X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=servers%2Fslapd%2Fback-sql%2Fbind.c;h=f87ebdd972cc2d2b48ac938c5d9c4c754e742e2b;hb=5487575086d2060ab05a408543ff07be31b400a8;hp=74dd71a2d963d35428f820a4043009c01838cdf0;hpb=0c67c0493bfc2a639c89f827c7085785be90c38e;p=openldap diff --git a/servers/slapd/back-sql/bind.c b/servers/slapd/back-sql/bind.c index 74dd71a2d9..f87ebdd972 100644 --- a/servers/slapd/back-sql/bind.c +++ b/servers/slapd/back-sql/bind.c @@ -1,34 +1,40 @@ -/* - * Copyright 1999, Dmitry Kovalev , All rights reserved. +/* $OpenLDAP$ */ +/* This work is part of OpenLDAP Software . * - * Redistribution and use in source and binary forms are permitted only - * as authorized by the OpenLDAP Public License. A copy of this - * license is available at http://www.OpenLDAP.org/license.html or - * in file LICENSE in the top-level directory of the distribution. + * Copyright 1999-2006 The OpenLDAP Foundation. + * Portions Copyright 1999 Dmitry Kovalev. + * Portions Copyright 2002 Pierangelo Masarati. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted only as authorized by the OpenLDAP + * Public License. + * + * A copy of this license is available in the file LICENSE in the + * top-level directory of the distribution or, alternatively, at + * . + */ +/* ACKNOWLEDGEMENTS: + * This work was initially developed by Dmitry Kovalev for inclusion + * by OpenLDAP Software. Additional significant contributors include + * Pierangelo Masarati. */ #include "portable.h" -#ifdef SLAPD_SQL - #include #include + #include "slap.h" -#include "back-sql.h" -#include "sql-wrap.h" -#include "util.h" -#include "entry-id.h" +#include "proto-sql.h" int backsql_bind( Operation *op, SlapReply *rs ) { - backsql_info *bi = (backsql_info*)op->o_bd->be_private; - backsql_entryID user_id; - SQLHDBC dbh; - AttributeDescription *password = slap_schema.si_ad_userPassword; - Entry *e, user_entry; + SQLHDBC dbh = SQL_NULL_HDBC; + Entry e = { 0 }; Attribute *a; - backsql_srch_info bsi; + backsql_srch_info bsi = { 0 }; AttributeName anlist[2]; int rc; @@ -38,7 +44,7 @@ backsql_bind( Operation *op, SlapReply *rs ) ber_dupbv( &op->oq_bind.rb_edn, be_root_dn( op->o_bd ) ); Debug( LDAP_DEBUG_TRACE, "<==backsql_bind() root bind\n", 0, 0, 0 ); - return 0; + return LDAP_SUCCESS; } ber_dupbv( &op->oq_bind.rb_edn, &op->o_req_ndn ); @@ -47,70 +53,71 @@ backsql_bind( Operation *op, SlapReply *rs ) rs->sr_err = LDAP_STRONG_AUTH_NOT_SUPPORTED; rs->sr_text = "authentication method not supported"; send_ldap_result( op, rs ); - return 1; + return rs->sr_err; } /* * method = LDAP_AUTH_SIMPLE */ rs->sr_err = backsql_get_db_conn( op, &dbh ); - if (!dbh) { + if ( !dbh ) { Debug( LDAP_DEBUG_TRACE, "backsql_bind(): " "could not get connection handle - exiting\n", 0, 0, 0 ); rs->sr_text = ( rs->sr_err == LDAP_OTHER ) ? "SQL-backend error" : NULL; - send_ldap_result( op, rs ); - return 1; + goto error_return; } - rc = backsql_dn2id( bi, &user_id, dbh, &op->o_req_ndn ); + anlist[0].an_name = slap_schema.si_ad_userPassword->ad_cname; + anlist[0].an_desc = slap_schema.si_ad_userPassword; + anlist[1].an_name.bv_val = NULL; + + bsi.bsi_e = &e; + rc = backsql_init_search( &bsi, &op->o_req_ndn, LDAP_SCOPE_BASE, + (time_t)(-1), NULL, dbh, op, rs, anlist, + BACKSQL_ISF_GET_ENTRY ); if ( rc != LDAP_SUCCESS ) { Debug( LDAP_DEBUG_TRACE, "backsql_bind(): " - "could not retrieve bind dn id - no such entry\n", + "could not retrieve bindDN ID - no such entry\n", 0, 0, 0 ); rs->sr_err = LDAP_INVALID_CREDENTIALS; - send_ldap_result( op, rs ); - return 1; + goto error_return; } - anlist[0].an_name = password->ad_cname; - anlist[0].an_desc = password; - anlist[1].an_name.bv_val = NULL; - backsql_init_search( &bsi, &op->o_req_ndn, LDAP_SCOPE_BASE, - -1, -1, -1, NULL, dbh, op, anlist ); - e = backsql_id2entry( &bsi, &user_entry, &user_id ); - if ( e == NULL ) { - Debug( LDAP_DEBUG_TRACE, "backsql_bind(): " - "error in backsql_id2entry() - auth failed\n", - 0, 0, 0 ); - rs->sr_err = LDAP_OTHER; - send_ldap_result( op, rs ); - return 1; + a = attr_find( e.e_attrs, slap_schema.si_ad_userPassword ); + if ( a == NULL ) { + rs->sr_err = LDAP_INVALID_CREDENTIALS; + goto error_return; } - if ( ! access_allowed( op, e, password, NULL, ACL_AUTH, NULL ) ) { - rs->sr_err = LDAP_INSUFFICIENT_ACCESS; - send_ldap_result( op, rs ); - return 1; + if ( slap_passwd_check( op, &e, a, &op->oq_bind.rb_cred, + &rs->sr_text ) != 0 ) + { + rs->sr_err = LDAP_INVALID_CREDENTIALS; + goto error_return; } - if ( ( a = attr_find( e->e_attrs, password ) ) == NULL ) { - rs->sr_err = LDAP_INAPPROPRIATE_AUTH; - send_ldap_result( op, rs ); - return 1; +error_return:; + if ( !BER_BVISNULL( &bsi.bsi_base_id.eid_ndn ) ) { + (void)backsql_free_entryID( op, &bsi.bsi_base_id, 0 ); } - if ( slap_passwd_check( op->o_conn, a, &op->oq_bind.rb_cred ) != 0 ) { - rs->sr_err = LDAP_INVALID_CREDENTIALS; + if ( !BER_BVISNULL( &e.e_nname ) ) { + backsql_entry_clean( op, &e ); + } + + if ( bsi.bsi_attrs != NULL ) { + op->o_tmpfree( bsi.bsi_attrs, op->o_tmpmemctx ); + } + + if ( rs->sr_err != LDAP_SUCCESS ) { send_ldap_result( op, rs ); - return 1; } + + Debug( LDAP_DEBUG_TRACE,"<==backsql_bind()\n", 0, 0, 0 ); - Debug(LDAP_DEBUG_TRACE,"<==backsql_bind()\n",0,0,0); - return 0; + return rs->sr_err; } -#endif /* SLAPD_SQL */ -