From cb8d9e16e961732461817423695940f871ee6597 Mon Sep 17 00:00:00 2001 From: Kurt Zeilenga Date: Wed, 10 May 2000 23:54:57 +0000 Subject: [PATCH] Add bind handler which returns unwillingToPerform with nasty message if password was provided. --- configure | 2 +- servers/slapd/back-dnssrv/Makefile.in | 4 +- servers/slapd/back-dnssrv/bind.c | 61 +++++++++++++++++++++++++++ servers/slapd/back-dnssrv/init.c | 2 +- 4 files changed, 65 insertions(+), 4 deletions(-) create mode 100644 servers/slapd/back-dnssrv/bind.c diff --git a/configure b/configure index dd321178b5..48bc70d78e 100755 --- a/configure +++ b/configure @@ -1,6 +1,6 @@ #! /bin/sh # $OpenLDAP$ -# from OpenLDAP: pkg/ldap/configure.in,v 1.298 2000/05/10 20:48:23 hyc Exp +# from OpenLDAP: pkg/ldap/configure.in,v 1.299 2000/05/10 21:30:54 kurt Exp # Copyright 1998-2000 The OpenLDAP Foundation. All Rights Reserved. # diff --git a/servers/slapd/back-dnssrv/Makefile.in b/servers/slapd/back-dnssrv/Makefile.in index c2f925162c..cb0e6f7580 100644 --- a/servers/slapd/back-dnssrv/Makefile.in +++ b/servers/slapd/back-dnssrv/Makefile.in @@ -10,9 +10,9 @@ # DNSSRV backend written by Kurt Zeilenga ########################################################################## -SRCS = init.c search.c config.c compare.c \ +SRCS = init.c bind.c search.c config.c compare.c \ modify.c add.c modrdn.c delete.c request.c -OBJS = init.lo search.lo config.lo compare.lo \ +OBJS = init.lo bind.lo search.lo config.lo compare.lo \ modify.lo add.lo modrdn.lo delete.lo request.lo LDAP_INCDIR= ../../../include diff --git a/servers/slapd/back-dnssrv/bind.c b/servers/slapd/back-dnssrv/bind.c new file mode 100644 index 0000000000..f4468c0d68 --- /dev/null +++ b/servers/slapd/back-dnssrv/bind.c @@ -0,0 +1,61 @@ +/* bind.c - DNS SRV backend bind function */ +/* $OpenLDAP$ */ +/* + * Copyright 2000 The OpenLDAP Foundation, All Rights Reserved. + * COPYING RESTRICTIONS APPLY, see COPYRIGHT file + */ + + +#include "portable.h" + +#include + +#include +#include + +#include "slap.h" +#include "back-dnssrv.h" + +int +dnssrv_back_bind( + Backend *be, + Connection *conn, + Operation *op, + char *dn, + char *ndn, + int method, + char *mech, + struct berval *cred, + char **edn +) +{ + Debug( LDAP_DEBUG_DEBUG, "DNSSRV: bind %s (%d/%s)\n", + dn == NULL ? "" : dn, + method, + mech == NULL ? "none" : mech ); + + if( method == LDAP_AUTH_SIMPLE && cred != NULL && cred->bv_len ) { + Statslog( LDAP_DEBUG_STATS, + "conn=%ld op=%d DNSSRV BIND dn=\"%s\" provided passwd\n", + op->o_connid, op->o_opid, + dn == NULL ? "" : dn , 0, 0 ); + + Debug( LDAP_DEBUG_TRACE, + "DNSSRV: BIND dn=\"%s\" provided cleartext password\n", + dn == NULL ? "" : dn, 0, 0 ); + + send_ldap_result( conn, op, LDAP_UNWILLING_TO_PERFORM, + NULL, "you shouldn\'t send strangers your password", + NULL, NULL ); + + } else { + Debug( LDAP_DEBUG_TRACE, "DNSSRV: BIND dn=\"%s\"\n", + dn == NULL ? "" : dn, 0, 0 ); + + send_ldap_result( conn, op, LDAP_UNWILLING_TO_PERFORM, + NULL, "anonymous bind expected", + NULL, NULL ); + } + + return 1; +} diff --git a/servers/slapd/back-dnssrv/init.c b/servers/slapd/back-dnssrv/init.c index 881532e385..743c17114e 100644 --- a/servers/slapd/back-dnssrv/init.c +++ b/servers/slapd/back-dnssrv/init.c @@ -45,7 +45,7 @@ dnssrv_back_initialize( bi->bi_db_close = 0; bi->bi_db_destroy = dnssrv_back_db_destroy; - bi->bi_op_bind = 0; + bi->bi_op_bind = dnssrv_back_bind; bi->bi_op_unbind = 0; bi->bi_op_search = dnssrv_back_search; bi->bi_op_compare = dnssrv_back_compare; -- 2.39.5