X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=servers%2Fslapd%2Fback-sql%2Fbind.c;h=f87ebdd972cc2d2b48ac938c5d9c4c754e742e2b;hb=5487575086d2060ab05a408543ff07be31b400a8;hp=35847d0bff5d73e74e6296e6428925aaba998d22;hpb=53a09803481f8d82c4e293da9e56960513612e0d;p=openldap diff --git a/servers/slapd/back-sql/bind.c b/servers/slapd/back-sql/bind.c index 35847d0bff..f87ebdd972 100644 --- a/servers/slapd/back-sql/bind.c +++ b/servers/slapd/back-sql/bind.c @@ -1,109 +1,123 @@ -/* - * Copyright 1999, Dmitry Kovalev , All rights reserved. +/* $OpenLDAP$ */ +/* This work is part of OpenLDAP Software . * - * Redistribution and use in source and binary forms are permitted only - * as authorized by the OpenLDAP Public License. A copy of this - * license is available at http://www.OpenLDAP.org/license.html or - * in file LICENSE in the top-level directory of the distribution. + * Copyright 1999-2006 The OpenLDAP Foundation. + * Portions Copyright 1999 Dmitry Kovalev. + * Portions Copyright 2002 Pierangelo Masarati. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted only as authorized by the OpenLDAP + * Public License. + * + * A copy of this license is available in the file LICENSE in the + * top-level directory of the distribution or, alternatively, at + * . + */ +/* ACKNOWLEDGEMENTS: + * This work was initially developed by Dmitry Kovalev for inclusion + * by OpenLDAP Software. Additional significant contributors include + * Pierangelo Masarati. */ #include "portable.h" -#ifdef SLAPD_SQL - #include #include + #include "slap.h" -#include "back-sql.h" -#include "sql-wrap.h" -#include "util.h" -#include "entry-id.h" +#include "proto-sql.h" -int backsql_bind(BackendDB *be,Connection *conn,Operation *op, - struct berval *dn,struct berval *ndn,int method,struct berval *cred,struct berval *edn) +int +backsql_bind( Operation *op, SlapReply *rs ) { - backsql_info *bi=(backsql_info*)be->be_private; - backsql_entryID user_id,*res; - SQLHDBC dbh; - AttributeDescription *password = slap_schema.si_ad_userPassword; - Entry *e,user_entry; - Attribute *a; - backsql_srch_info bsi; - - Debug(LDAP_DEBUG_TRACE,"==>backsql_bind()\n",0,0,0); - - if ( be_isroot_pw( be, conn, ndn, cred ) ) - { - ber_dupbv(edn, be_root_dn(be)); - Debug(LDAP_DEBUG_TRACE,"<==backsql_bind() root bind\n",0,0,0); - return LDAP_SUCCESS; - } + SQLHDBC dbh = SQL_NULL_HDBC; + Entry e = { 0 }; + Attribute *a; + backsql_srch_info bsi = { 0 }; + AttributeName anlist[2]; + int rc; - ber_dupbv(edn, ndn); - - if (method == LDAP_AUTH_SIMPLE) - { - dbh=backsql_get_db_conn(be,conn); - - if (!dbh) - { - Debug(LDAP_DEBUG_TRACE,"backsql_bind(): could not get connection handle - exiting\n",0,0,0); - send_ldap_result(conn,op,LDAP_OTHER,"","SQL-backend error",NULL,NULL); - return 1; - } - - res=backsql_dn2id(bi,&user_id,dbh,ndn->bv_val); - if (res==NULL) - { - Debug(LDAP_DEBUG_TRACE,"backsql_bind(): could not retrieve bind dn id - no such entry\n",0,0,0); - send_ldap_result( conn, op, LDAP_INVALID_CREDENTIALS,NULL, NULL, NULL, NULL ); - return 1; - } - - backsql_init_search(&bsi,bi,(char*)ndn->bv_val,LDAP_SCOPE_BASE,-1,-1,-1,NULL,dbh, - be,conn,op,NULL); - e=backsql_id2entry(&bsi,&user_entry,&user_id); - if (e==NULL) - { - Debug(LDAP_DEBUG_TRACE,"backsql_bind(): error in backsql_id2entry() - auth failed\n",0,0,0); - send_ldap_result( conn, op, LDAP_OTHER,NULL, NULL, NULL, NULL ); - return 1; - } - - if ( ! access_allowed( be, conn, op, e, password, NULL, ACL_AUTH, NULL ) ) - { - send_ldap_result( conn, op, LDAP_INSUFFICIENT_ACCESS, NULL, NULL, NULL, NULL ); - return 1; - } - - if ( (a = attr_find( e->e_attrs, password )) == NULL ) - { - send_ldap_result( conn, op, LDAP_INAPPROPRIATE_AUTH, NULL, NULL, NULL, NULL ); - return 1; - } - - if ( slap_passwd_check( conn, a, cred ) != 0 ) - { - send_ldap_result( conn, op, LDAP_INVALID_CREDENTIALS,NULL, NULL, NULL, NULL ); - return 1; - } - } - else /*method != SIMPLE */ - { - send_ldap_result( conn, op, LDAP_STRONG_AUTH_NOT_SUPPORTED, - NULL, "authentication method not supported", NULL, NULL ); - return 1; - } - Debug(LDAP_DEBUG_TRACE,"<==backsql_bind()\n",0,0,0); - return 0; + Debug( LDAP_DEBUG_TRACE, "==>backsql_bind()\n", 0, 0, 0 ); + + if ( be_isroot_pw( op ) ) { + ber_dupbv( &op->oq_bind.rb_edn, be_root_dn( op->o_bd ) ); + Debug( LDAP_DEBUG_TRACE, "<==backsql_bind() root bind\n", + 0, 0, 0 ); + return LDAP_SUCCESS; + } + + ber_dupbv( &op->oq_bind.rb_edn, &op->o_req_ndn ); + + if ( op->oq_bind.rb_method != LDAP_AUTH_SIMPLE ) { + rs->sr_err = LDAP_STRONG_AUTH_NOT_SUPPORTED; + rs->sr_text = "authentication method not supported"; + send_ldap_result( op, rs ); + return rs->sr_err; + } + + /* + * method = LDAP_AUTH_SIMPLE + */ + rs->sr_err = backsql_get_db_conn( op, &dbh ); + if ( !dbh ) { + Debug( LDAP_DEBUG_TRACE, "backsql_bind(): " + "could not get connection handle - exiting\n", + 0, 0, 0 ); + + rs->sr_text = ( rs->sr_err == LDAP_OTHER ) + ? "SQL-backend error" : NULL; + goto error_return; + } + + anlist[0].an_name = slap_schema.si_ad_userPassword->ad_cname; + anlist[0].an_desc = slap_schema.si_ad_userPassword; + anlist[1].an_name.bv_val = NULL; + + bsi.bsi_e = &e; + rc = backsql_init_search( &bsi, &op->o_req_ndn, LDAP_SCOPE_BASE, + (time_t)(-1), NULL, dbh, op, rs, anlist, + BACKSQL_ISF_GET_ENTRY ); + if ( rc != LDAP_SUCCESS ) { + Debug( LDAP_DEBUG_TRACE, "backsql_bind(): " + "could not retrieve bindDN ID - no such entry\n", + 0, 0, 0 ); + rs->sr_err = LDAP_INVALID_CREDENTIALS; + goto error_return; + } + + a = attr_find( e.e_attrs, slap_schema.si_ad_userPassword ); + if ( a == NULL ) { + rs->sr_err = LDAP_INVALID_CREDENTIALS; + goto error_return; + } + + if ( slap_passwd_check( op, &e, a, &op->oq_bind.rb_cred, + &rs->sr_text ) != 0 ) + { + rs->sr_err = LDAP_INVALID_CREDENTIALS; + goto error_return; + } + +error_return:; + if ( !BER_BVISNULL( &bsi.bsi_base_id.eid_ndn ) ) { + (void)backsql_free_entryID( op, &bsi.bsi_base_id, 0 ); + } + + if ( !BER_BVISNULL( &e.e_nname ) ) { + backsql_entry_clean( op, &e ); + } + + if ( bsi.bsi_attrs != NULL ) { + op->o_tmpfree( bsi.bsi_attrs, op->o_tmpmemctx ); + } + + if ( rs->sr_err != LDAP_SUCCESS ) { + send_ldap_result( op, rs ); + } + + Debug( LDAP_DEBUG_TRACE,"<==backsql_bind()\n", 0, 0, 0 ); + + return rs->sr_err; } -int backsql_unbind(BackendDB *be,Connection *conn,Operation *op) -{ - Debug(LDAP_DEBUG_TRACE,"==>backsql_unbind()\n",0,0,0); - send_ldap_result(conn,op,LDAP_SUCCESS,NULL,NULL,NULL,0); - Debug(LDAP_DEBUG_TRACE,"<==backsql_unbind()\n",0,0,0); - return 0; -} - -#endif /* SLAPD_SQL */