xref: /netbsd-src/external/bsd/openldap/dist/servers/slapd/back-dnssrv/bind.c (revision 549b59ed3ccf0d36d3097190a0db27b770f3a839) 
1 /*	$NetBSD: bind.c,v 1.3 2021/08/14 16:14:59 christos Exp $	*/
2 
3 /* bind.c - DNS SRV backend bind function */
4 /* $OpenLDAP$ */
5 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
6  *
7  * Copyright 2000-2021 The OpenLDAP Foundation.
8  * Portions Copyright 2000-2003 Kurt D. Zeilenga.
9  * All rights reserved.
10  *
11  * Redistribution and use in source and binary forms, with or without
12  * modification, are permitted only as authorized by the OpenLDAP
13  * Public License.
14  *
15  * A copy of this license is available in the file LICENSE in the
16  * top-level directory of the distribution or, alternatively, at
17  * <http://www.OpenLDAP.org/license.html>.
18  */
19 /* ACKNOWLEDGEMENTS:
20  * This work was originally developed by Kurt D. Zeilenga for inclusion
21  * in OpenLDAP Software.
22  */
23 
24 
25 #include <sys/cdefs.h>
26 __RCSID("$NetBSD: bind.c,v 1.3 2021/08/14 16:14:59 christos Exp $");
27 
28 #include "portable.h"
29 
30 #include <stdio.h>
31 
32 #include <ac/socket.h>
33 #include <ac/string.h>
34 
35 #include "slap.h"
36 #include "proto-dnssrv.h"
37 
38 int
dnssrv_back_bind(Operation * op,SlapReply * rs)39 dnssrv_back_bind(
40 	Operation	*op,
41 	SlapReply	*rs )
42 {
43 	Debug( LDAP_DEBUG_TRACE, "DNSSRV: bind dn=\"%s\" (%d)\n",
44 		BER_BVISNULL( &op->o_req_dn ) ? "" : op->o_req_dn.bv_val,
45 		op->orb_method );
46 
47 	/* allow rootdn as a means to auth without the need to actually
48  	 * contact the proxied DSA */
49 	switch ( be_rootdn_bind( op, NULL ) ) {
50 	case LDAP_SUCCESS:
51 		/* frontend will send result */
52 		return rs->sr_err;
53 
54 	default:
55 		/* treat failure and like any other bind, otherwise
56 		 * it could reveal the DN of the rootdn */
57 		break;
58 	}
59 
60 	if ( !BER_BVISNULL( &op->orb_cred ) &&
61 		!BER_BVISEMPTY( &op->orb_cred ) )
62 	{
63 		/* simple bind */
64 		Debug( LDAP_DEBUG_STATS,
65 		   	"%s DNSSRV BIND dn=\"%s\" provided cleartext passwd\n",
66 	   		op->o_log_prefix,
67 			BER_BVISNULL( &op->o_req_dn ) ? "" : op->o_req_dn.bv_val );
68 
69 		send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM,
70 			"you shouldn't send strangers your password" );
71 
72 	} else {
73 		/* unauthenticated bind */
74 		/* NOTE: we're not going to get here anyway:
75 		 * unauthenticated bind is dealt with by the frontend */
76 		Debug( LDAP_DEBUG_TRACE, "DNSSRV: BIND dn=\"%s\"\n",
77 			BER_BVISNULL( &op->o_req_dn ) ? "" : op->o_req_dn.bv_val );
78 
79 		send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM,
80 			"anonymous bind expected" );
81 	}
82 
83 	return 1;
84 }
85