bind.c revision 1.2 
1/*	$NetBSD: bind.c,v 1.2 2020/08/11 13:15:40 christos Exp $	*/
2
3/* bind.c - DNS SRV backend bind function */
4/* $OpenLDAP$ */
5/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
6 *
7 * Copyright 2000-2020 The OpenLDAP Foundation.
8 * Portions Copyright 2000-2003 Kurt D. Zeilenga.
9 * All rights reserved.
10 *
11 * Redistribution and use in source and binary forms, with or without
12 * modification, are permitted only as authorized by the OpenLDAP
13 * Public License.
14 *
15 * A copy of this license is available in the file LICENSE in the
16 * top-level directory of the distribution or, alternatively, at
17 * <http://www.OpenLDAP.org/license.html>.
18 */
19/* ACKNOWLEDGEMENTS:
20 * This work was originally developed by Kurt D. Zeilenga for inclusion
21 * in OpenLDAP Software.
22 */
23
24
25#include <sys/cdefs.h>
26__RCSID("$NetBSD: bind.c,v 1.2 2020/08/11 13:15:40 christos Exp $");
27
28#include "portable.h"
29
30#include <stdio.h>
31
32#include <ac/socket.h>
33#include <ac/string.h>
34
35#include "slap.h"
36#include "proto-dnssrv.h"
37
38int
39dnssrv_back_bind(
40	Operation	*op,
41	SlapReply	*rs )
42{
43	Debug( LDAP_DEBUG_TRACE, "DNSSRV: bind dn=\"%s\" (%d)\n",
44		BER_BVISNULL( &op->o_req_dn ) ? "" : op->o_req_dn.bv_val,
45		op->orb_method, 0 );
46
47	/* allow rootdn as a means to auth without the need to actually
48 	 * contact the proxied DSA */
49	switch ( be_rootdn_bind( op, NULL ) ) {
50	case LDAP_SUCCESS:
51		/* frontend will send result */
52		return rs->sr_err;
53
54	default:
55		/* treat failure and like any other bind, otherwise
56		 * it could reveal the DN of the rootdn */
57		break;
58	}
59
60	if ( !BER_BVISNULL( &op->orb_cred ) &&
61		!BER_BVISEMPTY( &op->orb_cred ) )
62	{
63		/* simple bind */
64		Statslog( LDAP_DEBUG_STATS,
65		   	"%s DNSSRV BIND dn=\"%s\" provided cleartext passwd\n",
66	   		op->o_log_prefix,
67			BER_BVISNULL( &op->o_req_dn ) ? "" : op->o_req_dn.bv_val , 0, 0, 0 );
68
69		send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM,
70			"you shouldn't send strangers your password" );
71
72	} else {
73		/* unauthenticated bind */
74		/* NOTE: we're not going to get here anyway:
75		 * unauthenticated bind is dealt with by the frontend */
76		Debug( LDAP_DEBUG_TRACE, "DNSSRV: BIND dn=\"%s\"\n",
77			BER_BVISNULL( &op->o_req_dn ) ? "" : op->o_req_dn.bv_val, 0, 0 );
78
79		send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM,
80			"anonymous bind expected" );
81	}
82
83	return 1;
84}
85