Add bind handler which returns unwillingToPerform with

nasty message if password was provided.

diff --git a/configure b/configure
index dd321178b5dc8eb7c9532787303dad021d3ab3a4..48bc70d78e22861f0dfac38be559270d0bd9ba0a 100755 (executable)
--- a/configure
+++ b/configure
@@ -1,6 +1,6 @@
 #! /bin/sh
 # $OpenLDAP$
-# from OpenLDAP: pkg/ldap/configure.in,v 1.298 2000/05/10 20:48:23 hyc Exp  
+# from OpenLDAP: pkg/ldap/configure.in,v 1.299 2000/05/10 21:30:54 kurt Exp  
 
 # Copyright 1998-2000 The OpenLDAP Foundation.  All Rights Reserved.
 # 

diff --git a/servers/slapd/back-dnssrv/Makefile.in b/servers/slapd/back-dnssrv/Makefile.in
index c2f925162ca43587e0a7c5d23afa5148f2fccc7f..cb0e6f75803f8f7cf60820989b773caedfc5e6dc 100644 (file)
--- a/servers/slapd/back-dnssrv/Makefile.in
+++ b/servers/slapd/back-dnssrv/Makefile.in
@@ -10,9 +10,9 @@
 # DNSSRV backend written by Kurt Zeilenga
 ##########################################################################
 
-SRCS   = init.c search.c config.c compare.c \
+SRCS   = init.c bind.c search.c config.c compare.c \
                modify.c add.c modrdn.c delete.c request.c
-OBJS   = init.lo search.lo config.lo compare.lo \
+OBJS   = init.lo bind.lo search.lo config.lo compare.lo \
                modify.lo add.lo modrdn.lo delete.lo request.lo
 
 LDAP_INCDIR= ../../../include       

diff --git a/servers/slapd/back-dnssrv/bind.c b/servers/slapd/back-dnssrv/bind.c
new file mode 100644 (file)
index 0000000..f4468c0
--- /dev/null
+++ b/servers/slapd/back-dnssrv/bind.c
@@ -0,0 +1,61 @@
+/* bind.c - DNS SRV backend bind function */
+/* $OpenLDAP$ */
+/*
+ * Copyright 2000 The OpenLDAP Foundation, All Rights Reserved.
+ * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
+ */
+
+
+#include "portable.h"
+
+#include <stdio.h>
+
+#include <ac/socket.h>
+#include <ac/string.h>
+
+#include "slap.h"
+#include "back-dnssrv.h"
+
+int
+dnssrv_back_bind(
+    Backend            *be,
+    Connection         *conn,
+    Operation          *op,
+    char               *dn,
+    char               *ndn,
+    int                        method,
+       char            *mech,
+    struct berval      *cred,
+       char            **edn
+)
+{
+       Debug( LDAP_DEBUG_DEBUG, "DNSSRV: bind %s (%d/%s)\n",
+               dn == NULL ? "" : dn, 
+               method,
+               mech == NULL ? "none" : mech );
+               
+       if( method == LDAP_AUTH_SIMPLE && cred != NULL && cred->bv_len ) {
+               Statslog( LDAP_DEBUG_STATS,
+                       "conn=%ld op=%d DNSSRV BIND dn=\"%s\" provided passwd\n",
+                        op->o_connid, op->o_opid,
+                       dn == NULL ? "" : dn , 0, 0 );
+
+               Debug( LDAP_DEBUG_TRACE,
+                       "DNSSRV: BIND dn=\"%s\" provided cleartext password\n",
+                       dn == NULL ? "" : dn, 0, 0 );
+
+               send_ldap_result( conn, op, LDAP_UNWILLING_TO_PERFORM,
+                       NULL, "you shouldn\'t send strangers your password",
+                       NULL, NULL );
+
+       } else {
+               Debug( LDAP_DEBUG_TRACE, "DNSSRV: BIND dn=\"%s\"\n",
+                       dn == NULL ? "" : dn, 0, 0 );
+
+               send_ldap_result( conn, op, LDAP_UNWILLING_TO_PERFORM,
+                       NULL, "anonymous bind expected",
+                       NULL, NULL );
+       }
+
+       return 1;
+}

diff --git a/servers/slapd/back-dnssrv/init.c b/servers/slapd/back-dnssrv/init.c
index 881532e385d4c67a1d464e503de3c1914991cd41..743c17114ea143e6828f680987c1f9c0dc298411 100644 (file)
--- a/servers/slapd/back-dnssrv/init.c
+++ b/servers/slapd/back-dnssrv/init.c
@@ -45,7 +45,7 @@ dnssrv_back_initialize(
        bi->bi_db_close = 0;
        bi->bi_db_destroy = dnssrv_back_db_destroy;
 
-       bi->bi_op_bind = 0;
+       bi->bi_op_bind = dnssrv_back_bind;
        bi->bi_op_unbind = 0;
        bi->bi_op_search = dnssrv_back_search;
        bi->bi_op_compare = dnssrv_back_compare;