bind.c revision 1.1.1.4
1/* $NetBSD: bind.c,v 1.1.1.4 2014/05/28 09:58:49 tron Exp $ */ 2 3/* bind.c - DNS SRV backend bind function */ 4/* $OpenLDAP$ */ 5/* This work is part of OpenLDAP Software <http://www.openldap.org/>. 6 * 7 * Copyright 2000-2014 The OpenLDAP Foundation. 8 * Portions Copyright 2000-2003 Kurt D. Zeilenga. 9 * All rights reserved. 10 * 11 * Redistribution and use in source and binary forms, with or without 12 * modification, are permitted only as authorized by the OpenLDAP 13 * Public License. 14 * 15 * A copy of this license is available in the file LICENSE in the 16 * top-level directory of the distribution or, alternatively, at 17 * <http://www.OpenLDAP.org/license.html>. 18 */ 19/* ACKNOWLEDGEMENTS: 20 * This work was originally developed by Kurt D. Zeilenga for inclusion 21 * in OpenLDAP Software. 22 */ 23 24 25#include "portable.h" 26 27#include <stdio.h> 28 29#include <ac/socket.h> 30#include <ac/string.h> 31 32#include "slap.h" 33#include "proto-dnssrv.h" 34 35int 36dnssrv_back_bind( 37 Operation *op, 38 SlapReply *rs ) 39{ 40 Debug( LDAP_DEBUG_TRACE, "DNSSRV: bind dn=\"%s\" (%d)\n", 41 BER_BVISNULL( &op->o_req_dn ) ? "" : op->o_req_dn.bv_val, 42 op->orb_method, 0 ); 43 44 /* allow rootdn as a means to auth without the need to actually 45 * contact the proxied DSA */ 46 switch ( be_rootdn_bind( op, NULL ) ) { 47 case LDAP_SUCCESS: 48 /* frontend will send result */ 49 return rs->sr_err; 50 51 default: 52 /* treat failure and like any other bind, otherwise 53 * it could reveal the DN of the rootdn */ 54 break; 55 } 56 57 if ( !BER_BVISNULL( &op->orb_cred ) && 58 !BER_BVISEMPTY( &op->orb_cred ) ) 59 { 60 /* simple bind */ 61 Statslog( LDAP_DEBUG_STATS, 62 "%s DNSSRV BIND dn=\"%s\" provided cleartext passwd\n", 63 op->o_log_prefix, 64 BER_BVISNULL( &op->o_req_dn ) ? "" : op->o_req_dn.bv_val , 0, 0, 0 ); 65 66 send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM, 67 "you shouldn't send strangers your password" ); 68 69 } else { 70 /* unauthenticated bind */ 71 /* NOTE: we're not going to get here anyway: 72 * unauthenticated bind is dealt with by the frontend */ 73 Debug( LDAP_DEBUG_TRACE, "DNSSRV: BIND dn=\"%s\"\n", 74 BER_BVISNULL( &op->o_req_dn ) ? "" : op->o_req_dn.bv_val, 0, 0 ); 75 76 send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM, 77 "anonymous bind expected" ); 78 } 79 80 return 1; 81} 82