Back to index

lightning-sunbird  0.9+nobinonly
sbind.c
Go to the documentation of this file.
00001 /* ***** BEGIN LICENSE BLOCK *****
00002  * Version: MPL 1.1/GPL 2.0/LGPL 2.1
00003  *
00004  * The contents of this file are subject to the Mozilla Public License Version
00005  * 1.1 (the "License"); you may not use this file except in compliance with
00006  * the License. You may obtain a copy of the License at
00007  * http://www.mozilla.org/MPL/
00008  *
00009  * Software distributed under the License is distributed on an "AS IS" basis,
00010  * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
00011  * for the specific language governing rights and limitations under the
00012  * License.
00013  *
00014  * The Original Code is Mozilla Communicator client code, released
00015  * March 31, 1998.
00016  *
00017  * The Initial Developer of the Original Code is
00018  * Netscape Communications Corporation.
00019  * Portions created by the Initial Developer are Copyright (C) 1998-1999
00020  * the Initial Developer. All Rights Reserved.
00021  *
00022  * Contributor(s):
00023  *
00024  * Alternatively, the contents of this file may be used under the terms of
00025  * either the GNU General Public License Version 2 or later (the "GPL"), or
00026  * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
00027  * in which case the provisions of the GPL or the LGPL are applicable instead
00028  * of those above. If you wish to allow use of your version of this file only
00029  * under the terms of either the GPL or the LGPL, and not to allow others to
00030  * use your version of this file under the terms of the MPL, indicate your
00031  * decision by deleting the provisions above and replace them with the notice
00032  * and other provisions required by the GPL or the LGPL. If you do not delete
00033  * the provisions above, a recipient may use your version of this file under
00034  * the terms of any one of the MPL, the GPL or the LGPL.
00035  *
00036  * ***** END LICENSE BLOCK ***** */
00037 /*
00038  *  Copyright (c) 1993 Regents of the University of Michigan.
00039  *  All rights reserved.
00040  */
00041 /*
00042  *  sbind.c
00043  */
00044 
00045 #if 0
00046 #ifndef lint 
00047 static char copyright[] = "@(#) Copyright (c) 1993 Regents of the University of Michigan.\nAll rights reserved.\n";
00048 #endif
00049 #endif
00050 
00051 #include "ldap-int.h"
00052 
00053 static int simple_bind_nolock( LDAP *ld, const char *dn, const char *passwd,
00054        int unlock_permitted );
00055 static int simple_bindifnot_s( LDAP *ld, const char *dn, const char *passwd );
00056 
00057 /*
00058  * ldap_simple_bind - bind to the ldap server.  The dn and
00059  * password of the entry to which to bind are supplied.  The message id
00060  * of the request initiated is returned.
00061  *
00062  * Example:
00063  *     ldap_simple_bind( ld, "cn=manager, o=university of michigan, c=us",
00064  *         "secret" )
00065  */
00066 
00067 int
00068 LDAP_CALL
00069 ldap_simple_bind( LDAP *ld, const char *dn, const char *passwd )
00070 {
00071        int    rc;
00072 
00073        LDAPDebug( LDAP_DEBUG_TRACE, "ldap_simple_bind\n", 0, 0, 0 );
00074 
00075        if ( !NSLDAPI_VALID_LDAP_POINTER( ld )) {
00076               return( -1 );
00077        }
00078 
00079        rc = simple_bind_nolock( ld, dn, passwd, 1 );
00080 
00081        return( rc );
00082 }
00083 
00084 
00085 static int
00086 simple_bind_nolock( LDAP *ld, const char *dn, const char *passwd,
00087     int unlock_permitted )
00088 {
00089        BerElement    *ber;
00090        int           rc, msgid;
00091 
00092        /*
00093         * The bind request looks like this:
00094         *     BindRequest ::= SEQUENCE {
00095         *            version              INTEGER,
00096         *            name          DistinguishedName,    -- who
00097         *            authentication       CHOICE {
00098         *                   simple        [0] OCTET STRING -- passwd
00099         *            }
00100         *     }
00101         * all wrapped up in an LDAPMessage sequence.
00102         */
00103 
00104        LDAP_MUTEX_LOCK( ld, LDAP_MSGID_LOCK );
00105        msgid = ++ld->ld_msgid;
00106        LDAP_MUTEX_UNLOCK( ld, LDAP_MSGID_LOCK );
00107 
00108        if ( dn == NULL )
00109               dn = "";
00110        if ( passwd == NULL )
00111               passwd = "";
00112 
00113        if ( ld->ld_cache_on && ld->ld_cache_bind != NULL ) {
00114               struct berval bv;
00115 
00116               bv.bv_val = (char *)passwd;
00117               bv.bv_len = strlen( passwd );
00118               /* if ( unlock_permitted ) LDAP_MUTEX_UNLOCK( ld ); */
00119               LDAP_MUTEX_LOCK( ld, LDAP_CACHE_LOCK );
00120               rc = (ld->ld_cache_bind)( ld, msgid, LDAP_REQ_BIND, dn, &bv,
00121                   LDAP_AUTH_SIMPLE );
00122               LDAP_MUTEX_UNLOCK( ld, LDAP_CACHE_LOCK );
00123               /* if ( unlock_permitted ) LDAP_MUTEX_LOCK( ld ); */
00124               if ( rc != 0 ) {
00125                      return( rc );
00126               }
00127        }
00128 
00129        /* create a message to send */
00130        if (( rc = nsldapi_alloc_ber_with_options( ld, &ber ))
00131            != LDAP_SUCCESS ) {
00132               return( -1 );
00133        }
00134 
00135        /* fill it in */
00136        if ( ber_printf( ber, "{it{ists}", msgid, LDAP_REQ_BIND,
00137            NSLDAPI_LDAP_VERSION( ld ), dn, LDAP_AUTH_SIMPLE, passwd ) == -1 ) {
00138               LDAP_SET_LDERRNO( ld, LDAP_ENCODING_ERROR, NULL, NULL );
00139               ber_free( ber, 1 );
00140               return( -1 );
00141        }
00142 
00143        if ( nsldapi_put_controls( ld, NULL, 1, ber ) != LDAP_SUCCESS ) {
00144               ber_free( ber, 1 );
00145               return( -1 );
00146        }
00147 
00148        /* send the message */
00149        return( nsldapi_send_initial_request( ld, msgid, LDAP_REQ_BIND,
00150               (char *)dn, ber ));
00151 }
00152 
00153 
00154 /*
00155  * ldap_simple_bind - bind to the ldap server using simple
00156  * authentication.  The dn and password of the entry to which to bind are
00157  * supplied.  LDAP_SUCCESS is returned upon success, the ldap error code
00158  * otherwise.
00159  *
00160  * Example:
00161  *     ldap_simple_bind_s( ld, "cn=manager, o=university of michigan, c=us",
00162  *         "secret" )
00163  */
00164 int
00165 LDAP_CALL
00166 ldap_simple_bind_s( LDAP *ld, const char *dn, const char *passwd )
00167 {
00168        int           msgid;
00169        LDAPMessage   *result;
00170 
00171        LDAPDebug( LDAP_DEBUG_TRACE, "ldap_simple_bind_s\n", 0, 0, 0 );
00172 
00173        if ( NSLDAPI_VALID_LDAP_POINTER( ld ) &&
00174            ( ld->ld_options & LDAP_BITOPT_RECONNECT ) != 0 ) {
00175               return( simple_bindifnot_s( ld, dn, passwd ));
00176        }
00177 
00178        if ( (msgid = ldap_simple_bind( ld, dn, passwd )) == -1 )
00179               return( LDAP_GET_LDERRNO( ld, NULL, NULL ) );
00180 
00181        if ( ldap_result( ld, msgid, 1, (struct timeval *) 0, &result ) == -1 )
00182               return( LDAP_GET_LDERRNO( ld, NULL, NULL ) );
00183 
00184        return( ldap_result2error( ld, result, 1 ) );
00185 }
00186 
00187 
00188 /*
00189  * simple_bindifnot_s() is like ldap_simple_bind_s() except that it only does
00190  * a bind if the default connection is not currently bound.
00191  * If a successful bind using the same DN has already taken place we just
00192  * return LDAP_SUCCESS without conversing with the server at all.
00193  */
00194 static int
00195 simple_bindifnot_s( LDAP *ld, const char *dn, const char *passwd )
00196 {
00197        int           msgid, rc;
00198        LDAPMessage   *result;
00199        char          *binddn;
00200 
00201        LDAPDebug( LDAP_DEBUG_TRACE, "simple_bindifnot_s\n", 0, 0, 0 );
00202 
00203        if ( !NSLDAPI_VALID_LDAP_POINTER( ld )) {
00204               return( LDAP_PARAM_ERROR );
00205        }
00206 
00207        if ( dn == NULL ) {
00208               dn = "";      /* to make comparisons simpler */
00209        }
00210 
00211        /*
00212         * if we are already bound using the same DN, just return LDAP_SUCCESS.
00213         */
00214        if ( NULL != ( binddn = nsldapi_get_binddn( ld ))
00215            && 0 == strcmp( dn, binddn )) {
00216               rc = LDAP_SUCCESS;
00217               LDAP_SET_LDERRNO( ld, rc, NULL, NULL );
00218               return rc;
00219        }
00220 
00221        /*
00222         * if the default connection has been lost and is now marked dead,
00223         * dispose of the default connection so it will get re-established.
00224         *
00225         * if not, clear the bind DN and status to ensure that we don't
00226         * report the wrong bind DN to a different thread while waiting
00227         * for our bind result to return from the server.
00228         */
00229        LDAP_MUTEX_LOCK( ld, LDAP_CONN_LOCK );
00230        if ( NULL != ld->ld_defconn ) {
00231            if ( LDAP_CONNST_DEAD == ld->ld_defconn->lconn_status ) {
00232               nsldapi_free_connection( ld, ld->ld_defconn, NULL, NULL, 1, 0 );
00233               ld->ld_defconn = NULL;
00234            } else if ( ld->ld_defconn->lconn_binddn != NULL ) {
00235               NSLDAPI_FREE( ld->ld_defconn->lconn_binddn );
00236               ld->ld_defconn->lconn_binddn = NULL;
00237               ld->ld_defconn->lconn_bound = 0;
00238            }
00239        }
00240        LDAP_MUTEX_UNLOCK( ld, LDAP_CONN_LOCK );
00241 
00242        /*
00243         * finally, bind (this will open a new connection if necessary)
00244         *
00245         * do everything under the protection of the result lock to
00246         * ensure that only one thread will be in this code at a time.
00247         * XXXmcs: we should use a condition variable instead?
00248         */
00249        LDAP_MUTEX_LOCK( ld, LDAP_RESULT_LOCK );
00250        if ( (msgid = simple_bind_nolock( ld, dn, passwd, 0 )) == -1 ) {
00251               rc = LDAP_GET_LDERRNO( ld, NULL, NULL );
00252               goto unlock_and_return;
00253        }
00254 
00255        /*
00256         * Note that at this point the bind request is on its way to the
00257         * server and at any time now we will either be bound as the new
00258         * DN (if the bind succeeded) or we will be bound as anonymous (if
00259         * the bind failed).
00260         */
00261 
00262        /*
00263         * Wait for the bind result.  Code inside result.c:read1msg()
00264         * takes care of setting the connection's bind DN and status.
00265         */
00266        if ( nsldapi_result_nolock( ld, msgid, 1, 0, (struct timeval *) 0,
00267            &result ) == -1 ) {
00268               rc = LDAP_GET_LDERRNO( ld, NULL, NULL );
00269               goto unlock_and_return;
00270        }
00271 
00272        rc = ldap_result2error( ld, result, 1 );
00273 
00274 unlock_and_return:
00275        LDAP_MUTEX_UNLOCK( ld, LDAP_RESULT_LOCK );
00276        return( rc );
00277 }