1
/* bind.c - DNS SRV backend bind function */
2
/* $OpenLDAP: pkg/ldap/servers/slapd/back-dnssrv/bind.c,v 1.22.2.3 2008/02/11 23:26:46 kurt Exp $ */
3
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
5
* Copyright 2000-2008 The OpenLDAP Foundation.
6
* Portions Copyright 2000-2003 Kurt D. Zeilenga.
9
* Redistribution and use in source and binary forms, with or without
10
* modification, are permitted only as authorized by the OpenLDAP
13
* A copy of this license is available in the file LICENSE in the
14
* top-level directory of the distribution or, alternatively, at
15
* <http://www.OpenLDAP.org/license.html>.
18
* This work was originally developed by Kurt D. Zeilenga for inclusion
19
* in OpenLDAP Software.
27
#include <ac/socket.h>
28
#include <ac/string.h>
31
#include "proto-dnssrv.h"
38
Debug( LDAP_DEBUG_TRACE, "DNSSRV: bind dn=\"%s\" (%d)\n",
39
BER_BVISNULL( &op->o_req_dn ) ? "" : op->o_req_dn.bv_val,
42
/* allow rootdn as a means to auth without the need to actually
43
* contact the proxied DSA */
44
switch ( be_rootdn_bind( op, NULL ) ) {
46
/* frontend will send result */
50
/* treat failure and like any other bind, otherwise
51
* it could reveal the DN of the rootdn */
55
if ( !BER_BVISNULL( &op->orb_cred ) &&
56
!BER_BVISEMPTY( &op->orb_cred ) )
59
Statslog( LDAP_DEBUG_STATS,
60
"%s DNSSRV BIND dn=\"%s\" provided cleartext passwd\n",
62
BER_BVISNULL( &op->o_req_dn ) ? "" : op->o_req_dn.bv_val , 0, 0, 0 );
64
send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM,
65
"you shouldn't send strangers your password" );
68
/* unauthenticated bind */
69
/* NOTE: we're not going to get here anyway:
70
* unauthenticated bind is dealt with by the frontend */
71
Debug( LDAP_DEBUG_TRACE, "DNSSRV: BIND dn=\"%s\"\n",
72
BER_BVISNULL( &op->o_req_dn ) ? "" : op->o_req_dn.bv_val, 0, 0 );
74
send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM,
75
"anonymous bind expected" );