mirror of
https://git.openldap.org/openldap/openldap.git
synced 2024-12-21 03:10:25 +08:00
6437785a82
simple bind via: {KERBEROS}principal Code is disabled by default (for security reasons). Use --enable-kpasswd to enable. Behind SLAPD_KPASSWD. Reworked Kerberos detection and split out KBIND as independent feature (--disable-kbind) (LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND). KBIND depends upon detection of KRB4 (or KRB425) support. Detection, building with eBones (as distributed with FreeBSD 3.4) okay, but wasn't able to test as I don't have a K4 KDC handy. --with-kerberos has a number of detection options... most likely don't work properly.
53 lines
1.1 KiB
C
53 lines
1.1 KiB
C
/* kerberos.c - ldbm backend kerberos bind routines */
|
|
/* $OpenLDAP$ */
|
|
/*
|
|
* Copyright 1998-1999 The OpenLDAP Foundation, All Rights Reserved.
|
|
* COPYING RESTRICTIONS APPLY, see COPYRIGHT file
|
|
*/
|
|
|
|
#include "portable.h"
|
|
|
|
#ifdef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND
|
|
|
|
#include <stdio.h>
|
|
|
|
#include <ac/krb.h>
|
|
#include <ac/socket.h>
|
|
#include <ac/string.h>
|
|
|
|
#include "slap.h"
|
|
|
|
#define LDAP_KRB_PRINCIPAL "ldapserver"
|
|
|
|
extern char *ldap_srvtab;
|
|
extern Attribute *attr_find();
|
|
|
|
krbv4_ldap_auth(
|
|
Backend *be,
|
|
struct berval *cred,
|
|
AUTH_DAT *ad
|
|
)
|
|
{
|
|
KTEXT_ST k;
|
|
KTEXT ktxt = &k;
|
|
char instance[INST_SZ];
|
|
int err;
|
|
|
|
Debug( LDAP_DEBUG_TRACE, "=> kerberosv4_ldap_auth\n", 0, 0, 0 );
|
|
|
|
SAFEMEMCPY( ktxt->dat, cred->bv_val, cred->bv_len );
|
|
ktxt->length = cred->bv_len;
|
|
|
|
strcpy( instance, "*" );
|
|
if ( (err = krb_rd_req( ktxt, LDAP_KRB_PRINCIPAL, instance, 0L, ad,
|
|
ldap_srvtab )) != KSUCCESS ) {
|
|
Debug( LDAP_DEBUG_ANY, "krb_rd_req failed (%s)\n",
|
|
krb_err_txt[err], 0, 0 );
|
|
return( LDAP_INVALID_CREDENTIALS );
|
|
}
|
|
|
|
return( LDAP_SUCCESS );
|
|
}
|
|
|
|
#endif /* kerberos */
|