~ttx/openldap/lucid-gssapi-495418

« back to all changes in this revision

Viewing changes to servers/slapd/back-dnssrv/bind.c

• browse files at revision 1
• compare with another revision
• compare with revision 19
• download diff
• download tarball
• view history from revision 1

Show diffs side-by-side

added

removed

servers/slapd/back-dnssrv/bind.c

 

1

/* bind.c - DNS SRV backend bind function */

 

2

/* $OpenLDAP: pkg/ldap/servers/slapd/back-dnssrv/bind.c,v 1.22.2.3 2008/02/11 23:26:46 kurt Exp $ */

 

3

/* This work is part of OpenLDAP Software <http://www.openldap.org/>.

 

4

 *

 

5

 * Copyright 2000-2008 The OpenLDAP Foundation.

 

6

 * Portions Copyright 2000-2003 Kurt D. Zeilenga.

 

7

 * All rights reserved.

 

8

 *

 

9

 * Redistribution and use in source and binary forms, with or without

 

10

 * modification, are permitted only as authorized by the OpenLDAP

 

11

 * Public License.

 

12

 *

 

13

 * A copy of this license is available in the file LICENSE in the

 

14

 * top-level directory of the distribution or, alternatively, at

 

15

 * <http://www.OpenLDAP.org/license.html>.

 

16

 */

 

17

/* ACKNOWLEDGEMENTS:

 

18

 * This work was originally developed by Kurt D. Zeilenga for inclusion

 

19

 * in OpenLDAP Software.

 

20

 */

 

21

 

 

22

 

 

23

#include "portable.h"

 

24

 

 

25

#include <stdio.h>

 

26

 

 

27

#include <ac/socket.h>

 

28

#include <ac/string.h>

 

29

 

 

30

#include "slap.h"

 

31

#include "proto-dnssrv.h"

 

32

 

 

33

int

 

34

dnssrv_back_bind(

 

35

        Operation       *op,

 

36

        SlapReply       *rs )

 

37

{

 

38

        Debug( LDAP_DEBUG_TRACE, "DNSSRV: bind dn=\"%s\" (%d)\n",

 

39

                BER_BVISNULL( &op->o_req_dn ) ? "" : op->o_req_dn.bv_val, 

 

40

                op->orb_method, 0 );

 

41

 

 

42

        /* allow rootdn as a means to auth without the need to actually

 

43

         * contact the proxied DSA */

 

44

        switch ( be_rootdn_bind( op, NULL ) ) {

 

45

        case LDAP_SUCCESS:

 

46

                /* frontend will send result */

 

47

                return rs->sr_err;

 

48

 

 

49

        default:

 

50

                /* treat failure and like any other bind, otherwise

 

51

                 * it could reveal the DN of the rootdn */

 

52

                break;

 

53

        }

 

54

 

 

55

        if ( !BER_BVISNULL( &op->orb_cred ) &&

 

56

                !BER_BVISEMPTY( &op->orb_cred ) )

 

57

        {

 

58

                /* simple bind */

 

59

                Statslog( LDAP_DEBUG_STATS,

 

60

                        "%s DNSSRV BIND dn=\"%s\" provided cleartext passwd\n",

 

61

                        op->o_log_prefix,

 

62

                        BER_BVISNULL( &op->o_req_dn ) ? "" : op->o_req_dn.bv_val , 0, 0, 0 );

 

63

 

 

64

                send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM,

 

65

                        "you shouldn't send strangers your password" );

 

66

 

 

67

        } else {

 

68

                /* unauthenticated bind */

 

69

                /* NOTE: we're not going to get here anyway:

 

70

                 * unauthenticated bind is dealt with by the frontend */

 

71

                Debug( LDAP_DEBUG_TRACE, "DNSSRV: BIND dn=\"%s\"\n",

 

72

                        BER_BVISNULL( &op->o_req_dn ) ? "" : op->o_req_dn.bv_val, 0, 0 );

 

73

 

 

74

                send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM,

 

75

                        "anonymous bind expected" );

 

76

        }

 

77

 

 

78

        return 1;

 

79

}

• Older »

Loggerhead is a web-based interface for Breezy
Version: 2.0.1