From: Kurt Zeilenga Date: Mon, 28 Aug 2000 23:37:44 +0000 (+0000) Subject: Rework bind restrictions X-Git-Tag: LDBM_PRE_GIANT_RWLOCK~2151 X-Git-Url: https://git.sur5r.net/?a=commitdiff_plain;h=4e8973e6cb6848ac89cd21c31bde7ad6691a8c45;p=openldap Rework bind restrictions --- diff --git a/servers/slapd/backend.c b/servers/slapd/backend.c index 3cc017ca2f..8953d8e8de 100644 --- a/servers/slapd/backend.c +++ b/servers/slapd/backend.c @@ -682,10 +682,8 @@ backend_check_restrictions( return LDAP_OTHER; } - if( ( extoid == NULL || strcmp( extoid, LDAP_EXOP_START_TLS ) ) - && op->o_tag != LDAP_REQ_BIND ) - { - /* these checks don't apply to bind nor StartTLS */ + if (( extoid == NULL || strcmp( extoid, LDAP_EXOP_START_TLS ) ) ) { + /* these checks don't apply to StartTLS */ if( op->o_tag == LDAP_REQ_EXTENDED ) { /* threat other extended operations as update ops */ @@ -727,6 +725,12 @@ backend_check_restrictions( return LDAP_CONFIDENTIALITY_REQUIRED; } } + } + + if (( extoid == NULL || strcmp( extoid, LDAP_EXOP_START_TLS ) ) + || op->o_tag == LDAP_REQ_BIND ) + { + /* these checks don't apply to StartTLS or Bind */ if( requires & SLAP_REQUIRE_STRONG ) { /* should check mechanism */ @@ -777,9 +781,7 @@ backend_check_restrictions( } if( restrictops & opflag ) { - if( (restrictops & SLAP_RESTRICT_OP_READS) - == SLAP_RESTRICT_OP_READS ) - { + if( restrictops == SLAP_RESTRICT_OP_READS ) { *text = "read operations restricted"; } else { *text = "operation restricted"; diff --git a/servers/slapd/bind.c b/servers/slapd/bind.c index d65bd9c223..e825eeb850 100644 --- a/servers/slapd/bind.c +++ b/servers/slapd/bind.c @@ -346,33 +346,6 @@ do_bind( goto cleanup; } - if( op->o_ssf < be->be_ssf_set.sss_ssf ) { - text = "confidentiality required"; - rc = LDAP_CONFIDENTIALITY_REQUIRED; - - } else if( op->o_transport_ssf < be->be_ssf_set.sss_transport ) { - text = "transport confidentiality required"; - rc = LDAP_CONFIDENTIALITY_REQUIRED; - - } else if( op->o_tls_ssf < be->be_ssf_set.sss_tls ) { - text = "TLS confidentiality required"; - rc = LDAP_CONFIDENTIALITY_REQUIRED; - - } else if( op->o_sasl_ssf < be->be_ssf_set.sss_sasl ) { - text = "SASL confidentiality required"; - rc = LDAP_CONFIDENTIALITY_REQUIRED; - - } else if( be->be_restrictops & SLAP_RESTRICT_OP_BIND ) { - text = "bind operation restricted"; - rc = LDAP_UNWILLING_TO_PERFORM; - } - - if( rc != LDAP_SUCCESS ) { - send_ldap_result( conn, op, rc, - NULL, text, NULL, NULL ); - goto cleanup; - } - conn->c_authz_backend = be; if ( be->be_bind ) {