bind.c 3.83 KB
Newer Older
Kurt Zeilenga's avatar
Kurt Zeilenga committed
1
2
/* bind.c - bdb backend bind routine */
/* $OpenLDAP$ */
Kurt Zeilenga's avatar
Notices    
Kurt Zeilenga committed
3
4
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
 *
Kurt Zeilenga's avatar
Kurt Zeilenga committed
5
 * Copyright 2000-2010 The OpenLDAP Foundation.
Kurt Zeilenga's avatar
Notices    
Kurt Zeilenga committed
6
7
8
9
10
11
12
13
14
 * All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted only as authorized by the OpenLDAP
 * Public License.
 *
 * A copy of this license is available in the file LICENSE in the
 * top-level directory of the distribution or, alternatively, at
 * <http://www.OpenLDAP.org/license.html>.
Kurt Zeilenga's avatar
Kurt Zeilenga committed
15
16
17
18
19
20
21
22
23
24
25
 */

#include "portable.h"

#include <stdio.h>
#include <ac/string.h>
#include <ac/unistd.h>

#include "back-bdb.h"

int
26
bdb_bind( Operation *op, SlapReply *rs )
Kurt Zeilenga's avatar
Kurt Zeilenga committed
27
{
28
	struct bdb_info *bdb = (struct bdb_info *) op->o_bd->be_private;
Kurt Zeilenga's avatar
Kurt Zeilenga committed
29
30
	Entry		*e;
	Attribute	*a;
Howard Chu's avatar
Howard Chu committed
31
	EntryInfo	*ei;
Kurt Zeilenga's avatar
Kurt Zeilenga committed
32
33
34

	AttributeDescription *password = slap_schema.si_ad_userPassword;

35
	DB_TXN		*rtxn;
36
37
	DB_LOCK		lock;

38
	Debug( LDAP_DEBUG_ARGS,
39
40
		"==> " LDAP_XSTRING(bdb_bind) ": dn: %s\n",
		op->o_req_dn.bv_val, 0, 0);
Kurt Zeilenga's avatar
Kurt Zeilenga committed
41

42
43
44
45
	/* allow noauth binds */
	switch ( be_rootdn_bind( op, NULL ) ) {
	case LDAP_SUCCESS:
		/* frontend will send result */
Quanah Gibson-Mount's avatar
Quanah Gibson-Mount committed
46
		return rs->sr_err = LDAP_SUCCESS;
47
48

	default:
Quanah Gibson-Mount's avatar
Quanah Gibson-Mount committed
49
		/* give the database a chance */
50
51
52
53
54
		/* NOTE: this behavior departs from that of other backends,
		 * since the others, in case of password checking failure
		 * do not give the database a chance.  If an entry with
		 * rootdn's name does not exist in the database the result
		 * will be the same.  See ITS#4962 for discussion. */
55
		break;
56
57
	}

58
	rs->sr_err = bdb_reader_get(op, bdb->bi_dbenv, &rtxn);
59
	switch(rs->sr_err) {
60
61
62
	case 0:
		break;
	default:
63
64
65
		rs->sr_text = "internal error";
		send_ldap_result( op, rs );
		return rs->sr_err;
66
	}
67
68

dn2entry_retry:
69
	/* get entry with reader lock */
70
71
	rs->sr_err = bdb_dn2entry( op, rtxn, &op->o_req_ndn, &ei, 1,
		&lock );
Kurt Zeilenga's avatar
Kurt Zeilenga committed
72

73
	switch(rs->sr_err) {
Kurt Zeilenga's avatar
Kurt Zeilenga committed
74
75
76
	case DB_NOTFOUND:
	case 0:
		break;
Jong Hyuk Choi's avatar
Jong Hyuk Choi committed
77
	case LDAP_BUSY:
78
		send_ldap_error( op, rs, LDAP_BUSY, "ldap_server_busy" );
Jong Hyuk Choi's avatar
Jong Hyuk Choi committed
79
		return LDAP_BUSY;
80
81
82
	case DB_LOCK_DEADLOCK:
	case DB_LOCK_NOTGRANTED:
		goto dn2entry_retry;
Kurt Zeilenga's avatar
Kurt Zeilenga committed
83
	default:
84
85
		send_ldap_error( op, rs, LDAP_OTHER, "internal error" );
		return rs->sr_err;
Kurt Zeilenga's avatar
Kurt Zeilenga committed
86
87
	}

Howard Chu's avatar
Howard Chu committed
88
89
90
	e = ei->bei_e;
	if ( rs->sr_err == DB_NOTFOUND ) {
		if( e != NULL ) {
Howard Chu's avatar
Howard Chu committed
91
			bdb_cache_return_entry_r( bdb, e, &lock );
Howard Chu's avatar
Howard Chu committed
92
			e = NULL;
Kurt Zeilenga's avatar
Kurt Zeilenga committed
93
94
		}

95
96
		rs->sr_err = LDAP_INVALID_CREDENTIALS;
		send_ldap_result( op, rs );
Kurt Zeilenga's avatar
Kurt Zeilenga committed
97

98
		return rs->sr_err;
Kurt Zeilenga's avatar
Kurt Zeilenga committed
99
100
	}

101
	ber_dupbv( &op->oq_bind.rb_edn, &e->e_name );
Kurt Zeilenga's avatar
Kurt Zeilenga committed
102
103

	/* check for deleted */
104
105
	if ( is_entry_subentry( e ) ) {
		/* entry is an subentry, don't allow bind */
Julius Enarusai's avatar
   
Julius Enarusai committed
106
		Debug( LDAP_DEBUG_TRACE, "entry is subentry\n", 0,
107
			0, 0 );
108
		rs->sr_err = LDAP_INVALID_CREDENTIALS;
109
110
		goto done;
	}
Kurt Zeilenga's avatar
Kurt Zeilenga committed
111
112
113

	if ( is_entry_alias( e ) ) {
		/* entry is an alias, don't allow bind */
114
115
		Debug( LDAP_DEBUG_TRACE, "entry is alias\n", 0, 0, 0 );
		rs->sr_err = LDAP_INVALID_CREDENTIALS;
Kurt Zeilenga's avatar
Kurt Zeilenga committed
116
117
118
119
120
		goto done;
	}

	if ( is_entry_referral( e ) ) {
		Debug( LDAP_DEBUG_TRACE, "entry is referral\n", 0,
121
			0, 0 );
122
		rs->sr_err = LDAP_INVALID_CREDENTIALS;
Kurt Zeilenga's avatar
Kurt Zeilenga committed
123
124
125
		goto done;
	}

126
	switch ( op->oq_bind.rb_method ) {
Kurt Zeilenga's avatar
Kurt Zeilenga committed
127
	case LDAP_AUTH_SIMPLE:
128
129
		a = attr_find( e->e_attrs, password );
		if ( a == NULL ) {
130
			rs->sr_err = LDAP_INVALID_CREDENTIALS;
Kurt Zeilenga's avatar
Kurt Zeilenga committed
131
132
133
			goto done;
		}

134
135
		if ( slap_passwd_check( op, e, a, &op->oq_bind.rb_cred,
					&rs->sr_text ) != 0 )
136
		{
137
			/* failure; stop front end from sending result */
138
			rs->sr_err = LDAP_INVALID_CREDENTIALS;
Kurt Zeilenga's avatar
Kurt Zeilenga committed
139
140
			goto done;
		}
141
			
142
		rs->sr_err = 0;
Kurt Zeilenga's avatar
Kurt Zeilenga committed
143
144
145
		break;

	default:
Howard Chu's avatar
Howard Chu committed
146
		assert( 0 ); /* should not be reachable */
Howard Chu's avatar
Howard Chu committed
147
148
		rs->sr_err = LDAP_STRONG_AUTH_NOT_SUPPORTED;
		rs->sr_text = "authentication method not supported";
Kurt Zeilenga's avatar
Kurt Zeilenga committed
149
150
151
152
	}

done:
	/* free entry and reader lock */
153
	if( e != NULL ) {
Howard Chu's avatar
Howard Chu committed
154
		bdb_cache_return_entry_r( bdb, e, &lock );
155
	}
Kurt Zeilenga's avatar
Kurt Zeilenga committed
156

Howard Chu's avatar
Howard Chu committed
157
158
159
160
161
162
163
	if ( rs->sr_err ) {
		send_ldap_result( op, rs );
		if ( rs->sr_ref ) {
			ber_bvarray_free( rs->sr_ref );
			rs->sr_ref = NULL;
		}
	}
164
165
	/* front end will send result on success (rs->sr_err==0) */
	return rs->sr_err;
Kurt Zeilenga's avatar
Kurt Zeilenga committed
166
}