X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=servers%2Fslapd%2Fback-sql%2Fbind.c;h=30c060f5c483ae022a9829ff82d685292272f2b7;hb=6e9c21cff8fc740dc6ed21c6f64d9a8899a33401;hp=d2e05898f661e5448a9a587d8d13a1cc2a5ae899;hpb=6d94ecd1b06895faba1026cc174c729a2be824d9;p=openldap diff --git a/servers/slapd/back-sql/bind.c b/servers/slapd/back-sql/bind.c index d2e05898f6..30c060f5c4 100644 --- a/servers/slapd/back-sql/bind.c +++ b/servers/slapd/back-sql/bind.c @@ -19,95 +19,113 @@ #include "util.h" #include "entry-id.h" -void backsql_init_search(backsql_srch_info *bsi,backsql_info *bi,char *nbase,int scope, - int slimit,int tlimit,time_t stoptime,Filter *filter, - SQLHDBC dbh,BackendDB *be,Connection *conn,Operation *op,char **attrs); - -int backsql_bind(BackendDB *be,Connection *conn,Operation *op, - const char *dn,const char *ndn,int method,struct berval *cred,char** edn) +int +backsql_bind( + BackendDB *be, + Connection *conn, + Operation *op, + struct berval *dn, + struct berval *ndn, + int method, + struct berval *cred, + struct berval *edn ) { - backsql_info *bi=(backsql_info*)be->be_private; - backsql_entryID user_id,*res; - SQLHDBC dbh; - AttributeDescription *password = slap_schema.si_ad_userPassword; - Entry *e,user_entry; - Attribute *a; - backsql_srch_info bsi; - - Debug(LDAP_DEBUG_TRACE,"==>backsql_bind()\n",0,0,0); - - if ( be_isroot_pw( be, conn, ndn, cred ) ) - { - *edn=ch_strdup(be_root_dn(be)); - Debug(LDAP_DEBUG_TRACE,"<==backsql_bind() root bind\n",0,0,0); - return LDAP_SUCCESS; - } - - *edn=ch_strdup(ndn); + backsql_info *bi = (backsql_info*)be->be_private; + backsql_entryID user_id; + SQLHDBC dbh; + AttributeDescription *password = slap_schema.si_ad_userPassword; + Entry *e, user_entry; + Attribute *a; + backsql_srch_info bsi; + int rc; - if (method == LDAP_AUTH_SIMPLE) - { - dbh=backsql_get_db_conn(be,conn); - - if (!dbh) - { - Debug(LDAP_DEBUG_TRACE,"backsql_bind(): could not get connection handle - exiting\n",0,0,0); - send_ldap_result(conn,op,LDAP_OTHER,"","SQL-backend error",NULL,NULL); - return 1; - } - - res=backsql_dn2id(bi,&user_id,dbh,ndn); - if (res==NULL) - { - Debug(LDAP_DEBUG_TRACE,"backsql_bind(): could not retrieve bind dn id - no such entry\n",0,0,0); - send_ldap_result( conn, op, LDAP_INVALID_CREDENTIALS,NULL, NULL, NULL, NULL ); - return 1; - } - - backsql_init_search(&bsi,bi,(char*)ndn,LDAP_SCOPE_BASE,-1,-1,-1,NULL,dbh, - be,conn,op,NULL); - e=backsql_id2entry(&bsi,&user_entry,&user_id); - if (e==NULL) - { - Debug(LDAP_DEBUG_TRACE,"backsql_bind(): error in backsql_id2entry() - auth failed\n",0,0,0); - send_ldap_result( conn, op, LDAP_OTHER,NULL, NULL, NULL, NULL ); - return 1; - } - - if ( ! access_allowed( be, conn, op, e,password, NULL, ACL_AUTH ) ) - { - send_ldap_result( conn, op, LDAP_INSUFFICIENT_ACCESS, NULL, NULL, NULL, NULL ); - return 1; - } - - if ( (a = attr_find( e->e_attrs, password )) == NULL ) - { - send_ldap_result( conn, op, LDAP_INAPPROPRIATE_AUTH, NULL, NULL, NULL, NULL ); - return 1; - } - - if ( slap_passwd_check( conn, a, cred ) != 0 ) - { - send_ldap_result( conn, op, LDAP_INVALID_CREDENTIALS,NULL, NULL, NULL, NULL ); - return 1; - } - } - else /*method != SIMPLE */ - { - send_ldap_result( conn, op, LDAP_STRONG_AUTH_NOT_SUPPORTED, - NULL, "authentication method not supported", NULL, NULL ); - return 1; - } - Debug(LDAP_DEBUG_TRACE,"<==backsql_bind()\n",0,0,0); - return 0; + Debug( LDAP_DEBUG_TRACE, "==>backsql_bind()\n", 0, 0, 0 ); + + if ( be_isroot_pw( be, conn, ndn, cred ) ) { + ber_dupbv( edn, be_root_dn( be ) ); + Debug( LDAP_DEBUG_TRACE, "<==backsql_bind() root bind\n", + 0, 0, 0 ); + return LDAP_SUCCESS; + } + + ber_dupbv( edn, ndn ); + + if ( method != LDAP_AUTH_SIMPLE ) { + send_ldap_result( conn, op, LDAP_STRONG_AUTH_NOT_SUPPORTED, + NULL, "authentication method not supported", + NULL, NULL ); + return 1; + } + + /* + * method = LDAP_AUTH_SIMPLE + */ + rc = backsql_get_db_conn( be, conn, &dbh ); + if (!dbh) { + Debug( LDAP_DEBUG_TRACE, "backsql_bind(): " + "could not get connection handle - exiting\n", + 0, 0, 0 ); + send_ldap_result( conn, op, rc, "", + rc == LDAP_OTHER ? "SQL-backend error" : "", + NULL, NULL ); + return 1; + } + + if ( backsql_dn2id( bi, &user_id, dbh, ndn ) != LDAP_SUCCESS ) { + Debug( LDAP_DEBUG_TRACE, "backsql_bind(): " + "could not retrieve bind dn id - no such entry\n", + 0, 0, 0 ); + send_ldap_result( conn, op, LDAP_INVALID_CREDENTIALS, + NULL, NULL, NULL, NULL ); + return 1; + } + + backsql_init_search( &bsi, bi, ndn, LDAP_SCOPE_BASE, -1, -1, -1, + NULL, dbh, be, conn, op, NULL ); + e = backsql_id2entry( &bsi, &user_entry, &user_id ); + if ( e == NULL ) { + Debug( LDAP_DEBUG_TRACE, "backsql_bind(): " + "error in backsql_id2entry() - auth failed\n", + 0, 0, 0 ); + send_ldap_result( conn, op, LDAP_OTHER, + NULL, NULL, NULL, NULL ); + return 1; + } + + if ( ! access_allowed( be, conn, op, e, password, NULL, + ACL_AUTH, NULL ) ) { + send_ldap_result( conn, op, LDAP_INSUFFICIENT_ACCESS, + NULL, NULL, NULL, NULL ); + return 1; + } + + if ( ( a = attr_find( e->e_attrs, password ) ) == NULL ) { + send_ldap_result( conn, op, LDAP_INAPPROPRIATE_AUTH, + NULL, NULL, NULL, NULL ); + return 1; + } + + if ( slap_passwd_check( conn, a, cred ) != 0 ) { + send_ldap_result( conn, op, LDAP_INVALID_CREDENTIALS, + NULL, NULL, NULL, NULL ); + return 1; + } + + Debug(LDAP_DEBUG_TRACE,"<==backsql_bind()\n",0,0,0); + return 0; } -int backsql_unbind(BackendDB *be,Connection *conn,Operation *op) +int +backsql_unbind( + BackendDB *be, + Connection *conn, + Operation *op ) { - Debug(LDAP_DEBUG_TRACE,"==>backsql_unbind()\n",0,0,0); - send_ldap_result(conn,op,LDAP_SUCCESS,NULL,NULL,NULL,0); - Debug(LDAP_DEBUG_TRACE,"<==backsql_unbind()\n",0,0,0); - return 0; + Debug( LDAP_DEBUG_TRACE, "==>backsql_unbind()\n", 0, 0, 0 ); + send_ldap_result( conn, op, LDAP_SUCCESS, NULL, NULL, NULL, 0 ); + Debug( LDAP_DEBUG_TRACE, "<==backsql_unbind()\n", 0, 0, 0 ); + return 0; } #endif /* SLAPD_SQL */ +