1*549b59edSchristos /* $NetBSD: bind.c,v 1.3 2021/08/14 16:14:55 christos Exp $ */
24e6df137Slukem
32de962bdSlukem /* bind.c */
4d11b170bStron /* $OpenLDAP$ */
52de962bdSlukem /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
62de962bdSlukem *
7*549b59edSchristos * Copyright 1998-2021 The OpenLDAP Foundation.
82de962bdSlukem * All rights reserved.
92de962bdSlukem *
102de962bdSlukem * Redistribution and use in source and binary forms, with or without
112de962bdSlukem * modification, are permitted only as authorized by the OpenLDAP
122de962bdSlukem * Public License.
132de962bdSlukem *
142de962bdSlukem * A copy of this license is available in the file LICENSE in the
152de962bdSlukem * top-level directory of the distribution or, alternatively, at
162de962bdSlukem * <http://www.OpenLDAP.org/license.html>.
172de962bdSlukem */
182de962bdSlukem /* Portions Copyright (c) 1990 Regents of the University of Michigan.
192de962bdSlukem * All rights reserved.
202de962bdSlukem */
212de962bdSlukem
22376af7d7Schristos #include <sys/cdefs.h>
23*549b59edSchristos __RCSID("$NetBSD: bind.c,v 1.3 2021/08/14 16:14:55 christos Exp $");
24376af7d7Schristos
252de962bdSlukem #include "portable.h"
262de962bdSlukem
272de962bdSlukem #include <stdio.h>
282de962bdSlukem
292de962bdSlukem #include <ac/stdlib.h>
302de962bdSlukem
312de962bdSlukem #include <ac/socket.h>
322de962bdSlukem #include <ac/string.h>
332de962bdSlukem #include <ac/time.h>
342de962bdSlukem
352de962bdSlukem #include "ldap-int.h"
362de962bdSlukem #include "ldap_log.h"
372de962bdSlukem
382de962bdSlukem /*
392de962bdSlukem * BindRequest ::= SEQUENCE {
402de962bdSlukem * version INTEGER,
412de962bdSlukem * name DistinguishedName, -- who
422de962bdSlukem * authentication CHOICE {
432de962bdSlukem * simple [0] OCTET STRING -- passwd
442de962bdSlukem * krbv42ldap [1] OCTET STRING -- OBSOLETE
452de962bdSlukem * krbv42dsa [2] OCTET STRING -- OBSOLETE
462de962bdSlukem * sasl [3] SaslCredentials -- LDAPv3
472de962bdSlukem * }
482de962bdSlukem * }
492de962bdSlukem *
502de962bdSlukem * BindResponse ::= SEQUENCE {
512de962bdSlukem * COMPONENTS OF LDAPResult,
522de962bdSlukem * serverSaslCreds OCTET STRING OPTIONAL -- LDAPv3
532de962bdSlukem * }
542de962bdSlukem *
552de962bdSlukem * (Source: RFC 2251)
562de962bdSlukem */
572de962bdSlukem
582de962bdSlukem /*
592de962bdSlukem * ldap_bind - bind to the ldap server (and X.500). The dn and password
602de962bdSlukem * of the entry to which to bind are supplied, along with the authentication
612de962bdSlukem * method to use. The msgid of the bind request is returned on success,
622de962bdSlukem * -1 if there's trouble. ldap_result() should be called to find out the
632de962bdSlukem * outcome of the bind request.
642de962bdSlukem *
652de962bdSlukem * Example:
662de962bdSlukem * ldap_bind( ld, "cn=manager, o=university of michigan, c=us", "secret",
672de962bdSlukem * LDAP_AUTH_SIMPLE )
682de962bdSlukem */
692de962bdSlukem
702de962bdSlukem int
ldap_bind(LDAP * ld,LDAP_CONST char * dn,LDAP_CONST char * passwd,int authmethod)712de962bdSlukem ldap_bind( LDAP *ld, LDAP_CONST char *dn, LDAP_CONST char *passwd, int authmethod )
722de962bdSlukem {
73*549b59edSchristos Debug0( LDAP_DEBUG_TRACE, "ldap_bind\n" );
742de962bdSlukem
752de962bdSlukem switch ( authmethod ) {
762de962bdSlukem case LDAP_AUTH_SIMPLE:
772de962bdSlukem return( ldap_simple_bind( ld, dn, passwd ) );
782de962bdSlukem
794e6df137Slukem #ifdef HAVE_GSSAPI
804e6df137Slukem case LDAP_AUTH_NEGOTIATE:
814e6df137Slukem return( ldap_gssapi_bind_s( ld, dn, passwd) );
824e6df137Slukem #endif
834e6df137Slukem
842de962bdSlukem case LDAP_AUTH_SASL:
852de962bdSlukem /* user must use ldap_sasl_bind */
862de962bdSlukem /* FALL-THRU */
872de962bdSlukem
882de962bdSlukem default:
892de962bdSlukem ld->ld_errno = LDAP_AUTH_UNKNOWN;
902de962bdSlukem return( -1 );
912de962bdSlukem }
922de962bdSlukem }
932de962bdSlukem
942de962bdSlukem /*
952de962bdSlukem * ldap_bind_s - bind to the ldap server (and X.500). The dn and password
962de962bdSlukem * of the entry to which to bind are supplied, along with the authentication
972de962bdSlukem * method to use. This routine just calls whichever bind routine is
982de962bdSlukem * appropriate and returns the result of the bind (e.g. LDAP_SUCCESS or
992de962bdSlukem * some other error indication).
1002de962bdSlukem *
1012de962bdSlukem * Examples:
1022de962bdSlukem * ldap_bind_s( ld, "cn=manager, o=university of michigan, c=us",
1032de962bdSlukem * "secret", LDAP_AUTH_SIMPLE )
1042de962bdSlukem * ldap_bind_s( ld, "cn=manager, o=university of michigan, c=us",
1052de962bdSlukem * NULL, LDAP_AUTH_KRBV4 )
1062de962bdSlukem */
1072de962bdSlukem int
ldap_bind_s(LDAP * ld,LDAP_CONST char * dn,LDAP_CONST char * passwd,int authmethod)1082de962bdSlukem ldap_bind_s(
1092de962bdSlukem LDAP *ld,
1102de962bdSlukem LDAP_CONST char *dn,
1112de962bdSlukem LDAP_CONST char *passwd,
1122de962bdSlukem int authmethod )
1132de962bdSlukem {
114*549b59edSchristos Debug0( LDAP_DEBUG_TRACE, "ldap_bind_s\n" );
1152de962bdSlukem
1162de962bdSlukem switch ( authmethod ) {
1172de962bdSlukem case LDAP_AUTH_SIMPLE:
1182de962bdSlukem return( ldap_simple_bind_s( ld, dn, passwd ) );
1192de962bdSlukem
1204e6df137Slukem #ifdef HAVE_GSSAPI
1214e6df137Slukem case LDAP_AUTH_NEGOTIATE:
1224e6df137Slukem return( ldap_gssapi_bind_s( ld, dn, passwd) );
1234e6df137Slukem #endif
1244e6df137Slukem
1252de962bdSlukem case LDAP_AUTH_SASL:
1262de962bdSlukem /* user must use ldap_sasl_bind */
1272de962bdSlukem /* FALL-THRU */
1282de962bdSlukem
1292de962bdSlukem default:
1302de962bdSlukem return( ld->ld_errno = LDAP_AUTH_UNKNOWN );
1312de962bdSlukem }
1322de962bdSlukem }
133