mirror/openldap
2
0
Fork 0
mirror of https://git.openldap.org/openldap/openldap.git synced 2025-03-01 14:15:49 +08:00
Code Issues Packages Projects Releases Wiki Activity

Move userPassord and krbName authentication routines to the frontend.

Browse Source
This commit is contained in:
Kurt Zeilenga 1999-11-23 19:00:09 +00:00
parent 6b23a78ac1
commit 42bb3e2e85
10 changed files with 85 additions and 148 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
servers/slapd/Makefile.in
View File

@ -14,7 +14,7 @@ SRCS = main.c daemon.c connection.c search.c filter.c add.c charray.c \
dn.c compare.c modify.c delete.c modrdn.c ch_malloc.c \
value.c ava.c bind.c unbind.c abandon.c filterentry.c \
phonetic.c acl.c str2filter.c aclparse.c init.c user.c \
repl.c lock.c controls.c extended.c \
repl.c lock.c controls.c extended.c kerberos.c passwd.c \
schema.c schemaparse.c monitor.c configinfo.c \
root_dse.c sasl.c module.c suffixalias.c $(@PLAT@_SRCS)
@ -23,7 +23,7 @@ OBJS = main.o daemon.o connection.o search.o filter.o add.o charray.o \
dn.o compare.o modify.o delete.o modrdn.o ch_malloc.o \
value.o ava.o bind.o unbind.o abandon.o filterentry.o \
phonetic.o acl.o str2filter.o aclparse.o init.o user.o \
repl.o lock.o controls.o extended.o \
repl.o lock.o controls.o extended.o kerberos.o passwd.o \
schema.o schemaparse.o monitor.o configinfo.o \
root_dse.o sasl.o module.o suffixalias.o $(@PLAT@_OBJS)

4
servers/slapd/back-bdb2/Makefile.in
View File

@ -3,12 +3,12 @@
SRCS = idl.c add.c search.c cache.c dbcache.c dn2id.c entry.c id2entry.c \
index.c id2children.c nextid.c abandon.c compare.c group.c \
modify.c modrdn.c delete.c init.c config.c bind.c attr.c \
filterindex.c unbind.c kerberos.c close.c alias.c startup.c \
filterindex.c unbind.c close.c alias.c startup.c \
timing.c porter.c txn.c tools.c
OBJS = idl.lo add.lo search.lo cache.lo dbcache.lo dn2id.lo entry.lo id2entry.lo \
index.lo id2children.lo nextid.lo abandon.lo compare.lo group.lo \
modify.lo modrdn.lo delete.lo init.lo config.lo bind.lo attr.lo \
filterindex.lo unbind.lo kerberos.lo close.lo alias.lo startup.lo \
filterindex.lo unbind.lo close.lo alias.lo startup.lo \
timing.lo porter.lo txn.lo tools.lo
LDAP_INCDIR= ../../../include

47
servers/slapd/back-bdb2/bind.c
View File

@ -14,51 +14,6 @@
#include "back-bdb2.h"
#include "proto-back-bdb2.h"
#include <lutil.h>
#ifdef HAVE_KERBEROS
extern int bdb2i_krbv4_ldap_auth();
#endif
static int
crypted_value_find(
struct berval **vals,
struct berval *v,
int syntax,
int normalize,
struct berval *cred
)
{
int i;
for ( i = 0; vals[i] != NULL; i++ ) {
if ( syntax != SYNTAX_BIN ) {
int result;
#ifdef SLAPD_CRYPT
ldap_pvt_thread_mutex_lock( &crypt_mutex );
#endif
result = lutil_passwd(
(char*) cred->bv_val,
(char*) vals[i]->bv_val,
NULL );
#ifdef SLAPD_CRYPT
ldap_pvt_thread_mutex_unlock( &crypt_mutex );
#endif
return result;
} else {
if ( value_cmp( vals[i], v, syntax, normalize ) == 0 ) {
return( 0 );
}
}
}
return( 1 );
}
static int
bdb2i_back_bind_internal(
BackendDB *be,
@ -235,7 +190,7 @@ bdb2i_back_bind_internal(
goto return_results;
}
if ( crypted_value_find( a->a_vals, cred, a->a_syntax, 0, cred ) != 0 )
if ( slap_passwd_check( a->a_vals, cred, a->a_syntax, 0, cred ) != 0 )
{
send_ldap_result( conn, op, LDAP_INVALID_CREDENTIALS,
NULL, NULL, NULL, NULL);

49
servers/slapd/back-bdb2/kerberos.c
View File

@ -1,49 +0,0 @@
/* kerberos.c - bdb2 backend kerberos bind routines */
/* $OpenLDAP$ */
#include "portable.h"
#ifdef HAVE_KERBEROS
#include <stdio.h>
#include <ac/krb.h>
#include <ac/socket.h>
#include <ac/string.h>
#include "slap.h"
#include "back-bdb2.h"
#define LDAP_KRB_PRINCIPAL "ldapserver"
extern char *ldap_srvtab;
extern Attribute *attr_find();
bdb2i_krbv4_ldap_auth(
BackendDB *be,
struct berval *cred,
AUTH_DAT *ad
)
{
KTEXT_ST k;
KTEXT ktxt = &k;
char instance[INST_SZ];
int err;
Debug( LDAP_DEBUG_TRACE, "=> kerberosv4_ldap_auth\n", 0, 0, 0 );
SAFEMEMCPY( ktxt->dat, cred->bv_val, cred->bv_len );
ktxt->length = cred->bv_len;
strcpy( instance, "*" );
if ( (err = krb_rd_req( ktxt, LDAP_KRB_PRINCIPAL, instance, 0L, ad,
ldap_srvtab )) != KSUCCESS ) {
Debug( LDAP_DEBUG_ANY, "krb_rd_req failed (%s)\n",
krb_err_txt[err], 0, 0 );
return( LDAP_INVALID_CREDENTIALS );
}
return( LDAP_SUCCESS );
}
#endif /* kerberos */

4
servers/slapd/back-ldbm/Makefile.in
View File

@ -3,11 +3,11 @@
SRCS = idl.c add.c search.c cache.c dbcache.c dn2id.c entry.c id2entry.c \
index.c id2children.c nextid.c abandon.c compare.c group.c \
modify.c modrdn.c delete.c init.c config.c bind.c attr.c \
filterindex.c unbind.c kerberos.c close.c alias.c tools.c
filterindex.c unbind.c close.c alias.c tools.c
OBJS = idl.lo add.lo search.lo cache.lo dbcache.lo dn2id.lo entry.lo id2entry.lo \
index.lo id2children.lo nextid.lo abandon.lo compare.lo group.lo \
modify.lo modrdn.lo delete.lo init.lo config.lo bind.lo attr.lo \
filterindex.lo unbind.lo kerberos.lo close.lo alias.lo tools.lo
filterindex.lo unbind.lo close.lo alias.lo tools.lo
LDAP_INCDIR= ../../../include
LDAP_LIBDIR= ../../../libraries

47
servers/slapd/back-ldbm/bind.c
View File

@ -18,51 +18,6 @@
#include "back-ldbm.h"
#include "proto-back-ldbm.h"
#include <lutil.h>
#ifdef HAVE_KERBEROS
extern int krbv4_ldap_auth();
#endif
static int
crypted_value_find(
struct berval **vals,
struct berval *v,
int syntax,
int normalize,
struct berval *cred
)
{
int i;
for ( i = 0; vals[i] != NULL; i++ ) {
if ( syntax != SYNTAX_BIN ) {
int result;
#ifdef SLAPD_CRYPT
ldap_pvt_thread_mutex_lock( &crypt_mutex );
#endif
result = lutil_passwd(
(char*) cred->bv_val,
(char*) vals[i]->bv_val,
NULL );
#ifdef SLAPD_CRYPT
ldap_pvt_thread_mutex_unlock( &crypt_mutex );
#endif
return result;
} else {
if ( value_cmp( vals[i], v, syntax, normalize ) == 0 ) {
return( 0 );
}
}
}
return( 1 );
}
int
ldbm_back_bind(
Backend *be,
@ -242,7 +197,7 @@ ldbm_back_bind(
goto return_results;
}
if ( crypted_value_find( a->a_vals, cred, a->a_syntax, 0, cred ) != 0 )
if ( slap_passwd_check( a->a_vals, cred, a->a_syntax, 0, cred ) != 0 )
{
send_ldap_result( conn, op, LDAP_INVALID_CREDENTIALS,
NULL, NULL, NULL, NULL );

0
servers/slapd/back-ldbm/kerberos.c → servers/slapd/kerberos.c
View File

59
servers/slapd/passwd.c Normal file
View File

@ -0,0 +1,59 @@
/* bind.c - ldbm backend bind and unbind routines */
/* $OpenLDAP$ */
/*
* Copyright 1998-1999 The OpenLDAP Foundation, All Rights Reserved.
* COPYING RESTRICTIONS APPLY, see COPYRIGHT file
*/
#include "portable.h"
#include <stdio.h>
#include <ac/krb.h>
#include <ac/socket.h>
#include <ac/string.h>
#include <ac/unistd.h>
#include "slap.h"
#include <lutil.h>
int
slap_passwd_check(
struct berval **vals,
struct berval *v,
int syntax,
int normalize,
struct berval *cred
)
{
int i;
for ( i = 0; vals[i] != NULL; i++ ) {
if ( syntax == SYNTAX_BIN ) {
int result;
#ifdef SLAPD_CRYPT
ldap_pvt_thread_mutex_lock( &crypt_mutex );
#endif
result = lutil_passwd(
(char*) cred->bv_val,
(char*) vals[i]->bv_val,
NULL );
#ifdef SLAPD_CRYPT
ldap_pvt_thread_mutex_unlock( &crypt_mutex );
#endif
return result;
} else {
if ( value_cmp( vals[i], v, syntax, normalize ) == 0 ) {
return( 0 );
}
}
}
return( 1 );
}

17
servers/slapd/proto-slap.h
View File

@ -438,6 +438,23 @@ int value_find LDAP_P(( struct berval **vals, struct berval *v, int syntax,
void slap_init_user LDAP_P(( char *username, char *groupname ));
#endif
/*
* passwd.c
*/
int slap_passwd_check(
struct berval **vals,
struct berval *v,
int syntax,
int normalize,
struct berval *cred );
/*
* kerberos.c
*/
#ifdef HAVE_KERBEROS
extern int krbv4_ldap_auth();
#endif
/*
* Other...
*/

2
servers/slapd/tools/Makefile.in
View File

@ -53,7 +53,7 @@ SLAPD_OBJS = ../config.o ../ch_malloc.o ../backend.o ../charray.o \
../module.o ../aclparse.o ../schema.o ../filterentry.o \
../acl.o ../phonetic.o ../attr.o ../value.o ../entry.o \
../dn.o ../filter.o ../str2filter.o ../ava.o ../init.o \
../controls.o ../schemaparse.o
../controls.o ../schemaparse.o ../kerberos.o ../passwd.o
SLAPOBJS = $(SLAPD_OBJS) slapcommon.o mimic.o
EDB2LDIFSRCS = edb2ldif.c ldapsyntax.c