X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=servers%2Fslapd%2Fbind.c;h=15055120b4e5ca95d24336b916bfb50a5e83a81b;hb=62139b6ef3634529c6d1ff726c337e685ea38cf8;hp=677d7dea1eeed6b18b7f4422f805153923e0deec;hpb=d6e7f0f630ca0a113c45f4ff22d1ded036d06d31;p=openldap diff --git a/servers/slapd/bind.c b/servers/slapd/bind.c index 677d7dea1e..15055120b4 100644 --- a/servers/slapd/bind.c +++ b/servers/slapd/bind.c @@ -402,6 +402,27 @@ do_bind( Debug( LDAP_DEBUG_TRACE, "do_bind: v%d simple bind(%s) disallowed\n", version, ndn.bv_val, 0 ); +#endif + goto cleanup; + + } else if (( global_disallows & SLAP_DISALLOW_BIND_SIMPLE_UNPROTECTED ) + && ( op->o_ssf < global_ssf_set.sss_ssf )) + { + rc = LDAP_CONFIDENTIALITY_REQUIRED; + text = "unwilling to perform simple authentication " + "without confidentilty protection"; + + send_ldap_result( conn, op, rc, + NULL, text, NULL, NULL ); + +#ifdef NEW_LOGGING + LDAP_LOG(( "operation", LDAP_LEVEL_INFO, "do_bind: conn %d " + "v%d unprotected simple bind(%s) disallowed\n", + conn->c_connid, version, ndn.bv_val )); +#else + Debug( LDAP_DEBUG_TRACE, + "do_bind: v%d unprotected simple bind(%s) disallowed\n", + version, ndn.bv_val, 0 ); #endif goto cleanup; } @@ -497,11 +518,10 @@ do_bind( if(edn.bv_len) { conn->c_dn = edn; } else { - ber_dupbv( &conn->c_dn, &pdn ); + conn->c_dn = pdn; + pdn.bv_val = NULL; + pdn.bv_len = 0; } - conn->c_cdn = pdn; - pdn.bv_val = NULL; - pdn.bv_len = 0; conn->c_ndn = ndn; ndn.bv_val = NULL; @@ -516,11 +536,11 @@ do_bind( #ifdef NEW_LOGGING LDAP_LOG(( "operation", LDAP_LEVEL_DETAIL1, "do_bind: conn %d v%d bind: \"%s\" to \"%s\" \n", - conn->c_connid, version, conn->c_cdn.bv_val, conn->c_dn.bv_val )); + conn->c_connid, version, dn.bv_val, conn->c_dn.bv_val )); #else Debug( LDAP_DEBUG_TRACE, "do_bind: v%d bind: \"%s\" to \"%s\"\n", - version, conn->c_cdn.bv_val, conn->c_dn.bv_val ); + version, dn.bv_val, conn->c_dn.bv_val ); #endif ldap_pvt_thread_mutex_unlock( &conn->c_mutex );