mirror/openldap
2
0
Fork 0
mirror of https://git.openldap.org/openldap/openldap.git synced 2024-12-15 03:01:09 +08:00
Code Issues Packages Projects Releases Wiki Activity
f991ef04e6
openldap/servers/slapd/bind.c

337 lines
7.8 KiB
C
Raw Normal View History

Initial revision
1998-08-09 08:43:13 +08:00
/* bind.c - decode an ldap bind operation and pass it to a backend db */
Add OpenLDAP RCSid to *.[ch] in clients, libraries, and servers. Replace old Id as needed (back-tcl). Leave updating of contribWare to contributors (for now).
1999-09-09 03:06:24 +08:00
/* $OpenLDAP$ */
Add copyright notices.
1999-08-07 07:07:46 +08:00
/*
* Copyright 1998-1999 The OpenLDAP Foundation, All Rights Reserved.
* COPYING RESTRICTIONS APPLY, see COPYRIGHT file
*/
Initial revision
1998-08-09 08:43:13 +08:00
/*
* Copyright (c) 1995 Regents of the University of Michigan.
* All rights reserved.
*
* Redistribution and use in source and binary forms are permitted
* provided that this notice is preserved and that due credit is given
* to the University of Michigan at Ann Arbor. The name of the University
* may not be used to endorse or promote products derived from this
* software without specific prior written permission. This software
* is provided ``as is'' without express or implied warranty.
*/
merged with autoconf branch
1998-10-25 09:41:42 +08:00
#include "portable.h"
Initial revision
1998-08-09 08:43:13 +08:00
#include <stdio.h>
merged with autoconf branch
1998-10-25 09:41:42 +08:00
#include <ac/string.h>
#include <ac/socket.h>
Initial revision
1998-08-09 08:43:13 +08:00
#include "slap.h"
Add macros to support testing of error categories to ldap.h Modify ldap_result to assert returned error is not an one reserved for API use. Modify frontend LDAP operation routines to return an error code. The returned value will be used to determine if an unsolicited notification should be sent to the client. Need to review returned error codes. Namely some LDAP_PROTOCOL_ERROR will like need to be changed (as they will cause unsolicited notifications).
1999-07-02 05:20:45 +08:00
int
Initial revision
1998-08-09 08:43:13 +08:00
do_bind(
Connection *conn,
Operation *op
)
{
BerElement *ber = op->o_ber;
ber_int_t, ber_tag_t, ber_socket_t, ber_len_t added lber_types.h.nt, lber_types.h.in removal of NULLxxx internal macros (in favor of NULL). ch_free added to slapd,slurpd/ch_malloc.c #define free ch_free (should be removed after s/free/ch_free/g) in proto-slap.h ch_malloc and friends use ber_memalloc and friends
1999-06-19 07:53:05 +08:00
ber_int_t version;
ber_tag_t method;
NO-OP SASL parsing... DIGEST-MD5 coming soon.
1999-07-01 11:18:00 +08:00
char *mech;
const'fication
1999-08-21 03:00:44 +08:00
char *dn;
char *ndn;
Add macros to support testing of error categories to ldap.h Modify ldap_result to assert returned error is not an one reserved for API use. Modify frontend LDAP operation routines to return an error code. The returned value will be used to determine if an unsolicited notification should be sent to the client. Need to review returned error codes. Namely some LDAP_PROTOCOL_ERROR will like need to be changed (as they will cause unsolicited notifications).
1999-07-02 05:20:45 +08:00
ber_tag_t tag;
More bind changes to support SASL/DIGEST. Added configuration support for "digest-realm <realm>" configure directive. Added connection state and bind_in_progress fields to cn=monitor connection attribute.
1999-07-03 03:48:07 +08:00
int rc = LDAP_SUCCESS;
Initial revision
1998-08-09 08:43:13 +08:00
struct berval cred;
Backend *be;
Debug( LDAP_DEBUG_TRACE, "do_bind\n", 0, 0, 0 );
Add limited LDAP_INVALID_DN_SYNTAX support. dn_normalize{,_case}() now returns NULL does not meet basic syntax rules.
1999-07-23 01:14:42 +08:00
dn = NULL;
Fairly complete slapd SASL bind parsing... and centralized cleanup code. Update error strings and cldap misuse of server error.
1999-07-01 12:42:01 +08:00
ndn = NULL;
mech = NULL;
cred.bv_val = NULL;
More bind changes to support SASL/DIGEST. Added configuration support for "digest-realm <realm>" configure directive. Added connection state and bind_in_progress fields to cn=monitor connection attribute.
1999-07-03 03:48:07 +08:00
ldap_pvt_thread_mutex_lock( &conn->c_mutex );
/* Force to connection to "anonymous" until bind succeeds.
* This may need to be relocated or done on a case by case basis
* to handle certain SASL mechanisms.
*/
if ( conn->c_cdn != NULL ) {
free( conn->c_cdn );
conn->c_cdn = NULL;
}
if ( conn->c_dn != NULL ) {
free( conn->c_dn );
conn->c_dn = NULL;
}
ldap_pvt_thread_mutex_unlock( &conn->c_mutex );
HEADS UP: connections are forced to "anonymous" status upon receiving of a bind request and, upon failure, are left "anonymous." Rework ACL code to hide access testing within macros to facilate additions and eventual redesign. Addition of #ifdef SLAPD_ACLAUTH to conditional include EXPERIMENTAL "auth" access controls. Adds ACL_AUTH "auth" access level (above none, below "compare"). bind requires anonymous access at this level or above access to "entry"/"userPassword"/"krbName". This allows administrators to restrict which entries can be bound to. (This will likely become default behavior after testing has completed).
1999-07-05 02:46:24 +08:00
if ( op->o_dn != NULL ) {
free( op->o_dn );
Regarding previous commit: Fix broken ACL macros. Fix o_dn/o_ndn == NULL vs "".
1999-07-05 03:53:00 +08:00
op->o_dn = ch_strdup( "" );
}
if ( op->o_ndn != NULL ) {
free( op->o_ndn );
op->o_ndn = ch_strdup( "" );
HEADS UP: connections are forced to "anonymous" status upon receiving of a bind request and, upon failure, are left "anonymous." Rework ACL code to hide access testing within macros to facilate additions and eventual redesign. Addition of #ifdef SLAPD_ACLAUTH to conditional include EXPERIMENTAL "auth" access controls. Adds ACL_AUTH "auth" access level (above none, below "compare"). bind requires anonymous access at this level or above access to "entry"/"userPassword"/"krbName". This allows administrators to restrict which entries can be bound to. (This will likely become default behavior after testing has completed).
1999-07-05 02:46:24 +08:00
}
Initial revision
1998-08-09 08:43:13 +08:00
/*
* Parse the bind request. It looks like this:
*
* BindRequest ::= SEQUENCE {
* version INTEGER, -- version
* name DistinguishedName, -- dn
* authentication CHOICE {
* simple [0] OCTET STRING -- passwd
* krbv42ldap [1] OCTET STRING
More bind changes to support SASL/DIGEST. Added configuration support for "digest-realm <realm>" configure directive. Added connection state and bind_in_progress fields to cn=monitor connection attribute.
1999-07-03 03:48:07 +08:00
* krbv42dsa [2] OCTET STRING
* SASL [3] SaslCredentials
Initial revision
1998-08-09 08:43:13 +08:00
* }
More bind changes to support SASL/DIGEST. Added configuration support for "digest-realm <realm>" configure directive. Added connection state and bind_in_progress fields to cn=monitor connection attribute.
1999-07-03 03:48:07 +08:00
* }
*
* SaslCredentials ::= SEQUENCE {
* mechanism LDAPString,
* credentials OCTET STRING OPTIONAL
Initial revision
1998-08-09 08:43:13 +08:00
* }
*/
Add limited LDAP_INVALID_DN_SYNTAX support. dn_normalize{,_case}() now returns NULL does not meet basic syntax rules.
1999-07-23 01:14:42 +08:00
tag = ber_scanf( ber, "{iat" /*}*/, &version, &dn, &method );
Update slap_conn to maintain client provided dn and bound dn. Update slap_op to maintain dn and ndn (derived from conn->c_dn). Update ldbm_back_bind to return actual bound dn (including rootdn) for use in slapd_conn. Other backends use client dn. Modify other codes to use ndn (normalized uppercase dn) most everywhere. Aliasing, Suffixing and modrdn could use more work. Applied suffixing to compare and modrdn.
1999-01-19 13:10:50 +08:00
Add macros to support testing of error categories to ldap.h Modify ldap_result to assert returned error is not an one reserved for API use. Modify frontend LDAP operation routines to return an error code. The returned value will be used to determine if an unsolicited notification should be sent to the client. Need to review returned error codes. Namely some LDAP_PROTOCOL_ERROR will like need to be changed (as they will cause unsolicited notifications).
1999-07-02 05:20:45 +08:00
if ( tag == LBER_ERROR ) {
Vienna Bulk Commit This commit includes many changes. All changes compile under NT but have not been tested under UNIX. A Summary of changes (likely incomplete): NT changes: Removed lint. Clean up configuration support for "Debug", "Release", "SDebug", and "SRelease" configurations. Share output directories for clients, libraries, and slapd. (maybe they should be combined further and moved to build/{,S}{Debug,Release}). Enable threading when _MT is defined. Enable debuging when _DEBUG is defined. Disable setting of NDEBUG under Release/SRelease. Asserts are disabled in <ac/assert.h> when LDAP_DEBUG is not defined. Added 'build/main.dsp' Master project. Removed non-slapd projects from slapd.dsp (see main.dsp). Removed replaced many uses of _WIN32 macro with feature based macros. ldap_cdefs.h changes #define LDAP_CONST const (see below) #define LDAP_F(type) LDAP_F_PRE type LDAP_F_POST To allow specifiers to be added before and after the type declaration. (For DLL handling) LBER/LDAP changes Namespace changes: s/lber_/ber_/ for here and there. s/NAME_ERROR/LDAP_NAME_ERROR/g Deleted NULLMSG and other NULL* macros for namespace reasons. "const" libraries. Installed headers (ie: lber.h, ldap.h) use LDAP_CONST macro. Normally set to 'const' when __STDC__. Can be set externally to enable/disable 'constification' of external interface. Internal interface always uses 'const'. Did not fix warnings in -lldif (in lieu of new LDIF parser). Added _ext API implementations (excepting search and bind). Need to implement ldap_int_get_controls() for reponses with controls. Added numberous assert() checks. LDAP_R _MT defines HAVE_NT_THREADS Added numberous assert() checks. Changed ldap_pthread_t back to unsigned long. Used cast to HANDLE in _join(). LDBM Replaced _WIN32 with HAVE_SYSLOG ud Added version string if MKVERSION is not defined. (MKVERSION needs to be set under UNIX). slapd Made connection sockbuf field a pointer to a sockbuf. This removed slap.h dependency on lber-int.h. lber-int.h now only included by those files needing to mess with the sockbuf. Used ber_* functions/macros to access sockbuf internals whenever possible. Added version string if MKVERSION is not defined. (MKVERSION needs to be set under UNIX). Removed FD_SET unsigned lint slapd/tools Used EXEEXT to added ".exe" to routines. Need to define EXEEXT under UNIX. ldappasswd Added ldappasswd.dsp. Ported to NT. Used getpid() to seed rand(). nt_debug Minor cleanup. Added "portable.h" include and used <ac/*.h> where appropriate. Added const to char* format argument.
1999-05-19 09:12:33 +08:00
Debug( LDAP_DEBUG_ANY, "bind: ber_scanf failed\n", 0, 0, 0 );
Add support for unsolicited notifications.
1999-07-08 02:51:39 +08:00
send_ldap_disconnect( conn, op,
LDAP_PROTOCOL_ERROR, "decoding error" );
rc = -1;
Fairly complete slapd SASL bind parsing... and centralized cleanup code. Update error strings and cldap misuse of server error.
1999-07-01 12:42:01 +08:00
goto cleanup;
Initial revision
1998-08-09 08:43:13 +08:00
}
ldap.h: added comments removed LDAP_MAX_ATTR_LEN removed LDAP_COMPAT* from <ldap.h> but not code. move LDAP_DEFAULT_REFHOPCOUNT to ldap-int.h added experimental options macros added LDAP_CONTROL_REFERRALS macros libldap: Replace ld_attrbuffer with per use allocated attributed. ldap_first/next_attribute attributes now must be freed (as per draft). unifdef -DLDAP_API_FEATURE_X_OPENLDAP_V2_REFERRALS
1999-05-22 14:11:48 +08:00
Added mixed-case as well as up-cased DN argument. The behavior of back-bdb2 and back-ldbm are preserved, they only use the up-cased DNs. back-passwd uses the mixed-case DN. All others are using mixed-case DN, may need more fixing.
1999-09-19 07:40:03 +08:00
if ( dn_normalize( dn ) == NULL ) {
Add limited LDAP_INVALID_DN_SYNTAX support. dn_normalize{,_case}() now returns NULL does not meet basic syntax rules.
1999-07-23 01:14:42 +08:00
Debug( LDAP_DEBUG_ANY, "bind: invalid dn (%s)\n", dn, 0, 0 );
send_ldap_result( conn, op, rc = LDAP_INVALID_DN_SYNTAX, NULL,
"invalid DN", NULL, NULL );
goto cleanup;
}
Added mixed-case as well as up-cased DN argument. The behavior of back-bdb2 and back-ldbm are preserved, they only use the up-cased DNs. back-passwd uses the mixed-case DN. All others are using mixed-case DN, may need more fixing.
1999-09-19 07:40:03 +08:00
ndn = ch_strdup( dn );
ldap_pvt_str2upper( ndn );
Add get_ctrls()...
1999-07-06 07:01:17 +08:00
op->o_protocol = version;
NO-OP SASL parsing... DIGEST-MD5 coming soon.
1999-07-01 11:18:00 +08:00
if( method != LDAP_AUTH_SASL ) {
Add macros to support testing of error categories to ldap.h Modify ldap_result to assert returned error is not an one reserved for API use. Modify frontend LDAP operation routines to return an error code. The returned value will be used to determine if an unsolicited notification should be sent to the client. Need to review returned error codes. Namely some LDAP_PROTOCOL_ERROR will like need to be changed (as they will cause unsolicited notifications).
1999-07-02 05:20:45 +08:00
tag = ber_scanf( ber, /*{*/ "o}", &cred );
NO-OP SASL parsing... DIGEST-MD5 coming soon.
1999-07-01 11:18:00 +08:00
} else {
Add macros to support testing of error categories to ldap.h Modify ldap_result to assert returned error is not an one reserved for API use. Modify frontend LDAP operation routines to return an error code. The returned value will be used to determine if an unsolicited notification should be sent to the client. Need to review returned error codes. Namely some LDAP_PROTOCOL_ERROR will like need to be changed (as they will cause unsolicited notifications).
1999-07-02 05:20:45 +08:00
tag = ber_scanf( ber, "{a" /*}*/, &mech );
NO-OP SASL parsing... DIGEST-MD5 coming soon.
1999-07-01 11:18:00 +08:00
Add macros to support testing of error categories to ldap.h Modify ldap_result to assert returned error is not an one reserved for API use. Modify frontend LDAP operation routines to return an error code. The returned value will be used to determine if an unsolicited notification should be sent to the client. Need to review returned error codes. Namely some LDAP_PROTOCOL_ERROR will like need to be changed (as they will cause unsolicited notifications).
1999-07-02 05:20:45 +08:00
if ( tag != LBER_ERROR ) {
NO-OP SASL parsing... DIGEST-MD5 coming soon.
1999-07-01 11:18:00 +08:00
ber_len_t len;
Add macros to support testing of error categories to ldap.h Modify ldap_result to assert returned error is not an one reserved for API use. Modify frontend LDAP operation routines to return an error code. The returned value will be used to determine if an unsolicited notification should be sent to the client. Need to review returned error codes. Namely some LDAP_PROTOCOL_ERROR will like need to be changed (as they will cause unsolicited notifications).
1999-07-02 05:20:45 +08:00
tag = ber_peek_tag( ber, &len );
NO-OP SASL parsing... DIGEST-MD5 coming soon.
1999-07-01 11:18:00 +08:00
Add macros to support testing of error categories to ldap.h Modify ldap_result to assert returned error is not an one reserved for API use. Modify frontend LDAP operation routines to return an error code. The returned value will be used to determine if an unsolicited notification should be sent to the client. Need to review returned error codes. Namely some LDAP_PROTOCOL_ERROR will like need to be changed (as they will cause unsolicited notifications).
1999-07-02 05:20:45 +08:00
if ( tag == LDAP_TAG_LDAPCRED ) {
tag = ber_scanf( ber, "o", &cred );
NO-OP SASL parsing... DIGEST-MD5 coming soon.
1999-07-01 11:18:00 +08:00
}
Add macros to support testing of error categories to ldap.h Modify ldap_result to assert returned error is not an one reserved for API use. Modify frontend LDAP operation routines to return an error code. The returned value will be used to determine if an unsolicited notification should be sent to the client. Need to review returned error codes. Namely some LDAP_PROTOCOL_ERROR will like need to be changed (as they will cause unsolicited notifications).
1999-07-02 05:20:45 +08:00
if ( tag != LBER_ERROR ) {
tag = ber_scanf( ber, /*{{*/ "}}" );
NO-OP SASL parsing... DIGEST-MD5 coming soon.
1999-07-01 11:18:00 +08:00
}
}
}
Add macros to support testing of error categories to ldap.h Modify ldap_result to assert returned error is not an one reserved for API use. Modify frontend LDAP operation routines to return an error code. The returned value will be used to determine if an unsolicited notification should be sent to the client. Need to review returned error codes. Namely some LDAP_PROTOCOL_ERROR will like need to be changed (as they will cause unsolicited notifications).
1999-07-02 05:20:45 +08:00
if ( tag == LBER_ERROR ) {
Add support for unsolicited notifications.
1999-07-08 02:51:39 +08:00
send_ldap_disconnect( conn, op,
LDAP_PROTOCOL_ERROR,
NO-OP SASL parsing... DIGEST-MD5 coming soon.
1999-07-01 11:18:00 +08:00
"decoding error" );
Add support for unsolicited notifications.
1999-07-08 02:51:39 +08:00
rc = -1;
Fairly complete slapd SASL bind parsing... and centralized cleanup code. Update error strings and cldap misuse of server error.
1999-07-01 12:42:01 +08:00
goto cleanup;
NO-OP SASL parsing... DIGEST-MD5 coming soon.
1999-07-01 11:18:00 +08:00
}
Add macros to support testing of error categories to ldap.h Modify ldap_result to assert returned error is not an one reserved for API use. Modify frontend LDAP operation routines to return an error code. The returned value will be used to determine if an unsolicited notification should be sent to the client. Need to review returned error codes. Namely some LDAP_PROTOCOL_ERROR will like need to be changed (as they will cause unsolicited notifications).
1999-07-02 05:20:45 +08:00
if( (rc = get_ctrls( conn, op, 1 )) != LDAP_SUCCESS ) {
Fairly complete slapd SASL bind parsing... and centralized cleanup code. Update error strings and cldap misuse of server error.
1999-07-01 12:42:01 +08:00
Debug( LDAP_DEBUG_ANY, "do_bind: get_ctrls failed\n", 0, 0, 0 );
goto cleanup;
Rework BER decoding with lieu of LDAPv3 controls (coming soon). Add place holder for handling LDAPv3 extended operations (coming soon).
1999-07-01 06:43:27 +08:00
}
Fairly complete slapd SASL bind parsing... and centralized cleanup code. Update error strings and cldap misuse of server error.
1999-07-01 12:42:01 +08:00
if( method == LDAP_AUTH_SASL ) {
Debug( LDAP_DEBUG_TRACE, "do_sasl_bind: dn (%s) mech %s\n",
Add limited LDAP_INVALID_DN_SYNTAX support. dn_normalize{,_case}() now returns NULL does not meet basic syntax rules.
1999-07-23 01:14:42 +08:00
dn, mech, NULL );
Fairly complete slapd SASL bind parsing... and centralized cleanup code. Update error strings and cldap misuse of server error.
1999-07-01 12:42:01 +08:00
} else {
Clean up debug messages.
1999-08-19 08:40:18 +08:00
Debug( LDAP_DEBUG_TRACE, "do_bind: version=%ld dn=\"%s\" method=%ld\n",
(unsigned long) version, dn, (unsigned long) method );
Fairly complete slapd SASL bind parsing... and centralized cleanup code. Update error strings and cldap misuse of server error.
1999-07-01 12:42:01 +08:00
}
Update slap_conn to maintain client provided dn and bound dn. Update slap_op to maintain dn and ndn (derived from conn->c_dn). Update ldbm_back_bind to return actual bound dn (including rootdn) for use in slapd_conn. Other backends use client dn. Modify other codes to use ndn (normalized uppercase dn) most everywhere. Aliasing, Suffixing and modrdn could use more work. Applied suffixing to compare and modrdn.
1999-01-19 13:10:50 +08:00
Minor cleanup: Fix Statlog() formats, remove an implicit int, include <ctype.h> for isspace().
1999-08-07 13:36:48 +08:00
Statslog( LDAP_DEBUG_STATS, "conn=%ld op=%d BIND dn=\"%s\" method=%ld\n",
op->o_connid, op->o_opid, ndn, (unsigned long) method, 0 );
Initial revision
1998-08-09 08:43:13 +08:00
Log out to stderr, add LDAP_VERSION3 support to bind.c and modrdn.c
1999-06-29 09:02:48 +08:00
if ( version < LDAP_VERSION_MIN || version > LDAP_VERSION_MAX ) {
Clean up debug messages.
1999-08-19 08:40:18 +08:00
Debug( LDAP_DEBUG_ANY, "do_bind: unknown version=%ld\n",
(unsigned long) version, 0, 0 );
Import experimental referral implementation from OPENLDAP_DEVEL_REFERRALS. Includes support for update referral for each replicated backend. Reworked replication test to use update referral. Includes major rewrite of response encoding codes (result.c). Includes reworked alias support and eliminates old suffix alias codes (can be emulated using named alias). Includes (untested) support for the Manage DSA IT control. Works in LDAPv2 world. Still testing in LDAPv3 world. Added default referral (test009) test.
1999-07-16 10:45:46 +08:00
send_ldap_result( conn, op, rc = LDAP_PROTOCOL_ERROR,
NULL, "version not supported", NULL, NULL );
Fairly complete slapd SASL bind parsing... and centralized cleanup code. Update error strings and cldap misuse of server error.
1999-07-01 12:42:01 +08:00
goto cleanup;
Initial revision
1998-08-09 08:43:13 +08:00
}
Fairly complete slapd SASL bind parsing... and centralized cleanup code. Update error strings and cldap misuse of server error.
1999-07-01 12:42:01 +08:00
if ( method == LDAP_AUTH_SASL ) {
if ( version < LDAP_VERSION3 ) {
Clean up debug messages.
1999-08-19 08:40:18 +08:00
Debug( LDAP_DEBUG_ANY, "do_bind: sasl with LDAPv%ld\n",
(unsigned long) version, 0, 0 );
Add support for unsolicited notifications.
1999-07-08 02:51:39 +08:00
send_ldap_disconnect( conn, op,
LDAP_PROTOCOL_ERROR, "sasl bind requires LDAPv3" );
rc = -1;
Fairly complete slapd SASL bind parsing... and centralized cleanup code. Update error strings and cldap misuse of server error.
1999-07-01 12:42:01 +08:00
goto cleanup;
Initial revision
1998-08-09 08:43:13 +08:00
}
Fairly complete slapd SASL bind parsing... and centralized cleanup code. Update error strings and cldap misuse of server error.
1999-07-01 12:42:01 +08:00
if( mech == NULL || *mech == '\0' ) {
Debug( LDAP_DEBUG_ANY,
"do_bind: no sasl mechanism provided\n",
Clean up debug messages.
1999-08-19 08:40:18 +08:00
0, 0, 0 );
Add macros to support testing of error categories to ldap.h Modify ldap_result to assert returned error is not an one reserved for API use. Modify frontend LDAP operation routines to return an error code. The returned value will be used to determine if an unsolicited notification should be sent to the client. Need to review returned error codes. Namely some LDAP_PROTOCOL_ERROR will like need to be changed (as they will cause unsolicited notifications).
1999-07-02 05:20:45 +08:00
send_ldap_result( conn, op, rc = LDAP_AUTH_METHOD_NOT_SUPPORTED,
Import experimental referral implementation from OPENLDAP_DEVEL_REFERRALS. Includes support for update referral for each replicated backend. Reworked replication test to use update referral. Includes major rewrite of response encoding codes (result.c). Includes reworked alias support and eliminates old suffix alias codes (can be emulated using named alias). Includes (untested) support for the Manage DSA IT control. Works in LDAPv2 world. Still testing in LDAPv3 world. Added default referral (test009) test.
1999-07-16 10:45:46 +08:00
NULL, "no sasl mechanism provided", NULL, NULL );
Fairly complete slapd SASL bind parsing... and centralized cleanup code. Update error strings and cldap misuse of server error.
1999-07-01 12:42:01 +08:00
goto cleanup;
NO-OP SASL parsing... DIGEST-MD5 coming soon.
1999-07-01 11:18:00 +08:00
}
Fairly complete slapd SASL bind parsing... and centralized cleanup code. Update error strings and cldap misuse of server error.
1999-07-01 12:42:01 +08:00
Add macros to support testing of error categories to ldap.h Modify ldap_result to assert returned error is not an one reserved for API use. Modify frontend LDAP operation routines to return an error code. The returned value will be used to determine if an unsolicited notification should be sent to the client. Need to review returned error codes. Namely some LDAP_PROTOCOL_ERROR will like need to be changed (as they will cause unsolicited notifications).
1999-07-02 05:20:45 +08:00
if( !charray_inlist( supportedSASLMechanisms, mech ) ) {
Fairly complete slapd SASL bind parsing... and centralized cleanup code. Update error strings and cldap misuse of server error.
1999-07-01 12:42:01 +08:00
Debug( LDAP_DEBUG_ANY,
Clean up debug messages.
1999-08-19 08:40:18 +08:00
"do_bind: sasl mechanism=\"%s\" not supported.\n",
Fairly complete slapd SASL bind parsing... and centralized cleanup code. Update error strings and cldap misuse of server error.
1999-07-01 12:42:01 +08:00
mech, 0, 0 );
Add macros to support testing of error categories to ldap.h Modify ldap_result to assert returned error is not an one reserved for API use. Modify frontend LDAP operation routines to return an error code. The returned value will be used to determine if an unsolicited notification should be sent to the client. Need to review returned error codes. Namely some LDAP_PROTOCOL_ERROR will like need to be changed (as they will cause unsolicited notifications).
1999-07-02 05:20:45 +08:00
send_ldap_result( conn, op, rc = LDAP_AUTH_METHOD_NOT_SUPPORTED,
Import experimental referral implementation from OPENLDAP_DEVEL_REFERRALS. Includes support for update referral for each replicated backend. Reworked replication test to use update referral. Includes major rewrite of response encoding codes (result.c). Includes reworked alias support and eliminates old suffix alias codes (can be emulated using named alias). Includes (untested) support for the Manage DSA IT control. Works in LDAPv2 world. Still testing in LDAPv3 world. Added default referral (test009) test.
1999-07-16 10:45:46 +08:00
NULL, "sasl mechanism not supported", NULL, NULL );
Fairly complete slapd SASL bind parsing... and centralized cleanup code. Update error strings and cldap misuse of server error.
1999-07-01 12:42:01 +08:00
goto cleanup;
Initial revision
1998-08-09 08:43:13 +08:00
}
PROTOTYPE: New connection management infrastructure designed to remove race conditions on connection close. BROKEN: various counters for dn=monitor. Initial testing on FreeBSD (with and without pthreads) was successfull. Have not yet tested preemptive threading environments. Have not built against backends other than LDBM.
1999-03-22 15:14:54 +08:00
ldap_pvt_thread_mutex_lock( &conn->c_mutex );
nextid cleanup in preparation to disable next_id_return().
1999-01-22 09:40:39 +08:00
More bind changes to support SASL/DIGEST. Added configuration support for "digest-realm <realm>" configure directive. Added connection state and bind_in_progress fields to cn=monitor connection attribute.
1999-07-03 03:48:07 +08:00
if ( conn->c_authmech != NULL ) {
assert( conn->c_bind_in_progress );
if((strcmp(conn->c_authmech, mech) != 0)) {
/* mechanism changed, cancel in progress bind */
conn->c_bind_in_progress = 0;
if( conn->c_authstate != NULL ) {
free(conn->c_authstate);
conn->c_authstate = NULL;
}
free(conn->c_authmech);
conn->c_authmech = NULL;
}
Add c_protocol to slap_conn to track protocol version used by client. Is initialized to 0 (unknown) and then set to 2 or 3 on bind. Should also be 0->3 if a special (or any) operation occurs before the bind.
1999-01-21 10:21:39 +08:00
More bind changes to support SASL/DIGEST. Added configuration support for "digest-realm <realm>" configure directive. Added connection state and bind_in_progress fields to cn=monitor connection attribute.
1999-07-03 03:48:07 +08:00
#ifdef LDAP_DEBUG
} else {
assert( !conn->c_bind_in_progress );
assert( conn->c_authmech == NULL );
assert( conn->c_authstate == NULL );
#endif
nextid cleanup in preparation to disable next_id_return().
1999-01-22 09:40:39 +08:00
}
More bind changes to support SASL/DIGEST. Added configuration support for "digest-realm <realm>" configure directive. Added connection state and bind_in_progress fields to cn=monitor connection attribute.
1999-07-03 03:48:07 +08:00
} else {
ldap_pvt_thread_mutex_lock( &conn->c_mutex );
if ( conn->c_authmech != NULL ) {
assert( conn->c_bind_in_progress );
/* cancel in progress bind */
conn->c_bind_in_progress = 0;
if( conn->c_authstate != NULL ) {
free(conn->c_authstate);
conn->c_authstate = NULL;
}
free(conn->c_authmech);
conn->c_authmech = NULL;
nextid cleanup in preparation to disable next_id_return().
1999-01-22 09:40:39 +08:00
}
More bind changes to support SASL/DIGEST. Added configuration support for "digest-realm <realm>" configure directive. Added connection state and bind_in_progress fields to cn=monitor connection attribute.
1999-07-03 03:48:07 +08:00
}
nextid cleanup in preparation to disable next_id_return().
1999-01-22 09:40:39 +08:00
More bind changes to support SASL/DIGEST. Added configuration support for "digest-realm <realm>" configure directive. Added connection state and bind_in_progress fields to cn=monitor connection attribute.
1999-07-03 03:48:07 +08:00
conn->c_protocol = version;
ldap_pvt_thread_mutex_unlock( &conn->c_mutex );
nextid cleanup in preparation to disable next_id_return().
1999-01-22 09:40:39 +08:00
More bind changes to support SASL/DIGEST. Added configuration support for "digest-realm <realm>" configure directive. Added connection state and bind_in_progress fields to cn=monitor connection attribute.
1999-07-03 03:48:07 +08:00
/* accept null binds */
if ( ndn == NULL || *ndn == '\0' ) {
/*
* we already forced connection to "anonymous", we just
* need to send success
*/
Import experimental referral implementation from OPENLDAP_DEVEL_REFERRALS. Includes support for update referral for each replicated backend. Reworked replication test to use update referral. Includes major rewrite of response encoding codes (result.c). Includes reworked alias support and eliminates old suffix alias codes (can be emulated using named alias). Includes (untested) support for the Manage DSA IT control. Works in LDAPv2 world. Still testing in LDAPv3 world. Added default referral (test009) test.
1999-07-16 10:45:46 +08:00
send_ldap_result( conn, op, LDAP_SUCCESS,
NULL, NULL, NULL, NULL );
Fairly complete slapd SASL bind parsing... and centralized cleanup code. Update error strings and cldap misuse of server error.
1999-07-01 12:42:01 +08:00
goto cleanup;
Initial revision
1998-08-09 08:43:13 +08:00
}
/*
* We could be serving multiple database backends. Select the
* appropriate one, or send a referral to our "referral server"
* if we don't hold it.
*/
Update slap_conn to maintain client provided dn and bound dn. Update slap_op to maintain dn and ndn (derived from conn->c_dn). Update ldbm_back_bind to return actual bound dn (including rootdn) for use in slapd_conn. Other backends use client dn. Modify other codes to use ndn (normalized uppercase dn) most everywhere. Aliasing, Suffixing and modrdn could use more work. Applied suffixing to compare and modrdn.
1999-01-19 13:10:50 +08:00
if ( (be = select_backend( ndn )) == NULL ) {
Initial revision
1998-08-09 08:43:13 +08:00
if ( cred.bv_len == 0 ) {
slapd returned "partial results and referral" even when no default referral has been configured in the server. Fix provided by Hallvard.
1998-10-24 06:20:45 +08:00
send_ldap_result( conn, op, LDAP_SUCCESS,
Import experimental referral implementation from OPENLDAP_DEVEL_REFERRALS. Includes support for update referral for each replicated backend. Reworked replication test to use update referral. Includes major rewrite of response encoding codes (result.c). Includes reworked alias support and eliminates old suffix alias codes (can be emulated using named alias). Includes (untested) support for the Manage DSA IT control. Works in LDAPv2 world. Still testing in LDAPv3 world. Added default referral (test009) test.
1999-07-16 10:45:46 +08:00
NULL, NULL, NULL, NULL );
More bind changes to support SASL/DIGEST. Added configuration support for "digest-realm <realm>" configure directive. Added connection state and bind_in_progress fields to cn=monitor connection attribute.
1999-07-03 03:48:07 +08:00
Import experimental referral implementation from OPENLDAP_DEVEL_REFERRALS. Includes support for update referral for each replicated backend. Reworked replication test to use update referral. Includes major rewrite of response encoding codes (result.c). Includes reworked alias support and eliminates old suffix alias codes (can be emulated using named alias). Includes (untested) support for the Manage DSA IT control. Works in LDAPv2 world. Still testing in LDAPv3 world. Added default referral (test009) test.
1999-07-16 10:45:46 +08:00
} else if ( default_referral ) {
send_ldap_result( conn, op, rc = LDAP_REFERRAL,
NULL, NULL, default_referral, NULL );
More bind changes to support SASL/DIGEST. Added configuration support for "digest-realm <realm>" configure directive. Added connection state and bind_in_progress fields to cn=monitor connection attribute.
1999-07-03 03:48:07 +08:00
Initial revision
1998-08-09 08:43:13 +08:00
} else {
Add macros to support testing of error categories to ldap.h Modify ldap_result to assert returned error is not an one reserved for API use. Modify frontend LDAP operation routines to return an error code. The returned value will be used to determine if an unsolicited notification should be sent to the client. Need to review returned error codes. Namely some LDAP_PROTOCOL_ERROR will like need to be changed (as they will cause unsolicited notifications).
1999-07-02 05:20:45 +08:00
send_ldap_result( conn, op, rc = LDAP_INVALID_CREDENTIALS,
Import experimental referral implementation from OPENLDAP_DEVEL_REFERRALS. Includes support for update referral for each replicated backend. Reworked replication test to use update referral. Includes major rewrite of response encoding codes (result.c). Includes reworked alias support and eliminates old suffix alias codes (can be emulated using named alias). Includes (untested) support for the Manage DSA IT control. Works in LDAPv2 world. Still testing in LDAPv3 world. Added default referral (test009) test.
1999-07-16 10:45:46 +08:00
NULL, NULL, NULL, NULL );
Initial revision
1998-08-09 08:43:13 +08:00
}
Add macros to support testing of error categories to ldap.h Modify ldap_result to assert returned error is not an one reserved for API use. Modify frontend LDAP operation routines to return an error code. The returned value will be used to determine if an unsolicited notification should be sent to the client. Need to review returned error codes. Namely some LDAP_PROTOCOL_ERROR will like need to be changed (as they will cause unsolicited notifications).
1999-07-02 05:20:45 +08:00
Fairly complete slapd SASL bind parsing... and centralized cleanup code. Update error strings and cldap misuse of server error.
1999-07-01 12:42:01 +08:00
goto cleanup;
Initial revision
1998-08-09 08:43:13 +08:00
}
function pointers are incompatible with `void *'; remove NULL or replace with 0
1999-03-04 02:49:59 +08:00
if ( be->be_bind ) {
Update slap_conn to maintain client provided dn and bound dn. Update slap_op to maintain dn and ndn (derived from conn->c_dn). Update ldbm_back_bind to return actual bound dn (including rootdn) for use in slapd_conn. Other backends use client dn. Modify other codes to use ndn (normalized uppercase dn) most everywhere. Aliasing, Suffixing and modrdn could use more work. Applied suffixing to compare and modrdn.
1999-01-19 13:10:50 +08:00
/* alias suffix */
char *edn;
Resurrect suffix aliasing...
1999-07-28 02:43:30 +08:00
/* deref suffix alias if appropriate */
ndn = suffix_alias( be, ndn );
Added mixed-case as well as up-cased DN argument. The behavior of back-bdb2 and back-ldbm are preserved, they only use the up-cased DNs. back-passwd uses the mixed-case DN. All others are using mixed-case DN, may need more fixing.
1999-09-19 07:40:03 +08:00
if ( (*be->be_bind)( be, conn, op, dn, ndn, method, mech, &cred, &edn ) == 0 ) {
PROTOTYPE: New connection management infrastructure designed to remove race conditions on connection close. BROKEN: various counters for dn=monitor. Initial testing on FreeBSD (with and without pthreads) was successfull. Have not yet tested preemptive threading environments. Have not built against backends other than LDBM.
1999-03-22 15:14:54 +08:00
ldap_pvt_thread_mutex_lock( &conn->c_mutex );
Update slap_conn to maintain client provided dn and bound dn. Update slap_op to maintain dn and ndn (derived from conn->c_dn). Update ldbm_back_bind to return actual bound dn (including rootdn) for use in slapd_conn. Other backends use client dn. Modify other codes to use ndn (normalized uppercase dn) most everywhere. Aliasing, Suffixing and modrdn could use more work. Applied suffixing to compare and modrdn.
1999-01-19 13:10:50 +08:00
Add limited LDAP_INVALID_DN_SYNTAX support. dn_normalize{,_case}() now returns NULL does not meet basic syntax rules.
1999-07-23 01:14:42 +08:00
conn->c_cdn = dn;
dn = NULL;
Update slap_conn to maintain client provided dn and bound dn. Update slap_op to maintain dn and ndn (derived from conn->c_dn). Update ldbm_back_bind to return actual bound dn (including rootdn) for use in slapd_conn. Other backends use client dn. Modify other codes to use ndn (normalized uppercase dn) most everywhere. Aliasing, Suffixing and modrdn could use more work. Applied suffixing to compare and modrdn.
1999-01-19 13:10:50 +08:00
if(edn != NULL) {
conn->c_dn = edn;
} else {
conn->c_dn = ndn;
ndn = NULL;
}
Debug( LDAP_DEBUG_TRACE, "do_bind: bound \"%s\" to \"%s\"\n",
conn->c_cdn, conn->c_dn, method );
PROTOTYPE: New connection management infrastructure designed to remove race conditions on connection close. BROKEN: various counters for dn=monitor. Initial testing on FreeBSD (with and without pthreads) was successfull. Have not yet tested preemptive threading environments. Have not built against backends other than LDBM.
1999-03-22 15:14:54 +08:00
ldap_pvt_thread_mutex_unlock( &conn->c_mutex );
Initial revision
1998-08-09 08:43:13 +08:00
/* send this here to avoid a race condition */
Import experimental referral implementation from OPENLDAP_DEVEL_REFERRALS. Includes support for update referral for each replicated backend. Reworked replication test to use update referral. Includes major rewrite of response encoding codes (result.c). Includes reworked alias support and eliminates old suffix alias codes (can be emulated using named alias). Includes (untested) support for the Manage DSA IT control. Works in LDAPv2 world. Still testing in LDAPv3 world. Added default referral (test009) test.
1999-07-16 10:45:46 +08:00
send_ldap_result( conn, op, LDAP_SUCCESS,
NULL, NULL, NULL, NULL );
Update slap_conn to maintain client provided dn and bound dn. Update slap_op to maintain dn and ndn (derived from conn->c_dn). Update ldbm_back_bind to return actual bound dn (including rootdn) for use in slapd_conn. Other backends use client dn. Modify other codes to use ndn (normalized uppercase dn) most everywhere. Aliasing, Suffixing and modrdn could use more work. Applied suffixing to compare and modrdn.
1999-01-19 13:10:50 +08:00
} else if (edn != NULL) {
free( edn );
Initial revision
1998-08-09 08:43:13 +08:00
}
Update slap_conn to maintain client provided dn and bound dn. Update slap_op to maintain dn and ndn (derived from conn->c_dn). Update ldbm_back_bind to return actual bound dn (including rootdn) for use in slapd_conn. Other backends use client dn. Modify other codes to use ndn (normalized uppercase dn) most everywhere. Aliasing, Suffixing and modrdn could use more work. Applied suffixing to compare and modrdn.
1999-01-19 13:10:50 +08:00
Initial revision
1998-08-09 08:43:13 +08:00
} else {
Import experimental referral implementation from OPENLDAP_DEVEL_REFERRALS. Includes support for update referral for each replicated backend. Reworked replication test to use update referral. Includes major rewrite of response encoding codes (result.c). Includes reworked alias support and eliminates old suffix alias codes (can be emulated using named alias). Includes (untested) support for the Manage DSA IT control. Works in LDAPv2 world. Still testing in LDAPv3 world. Added default referral (test009) test.
1999-07-16 10:45:46 +08:00
send_ldap_result( conn, op, rc = LDAP_UNWILLING_TO_PERFORM,
NULL, "Function not implemented", NULL, NULL );
Initial revision
1998-08-09 08:43:13 +08:00
}
Fairly complete slapd SASL bind parsing... and centralized cleanup code. Update error strings and cldap misuse of server error.
1999-07-01 12:42:01 +08:00
cleanup:
Add limited LDAP_INVALID_DN_SYNTAX support. dn_normalize{,_case}() now returns NULL does not meet basic syntax rules.
1999-07-23 01:14:42 +08:00
if( dn != NULL ) {
free( dn );
Update slap_conn to maintain client provided dn and bound dn. Update slap_op to maintain dn and ndn (derived from conn->c_dn). Update ldbm_back_bind to return actual bound dn (including rootdn) for use in slapd_conn. Other backends use client dn. Modify other codes to use ndn (normalized uppercase dn) most everywhere. Aliasing, Suffixing and modrdn could use more work. Applied suffixing to compare and modrdn.
1999-01-19 13:10:50 +08:00
}
if( ndn != NULL ) {
free( ndn );
}
NO-OP SASL parsing... DIGEST-MD5 coming soon.
1999-07-01 11:18:00 +08:00
if ( mech != NULL ) {
free( mech );
}
Initial revision
1998-08-09 08:43:13 +08:00
if ( cred.bv_val != NULL ) {
free( cred.bv_val );
}
Add macros to support testing of error categories to ldap.h Modify ldap_result to assert returned error is not an one reserved for API use. Modify frontend LDAP operation routines to return an error code. The returned value will be used to determine if an unsolicited notification should be sent to the client. Need to review returned error codes. Namely some LDAP_PROTOCOL_ERROR will like need to be changed (as they will cause unsolicited notifications).
1999-07-02 05:20:45 +08:00
return rc;
Initial revision
1998-08-09 08:43:13 +08:00
}
Reference in New Issue Copy Permalink