X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=servers%2Fslapd%2Fback-sql%2Fbind.c;h=f87ebdd972cc2d2b48ac938c5d9c4c754e742e2b;hb=5487575086d2060ab05a408543ff07be31b400a8;hp=c775280a9bf1a3ecb6983f35c686565e231d69b0;hpb=0cc024a3706142b4150a257c24e52564ec224631;p=openldap diff --git a/servers/slapd/back-sql/bind.c b/servers/slapd/back-sql/bind.c index c775280a9b..f87ebdd972 100644 --- a/servers/slapd/back-sql/bind.c +++ b/servers/slapd/back-sql/bind.c @@ -1,8 +1,9 @@ /* $OpenLDAP$ */ /* This work is part of OpenLDAP Software . * - * Copyright 1999-2004 The OpenLDAP Foundation. + * Copyright 1999-2006 The OpenLDAP Foundation. * Portions Copyright 1999 Dmitry Kovalev. + * Portions Copyright 2002 Pierangelo Masarati. * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -15,7 +16,8 @@ */ /* ACKNOWLEDGEMENTS: * This work was initially developed by Dmitry Kovalev for inclusion - * by OpenLDAP Software. + * by OpenLDAP Software. Additional significant contributors include + * Pierangelo Masarati. */ #include "portable.h" @@ -29,11 +31,10 @@ int backsql_bind( Operation *op, SlapReply *rs ) { - SQLHDBC dbh; - AttributeDescription *password = slap_schema.si_ad_userPassword; - Entry *e, user_entry; + SQLHDBC dbh = SQL_NULL_HDBC; + Entry e = { 0 }; Attribute *a; - backsql_srch_info bsi; + backsql_srch_info bsi = { 0 }; AttributeName anlist[2]; int rc; @@ -43,7 +44,7 @@ backsql_bind( Operation *op, SlapReply *rs ) ber_dupbv( &op->oq_bind.rb_edn, be_root_dn( op->o_bd ) ); Debug( LDAP_DEBUG_TRACE, "<==backsql_bind() root bind\n", 0, 0, 0 ); - return 0; + return LDAP_SUCCESS; } ber_dupbv( &op->oq_bind.rb_edn, &op->o_req_ndn ); @@ -52,7 +53,7 @@ backsql_bind( Operation *op, SlapReply *rs ) rs->sr_err = LDAP_STRONG_AUTH_NOT_SUPPORTED; rs->sr_text = "authentication method not supported"; send_ldap_result( op, rs ); - return 1; + return rs->sr_err; } /* @@ -66,72 +67,57 @@ backsql_bind( Operation *op, SlapReply *rs ) rs->sr_text = ( rs->sr_err == LDAP_OTHER ) ? "SQL-backend error" : NULL; - send_ldap_result( op, rs ); - return 1; + goto error_return; } - anlist[0].an_name = password->ad_cname; - anlist[0].an_desc = password; + anlist[0].an_name = slap_schema.si_ad_userPassword->ad_cname; + anlist[0].an_desc = slap_schema.si_ad_userPassword; anlist[1].an_name.bv_val = NULL; + bsi.bsi_e = &e; rc = backsql_init_search( &bsi, &op->o_req_ndn, LDAP_SCOPE_BASE, - -1, -1, -1, NULL, dbh, op, rs, anlist, - ( BACKSQL_ISF_GET_ID | BACKSQL_ISF_MUCK ) ); + (time_t)(-1), NULL, dbh, op, rs, anlist, + BACKSQL_ISF_GET_ENTRY ); if ( rc != LDAP_SUCCESS ) { Debug( LDAP_DEBUG_TRACE, "backsql_bind(): " "could not retrieve bindDN ID - no such entry\n", 0, 0, 0 ); rs->sr_err = LDAP_INVALID_CREDENTIALS; - send_ldap_result( op, rs ); - return 1; - } - - bsi.bsi_e = &user_entry; - rc = backsql_id2entry( &bsi, &bsi.bsi_base_id ); - if ( rc != LDAP_SUCCESS ) { - Debug( LDAP_DEBUG_TRACE, "backsql_bind(): " - "error %d in backsql_id2entry() " - "- auth failed\n", rc, 0, 0 ); - rs->sr_err = LDAP_INVALID_CREDENTIALS; goto error_return; } - e = &user_entry; - if ( ! access_allowed( op, e, password, NULL, ACL_AUTH, NULL ) ) { -#if 1 - rs->sr_err = LDAP_INVALID_CREDENTIALS; -#else - rs->sr_err = LDAP_INSUFFICIENT_ACCESS; -#endif - goto error_return; - } - - a = attr_find( e->e_attrs, password ); + a = attr_find( e.e_attrs, slap_schema.si_ad_userPassword ); if ( a == NULL ) { -#if 1 rs->sr_err = LDAP_INVALID_CREDENTIALS; -#else - rs->sr_err = LDAP_INAPPROPRIATE_AUTH; -#endif goto error_return; } - if ( slap_passwd_check( op->o_conn, a, &op->oq_bind.rb_cred, &rs->sr_text ) != 0 ) { + if ( slap_passwd_check( op, &e, a, &op->oq_bind.rb_cred, + &rs->sr_text ) != 0 ) + { rs->sr_err = LDAP_INVALID_CREDENTIALS; goto error_return; } error_return:; if ( !BER_BVISNULL( &bsi.bsi_base_id.eid_ndn ) ) { - (void)backsql_free_entryID( &bsi.bsi_base_id, 0 ); + (void)backsql_free_entryID( op, &bsi.bsi_base_id, 0 ); + } + + if ( !BER_BVISNULL( &e.e_nname ) ) { + backsql_entry_clean( op, &e ); + } + + if ( bsi.bsi_attrs != NULL ) { + op->o_tmpfree( bsi.bsi_attrs, op->o_tmpmemctx ); } - if ( rs->sr_err ) { + if ( rs->sr_err != LDAP_SUCCESS ) { send_ldap_result( op, rs ); - return 1; } - Debug(LDAP_DEBUG_TRACE,"<==backsql_bind()\n",0,0,0); - return 0; + Debug( LDAP_DEBUG_TRACE,"<==backsql_bind()\n", 0, 0, 0 ); + + return rs->sr_err; }