bind.c revision 1.1.1.6
1/* $NetBSD: bind.c,v 1.1.1.6 2018/02/06 01:53:18 christos Exp $ */ 2 3/* bind.c - DNS SRV backend bind function */ 4/* $OpenLDAP$ */ 5/* This work is part of OpenLDAP Software <http://www.openldap.org/>. 6 * 7 * Copyright 2000-2017 The OpenLDAP Foundation. 8 * Portions Copyright 2000-2003 Kurt D. Zeilenga. 9 * All rights reserved. 10 * 11 * Redistribution and use in source and binary forms, with or without 12 * modification, are permitted only as authorized by the OpenLDAP 13 * Public License. 14 * 15 * A copy of this license is available in the file LICENSE in the 16 * top-level directory of the distribution or, alternatively, at 17 * <http://www.OpenLDAP.org/license.html>. 18 */ 19/* ACKNOWLEDGEMENTS: 20 * This work was originally developed by Kurt D. Zeilenga for inclusion 21 * in OpenLDAP Software. 22 */ 23 24 25#include <sys/cdefs.h> 26__RCSID("$NetBSD: bind.c,v 1.1.1.6 2018/02/06 01:53:18 christos Exp $"); 27 28#include "portable.h" 29 30#include <stdio.h> 31 32#include <ac/socket.h> 33#include <ac/string.h> 34 35#include "slap.h" 36#include "proto-dnssrv.h" 37 38int 39dnssrv_back_bind( 40 Operation *op, 41 SlapReply *rs ) 42{ 43 Debug( LDAP_DEBUG_TRACE, "DNSSRV: bind dn=\"%s\" (%d)\n", 44 BER_BVISNULL( &op->o_req_dn ) ? "" : op->o_req_dn.bv_val, 45 op->orb_method, 0 ); 46 47 /* allow rootdn as a means to auth without the need to actually 48 * contact the proxied DSA */ 49 switch ( be_rootdn_bind( op, NULL ) ) { 50 case LDAP_SUCCESS: 51 /* frontend will send result */ 52 return rs->sr_err; 53 54 default: 55 /* treat failure and like any other bind, otherwise 56 * it could reveal the DN of the rootdn */ 57 break; 58 } 59 60 if ( !BER_BVISNULL( &op->orb_cred ) && 61 !BER_BVISEMPTY( &op->orb_cred ) ) 62 { 63 /* simple bind */ 64 Statslog( LDAP_DEBUG_STATS, 65 "%s DNSSRV BIND dn=\"%s\" provided cleartext passwd\n", 66 op->o_log_prefix, 67 BER_BVISNULL( &op->o_req_dn ) ? "" : op->o_req_dn.bv_val , 0, 0, 0 ); 68 69 send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM, 70 "you shouldn't send strangers your password" ); 71 72 } else { 73 /* unauthenticated bind */ 74 /* NOTE: we're not going to get here anyway: 75 * unauthenticated bind is dealt with by the frontend */ 76 Debug( LDAP_DEBUG_TRACE, "DNSSRV: BIND dn=\"%s\"\n", 77 BER_BVISNULL( &op->o_req_dn ) ? "" : op->o_req_dn.bv_val, 0, 0 ); 78 79 send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM, 80 "anonymous bind expected" ); 81 } 82 83 return 1; 84} 85