mirror/openldap
2
0
Fork 0
mirror of https://git.openldap.org/openldap/openldap.git synced 2025-01-24 13:24:56 +08:00
Code Issues Packages Projects Releases Wiki Activity

ITS#3845 allow rootpw to be used for rootdn SASL binds, based on

Browse Source 
patch from Jason Townsend
This commit is contained in:
Howard Chu 2005-08-14 08:00:54 +00:00
parent 9873eb7ab0
commit 9326c2b313
1 changed files with 70 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

53
servers/slapd/sasl.c
View File

@ -202,6 +202,14 @@ sasl_ap_lookup( Operation *op, SlapReply *rs )
"slap_ap_lookup: str2ad(%s): %s\n", name, text, 0 ); "slap_ap_lookup: str2ad(%s): %s\n", name, text, 0 );
continue; continue;
} }
/* If it's the rootdn and a rootpw was present, we already set
* it so don't override it here.
*/
if ( ad == slap_schema.si_ad_userPassword && sl->list[i].values &&
be_isroot_dn( op->o_bd, &op->o_req_ndn ))
continue;
a = attr_find( rs->sr_entry->e_attrs, ad ); a = attr_find( rs->sr_entry->e_attrs, ad );
if ( !a ) continue; if ( !a ) continue;
if ( ! access_allowed( op, rs->sr_entry, ad, NULL, ACL_AUTH, NULL ) ) { if ( ! access_allowed( op, rs->sr_entry, ad, NULL, ACL_AUTH, NULL ) ) {
@ -318,7 +326,49 @@ slap_auxprop_lookup(
op.o_bd = select_backend( &op.o_req_ndn, 0, 1 ); op.o_bd = select_backend( &op.o_req_ndn, 0, 1 );
if ( op.o_bd && op.o_bd->be_search ) { if ( op.o_bd ) {
/* For rootdn, see if we can use the rootpw */
if ( be_isroot_dn( op.o_bd, &op.o_req_ndn ) &&
!BER_BVISEMPTY( &op.o_bd->be_rootpw )) {
struct berval cbv = BER_BVNULL;
/* If there's a recognized scheme, see if it's CLEARTEXT */
if ( lutil_passwd_scheme( op.o_bd->be_rootpw.bv_val )) {
if ( !strncasecmp( op.o_bd->be_rootpw.bv_val,
sc_cleartext.bv_val, sc_cleartext.bv_len )) {
/* If it's CLEARTEXT, skip past scheme spec */
cbv.bv_len = op.o_bd->be_rootpw.bv_len -
sc_cleartext.bv_len;
if ( cbv.bv_len ) {
cbv.bv_val = op.o_bd->be_rootpw.bv_val +
sc_cleartext.bv_len;
}
}
/* No scheme, use the whole value */
} else {
cbv = op.o_bd->be_rootpw;
}
if ( !BER_BVISEMPTY( &cbv )) {
for( i = 0; sl.list[i].name; i++ ) {
const char *name = sl.list[i].name;
if ( name[0] == '*' ) {
if ( flags & SASL_AUXPROP_AUTHZID ) continue;
name++;
} else if ( !(flags & SASL_AUXPROP_AUTHZID ) )
continue;
if ( !strcasecmp(name,"userPassword") ) {
sl.sparams->utils->prop_set( sl.sparams->propctx,
sl.list[i].name, cbv.bv_val, cbv.bv_len );
break;
}
}
}
}
if ( op.o_bd->be_search ) {
SlapReply rs = {REP_RESULT}; SlapReply rs = {REP_RESULT};
op.o_hdr = conn->c_sasl_bindop->o_hdr; op.o_hdr = conn->c_sasl_bindop->o_hdr;
op.o_tag = LDAP_REQ_SEARCH; op.o_tag = LDAP_REQ_SEARCH;
@ -341,6 +391,7 @@ slap_auxprop_lookup(
} }
} }
} }
}
#if SASL_VERSION_FULL >= 0x020110 #if SASL_VERSION_FULL >= 0x020110
static int static int