/* bind.c */ /* $OpenLDAP$ */ /* This work is part of OpenLDAP Software . * * Copyright 1998-2003 The OpenLDAP Foundation. * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted only as authorized by the OpenLDAP * Public License. * * A copy of this license is available in the file LICENSE in the * top-level directory of the distribution or, alternatively, at * . */ /* Portions Copyright (c) 1990 Regents of the University of Michigan. * All rights reserved. */ /* Portions Copyright (C) The Internet Society (1997) * ASN.1 fragments are from RFC 2251; see RFC for full legal notices. */ /* * BindRequest ::= SEQUENCE { * version INTEGER, * name DistinguishedName, -- who * authentication CHOICE { * simple [0] OCTET STRING -- passwd #ifdef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND * krbv42ldap [1] OCTET STRING * krbv42dsa [2] OCTET STRING #endif * sasl [3] SaslCredentials -- LDAPv3 * } * } * * BindResponse ::= SEQUENCE { * COMPONENTS OF LDAPResult, * serverSaslCreds OCTET STRING OPTIONAL -- LDAPv3 * } * */ #include "portable.h" #include #include #include #include #include #include "ldap-int.h" #include "ldap_log.h" /* * ldap_bind - bind to the ldap server (and X.500). The dn and password * of the entry to which to bind are supplied, along with the authentication * method to use. The msgid of the bind request is returned on success, * -1 if there's trouble. Note, the kerberos support assumes the user already * has a valid tgt for now. ldap_result() should be called to find out the * outcome of the bind request. * * Example: * ldap_bind( ld, "cn=manager, o=university of michigan, c=us", "secret", * LDAP_AUTH_SIMPLE ) */ int ldap_bind( LDAP *ld, LDAP_CONST char *dn, LDAP_CONST char *passwd, int authmethod ) { #ifdef NEW_LOGGING LDAP_LOG ( OPERATION, ENTRY, "ldap_bind\n", 0, 0, 0 ); #else Debug( LDAP_DEBUG_TRACE, "ldap_bind\n", 0, 0, 0 ); #endif switch ( authmethod ) { case LDAP_AUTH_SIMPLE: return( ldap_simple_bind( ld, dn, passwd ) ); #ifdef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND case LDAP_AUTH_KRBV41: return( ldap_kerberos_bind1( ld, dn ) ); case LDAP_AUTH_KRBV42: return( ldap_kerberos_bind2( ld, dn ) ); #endif case LDAP_AUTH_SASL: /* user must use ldap_sasl_bind */ /* FALL-THRU */ default: ld->ld_errno = LDAP_AUTH_UNKNOWN; return( -1 ); } } /* * ldap_bind_s - bind to the ldap server (and X.500). The dn and password * of the entry to which to bind are supplied, along with the authentication * method to use. This routine just calls whichever bind routine is * appropriate and returns the result of the bind (e.g. LDAP_SUCCESS or * some other error indication). Note, the kerberos support assumes the * user already has a valid tgt for now. * * Examples: * ldap_bind_s( ld, "cn=manager, o=university of michigan, c=us", * "secret", LDAP_AUTH_SIMPLE ) * ldap_bind_s( ld, "cn=manager, o=university of michigan, c=us", * NULL, LDAP_AUTH_KRBV4 ) */ int ldap_bind_s( LDAP *ld, LDAP_CONST char *dn, LDAP_CONST char *passwd, int authmethod ) { #ifdef NEW_LOGGING LDAP_LOG ( OPERATION, ENTRY, "ldap_bind_s\n", 0, 0, 0 ); #else Debug( LDAP_DEBUG_TRACE, "ldap_bind_s\n", 0, 0, 0 ); #endif switch ( authmethod ) { case LDAP_AUTH_SIMPLE: return( ldap_simple_bind_s( ld, dn, passwd ) ); #ifdef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND case LDAP_AUTH_KRBV4: return( ldap_kerberos_bind_s( ld, dn ) ); case LDAP_AUTH_KRBV41: return( ldap_kerberos_bind1_s( ld, dn ) ); case LDAP_AUTH_KRBV42: return( ldap_kerberos_bind2_s( ld, dn ) ); #endif case LDAP_AUTH_SASL: /* user must use ldap_sasl_bind */ /* FALL-THRU */ default: return( ld->ld_errno = LDAP_AUTH_UNKNOWN ); } }