From 42bb3e2e854600c7dc8e40a5809aebd71cefd564 Mon Sep 17 00:00:00 2001 From: Kurt Zeilenga Date: Tue, 23 Nov 1999 19:00:09 +0000 Subject: [PATCH] Move userPassord and krbName authentication routines to the frontend. --- servers/slapd/Makefile.in | 4 +- servers/slapd/back-bdb2/Makefile.in | 4 +- servers/slapd/back-bdb2/bind.c | 47 +------------------ servers/slapd/back-bdb2/kerberos.c | 49 -------------------- servers/slapd/back-ldbm/Makefile.in | 4 +- servers/slapd/back-ldbm/bind.c | 47 +------------------ servers/slapd/{back-ldbm => }/kerberos.c | 0 servers/slapd/passwd.c | 59 ++++++++++++++++++++++++ servers/slapd/proto-slap.h | 17 +++++++ servers/slapd/tools/Makefile.in | 2 +- 10 files changed, 85 insertions(+), 148 deletions(-) delete mode 100644 servers/slapd/back-bdb2/kerberos.c rename servers/slapd/{back-ldbm => }/kerberos.c (100%) create mode 100644 servers/slapd/passwd.c diff --git a/servers/slapd/Makefile.in b/servers/slapd/Makefile.in index 07b29b00a7..8a32149e98 100644 --- a/servers/slapd/Makefile.in +++ b/servers/slapd/Makefile.in @@ -14,7 +14,7 @@ SRCS = main.c daemon.c connection.c search.c filter.c add.c charray.c \ dn.c compare.c modify.c delete.c modrdn.c ch_malloc.c \ value.c ava.c bind.c unbind.c abandon.c filterentry.c \ phonetic.c acl.c str2filter.c aclparse.c init.c user.c \ - repl.c lock.c controls.c extended.c \ + repl.c lock.c controls.c extended.c kerberos.c passwd.c \ schema.c schemaparse.c monitor.c configinfo.c \ root_dse.c sasl.c module.c suffixalias.c $(@PLAT@_SRCS) @@ -23,7 +23,7 @@ OBJS = main.o daemon.o connection.o search.o filter.o add.o charray.o \ dn.o compare.o modify.o delete.o modrdn.o ch_malloc.o \ value.o ava.o bind.o unbind.o abandon.o filterentry.o \ phonetic.o acl.o str2filter.o aclparse.o init.o user.o \ - repl.o lock.o controls.o extended.o \ + repl.o lock.o controls.o extended.o kerberos.o passwd.o \ schema.o schemaparse.o monitor.o configinfo.o \ root_dse.o sasl.o module.o suffixalias.o $(@PLAT@_OBJS) diff --git a/servers/slapd/back-bdb2/Makefile.in b/servers/slapd/back-bdb2/Makefile.in index fd25b63bcb..9634aec6be 100644 --- a/servers/slapd/back-bdb2/Makefile.in +++ b/servers/slapd/back-bdb2/Makefile.in @@ -3,12 +3,12 @@ SRCS = idl.c add.c search.c cache.c dbcache.c dn2id.c entry.c id2entry.c \ index.c id2children.c nextid.c abandon.c compare.c group.c \ modify.c modrdn.c delete.c init.c config.c bind.c attr.c \ - filterindex.c unbind.c kerberos.c close.c alias.c startup.c \ + filterindex.c unbind.c close.c alias.c startup.c \ timing.c porter.c txn.c tools.c OBJS = idl.lo add.lo search.lo cache.lo dbcache.lo dn2id.lo entry.lo id2entry.lo \ index.lo id2children.lo nextid.lo abandon.lo compare.lo group.lo \ modify.lo modrdn.lo delete.lo init.lo config.lo bind.lo attr.lo \ - filterindex.lo unbind.lo kerberos.lo close.lo alias.lo startup.lo \ + filterindex.lo unbind.lo close.lo alias.lo startup.lo \ timing.lo porter.lo txn.lo tools.lo LDAP_INCDIR= ../../../include diff --git a/servers/slapd/back-bdb2/bind.c b/servers/slapd/back-bdb2/bind.c index 7455b1fc8c..46b614b5c9 100644 --- a/servers/slapd/back-bdb2/bind.c +++ b/servers/slapd/back-bdb2/bind.c @@ -14,51 +14,6 @@ #include "back-bdb2.h" #include "proto-back-bdb2.h" -#include - -#ifdef HAVE_KERBEROS -extern int bdb2i_krbv4_ldap_auth(); -#endif - -static int -crypted_value_find( - struct berval **vals, - struct berval *v, - int syntax, - int normalize, - struct berval *cred -) -{ - int i; - for ( i = 0; vals[i] != NULL; i++ ) { - if ( syntax != SYNTAX_BIN ) { - int result; - -#ifdef SLAPD_CRYPT - ldap_pvt_thread_mutex_lock( &crypt_mutex ); -#endif - - result = lutil_passwd( - (char*) cred->bv_val, - (char*) vals[i]->bv_val, - NULL ); - -#ifdef SLAPD_CRYPT - ldap_pvt_thread_mutex_unlock( &crypt_mutex ); -#endif - - return result; - - } else { - if ( value_cmp( vals[i], v, syntax, normalize ) == 0 ) { - return( 0 ); - } - } - } - - return( 1 ); -} - static int bdb2i_back_bind_internal( BackendDB *be, @@ -235,7 +190,7 @@ bdb2i_back_bind_internal( goto return_results; } - if ( crypted_value_find( a->a_vals, cred, a->a_syntax, 0, cred ) != 0 ) + if ( slap_passwd_check( a->a_vals, cred, a->a_syntax, 0, cred ) != 0 ) { send_ldap_result( conn, op, LDAP_INVALID_CREDENTIALS, NULL, NULL, NULL, NULL); diff --git a/servers/slapd/back-bdb2/kerberos.c b/servers/slapd/back-bdb2/kerberos.c deleted file mode 100644 index 61a9db0763..0000000000 --- a/servers/slapd/back-bdb2/kerberos.c +++ /dev/null @@ -1,49 +0,0 @@ -/* kerberos.c - bdb2 backend kerberos bind routines */ -/* $OpenLDAP$ */ - -#include "portable.h" - -#ifdef HAVE_KERBEROS - -#include - -#include -#include -#include - -#include "slap.h" -#include "back-bdb2.h" - -#define LDAP_KRB_PRINCIPAL "ldapserver" - -extern char *ldap_srvtab; -extern Attribute *attr_find(); - -bdb2i_krbv4_ldap_auth( - BackendDB *be, - struct berval *cred, - AUTH_DAT *ad -) -{ - KTEXT_ST k; - KTEXT ktxt = &k; - char instance[INST_SZ]; - int err; - - Debug( LDAP_DEBUG_TRACE, "=> kerberosv4_ldap_auth\n", 0, 0, 0 ); - - SAFEMEMCPY( ktxt->dat, cred->bv_val, cred->bv_len ); - ktxt->length = cred->bv_len; - - strcpy( instance, "*" ); - if ( (err = krb_rd_req( ktxt, LDAP_KRB_PRINCIPAL, instance, 0L, ad, - ldap_srvtab )) != KSUCCESS ) { - Debug( LDAP_DEBUG_ANY, "krb_rd_req failed (%s)\n", - krb_err_txt[err], 0, 0 ); - return( LDAP_INVALID_CREDENTIALS ); - } - - return( LDAP_SUCCESS ); -} - -#endif /* kerberos */ diff --git a/servers/slapd/back-ldbm/Makefile.in b/servers/slapd/back-ldbm/Makefile.in index b318517a39..7fb735cf29 100644 --- a/servers/slapd/back-ldbm/Makefile.in +++ b/servers/slapd/back-ldbm/Makefile.in @@ -3,11 +3,11 @@ SRCS = idl.c add.c search.c cache.c dbcache.c dn2id.c entry.c id2entry.c \ index.c id2children.c nextid.c abandon.c compare.c group.c \ modify.c modrdn.c delete.c init.c config.c bind.c attr.c \ - filterindex.c unbind.c kerberos.c close.c alias.c tools.c + filterindex.c unbind.c close.c alias.c tools.c OBJS = idl.lo add.lo search.lo cache.lo dbcache.lo dn2id.lo entry.lo id2entry.lo \ index.lo id2children.lo nextid.lo abandon.lo compare.lo group.lo \ modify.lo modrdn.lo delete.lo init.lo config.lo bind.lo attr.lo \ - filterindex.lo unbind.lo kerberos.lo close.lo alias.lo tools.lo + filterindex.lo unbind.lo close.lo alias.lo tools.lo LDAP_INCDIR= ../../../include LDAP_LIBDIR= ../../../libraries diff --git a/servers/slapd/back-ldbm/bind.c b/servers/slapd/back-ldbm/bind.c index 52234e336a..b6b902f6be 100644 --- a/servers/slapd/back-ldbm/bind.c +++ b/servers/slapd/back-ldbm/bind.c @@ -18,51 +18,6 @@ #include "back-ldbm.h" #include "proto-back-ldbm.h" -#include - -#ifdef HAVE_KERBEROS -extern int krbv4_ldap_auth(); -#endif - -static int -crypted_value_find( - struct berval **vals, - struct berval *v, - int syntax, - int normalize, - struct berval *cred -) -{ - int i; - for ( i = 0; vals[i] != NULL; i++ ) { - if ( syntax != SYNTAX_BIN ) { - int result; - -#ifdef SLAPD_CRYPT - ldap_pvt_thread_mutex_lock( &crypt_mutex ); -#endif - - result = lutil_passwd( - (char*) cred->bv_val, - (char*) vals[i]->bv_val, - NULL ); - -#ifdef SLAPD_CRYPT - ldap_pvt_thread_mutex_unlock( &crypt_mutex ); -#endif - - return result; - - } else { - if ( value_cmp( vals[i], v, syntax, normalize ) == 0 ) { - return( 0 ); - } - } - } - - return( 1 ); -} - int ldbm_back_bind( Backend *be, @@ -242,7 +197,7 @@ ldbm_back_bind( goto return_results; } - if ( crypted_value_find( a->a_vals, cred, a->a_syntax, 0, cred ) != 0 ) + if ( slap_passwd_check( a->a_vals, cred, a->a_syntax, 0, cred ) != 0 ) { send_ldap_result( conn, op, LDAP_INVALID_CREDENTIALS, NULL, NULL, NULL, NULL ); diff --git a/servers/slapd/back-ldbm/kerberos.c b/servers/slapd/kerberos.c similarity index 100% rename from servers/slapd/back-ldbm/kerberos.c rename to servers/slapd/kerberos.c diff --git a/servers/slapd/passwd.c b/servers/slapd/passwd.c new file mode 100644 index 0000000000..916d467814 --- /dev/null +++ b/servers/slapd/passwd.c @@ -0,0 +1,59 @@ +/* bind.c - ldbm backend bind and unbind routines */ +/* $OpenLDAP$ */ +/* + * Copyright 1998-1999 The OpenLDAP Foundation, All Rights Reserved. + * COPYING RESTRICTIONS APPLY, see COPYRIGHT file + */ + +#include "portable.h" + +#include + +#include +#include +#include +#include + +#include "slap.h" + +#include + + +int +slap_passwd_check( + struct berval **vals, + struct berval *v, + int syntax, + int normalize, + struct berval *cred +) +{ + int i; + for ( i = 0; vals[i] != NULL; i++ ) { + if ( syntax == SYNTAX_BIN ) { + int result; + +#ifdef SLAPD_CRYPT + ldap_pvt_thread_mutex_lock( &crypt_mutex ); +#endif + + result = lutil_passwd( + (char*) cred->bv_val, + (char*) vals[i]->bv_val, + NULL ); + +#ifdef SLAPD_CRYPT + ldap_pvt_thread_mutex_unlock( &crypt_mutex ); +#endif + + return result; + + } else { + if ( value_cmp( vals[i], v, syntax, normalize ) == 0 ) { + return( 0 ); + } + } + } + + return( 1 ); +} diff --git a/servers/slapd/proto-slap.h b/servers/slapd/proto-slap.h index 5c6fc6e947..939e57a2d1 100644 --- a/servers/slapd/proto-slap.h +++ b/servers/slapd/proto-slap.h @@ -438,6 +438,23 @@ int value_find LDAP_P(( struct berval **vals, struct berval *v, int syntax, void slap_init_user LDAP_P(( char *username, char *groupname )); #endif +/* + * passwd.c + */ +int slap_passwd_check( + struct berval **vals, + struct berval *v, + int syntax, + int normalize, + struct berval *cred ); + +/* + * kerberos.c + */ +#ifdef HAVE_KERBEROS +extern int krbv4_ldap_auth(); +#endif + /* * Other... */ diff --git a/servers/slapd/tools/Makefile.in b/servers/slapd/tools/Makefile.in index 56c9ef29fa..00473ec404 100644 --- a/servers/slapd/tools/Makefile.in +++ b/servers/slapd/tools/Makefile.in @@ -53,7 +53,7 @@ SLAPD_OBJS = ../config.o ../ch_malloc.o ../backend.o ../charray.o \ ../module.o ../aclparse.o ../schema.o ../filterentry.o \ ../acl.o ../phonetic.o ../attr.o ../value.o ../entry.o \ ../dn.o ../filter.o ../str2filter.o ../ava.o ../init.o \ - ../controls.o ../schemaparse.o + ../controls.o ../schemaparse.o ../kerberos.o ../passwd.o SLAPOBJS = $(SLAPD_OBJS) slapcommon.o mimic.o EDB2LDIFSRCS = edb2ldif.c ldapsyntax.c -- 2.39.5