1/* bind.c - DNS SRV backend bind function */ 2/* $OpenLDAP$ */ 3/* This work is part of OpenLDAP Software <http://www.openldap.org/>. 4 * 5 * Copyright 2000-2011 The OpenLDAP Foundation. 6 * Portions Copyright 2000-2003 Kurt D. Zeilenga. 7 * All rights reserved. 8 * 9 * Redistribution and use in source and binary forms, with or without 10 * modification, are permitted only as authorized by the OpenLDAP 11 * Public License. 12 * 13 * A copy of this license is available in the file LICENSE in the 14 * top-level directory of the distribution or, alternatively, at 15 * <http://www.OpenLDAP.org/license.html>. 16 */ 17/* ACKNOWLEDGEMENTS: 18 * This work was originally developed by Kurt D. Zeilenga for inclusion 19 * in OpenLDAP Software. 20 */ 21 22 23#include "portable.h" 24 25#include <stdio.h> 26 27#include <ac/socket.h> 28#include <ac/string.h> 29 30#include "slap.h" 31#include "proto-dnssrv.h" 32 33int 34dnssrv_back_bind( 35 Operation *op, 36 SlapReply *rs ) 37{ 38 Debug( LDAP_DEBUG_TRACE, "DNSSRV: bind dn=\"%s\" (%d)\n", 39 BER_BVISNULL( &op->o_req_dn ) ? "" : op->o_req_dn.bv_val, 40 op->orb_method, 0 ); 41 42 /* allow rootdn as a means to auth without the need to actually 43 * contact the proxied DSA */ 44 switch ( be_rootdn_bind( op, NULL ) ) { 45 case LDAP_SUCCESS: 46 /* frontend will send result */ 47 return rs->sr_err; 48 49 default: 50 /* treat failure and like any other bind, otherwise 51 * it could reveal the DN of the rootdn */ 52 break; 53 } 54 55 if ( !BER_BVISNULL( &op->orb_cred ) && 56 !BER_BVISEMPTY( &op->orb_cred ) ) 57 { 58 /* simple bind */ 59 Statslog( LDAP_DEBUG_STATS, 60 "%s DNSSRV BIND dn=\"%s\" provided cleartext passwd\n", 61 op->o_log_prefix, 62 BER_BVISNULL( &op->o_req_dn ) ? "" : op->o_req_dn.bv_val , 0, 0, 0 ); 63 64 send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM, 65 "you shouldn't send strangers your password" ); 66 67 } else { 68 /* unauthenticated bind */ 69 /* NOTE: we're not going to get here anyway: 70 * unauthenticated bind is dealt with by the frontend */ 71 Debug( LDAP_DEBUG_TRACE, "DNSSRV: BIND dn=\"%s\"\n", 72 BER_BVISNULL( &op->o_req_dn ) ? "" : op->o_req_dn.bv_val, 0, 0 ); 73 74 send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM, 75 "anonymous bind expected" ); 76 } 77 78 return 1; 79} 80