X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=servers%2Fslapd%2Fbind.c;h=8d3979992c57bca3e662fffebbc0c3de67f42878;hb=8761bbb6e93a36ddb333775cb2ff3c3c9c7d8669;hp=4fa847853540897df6232299bade1f27978846bf;hpb=b76c56ba3f45576b9c418ea9fe7f7b3440052904;p=openldap diff --git a/servers/slapd/bind.c b/servers/slapd/bind.c index 4fa8478535..8d3979992c 100644 --- a/servers/slapd/bind.c +++ b/servers/slapd/bind.c @@ -15,12 +15,14 @@ #include "portable.h" #include -#include -#include -#include + +#include +#include + #include "slap.h" extern Backend *select_backend(); +extern char *suffixAlias(); extern char *default_referral; @@ -31,7 +33,8 @@ do_bind( ) { BerElement *ber = op->o_ber; - int version, method, len, rc; + int version, method, len; + unsigned long rc; char *dn; struct berval cred; Backend *be; @@ -52,7 +55,7 @@ do_bind( * } */ -#ifdef COMPAT30 +#ifdef LDAP_COMPAT30 /* * in version 3.0 there is an extra SEQUENCE tag after the * BindRequest SEQUENCE tag. @@ -81,13 +84,13 @@ do_bind( "decoding error" ); return; } -#ifdef COMPAT30 +#ifdef LDAP_COMPAT30 if ( conn->c_version == 30 ) { switch ( method ) { case LDAP_AUTH_SIMPLE_30: method = LDAP_AUTH_SIMPLE; break; -#ifdef KERBEROS +#ifdef HAVE_KERBEROS case LDAP_AUTH_KRBV41_30: method = LDAP_AUTH_KRBV41; break; @@ -145,14 +148,21 @@ do_bind( free( cred.bv_val ); } if ( cred.bv_len == 0 ) { - send_ldap_result( conn, op, LDAP_SUCCESS, NULL, NULL ); + send_ldap_result( conn, op, LDAP_SUCCESS, + NULL, NULL ); + } else if ( default_referral && *default_referral ) { + send_ldap_result( conn, op, LDAP_PARTIAL_RESULTS, + NULL, default_referral ); } else { - send_ldap_result( conn, op, LDAP_PARTIAL_RESULTS, NULL, - default_referral ); + send_ldap_result( conn, op, LDAP_INVALID_CREDENTIALS, + NULL, default_referral ); } return; } + /* alias suffix */ + dn = suffixAlias ( dn, op, be ); + if ( be->be_bind != NULL ) { if ( (*be->be_bind)( be, conn, op, dn, method, &cred ) == 0 ) { pthread_mutex_lock( &conn->c_dnmutex );