1 /* $NetBSD: bind.c,v 1.2 2021/08/14 16:15:02 christos Exp $ */
2
3 /* OpenLDAP WiredTiger backend */
4 /* $OpenLDAP$ */
5 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
6 *
7 * Copyright 2002-2021 The OpenLDAP Foundation.
8 * All rights reserved.
9 *
10 * Redistribution and use in source and binary forms, with or without
11 * modification, are permitted only as authorized by the OpenLDAP
12 * Public License.
13 *
14 * A copy of this license is available in the file LICENSE in the
15 * top-level directory of the distribution or, alternatively, at
16 * <http://www.OpenLDAP.org/license.html>.
17 */
18 /* ACKNOWLEDGEMENTS:
19 * This work was developed by HAMANO Tsukasa <hamano@osstech.co.jp>
20 * based on back-bdb for inclusion in OpenLDAP Software.
21 * WiredTiger is a product of MongoDB Inc.
22 */
23
24 #include <sys/cdefs.h>
25 __RCSID("$NetBSD: bind.c,v 1.2 2021/08/14 16:15:02 christos Exp $");
26
27 #include "portable.h"
28
29 #include <stdio.h>
30 #include "back-wt.h"
31 #include "slap-config.h"
32
33 int
wt_bind(Operation * op,SlapReply * rs)34 wt_bind( Operation *op, SlapReply *rs )
35 {
36 struct wt_info *wi = (struct wt_info *) op->o_bd->be_private;
37 WT_SESSION *session;
38 wt_ctx *wc;
39 int rc;
40 Entry *e = NULL;
41 Attribute *a;
42 AttributeDescription *password = slap_schema.si_ad_userPassword;
43
44 Debug( LDAP_DEBUG_ARGS,
45 "==> " LDAP_XSTRING(wt_bind) ": dn: %s\n",
46 op->o_req_dn.bv_val );
47
48 /* allow noauth binds */
49 switch ( be_rootdn_bind( op, NULL ) ) {
50 case LDAP_SUCCESS:
51 /* frontend will send result */
52 return rs->sr_err = LDAP_SUCCESS;
53
54 default:
55 /* give the database a chance */
56 /* NOTE: this behavior departs from that of other backends,
57 * since the others, in case of password checking failure
58 * do not give the database a chance. If an entry with
59 * rootdn's name does not exist in the database the result
60 * will be the same. See ITS#4962 for discussion. */
61 break;
62 }
63
64 wc = wt_ctx_get(op, wi);
65 if( !wc ){
66 Debug( LDAP_DEBUG_ANY,
67 LDAP_XSTRING(wt_bind)
68 ": wt_ctx_get failed\n" );
69 rs->sr_err = LDAP_OTHER;
70 rs->sr_text = "internal error";
71 send_ldap_result( op, rs );
72 return rs->sr_err;
73 }
74
75 /* get entry */
76 rc = wt_dn2entry(op->o_bd, wc, &op->o_req_ndn, &e);
77 switch( rc ) {
78 case 0:
79 break;
80 case WT_NOTFOUND:
81 rs->sr_err = LDAP_INVALID_CREDENTIALS;
82 send_ldap_result( op, rs );
83 return rs->sr_err;
84 default:
85 rs->sr_err = LDAP_OTHER;
86 rs->sr_text = "internal error";
87 send_ldap_result( op, rs );
88 return rs->sr_err;
89 }
90
91 ber_dupbv( &op->oq_bind.rb_edn, &e->e_name );
92
93 /* check for deleted */
94 if ( is_entry_subentry( e ) ) {
95 /* entry is an subentry, don't allow bind */
96 Debug( LDAP_DEBUG_TRACE, "entry is subentry\n" );
97 rs->sr_err = LDAP_INVALID_CREDENTIALS;
98 goto done;
99 }
100
101 if ( is_entry_alias( e ) ) {
102 /* entry is an alias, don't allow bind */
103 Debug( LDAP_DEBUG_TRACE, "entry is alias\n" );
104 rs->sr_err = LDAP_INVALID_CREDENTIALS;
105 goto done;
106 }
107
108 if ( is_entry_referral( e ) ) {
109 Debug( LDAP_DEBUG_TRACE, "entry is referral\n" );
110 rs->sr_err = LDAP_INVALID_CREDENTIALS;
111 goto done;
112 }
113
114 switch ( op->oq_bind.rb_method ) {
115 case LDAP_AUTH_SIMPLE:
116 a = attr_find( e->e_attrs, password );
117 if ( a == NULL ) {
118 rs->sr_err = LDAP_INVALID_CREDENTIALS;
119 goto done;
120 }
121
122 if ( slap_passwd_check( op, e, a, &op->oq_bind.rb_cred,
123 &rs->sr_text ) != 0 )
124 {
125 /* failure; stop front end from sending result */
126 rs->sr_err = LDAP_INVALID_CREDENTIALS;
127 goto done;
128 }
129 rs->sr_err = 0;
130 break;
131
132 default:
133 rs->sr_err = LDAP_STRONG_AUTH_NOT_SUPPORTED;
134 rs->sr_text = "authentication method not supported";
135 }
136
137 done:
138 /* free entry */
139 if (e) {
140 wt_entry_return(e);
141 }
142 if (rs->sr_err) {
143 send_ldap_result( op, rs );
144 if ( rs->sr_ref ) {
145 ber_bvarray_free( rs->sr_ref );
146 rs->sr_ref = NULL;
147 }
148 }
149 return rs->sr_err;
150 }
151
152 /*
153 * Local variables:
154 * indent-tabs-mode: t
155 * tab-width: 4
156 * c-basic-offset: 4
157 * End:
158 */
159