Back to index

openldap  2.4.31
bind.c
Go to the documentation of this file.
00001 /* bind.c - shell backend bind function */
00002 /* $OpenLDAP$ */
00003 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
00004  *
00005  * Copyright 1998-2012 The OpenLDAP Foundation.
00006  * All rights reserved.
00007  *
00008  * Redistribution and use in source and binary forms, with or without
00009  * modification, are permitted only as authorized by the OpenLDAP
00010  * Public License.
00011  *
00012  * A copy of this license is available in the file LICENSE in the
00013  * top-level directory of the distribution or, alternatively, at
00014  * <http://www.OpenLDAP.org/license.html>.
00015  */
00016 /* Portions Copyright (c) 1995 Regents of the University of Michigan.
00017  * All rights reserved.
00018  *
00019  * Redistribution and use in source and binary forms are permitted
00020  * provided that this notice is preserved and that due credit is given
00021  * to the University of Michigan at Ann Arbor. The name of the University
00022  * may not be used to endorse or promote products derived from this
00023  * software without specific prior written permission. This software
00024  * is provided ``as is'' without express or implied warranty.
00025  */
00026 /* ACKNOWLEDGEMENTS:
00027  * This work was originally developed by the University of Michigan
00028  * (as part of U-MICH LDAP).
00029  */
00030 
00031 #include "portable.h"
00032 
00033 #include <stdio.h>
00034 
00035 #include <ac/socket.h>
00036 #include <ac/string.h>
00037 
00038 #include "slap.h"
00039 #include "shell.h"
00040 
00041 int
00042 shell_back_bind(
00043     Operation        *op,
00044     SlapReply        *rs )
00045 {
00046        struct shellinfo     *si = (struct shellinfo *) op->o_bd->be_private;
00047        AttributeDescription *entry = slap_schema.si_ad_entry;
00048        Entry e;
00049        FILE                 *rfp, *wfp;
00050        int                  rc;
00051 
00052        /* allow rootdn as a means to auth without the need to actually
00053         * contact the proxied DSA */
00054        switch ( be_rootdn_bind( op, rs ) ) {
00055        case SLAP_CB_CONTINUE:
00056               break;
00057 
00058        default:
00059               return rs->sr_err;
00060        }
00061 
00062        if ( si->si_bind == NULL ) {
00063               send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM,
00064                   "bind not implemented" );
00065               return( -1 );
00066        }
00067 
00068        e.e_id = NOID;
00069        e.e_name = op->o_req_dn;
00070        e.e_nname = op->o_req_ndn;
00071        e.e_attrs = NULL;
00072        e.e_ocflags = 0;
00073        e.e_bv.bv_len = 0;
00074        e.e_bv.bv_val = NULL;
00075        e.e_private = NULL;
00076 
00077        if ( ! access_allowed( op, &e,
00078               entry, NULL, ACL_AUTH, NULL ) )
00079        {
00080               send_ldap_error( op, rs, LDAP_INSUFFICIENT_ACCESS, NULL );
00081               return -1;
00082        }
00083 
00084        if ( forkandexec( si->si_bind, &rfp, &wfp ) == (pid_t)-1 ) {
00085               send_ldap_error( op, rs, LDAP_OTHER,
00086                   "could not fork/exec" );
00087               return( -1 );
00088        }
00089 
00090        /* write out the request to the bind process */
00091        fprintf( wfp, "BIND\n" );
00092        fprintf( wfp, "msgid: %ld\n", (long) op->o_msgid );
00093        print_suffixes( wfp, op->o_bd );
00094        fprintf( wfp, "dn: %s\n", op->o_req_dn.bv_val );
00095        fprintf( wfp, "method: %d\n", op->oq_bind.rb_method );
00096        fprintf( wfp, "credlen: %lu\n", op->oq_bind.rb_cred.bv_len );
00097        fprintf( wfp, "cred: %s\n", op->oq_bind.rb_cred.bv_val ); /* XXX */
00098        fclose( wfp );
00099 
00100        /* read in the results and send them along */
00101        rc = read_and_send_results( op, rs, rfp );
00102        fclose( rfp );
00103 
00104        return( rc );
00105 }