Back to index

openldap  2.4.31
bind.c
Go to the documentation of this file.
00001 /* bind.c - DNS SRV backend bind function */
00002 /* $OpenLDAP$ */
00003 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
00004  *
00005  * Copyright 2000-2012 The OpenLDAP Foundation.
00006  * Portions Copyright 2000-2003 Kurt D. Zeilenga.
00007  * All rights reserved.
00008  *
00009  * Redistribution and use in source and binary forms, with or without
00010  * modification, are permitted only as authorized by the OpenLDAP
00011  * Public License.
00012  *
00013  * A copy of this license is available in the file LICENSE in the
00014  * top-level directory of the distribution or, alternatively, at
00015  * <http://www.OpenLDAP.org/license.html>.
00016  */
00017 /* ACKNOWLEDGEMENTS:
00018  * This work was originally developed by Kurt D. Zeilenga for inclusion
00019  * in OpenLDAP Software.
00020  */
00021 
00022 
00023 #include "portable.h"
00024 
00025 #include <stdio.h>
00026 
00027 #include <ac/socket.h>
00028 #include <ac/string.h>
00029 
00030 #include "slap.h"
00031 #include "proto-dnssrv.h"
00032 
00033 int
00034 dnssrv_back_bind(
00035        Operation     *op,
00036        SlapReply     *rs )
00037 {
00038        Debug( LDAP_DEBUG_TRACE, "DNSSRV: bind dn=\"%s\" (%d)\n",
00039               BER_BVISNULL( &op->o_req_dn ) ? "" : op->o_req_dn.bv_val, 
00040               op->orb_method, 0 );
00041 
00042        /* allow rootdn as a means to auth without the need to actually
00043         * contact the proxied DSA */
00044        switch ( be_rootdn_bind( op, NULL ) ) {
00045        case LDAP_SUCCESS:
00046               /* frontend will send result */
00047               return rs->sr_err;
00048 
00049        default:
00050               /* treat failure and like any other bind, otherwise
00051                * it could reveal the DN of the rootdn */
00052               break;
00053        }
00054 
00055        if ( !BER_BVISNULL( &op->orb_cred ) &&
00056               !BER_BVISEMPTY( &op->orb_cred ) )
00057        {
00058               /* simple bind */
00059               Statslog( LDAP_DEBUG_STATS,
00060                      "%s DNSSRV BIND dn=\"%s\" provided cleartext passwd\n",
00061                      op->o_log_prefix,
00062                      BER_BVISNULL( &op->o_req_dn ) ? "" : op->o_req_dn.bv_val , 0, 0, 0 );
00063 
00064               send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM,
00065                      "you shouldn't send strangers your password" );
00066 
00067        } else {
00068               /* unauthenticated bind */
00069               /* NOTE: we're not going to get here anyway:
00070                * unauthenticated bind is dealt with by the frontend */
00071               Debug( LDAP_DEBUG_TRACE, "DNSSRV: BIND dn=\"%s\"\n",
00072                      BER_BVISNULL( &op->o_req_dn ) ? "" : op->o_req_dn.bv_val, 0, 0 );
00073 
00074               send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM,
00075                      "anonymous bind expected" );
00076        }
00077 
00078        return 1;
00079 }