10Sstevel@tonic-gate /*
20Sstevel@tonic-gate *
3*3857Sstevel * Portions Copyright 1998 Sun Microsystems, Inc. All rights reserved.
4*3857Sstevel * Use is subject to license terms.
50Sstevel@tonic-gate *
60Sstevel@tonic-gate */
70Sstevel@tonic-gate
80Sstevel@tonic-gate #pragma ident "%Z%%M% %I% %E% SMI"
90Sstevel@tonic-gate
100Sstevel@tonic-gate /*
110Sstevel@tonic-gate * Copyright (c) 1993 Regents of the University of Michigan.
120Sstevel@tonic-gate * All rights reserved.
130Sstevel@tonic-gate *
140Sstevel@tonic-gate * sbind.c
150Sstevel@tonic-gate */
160Sstevel@tonic-gate
170Sstevel@tonic-gate #ifndef lint
180Sstevel@tonic-gate static char copyright[] = "@(#) Copyright (c) 1993 Regents of the University of Michigan.\nAll rights reserved.\n";
190Sstevel@tonic-gate #endif
200Sstevel@tonic-gate
210Sstevel@tonic-gate #include <stdio.h>
220Sstevel@tonic-gate #include <string.h>
230Sstevel@tonic-gate
240Sstevel@tonic-gate #ifdef MACOS
250Sstevel@tonic-gate #include "macos.h"
260Sstevel@tonic-gate #endif /* MACOS */
270Sstevel@tonic-gate
280Sstevel@tonic-gate #if !defined( MACOS ) && !defined( DOS )
290Sstevel@tonic-gate #include <sys/types.h>
300Sstevel@tonic-gate #include <sys/socket.h>
310Sstevel@tonic-gate #endif
320Sstevel@tonic-gate
330Sstevel@tonic-gate #include "lber.h"
340Sstevel@tonic-gate #include "ldap.h"
350Sstevel@tonic-gate #include "ldap-private.h"
360Sstevel@tonic-gate #include "ldap-int.h"
370Sstevel@tonic-gate
ldap_build_simple_bind_req(LDAP * ld,char * dn,char * passwd,LDAPControl ** serverctrls)380Sstevel@tonic-gate BerElement * ldap_build_simple_bind_req(LDAP *ld, char *dn, char *passwd, LDAPControl **serverctrls)
390Sstevel@tonic-gate {
400Sstevel@tonic-gate /*
410Sstevel@tonic-gate * The bind request looks like this:
420Sstevel@tonic-gate * BindRequest ::= SEQUENCE {
430Sstevel@tonic-gate * version INTEGER,
440Sstevel@tonic-gate * name DistinguishedName, -- who
450Sstevel@tonic-gate * authentication CHOICE {
460Sstevel@tonic-gate * simple [0] OCTET STRING -- passwd
470Sstevel@tonic-gate * }
480Sstevel@tonic-gate * }
490Sstevel@tonic-gate * all wrapped up in an LDAPMessage sequence.
500Sstevel@tonic-gate */
510Sstevel@tonic-gate
520Sstevel@tonic-gate BerElement *ber = NULL;
530Sstevel@tonic-gate
540Sstevel@tonic-gate if ( dn == NULL )
550Sstevel@tonic-gate dn = "";
560Sstevel@tonic-gate if ( passwd == NULL )
570Sstevel@tonic-gate passwd = "";
580Sstevel@tonic-gate
590Sstevel@tonic-gate if ( (ber = alloc_ber_with_options( ld )) == NULLBER ) {
600Sstevel@tonic-gate return (NULLBER);
610Sstevel@tonic-gate }
620Sstevel@tonic-gate
630Sstevel@tonic-gate /* fill it in */
640Sstevel@tonic-gate if ( ber_printf( ber, "{it{ists}", ++ld->ld_msgid, LDAP_REQ_BIND, ld->ld_version, dn, LDAP_AUTH_SIMPLE, passwd ) == -1 ) {
650Sstevel@tonic-gate ld->ld_errno = LDAP_ENCODING_ERROR;
660Sstevel@tonic-gate ber_free( ber, 1 );
670Sstevel@tonic-gate return( NULLBER );
680Sstevel@tonic-gate }
690Sstevel@tonic-gate
700Sstevel@tonic-gate /* LDAPv3 */
710Sstevel@tonic-gate /* Code controls if any */
720Sstevel@tonic-gate if (serverctrls && serverctrls[0]) {
730Sstevel@tonic-gate if (ldap_controls_code(ber, serverctrls) != LDAP_SUCCESS){
740Sstevel@tonic-gate ld->ld_errno = LDAP_ENCODING_ERROR;
750Sstevel@tonic-gate ber_free( ber, 1 );
760Sstevel@tonic-gate return( NULLBER );
770Sstevel@tonic-gate }
780Sstevel@tonic-gate } else if (ld->ld_srvctrls && ld->ld_srvctrls[0]) {
790Sstevel@tonic-gate /* Otherwise, is there any global server ctrls ? */
800Sstevel@tonic-gate if (ldap_controls_code(ber, ld->ld_srvctrls) != LDAP_SUCCESS){
810Sstevel@tonic-gate ld->ld_errno = LDAP_ENCODING_ERROR;
820Sstevel@tonic-gate ber_free( ber, 1 );
830Sstevel@tonic-gate return( NULLBER );
840Sstevel@tonic-gate }
850Sstevel@tonic-gate }
860Sstevel@tonic-gate
870Sstevel@tonic-gate if ( ber_printf( ber, "}" ) == -1 ) {
880Sstevel@tonic-gate ld->ld_errno = LDAP_ENCODING_ERROR;
890Sstevel@tonic-gate ber_free( ber, 1 );
900Sstevel@tonic-gate return( NULLBER );
910Sstevel@tonic-gate }
920Sstevel@tonic-gate
930Sstevel@tonic-gate return (ber);
940Sstevel@tonic-gate }
950Sstevel@tonic-gate
960Sstevel@tonic-gate /*
970Sstevel@tonic-gate * ldap_simple_bind - bind to the ldap server (and X.500). The dn and
980Sstevel@tonic-gate * password of the entry to which to bind are supplied. The message id
990Sstevel@tonic-gate * of the request initiated is returned.
1000Sstevel@tonic-gate *
1010Sstevel@tonic-gate * Example:
1020Sstevel@tonic-gate * ldap_simple_bind( ld, "cn=manager, o=university of michigan, c=us",
1030Sstevel@tonic-gate * "secret" )
1040Sstevel@tonic-gate */
1050Sstevel@tonic-gate
1060Sstevel@tonic-gate int
ldap_simple_bind(LDAP * ld,char * dn,char * passwd)1070Sstevel@tonic-gate ldap_simple_bind( LDAP *ld, char *dn, char *passwd )
1080Sstevel@tonic-gate {
1090Sstevel@tonic-gate BerElement *ber;
1100Sstevel@tonic-gate int rv;
1110Sstevel@tonic-gate
1120Sstevel@tonic-gate
1130Sstevel@tonic-gate #ifdef _REENTRANT
1140Sstevel@tonic-gate LOCK_LDAP(ld);
1150Sstevel@tonic-gate #endif
1160Sstevel@tonic-gate Debug( LDAP_DEBUG_TRACE, catgets(slapdcat, 1, 240, "ldap_simple_bind\n"), 0, 0, 0 );
1170Sstevel@tonic-gate
1180Sstevel@tonic-gate if ( dn == NULL )
1190Sstevel@tonic-gate dn = "";
1200Sstevel@tonic-gate if ( passwd == NULL )
1210Sstevel@tonic-gate passwd = "";
1220Sstevel@tonic-gate
1230Sstevel@tonic-gate /* create a message to send */
1240Sstevel@tonic-gate if ( (ber = ldap_build_simple_bind_req( ld, dn, passwd, NULL )) == NULLBER ) {
1250Sstevel@tonic-gate #ifdef _REENTRANT
1260Sstevel@tonic-gate UNLOCK_LDAP(ld);
1270Sstevel@tonic-gate #endif
1280Sstevel@tonic-gate return( -1 );
1290Sstevel@tonic-gate }
1300Sstevel@tonic-gate
1310Sstevel@tonic-gate #ifndef NO_CACHE
1320Sstevel@tonic-gate if ( ld->ld_cache != NULL ) {
1330Sstevel@tonic-gate ldap_flush_cache( ld );
1340Sstevel@tonic-gate }
1350Sstevel@tonic-gate #endif /* !NO_CACHE */
1360Sstevel@tonic-gate
1370Sstevel@tonic-gate /* send the message */
1380Sstevel@tonic-gate rv = send_initial_request( ld, LDAP_REQ_BIND, dn, ber );
1390Sstevel@tonic-gate #ifdef _REENTRANT
1400Sstevel@tonic-gate UNLOCK_LDAP(ld);
1410Sstevel@tonic-gate #endif
1420Sstevel@tonic-gate return ( rv );
1430Sstevel@tonic-gate }
1440Sstevel@tonic-gate
1450Sstevel@tonic-gate /*
1460Sstevel@tonic-gate * ldap_simple_bind - bind to the ldap server (and X.500) using simple
1470Sstevel@tonic-gate * authentication. The dn and password of the entry to which to bind are
1480Sstevel@tonic-gate * supplied. LDAP_SUCCESS is returned upon success, the ldap error code
1490Sstevel@tonic-gate * otherwise.
1500Sstevel@tonic-gate *
1510Sstevel@tonic-gate * Example:
1520Sstevel@tonic-gate * ldap_simple_bind_s( ld, "cn=manager, o=university of michigan, c=us",
1530Sstevel@tonic-gate * "secret" )
1540Sstevel@tonic-gate */
1550Sstevel@tonic-gate
1560Sstevel@tonic-gate int
ldap_simple_bind_s(LDAP * ld,char * dn,char * passwd)1570Sstevel@tonic-gate ldap_simple_bind_s( LDAP *ld, char *dn, char *passwd )
1580Sstevel@tonic-gate {
1590Sstevel@tonic-gate int msgid;
1600Sstevel@tonic-gate LDAPMessage *result;
1610Sstevel@tonic-gate
1620Sstevel@tonic-gate Debug( LDAP_DEBUG_TRACE, catgets(slapdcat, 1, 241, "ldap_simple_bind_s\n"), 0, 0, 0 );
1630Sstevel@tonic-gate
1640Sstevel@tonic-gate if ( (msgid = ldap_simple_bind( ld, dn, passwd )) == -1 )
1650Sstevel@tonic-gate return( ld->ld_errno );
1660Sstevel@tonic-gate
1670Sstevel@tonic-gate if ( ldap_result( ld, msgid, 1, (struct timeval *) 0, &result ) == -1 )
1680Sstevel@tonic-gate return( ld->ld_errno ); /* ldap_result sets ld_errno */
1690Sstevel@tonic-gate
1700Sstevel@tonic-gate return( ldap_result2error( ld, result, 1 ) );
1710Sstevel@tonic-gate }
172