1/* $NetBSD$ */ 2 3/* bind.c - shell backend bind function */ 4/* OpenLDAP: pkg/ldap/servers/slapd/back-shell/bind.c,v 1.27.2.5 2010/04/13 20:23:38 kurt Exp */ 5/* This work is part of OpenLDAP Software <http://www.openldap.org/>. 6 * 7 * Copyright 1998-2010 The OpenLDAP Foundation. 8 * All rights reserved. 9 * 10 * Redistribution and use in source and binary forms, with or without 11 * modification, are permitted only as authorized by the OpenLDAP 12 * Public License. 13 * 14 * A copy of this license is available in the file LICENSE in the 15 * top-level directory of the distribution or, alternatively, at 16 * <http://www.OpenLDAP.org/license.html>. 17 */ 18/* Portions Copyright (c) 1995 Regents of the University of Michigan. 19 * All rights reserved. 20 * 21 * Redistribution and use in source and binary forms are permitted 22 * provided that this notice is preserved and that due credit is given 23 * to the University of Michigan at Ann Arbor. The name of the University 24 * may not be used to endorse or promote products derived from this 25 * software without specific prior written permission. This software 26 * is provided ``as is'' without express or implied warranty. 27 */ 28/* ACKNOWLEDGEMENTS: 29 * This work was originally developed by the University of Michigan 30 * (as part of U-MICH LDAP). 31 */ 32 33#include "portable.h" 34 35#include <stdio.h> 36 37#include <ac/socket.h> 38#include <ac/string.h> 39 40#include "slap.h" 41#include "shell.h" 42 43int 44shell_back_bind( 45 Operation *op, 46 SlapReply *rs ) 47{ 48 struct shellinfo *si = (struct shellinfo *) op->o_bd->be_private; 49 AttributeDescription *entry = slap_schema.si_ad_entry; 50 Entry e; 51 FILE *rfp, *wfp; 52 int rc; 53 54 /* allow rootdn as a means to auth without the need to actually 55 * contact the proxied DSA */ 56 switch ( be_rootdn_bind( op, rs ) ) { 57 case SLAP_CB_CONTINUE: 58 break; 59 60 default: 61 return rs->sr_err; 62 } 63 64 if ( si->si_bind == NULL ) { 65 send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM, 66 "bind not implemented" ); 67 return( -1 ); 68 } 69 70 e.e_id = NOID; 71 e.e_name = op->o_req_dn; 72 e.e_nname = op->o_req_ndn; 73 e.e_attrs = NULL; 74 e.e_ocflags = 0; 75 e.e_bv.bv_len = 0; 76 e.e_bv.bv_val = NULL; 77 e.e_private = NULL; 78 79 if ( ! access_allowed( op, &e, 80 entry, NULL, ACL_AUTH, NULL ) ) 81 { 82 send_ldap_error( op, rs, LDAP_INSUFFICIENT_ACCESS, NULL ); 83 return -1; 84 } 85 86 if ( forkandexec( si->si_bind, &rfp, &wfp ) == (pid_t)-1 ) { 87 send_ldap_error( op, rs, LDAP_OTHER, 88 "could not fork/exec" ); 89 return( -1 ); 90 } 91 92 /* write out the request to the bind process */ 93 fprintf( wfp, "BIND\n" ); 94 fprintf( wfp, "msgid: %ld\n", (long) op->o_msgid ); 95 print_suffixes( wfp, op->o_bd ); 96 fprintf( wfp, "dn: %s\n", op->o_req_dn.bv_val ); 97 fprintf( wfp, "method: %d\n", op->oq_bind.rb_method ); 98 fprintf( wfp, "credlen: %lu\n", op->oq_bind.rb_cred.bv_len ); 99 fprintf( wfp, "cred: %s\n", op->oq_bind.rb_cred.bv_val ); /* XXX */ 100 fclose( wfp ); 101 102 /* read in the results and send them along */ 103 rc = read_and_send_results( op, rs, rfp ); 104 fclose( rfp ); 105 106 return( rc ); 107} 108