xref: /netbsd-src/external/bsd/openldap/dist/servers/slapd/back-dnssrv/bind.c (revision b7b7574d3bf8eeb51a1fa3977b59142ec6434a55) 
1 /*	$NetBSD: bind.c,v 1.1.1.4 2014/05/28 09:58:49 tron Exp $	*/
2 
3 /* bind.c - DNS SRV backend bind function */
4 /* $OpenLDAP$ */
5 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
6  *
7  * Copyright 2000-2014 The OpenLDAP Foundation.
8  * Portions Copyright 2000-2003 Kurt D. Zeilenga.
9  * All rights reserved.
10  *
11  * Redistribution and use in source and binary forms, with or without
12  * modification, are permitted only as authorized by the OpenLDAP
13  * Public License.
14  *
15  * A copy of this license is available in the file LICENSE in the
16  * top-level directory of the distribution or, alternatively, at
17  * <http://www.OpenLDAP.org/license.html>.
18  */
19 /* ACKNOWLEDGEMENTS:
20  * This work was originally developed by Kurt D. Zeilenga for inclusion
21  * in OpenLDAP Software.
22  */
23 
24 
25 #include "portable.h"
26 
27 #include <stdio.h>
28 
29 #include <ac/socket.h>
30 #include <ac/string.h>
31 
32 #include "slap.h"
33 #include "proto-dnssrv.h"
34 
35 int
36 dnssrv_back_bind(
37 	Operation	*op,
38 	SlapReply	*rs )
39 {
40 	Debug( LDAP_DEBUG_TRACE, "DNSSRV: bind dn=\"%s\" (%d)\n",
41 		BER_BVISNULL( &op->o_req_dn ) ? "" : op->o_req_dn.bv_val,
42 		op->orb_method, 0 );
43 
44 	/* allow rootdn as a means to auth without the need to actually
45  	 * contact the proxied DSA */
46 	switch ( be_rootdn_bind( op, NULL ) ) {
47 	case LDAP_SUCCESS:
48 		/* frontend will send result */
49 		return rs->sr_err;
50 
51 	default:
52 		/* treat failure and like any other bind, otherwise
53 		 * it could reveal the DN of the rootdn */
54 		break;
55 	}
56 
57 	if ( !BER_BVISNULL( &op->orb_cred ) &&
58 		!BER_BVISEMPTY( &op->orb_cred ) )
59 	{
60 		/* simple bind */
61 		Statslog( LDAP_DEBUG_STATS,
62 		   	"%s DNSSRV BIND dn=\"%s\" provided cleartext passwd\n",
63 	   		op->o_log_prefix,
64 			BER_BVISNULL( &op->o_req_dn ) ? "" : op->o_req_dn.bv_val , 0, 0, 0 );
65 
66 		send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM,
67 			"you shouldn't send strangers your password" );
68 
69 	} else {
70 		/* unauthenticated bind */
71 		/* NOTE: we're not going to get here anyway:
72 		 * unauthenticated bind is dealt with by the frontend */
73 		Debug( LDAP_DEBUG_TRACE, "DNSSRV: BIND dn=\"%s\"\n",
74 			BER_BVISNULL( &op->o_req_dn ) ? "" : op->o_req_dn.bv_val, 0, 0 );
75 
76 		send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM,
77 			"anonymous bind expected" );
78 	}
79 
80 	return 1;
81 }
82