2003-11-26 15:16:36 +08:00
|
|
|
/* bind.c */
|
1999-09-09 03:06:24 +08:00
|
|
|
/* $OpenLDAP$ */
|
2003-11-26 15:16:36 +08:00
|
|
|
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
|
|
|
|
*
|
2005-01-02 04:49:32 +08:00
|
|
|
* Copyright 1998-2005 The OpenLDAP Foundation.
|
2003-11-26 15:16:36 +08:00
|
|
|
* All rights reserved.
|
1998-08-09 08:43:13 +08:00
|
|
|
*
|
2003-11-26 15:16:36 +08:00
|
|
|
* Redistribution and use in source and binary forms, with or without
|
|
|
|
* modification, are permitted only as authorized by the OpenLDAP
|
|
|
|
* Public License.
|
|
|
|
*
|
|
|
|
* A copy of this license is available in the file LICENSE in the
|
|
|
|
* top-level directory of the distribution or, alternatively, at
|
|
|
|
* <http://www.OpenLDAP.org/license.html>.
|
1998-08-09 08:43:13 +08:00
|
|
|
*/
|
2003-11-26 15:16:36 +08:00
|
|
|
/* Portions Copyright (c) 1990 Regents of the University of Michigan.
|
|
|
|
* All rights reserved.
|
|
|
|
*/
|
|
|
|
/* Portions Copyright (C) The Internet Society (1997)
|
2003-07-07 13:14:03 +08:00
|
|
|
* ASN.1 fragments are from RFC 2251; see RFC for full legal notices.
|
|
|
|
*/
|
1998-08-09 08:43:13 +08:00
|
|
|
|
1999-06-04 03:22:33 +08:00
|
|
|
/*
|
|
|
|
* BindRequest ::= SEQUENCE {
|
|
|
|
* version INTEGER,
|
|
|
|
* name DistinguishedName, -- who
|
|
|
|
* authentication CHOICE {
|
|
|
|
* simple [0] OCTET STRING -- passwd
|
2000-01-09 02:42:11 +08:00
|
|
|
#ifdef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND
|
1999-06-04 03:22:33 +08:00
|
|
|
* krbv42ldap [1] OCTET STRING
|
|
|
|
* krbv42dsa [2] OCTET STRING
|
|
|
|
#endif
|
|
|
|
* sasl [3] SaslCredentials -- LDAPv3
|
|
|
|
* }
|
|
|
|
* }
|
|
|
|
*
|
|
|
|
* BindResponse ::= SEQUENCE {
|
|
|
|
* COMPONENTS OF LDAPResult,
|
|
|
|
* serverSaslCreds OCTET STRING OPTIONAL -- LDAPv3
|
|
|
|
* }
|
|
|
|
*
|
|
|
|
*/
|
|
|
|
|
1998-10-25 09:41:42 +08:00
|
|
|
#include "portable.h"
|
|
|
|
|
1998-08-09 08:43:13 +08:00
|
|
|
#include <stdio.h>
|
1999-06-03 08:37:44 +08:00
|
|
|
|
|
|
|
#include <ac/stdlib.h>
|
1998-10-25 09:41:42 +08:00
|
|
|
|
|
|
|
#include <ac/socket.h>
|
|
|
|
#include <ac/string.h>
|
|
|
|
#include <ac/time.h>
|
1998-08-09 08:43:13 +08:00
|
|
|
|
1998-10-26 09:18:41 +08:00
|
|
|
#include "ldap-int.h"
|
2002-07-12 04:33:24 +08:00
|
|
|
#include "ldap_log.h"
|
1998-08-09 08:43:13 +08:00
|
|
|
|
|
|
|
/*
|
|
|
|
* ldap_bind - bind to the ldap server (and X.500). The dn and password
|
|
|
|
* of the entry to which to bind are supplied, along with the authentication
|
|
|
|
* method to use. The msgid of the bind request is returned on success,
|
|
|
|
* -1 if there's trouble. Note, the kerberos support assumes the user already
|
|
|
|
* has a valid tgt for now. ldap_result() should be called to find out the
|
|
|
|
* outcome of the bind request.
|
|
|
|
*
|
|
|
|
* Example:
|
|
|
|
* ldap_bind( ld, "cn=manager, o=university of michigan, c=us", "secret",
|
|
|
|
* LDAP_AUTH_SIMPLE )
|
|
|
|
*/
|
|
|
|
|
|
|
|
int
|
1999-05-19 09:12:33 +08:00
|
|
|
ldap_bind( LDAP *ld, LDAP_CONST char *dn, LDAP_CONST char *passwd, int authmethod )
|
1998-08-09 08:43:13 +08:00
|
|
|
{
|
|
|
|
Debug( LDAP_DEBUG_TRACE, "ldap_bind\n", 0, 0, 0 );
|
|
|
|
|
|
|
|
switch ( authmethod ) {
|
|
|
|
case LDAP_AUTH_SIMPLE:
|
|
|
|
return( ldap_simple_bind( ld, dn, passwd ) );
|
|
|
|
|
2000-01-09 02:42:11 +08:00
|
|
|
#ifdef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND
|
1998-08-09 08:43:13 +08:00
|
|
|
case LDAP_AUTH_KRBV41:
|
|
|
|
return( ldap_kerberos_bind1( ld, dn ) );
|
|
|
|
|
|
|
|
case LDAP_AUTH_KRBV42:
|
|
|
|
return( ldap_kerberos_bind2( ld, dn ) );
|
|
|
|
#endif
|
|
|
|
|
1999-06-04 03:22:33 +08:00
|
|
|
case LDAP_AUTH_SASL:
|
|
|
|
/* user must use ldap_sasl_bind */
|
|
|
|
/* FALL-THRU */
|
|
|
|
|
1998-08-09 08:43:13 +08:00
|
|
|
default:
|
|
|
|
ld->ld_errno = LDAP_AUTH_UNKNOWN;
|
|
|
|
return( -1 );
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* ldap_bind_s - bind to the ldap server (and X.500). The dn and password
|
|
|
|
* of the entry to which to bind are supplied, along with the authentication
|
|
|
|
* method to use. This routine just calls whichever bind routine is
|
|
|
|
* appropriate and returns the result of the bind (e.g. LDAP_SUCCESS or
|
|
|
|
* some other error indication). Note, the kerberos support assumes the
|
|
|
|
* user already has a valid tgt for now.
|
|
|
|
*
|
|
|
|
* Examples:
|
|
|
|
* ldap_bind_s( ld, "cn=manager, o=university of michigan, c=us",
|
|
|
|
* "secret", LDAP_AUTH_SIMPLE )
|
|
|
|
* ldap_bind_s( ld, "cn=manager, o=university of michigan, c=us",
|
|
|
|
* NULL, LDAP_AUTH_KRBV4 )
|
|
|
|
*/
|
|
|
|
int
|
1999-05-19 09:12:33 +08:00
|
|
|
ldap_bind_s(
|
|
|
|
LDAP *ld,
|
|
|
|
LDAP_CONST char *dn,
|
|
|
|
LDAP_CONST char *passwd,
|
|
|
|
int authmethod )
|
1998-08-09 08:43:13 +08:00
|
|
|
{
|
|
|
|
Debug( LDAP_DEBUG_TRACE, "ldap_bind_s\n", 0, 0, 0 );
|
|
|
|
|
|
|
|
switch ( authmethod ) {
|
|
|
|
case LDAP_AUTH_SIMPLE:
|
|
|
|
return( ldap_simple_bind_s( ld, dn, passwd ) );
|
|
|
|
|
2000-01-09 02:42:11 +08:00
|
|
|
#ifdef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND
|
1998-08-09 08:43:13 +08:00
|
|
|
case LDAP_AUTH_KRBV4:
|
|
|
|
return( ldap_kerberos_bind_s( ld, dn ) );
|
|
|
|
|
|
|
|
case LDAP_AUTH_KRBV41:
|
|
|
|
return( ldap_kerberos_bind1_s( ld, dn ) );
|
|
|
|
|
|
|
|
case LDAP_AUTH_KRBV42:
|
|
|
|
return( ldap_kerberos_bind2_s( ld, dn ) );
|
|
|
|
#endif
|
|
|
|
|
1999-06-04 03:22:33 +08:00
|
|
|
case LDAP_AUTH_SASL:
|
|
|
|
/* user must use ldap_sasl_bind */
|
|
|
|
/* FALL-THRU */
|
|
|
|
|
1998-08-09 08:43:13 +08:00
|
|
|
default:
|
|
|
|
return( ld->ld_errno = LDAP_AUTH_UNKNOWN );
|
|
|
|
}
|
|
|
|
}
|