_db_conn( op, &dbh ); + if ( !dbh ) { Debug( LDAP_DEBUG_TRACE, "backsql_bind(): " "could not get connection handle - exiting\n", 0, 0, 0 ); - send_ldap_result( conn, op, LDAP_OTHER, "", - "SQL-backend error", NULL, NULL ); - return 1; + + rs->sr_text = ( rs->sr_err == LDAP_OTHER ) + ? "SQL-backend error" : NULL; + goto error_return; } - if ( backsql_dn2id( bi, &user_id, dbh, ndn ) != LDAP_SUCCESS ) { + anlist[0].an_name = slap_schema.si_ad_userPassword->ad_cname; + anlist[0].an_desc = slap_schema.si_ad_userPassword; + anlist[1].an_name.bv_val = NULL; + + bsi.bsi_e = &e; + rc = backsql_init_search( &bsi, &op->o_req_ndn, LDAP_SCOPE_BASE, + SLAP_NO_LIMIT, SLAP_NO_LIMIT, + (time_t)(-1), NULL, dbh, op, rs, anlist, + BACKSQL_ISF_GET_ENTRY ); + if ( rc != LDAP_SUCCESS ) { Debug( LDAP_DEBUG_TRACE, "backsql_bind(): " - "could not retrieve bind dn id - no such entry\n", + "could not retrieve bindDN ID - no such entry\n", 0, 0, 0 ); - send_ldap_result( conn, op, LDAP_INVALID_CREDENTIALS, - NULL, NULL, NULL, NULL ); - return 1; + rs->sr_err = LDAP_INVALID_CREDENTIALS; + goto error_return; } - backsql_init_search( &bsi, bi, ndn, LDAP_SCOPE_BASE, -1, -1, -1, - NULL, dbh, be, conn, op, NULL ); - e = backsql_id2entry( &bsi, &user_entry, &user_id ); - if ( e == NULL ) { - Debug( LDAP_DEBUG_TRACE, "backsql_bind(): " - "error in backsql_id2entry() - auth failed\n", - 0, 0, 0 ); - send_ldap_result( conn, op, LDAP_OTHER, - NULL, NULL, NULL, NULL ); - return 1; + a = attr_find( e.e_attrs, slap_schema.si_ad_userPassword ); + if ( a == NULL ) { + rs->sr_err = LDAP_INVALID_CREDENTIALS; + goto error_return; } - if ( ! access_allowed( be, conn, op, e, password, NULL, - ACL_AUTH, NULL ) ) { - send_ldap_result( conn, op, LDAP_INSUFFICIENT_ACCESS, - NULL, NULL, NULL, NULL ); - return 1; + if ( slap_passwd_check( op, &e, a, &op->oq_bind.rb_cred, + &rs->sr_text ) != 0 ) + { + rs->sr_err = LDAP_INVALID_CREDENTIALS; + goto error_return; } - if ( ( a = attr_find( e->e_attrs, password ) ) == NULL ) { - send_ldap_result( conn, op, LDAP_INAPPROPRIATE_AUTH, - NULL, NULL, NULL, NULL ); - return 1; +error_return:; + if ( !BER_BVISNULL( &bsi.bsi_base_id.eid_ndn ) ) { + (void)backsql_free_entryID( op, &bsi.bsi_base_id, 0 ); } - if ( slap_passwd_check( conn, a, cred ) != 0 ) { - send_ldap_result( conn, op, LDAP_INVALID_CREDENTIALS, - NULL, NULL, NULL, NULL ); - return 1; + if ( !BER_BVISNULL( &e.e_nname ) ) { + backsql_entry_clean( op, &e ); } - Debug(LDAP_DEBUG_TRACE,"<==backsql_bind()\n",0,0,0); - return 0; -} - -int -backsql_unbind( - BackendDB *be, - Connection *conn, - Operation *op ) -{ - Debug( LDAP_DEBUG_TRACE, "==>backsql_unbind()\n", 0, 0, 0 ); - send_ldap_result( conn, op, LDAP_SUCCESS, NULL, NULL, NULL, 0 ); - Debug( LDAP_DEBUG_TRACE, "<==backsql_unbind()\n", 0, 0, 0 ); - return 0; -} + if ( bsi.bsi_attrs != NULL ) { + op->o_tmpfree( bsi.bsi_attrs, op->o_tmpmemctx ); + } -#endif /* SLAPD_SQL */ + if ( rs->sr_err != LDAP_SUCCESS ) { + send_ldap_result( op, rs ); + } + + Debug( LDAP_DEBUG_TRACE,"<==backsql_bind()\n", 0, 0, 0 ); + return rs->sr_err; +} +