Move userPassord and krbName authentication routines to the frontend.

42bb3e2e · Kurt Zeilenga · 6b23a78a · 42bb3e2e · 42bb3e2e · 42bb3e2e
Commit 42bb3e2e authored 25 years ago by Kurt Zeilenga
--- a/servers/slapd/Makefile.in
+++ b/servers/slapd/Makefile.in
@@ -14,7 +14,7 @@ SRCS	= main.c daemon.c connection.c search.c filter.c add.c charray.c \
 		dn.c compare.c modify.c delete.c modrdn.c ch_malloc.c \
 		value.c ava.c bind.c unbind.c abandon.c filterentry.c \
 		phonetic.c acl.c str2filter.c aclparse.c init.c user.c \
-		repl.c lock.c controls.c extended.c \
+		repl.c lock.c controls.c extended.c kerberos.c passwd.c \
 		schema.c schemaparse.c monitor.c configinfo.c \
 		root_dse.c sasl.c module.c suffixalias.c $(@PLAT@_SRCS)

@@ -23,7 +23,7 @@ OBJS	= main.o daemon.o connection.o search.o filter.o add.o charray.o \
 		dn.o compare.o modify.o delete.o modrdn.o ch_malloc.o \
 		value.o ava.o bind.o unbind.o abandon.o filterentry.o \
 		phonetic.o acl.o str2filter.o aclparse.o init.o user.o \
-		repl.o lock.o controls.o extended.o \
+		repl.o lock.o controls.o extended.o kerberos.o passwd.o \
 		schema.o schemaparse.o monitor.o configinfo.o \
 		root_dse.o sasl.o module.o suffixalias.o $(@PLAT@_OBJS)


--- a/servers/slapd/back-bdb2/Makefile.in
+++ b/servers/slapd/back-bdb2/Makefile.in
@@ -3,12 +3,12 @@
 SRCS	= idl.c add.c search.c cache.c dbcache.c dn2id.c entry.c id2entry.c \
 		index.c id2children.c nextid.c abandon.c compare.c group.c \
 		modify.c modrdn.c delete.c init.c config.c bind.c attr.c \
-		filterindex.c unbind.c kerberos.c close.c alias.c startup.c \
+		filterindex.c unbind.c close.c alias.c startup.c \
 		timing.c porter.c txn.c tools.c
 OBJS	= idl.lo add.lo search.lo cache.lo dbcache.lo dn2id.lo entry.lo id2entry.lo \
 		index.lo id2children.lo nextid.lo abandon.lo compare.lo group.lo \
 		modify.lo modrdn.lo delete.lo init.lo config.lo bind.lo attr.lo \
-		filterindex.lo unbind.lo kerberos.lo close.lo alias.lo startup.lo \
+		filterindex.lo unbind.lo close.lo alias.lo startup.lo \
 		timing.lo porter.lo txn.lo tools.lo

 LDAP_INCDIR= ../../../include       

--- a/servers/slapd/back-bdb2/bind.c
+++ b/servers/slapd/back-bdb2/bind.c
@@ -14,51 +14,6 @@
 #include "back-bdb2.h"
 #include "proto-back-bdb2.h"

-#include <lutil.h>
-
-#ifdef HAVE_KERBEROS
-extern int	bdb2i_krbv4_ldap_auth();
-#endif
-
-static int
-crypted_value_find(
-	struct berval       **vals,
-	struct berval       *v,
-	int                 syntax,
-	int                 normalize,
-	struct berval		*cred
-)
-{
-	int     i;
-	for ( i = 0; vals[i] != NULL; i++ ) {
-		if ( syntax != SYNTAX_BIN ) {
-			int result;
-
-#ifdef SLAPD_CRYPT
-			ldap_pvt_thread_mutex_lock( &crypt_mutex );
-#endif
-
-			result = lutil_passwd(
-				(char*) cred->bv_val,
-				(char*) vals[i]->bv_val,
-				NULL );
-
-#ifdef SLAPD_CRYPT
-			ldap_pvt_thread_mutex_unlock( &crypt_mutex );
-#endif
-
-			return result;
-
-		} else {
-                if ( value_cmp( vals[i], v, syntax, normalize ) == 0 ) {
-                        return( 0 );
-                }
-        }
-	}
-
-	return( 1 );
-}
-
 static int
 bdb2i_back_bind_internal(
    BackendDB		*be,
@@ -235,7 +190,7 @@ bdb2i_back_bind_internal(
 			goto return_results;
 		}

-		if ( crypted_value_find( a->a_vals, cred, a->a_syntax, 0, cred ) != 0 )
+		if ( slap_passwd_check( a->a_vals, cred, a->a_syntax, 0, cred ) != 0 )
 		{
 			send_ldap_result( conn, op, LDAP_INVALID_CREDENTIALS,
 				NULL, NULL, NULL, NULL);

--- a/servers/slapd/back-bdb2/kerberos.c
+++ b/servers/slapd/back-bdb2/kerberos.c
-/* kerberos.c - bdb2 backend kerberos bind routines */
-/* $OpenLDAP$ */
-
-#include "portable.h"
-
-#ifdef HAVE_KERBEROS
-
-#include <stdio.h>
-
-#include <ac/krb.h>
-#include <ac/socket.h>
-#include <ac/string.h>
-
-#include "slap.h"
-#include "back-bdb2.h"
-
-#define LDAP_KRB_PRINCIPAL	"ldapserver"
-
-extern char		*ldap_srvtab;
-extern Attribute	*attr_find();
-
-bdb2i_krbv4_ldap_auth(
-    BackendDB		*be,
-    struct berval	*cred,
-    AUTH_DAT		*ad
-)
-{
-	KTEXT_ST        k;
-	KTEXT           ktxt = &k;
-	char            instance[INST_SZ];
-	int             err;
-
-	Debug( LDAP_DEBUG_TRACE, "=> kerberosv4_ldap_auth\n", 0, 0, 0 );
-
-	SAFEMEMCPY( ktxt->dat, cred->bv_val, cred->bv_len );
-	ktxt->length = cred->bv_len;
-
-	strcpy( instance, "*" );
-	if ( (err = krb_rd_req( ktxt, LDAP_KRB_PRINCIPAL, instance, 0L, ad,
-	    ldap_srvtab )) != KSUCCESS ) {
-		Debug( LDAP_DEBUG_ANY, "krb_rd_req failed (%s)\n",
-		    krb_err_txt[err], 0, 0 );
-		return( LDAP_INVALID_CREDENTIALS );
-	}
-
-	return( LDAP_SUCCESS );
-}
-
-#endif /* kerberos */
--- a/servers/slapd/back-ldbm/Makefile.in
+++ b/servers/slapd/back-ldbm/Makefile.in
@@ -3,11 +3,11 @@
 SRCS = idl.c add.c search.c cache.c dbcache.c dn2id.c entry.c id2entry.c \
 		index.c id2children.c nextid.c abandon.c compare.c group.c \
 		modify.c modrdn.c delete.c init.c config.c bind.c attr.c \
-		filterindex.c unbind.c kerberos.c close.c alias.c tools.c
+		filterindex.c unbind.c close.c alias.c tools.c
 OBJS = idl.lo add.lo search.lo cache.lo dbcache.lo dn2id.lo entry.lo id2entry.lo \
 		index.lo id2children.lo nextid.lo abandon.lo compare.lo group.lo \
 		modify.lo modrdn.lo delete.lo init.lo config.lo bind.lo attr.lo \
-		filterindex.lo unbind.lo kerberos.lo close.lo alias.lo tools.lo
+		filterindex.lo unbind.lo close.lo alias.lo tools.lo

 LDAP_INCDIR= ../../../include       
 LDAP_LIBDIR= ../../../libraries

--- a/servers/slapd/back-ldbm/bind.c
+++ b/servers/slapd/back-ldbm/bind.c
@@ -18,51 +18,6 @@
 #include "back-ldbm.h"
 #include "proto-back-ldbm.h"

-#include <lutil.h>
-
-#ifdef HAVE_KERBEROS
-extern int	krbv4_ldap_auth();
-#endif
-
-static int
-crypted_value_find(
-	struct berval       **vals,
-	struct berval       *v,
-	int                 syntax,
-	int                 normalize,
-	struct berval		*cred
-)
-{
-	int     i;
-	for ( i = 0; vals[i] != NULL; i++ ) {
-		if ( syntax != SYNTAX_BIN ) {
-			int result;
-
-#ifdef SLAPD_CRYPT
-			ldap_pvt_thread_mutex_lock( &crypt_mutex );
-#endif
-
-			result = lutil_passwd(
-				(char*) cred->bv_val,
-				(char*) vals[i]->bv_val,
-				NULL );
-
-#ifdef SLAPD_CRYPT
-			ldap_pvt_thread_mutex_unlock( &crypt_mutex );
-#endif
-
-			return result;
-
-		} else {
-                if ( value_cmp( vals[i], v, syntax, normalize ) == 0 ) {
-                        return( 0 );
-                }
-        }
-	}
-
-	return( 1 );
-}
-
 int
 ldbm_back_bind(
    Backend		*be,
@@ -242,7 +197,7 @@ ldbm_back_bind(
 			goto return_results;
 		}

-		if ( crypted_value_find( a->a_vals, cred, a->a_syntax, 0, cred ) != 0 )
+		if ( slap_passwd_check( a->a_vals, cred, a->a_syntax, 0, cred ) != 0 )
 		{
 			send_ldap_result( conn, op, LDAP_INVALID_CREDENTIALS,
 				NULL, NULL, NULL, NULL );

--- a/servers/slapd/back-ldbm/kerberos.c
+++ b/servers/slapd/back-ldbm/kerberos.c
--- a/servers/slapd/passwd.c
+++ b/servers/slapd/passwd.c
+/* bind.c - ldbm backend bind and unbind routines */
+/* $OpenLDAP$ */
+/*
+ * Copyright 1998-1999 The OpenLDAP Foundation, All Rights Reserved.
+ * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+
+#include <ac/krb.h>
+#include <ac/socket.h>
+#include <ac/string.h>
+#include <ac/unistd.h>
+
+#include "slap.h"
+
+#include <lutil.h>
+
+
+int
+slap_passwd_check(
+	struct berval       **vals,
+	struct berval       *v,
+	int                 syntax,
+	int                 normalize,
+	struct berval		*cred
+)
+{
+	int     i;
+	for ( i = 0; vals[i] != NULL; i++ ) {
+		if ( syntax == SYNTAX_BIN ) {
+			int result;
+
+#ifdef SLAPD_CRYPT
+			ldap_pvt_thread_mutex_lock( &crypt_mutex );
+#endif
+
+			result = lutil_passwd(
+				(char*) cred->bv_val,
+				(char*) vals[i]->bv_val,
+				NULL );
+
+#ifdef SLAPD_CRYPT
+			ldap_pvt_thread_mutex_unlock( &crypt_mutex );
+#endif
+
+			return result;
+
+		} else {
+                if ( value_cmp( vals[i], v, syntax, normalize ) == 0 ) {
+                        return( 0 );
+                }
+        }
+	}
+
+	return( 1 );
+}
--- a/servers/slapd/proto-slap.h
+++ b/servers/slapd/proto-slap.h
@@ -438,6 +438,23 @@ int value_find LDAP_P(( struct berval **vals, struct berval *v, int syntax,
 void slap_init_user LDAP_P(( char *username, char *groupname ));
 #endif

+/*
+ * passwd.c
+ */
+int slap_passwd_check(
+	struct berval       **vals,
+	struct berval       *v,
+	int                 syntax,
+	int                 normalize,
+	struct berval		*cred );
+
+/*
+ * kerberos.c
+ */
+#ifdef HAVE_KERBEROS
+extern int	krbv4_ldap_auth();
+#endif
+
 /*
 * Other...
 */

--- a/servers/slapd/tools/Makefile.in
+++ b/servers/slapd/tools/Makefile.in
@@ -53,7 +53,7 @@ SLAPD_OBJS = ../config.o ../ch_malloc.o ../backend.o ../charray.o \
 		../module.o ../aclparse.o ../schema.o ../filterentry.o \
 		../acl.o ../phonetic.o ../attr.o ../value.o ../entry.o \
 		../dn.o ../filter.o ../str2filter.o ../ava.o ../init.o \
-		../controls.o ../schemaparse.o
+		../controls.o ../schemaparse.o ../kerberos.o ../passwd.o
 SLAPOBJS = $(SLAPD_OBJS) slapcommon.o mimic.o 

 EDB2LDIFSRCS    = edb2ldif.c ldapsyntax.c