From: Dmitry Kovalev <mit@openldap.org>
Date: Mon, 30 Oct 2000 20:36:29 +0000 (+0000)
Subject: fix ITS #855 (back-sql crashes with malformed filters),
X-Git-Tag: LDBM_PRE_GIANT_RWLOCK~1668
X-Git-Url: https://git.sur5r.net/?a=commitdiff_plain;h=6d94ecd1b06895faba1026cc174c729a2be824d9;p=openldap

fix ITS #855 (back-sql crashes with malformed filters),

also extend bind() to something less trivial (to support SIMPLE_AUTH mode)
---

diff --git a/servers/slapd/back-sql/bind.c b/servers/slapd/back-sql/bind.c
index 20c566ed7f..d2e05898f6 100644
--- a/servers/slapd/back-sql/bind.c
+++ b/servers/slapd/back-sql/bind.c
@@ -16,13 +16,88 @@
 #include "slap.h"
 #include "back-sql.h"
 #include "sql-wrap.h"
+#include "util.h"
+#include "entry-id.h"
+
+void backsql_init_search(backsql_srch_info *bsi,backsql_info *bi,char *nbase,int scope,
+		 int slimit,int tlimit,time_t stoptime,Filter *filter,
+		 SQLHDBC dbh,BackendDB *be,Connection *conn,Operation *op,char **attrs);
 
 int backsql_bind(BackendDB *be,Connection *conn,Operation *op,
 	const char *dn,const char *ndn,int method,struct berval *cred,char** edn)
 {
+ backsql_info *bi=(backsql_info*)be->be_private;
+ backsql_entryID user_id,*res;
+ SQLHDBC dbh;
+ AttributeDescription *password = slap_schema.si_ad_userPassword;
+ Entry		*e,user_entry;
+ Attribute	*a;
+ backsql_srch_info bsi;
+ 
  Debug(LDAP_DEBUG_TRACE,"==>backsql_bind()\n",0,0,0);
- //for now, just return OK, allowing to test modify operations
- send_ldap_result(conn,op,LDAP_SUCCESS,NULL,NULL,NULL,0);
+ 
+ if ( be_isroot_pw( be, conn, ndn, cred ) )
+    {
+     *edn=ch_strdup(be_root_dn(be));
+     Debug(LDAP_DEBUG_TRACE,"<==backsql_bind() root bind\n",0,0,0);
+     return LDAP_SUCCESS;
+    }
+ 
+ *edn=ch_strdup(ndn);
+ 
+ if (method == LDAP_AUTH_SIMPLE)
+  {	 
+   dbh=backsql_get_db_conn(be,conn);
+
+   if (!dbh)
+    {
+     Debug(LDAP_DEBUG_TRACE,"backsql_bind(): could not get connection handle - exiting\n",0,0,0);
+     send_ldap_result(conn,op,LDAP_OTHER,"","SQL-backend error",NULL,NULL);
+     return 1;
+    }
+  
+   res=backsql_dn2id(bi,&user_id,dbh,ndn);
+   if (res==NULL)
+    {
+     Debug(LDAP_DEBUG_TRACE,"backsql_bind(): could not retrieve bind dn id - no such entry\n",0,0,0);
+     send_ldap_result( conn, op, LDAP_INVALID_CREDENTIALS,NULL, NULL, NULL, NULL );
+     return 1;
+    }
+    
+   backsql_init_search(&bsi,bi,(char*)ndn,LDAP_SCOPE_BASE,-1,-1,-1,NULL,dbh,
+		 be,conn,op,NULL);
+   e=backsql_id2entry(&bsi,&user_entry,&user_id);
+   if (e==NULL)
+    {
+     Debug(LDAP_DEBUG_TRACE,"backsql_bind(): error in backsql_id2entry() - auth failed\n",0,0,0);
+     send_ldap_result( conn, op, LDAP_OTHER,NULL, NULL, NULL, NULL );
+     return 1;
+    }
+    
+   if ( ! access_allowed( be, conn, op, e,password, NULL, ACL_AUTH ) )
+    {
+     send_ldap_result( conn, op, LDAP_INSUFFICIENT_ACCESS, NULL, NULL, NULL, NULL );
+     return 1;
+    }
+
+   if ( (a = attr_find( e->e_attrs, password )) == NULL )
+    {
+     send_ldap_result( conn, op, LDAP_INAPPROPRIATE_AUTH, NULL, NULL, NULL, NULL );
+     return 1;
+    }
+
+   if ( slap_passwd_check( conn, a, cred ) != 0 ) 
+    {
+     send_ldap_result( conn, op, LDAP_INVALID_CREDENTIALS,NULL, NULL, NULL, NULL );
+     return 1;
+    }
+  }  
+ else /*method != SIMPLE */
+  {
+   send_ldap_result( conn, op, LDAP_STRONG_AUTH_NOT_SUPPORTED,
+		    NULL, "authentication method not supported", NULL, NULL );
+   return 1;
+  }
  Debug(LDAP_DEBUG_TRACE,"<==backsql_bind()\n",0,0,0);
  return 0;
 }
diff --git a/servers/slapd/back-sql/other.c b/servers/slapd/back-sql/other.c
index c89e4d0f23..dc40a0e28d 100644
--- a/servers/slapd/back-sql/other.c
+++ b/servers/slapd/back-sql/other.c
@@ -27,7 +27,7 @@ int	backsql_compare(BackendDB *bd,
 	const char *dn, const char *ndn,
 	AttributeAssertion *ava )
 {
- Debug(LDAP_DEBUG_TRACE,"==>backsql_compare()\n",0,0,0);
+ Debug(LDAP_DEBUG_TRACE,"==>backsql_compare() - not implemented\n",0,0,0);
  return 0;
 }
 
diff --git a/servers/slapd/back-sql/search.c b/servers/slapd/back-sql/search.c
index 914fca8204..82db1e1cf8 100644
--- a/servers/slapd/back-sql/search.c
+++ b/servers/slapd/back-sql/search.c
@@ -173,7 +173,7 @@ int backsql_process_filter(backsql_srch_info *bsi,Filter *f)
  int done=0,len=0;
 
  Debug(LDAP_DEBUG_TRACE,"==>backsql_process_filter()\n",0,0,0);
- if (f==NULL)
+ if (f==NULL || f->f_choice==SLAPD_FILTER_COMPUTED)
   {
    return 0;
   }
diff --git a/servers/slapd/back-sql/sql-wrap.c b/servers/slapd/back-sql/sql-wrap.c
index 4b54c9961b..c1c1876bb3 100644
--- a/servers/slapd/back-sql/sql-wrap.c
+++ b/servers/slapd/back-sql/sql-wrap.c
@@ -45,8 +45,8 @@ void backsql_PrintErrors(SQLHENV henv, SQLHDBC hdbc, SQLHSTMT sth,int rc)
 	|| rc == SQL_SUCCESS_WITH_INFO
        )
  {
-  Debug(LDAP_DEBUG_TRACE,"SQL engine state: %s\n", state,0,0);
   Debug(LDAP_DEBUG_TRACE,"Native error code: %d\n",(int) iSqlCode,0,0);
+  Debug(LDAP_DEBUG_TRACE,"SQL engine state: %s\n", state,0,0);
   Debug(LDAP_DEBUG_TRACE,"Message: %s\n",msg,0,0);
  }
 }
diff --git a/servers/slapd/back-sql/util.h b/servers/slapd/back-sql/util.h
index 1fe0cbab2c..110c9b6f2c 100644
--- a/servers/slapd/back-sql/util.h
+++ b/servers/slapd/back-sql/util.h
@@ -57,4 +57,5 @@ extern char backsql_def_oc_query[],backsql_def_at_query[],
 
 int backsql_merge_from_clause(char **dest_from,int *dest_len,char *src_from);
 
+
 #endif
\ No newline at end of file