mirror/openldap
2
0
Fork 0
mirror of https://git.openldap.org/openldap/openldap.git synced 2025-01-18 11:05:48 +08:00
Code Issues Packages Projects Releases Wiki Activity

Rework bind restrictions

Browse Source
This commit is contained in:
Kurt Zeilenga 2000-08-28 23:37:44 +00:00
parent 102f12a71a
commit 4e8973e6cb
2 changed files with 9 additions and 34 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
servers/slapd/backend.c
View File

@ -682,10 +682,8 @@ backend_check_restrictions(
return LDAP_OTHER; return LDAP_OTHER;
} }
if( ( extoid == NULL || strcmp( extoid, LDAP_EXOP_START_TLS ) ) if (( extoid == NULL || strcmp( extoid, LDAP_EXOP_START_TLS ) ) ) {
&& op->o_tag != LDAP_REQ_BIND ) /* these checks don't apply to StartTLS */
{
/* these checks don't apply to bind nor StartTLS */
if( op->o_tag == LDAP_REQ_EXTENDED ) { if( op->o_tag == LDAP_REQ_EXTENDED ) {
/* threat other extended operations as update ops */ /* threat other extended operations as update ops */
@ -727,6 +725,12 @@ backend_check_restrictions(
return LDAP_CONFIDENTIALITY_REQUIRED; return LDAP_CONFIDENTIALITY_REQUIRED;
} }
} }
}
if (( extoid == NULL || strcmp( extoid, LDAP_EXOP_START_TLS ) )
|| op->o_tag == LDAP_REQ_BIND )
{
/* these checks don't apply to StartTLS or Bind */
if( requires & SLAP_REQUIRE_STRONG ) { if( requires & SLAP_REQUIRE_STRONG ) {
/* should check mechanism */ /* should check mechanism */
@ -777,9 +781,7 @@ backend_check_restrictions(
} }
if( restrictops & opflag ) { if( restrictops & opflag ) {
if( (restrictops & SLAP_RESTRICT_OP_READS) if( restrictops == SLAP_RESTRICT_OP_READS ) {
== SLAP_RESTRICT_OP_READS )
{
*text = "read operations restricted"; *text = "read operations restricted";
} else { } else {
*text = "operation restricted"; *text = "operation restricted";

27
servers/slapd/bind.c
View File

@ -346,33 +346,6 @@ do_bind(
goto cleanup; goto cleanup;
} }
if( op->o_ssf < be->be_ssf_set.sss_ssf ) {
text = "confidentiality required";
rc = LDAP_CONFIDENTIALITY_REQUIRED;
} else if( op->o_transport_ssf < be->be_ssf_set.sss_transport ) {
text = "transport confidentiality required";
rc = LDAP_CONFIDENTIALITY_REQUIRED;
} else if( op->o_tls_ssf < be->be_ssf_set.sss_tls ) {
text = "TLS confidentiality required";
rc = LDAP_CONFIDENTIALITY_REQUIRED;
} else if( op->o_sasl_ssf < be->be_ssf_set.sss_sasl ) {
text = "SASL confidentiality required";
rc = LDAP_CONFIDENTIALITY_REQUIRED;
} else if( be->be_restrictops & SLAP_RESTRICT_OP_BIND ) {
text = "bind operation restricted";
rc = LDAP_UNWILLING_TO_PERFORM;
}
if( rc != LDAP_SUCCESS ) {
send_ldap_result( conn, op, rc,
NULL, text, NULL, NULL );
goto cleanup;
}
conn->c_authz_backend = be; conn->c_authz_backend = be;
if ( be->be_bind ) { if ( be->be_bind ) {