Cleanup

2025-01-06 10:46:21 +08:00 · 2004-03-27 18:19:12 +00:00 · 2004-03-27 18:19:12 +00:00 · 9b9127eb3f
commit 9b9127eb3f
parent c1b50022e5
1 changed files with 33 additions and 14 deletions
--- a/servers/slapd/bind.c
+++ b/servers/slapd/bind.c
@ -433,8 +433,8 @@ do_bind(
 			send_ldap_result( op, rs );
 #ifdef NEW_LOGGING
 			LDAP_LOG( OPERATION, DETAIL1, 
-				   "do_bind: conn %d  v%d anonymous bind\n",
-				   op->o_connid, version , 0 );
+				"do_bind: conn %d  v%d anonymous bind\n",
+				op->o_connid, version , 0 );
 #else
 			Debug( LDAP_DEBUG_TRACE, "do_bind: v%d anonymous bind\n",
 				version, 0, 0 );
@ -460,26 +460,42 @@ do_bind(
 		}

 #ifdef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND
-	} else if ( op->orb_method == LDAP_AUTH_KRBV41 ||
-		op->orb_method == LDAP_AUTH_KRBV42 )
-	{
+	} else if ( op->orb_method == LDAP_AUTH_KRBV41 ) {
 		if ( global_disallows & SLAP_DISALLOW_BIND_KRBV4 ) {
-			/* disallow simple authentication */
+			/* disallow krbv4 authentication */
 			rs->sr_err = LDAP_UNWILLING_TO_PERFORM;
 			rs->sr_text = "unwilling to perform Kerberos V4 bind";

 			send_ldap_result( op, rs );
+
 #ifdef NEW_LOGGING
 			LDAP_LOG( OPERATION, DETAIL1, 
-				"do_bind: conn %d  v%d Kerberos V4 bind\n",
+				"do_bind: conn %d  v%d Kerberos V4 (step 1) bind refused\n",
 				op->o_connid, version , 0 );
 #else
-			Debug( LDAP_DEBUG_TRACE, "do_bind: v%d Kerberos V4 bind\n",
+			Debug( LDAP_DEBUG_TRACE,
+				"do_bind: v%d Kerberos V4 (step 1) bind refused\n",
 				version, 0, 0 );
 #endif
 			goto cleanup;
 		}
 		ber_str2bv( "KRBV4", sizeof("KRBV4")-1, 0, &mech );
+
+	} else if ( op->orb_method == LDAP_AUTH_KRBV42 ) {
+		rs->sr_err = LDAP_AUTH_METHOD_NOT_SUPPORTED;
+		rs->sr_text = "Kerberos V4 (step 2) bind not supported";
+		send_ldap_result( op, rs );
+
+#ifdef NEW_LOGGING
+		LDAP_LOG( OPERATION, DETAIL1, 
+			"do_bind: conn %d  v%d Kerberos V4 (step 2) bind refused\n",
+			op->o_connid, version , 0 );
+#else
+		Debug( LDAP_DEBUG_TRACE,
+			"do_bind: v%d Kerberos V4 (step 2) bind refused\n",
+			version, 0, 0 );
+#endif
+		goto cleanup;
 #endif

 	} else {
@ -531,7 +547,7 @@ do_bind(
 		goto cleanup;
 	}

-#if defined( LDAP_SLAPI )
+#ifdef LDAP_SLAPI
 	if ( pb ) {
 		int rc;
 		slapi_int_pblock_set_operation( pb, op );
@ -577,7 +593,8 @@ do_bind(
 			op->orb_edn.bv_len = 0;

 			if ( rs->sr_err == LDAP_SUCCESS ) {
-				slapi_pblock_get( pb, SLAPI_CONN_DN, (void *)&op->orb_edn.bv_val );
+				slapi_pblock_get( pb, SLAPI_CONN_DN,
+					(void *)&op->orb_edn.bv_val );
 				if ( op->orb_edn.bv_val == NULL ) {
 					if ( rc == 1 ) {
 						/* No plugins were called; continue. */
@ -614,7 +631,7 @@ do_bind(
 			break;
 		}
 	}
-#endif /* defined( LDAP_SLAPI ) */
+#endif /* LDAP_SLAPI */

 	if( op->o_bd->be_bind ) {
 		rs->sr_err = (op->o_bd->be_bind)( op, rs );
@ -671,8 +688,10 @@ do_bind(
 			"operation not supported within naming context" );
 	}

-#if defined( LDAP_SLAPI )
-	if ( pb != NULL && slapi_int_call_plugins( op->o_bd, SLAPI_PLUGIN_POST_BIND_FN, pb ) < 0 ) {
+#ifdef LDAP_SLAPI
+	if ( pb != NULL &&
+		slapi_int_call_plugins( op->o_bd, SLAPI_PLUGIN_POST_BIND_FN, pb ) < 0 )
+	{
 #ifdef NEW_LOGGING
 		LDAP_LOG( OPERATION, INFO,
 			"do_bind: Bind postoperation plugins failed\n",
@ -683,7 +702,7 @@ do_bind(
 			0, 0, 0);
 #endif
 	}
-#endif /* defined( LDAP_SLAPI ) */
+#endif /* LDAP_SLAPI */

 cleanup:
 	if ( rs->sr_err == LDAP_SUCCESS ) {