1*0Sstevel@tonic-gate #pragma ident "%Z%%M% %I% %E% SMI" 2*0Sstevel@tonic-gate 3*0Sstevel@tonic-gate /* 4*0Sstevel@tonic-gate * The contents of this file are subject to the Netscape Public 5*0Sstevel@tonic-gate * License Version 1.1 (the "License"); you may not use this file 6*0Sstevel@tonic-gate * except in compliance with the License. You may obtain a copy of 7*0Sstevel@tonic-gate * the License at http://www.mozilla.org/NPL/ 8*0Sstevel@tonic-gate * 9*0Sstevel@tonic-gate * Software distributed under the License is distributed on an "AS 10*0Sstevel@tonic-gate * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or 11*0Sstevel@tonic-gate * implied. See the License for the specific language governing 12*0Sstevel@tonic-gate * rights and limitations under the License. 13*0Sstevel@tonic-gate * 14*0Sstevel@tonic-gate * The Original Code is Mozilla Communicator client code, released 15*0Sstevel@tonic-gate * March 31, 1998. 16*0Sstevel@tonic-gate * 17*0Sstevel@tonic-gate * The Initial Developer of the Original Code is Netscape 18*0Sstevel@tonic-gate * Communications Corporation. Portions created by Netscape are 19*0Sstevel@tonic-gate * Copyright (C) 1998-1999 Netscape Communications Corporation. All 20*0Sstevel@tonic-gate * Rights Reserved. 21*0Sstevel@tonic-gate * 22*0Sstevel@tonic-gate * Contributor(s): 23*0Sstevel@tonic-gate */ 24*0Sstevel@tonic-gate /* 25*0Sstevel@tonic-gate * bind.c 26*0Sstevel@tonic-gate */ 27*0Sstevel@tonic-gate 28*0Sstevel@tonic-gate #if 0 29*0Sstevel@tonic-gate #ifndef lint 30*0Sstevel@tonic-gate static char copyright[] = "@(#) Copyright (c) 1990 Regents of the University of Michigan.\nAll rights reserved.\n"; 31*0Sstevel@tonic-gate #endif 32*0Sstevel@tonic-gate #endif 33*0Sstevel@tonic-gate 34*0Sstevel@tonic-gate #include "ldap-int.h" 35*0Sstevel@tonic-gate 36*0Sstevel@tonic-gate /* 37*0Sstevel@tonic-gate * ldap_bind - bind to the ldap server. The dn and password 38*0Sstevel@tonic-gate * of the entry to which to bind are supplied, along with the authentication 39*0Sstevel@tonic-gate * method to use. The msgid of the bind request is returned on success, 40*0Sstevel@tonic-gate * -1 if there's trouble. Note, the kerberos support assumes the user already 41*0Sstevel@tonic-gate * has a valid tgt for now. ldap_result() should be called to find out the 42*0Sstevel@tonic-gate * outcome of the bind request. 43*0Sstevel@tonic-gate * 44*0Sstevel@tonic-gate * Example: 45*0Sstevel@tonic-gate * ldap_bind( ld, "cn=manager, o=university of michigan, c=us", "secret", 46*0Sstevel@tonic-gate * LDAP_AUTH_SIMPLE ) 47*0Sstevel@tonic-gate */ 48*0Sstevel@tonic-gate 49*0Sstevel@tonic-gate int 50*0Sstevel@tonic-gate LDAP_CALL 51*0Sstevel@tonic-gate ldap_bind( LDAP *ld, const char *dn, const char *passwd, int authmethod ) 52*0Sstevel@tonic-gate { 53*0Sstevel@tonic-gate /* 54*0Sstevel@tonic-gate * The bind request looks like this: 55*0Sstevel@tonic-gate * BindRequest ::= SEQUENCE { 56*0Sstevel@tonic-gate * version INTEGER, 57*0Sstevel@tonic-gate * name DistinguishedName, -- who 58*0Sstevel@tonic-gate * authentication CHOICE { 59*0Sstevel@tonic-gate * simple [0] OCTET STRING -- passwd 60*0Sstevel@tonic-gate * } 61*0Sstevel@tonic-gate * } 62*0Sstevel@tonic-gate * all wrapped up in an LDAPMessage sequence. 63*0Sstevel@tonic-gate */ 64*0Sstevel@tonic-gate 65*0Sstevel@tonic-gate LDAPDebug( LDAP_DEBUG_TRACE, "ldap_bind\n", 0, 0, 0 ); 66*0Sstevel@tonic-gate 67*0Sstevel@tonic-gate if ( !NSLDAPI_VALID_LDAP_POINTER( ld )) { 68*0Sstevel@tonic-gate return( -1 ); 69*0Sstevel@tonic-gate } 70*0Sstevel@tonic-gate 71*0Sstevel@tonic-gate switch ( authmethod ) { 72*0Sstevel@tonic-gate case LDAP_AUTH_SIMPLE: 73*0Sstevel@tonic-gate return( ldap_simple_bind( ld, dn, passwd ) ); 74*0Sstevel@tonic-gate 75*0Sstevel@tonic-gate default: 76*0Sstevel@tonic-gate LDAP_SET_LDERRNO( ld, LDAP_AUTH_UNKNOWN, NULL, NULL ); 77*0Sstevel@tonic-gate return( -1 ); 78*0Sstevel@tonic-gate } 79*0Sstevel@tonic-gate } 80*0Sstevel@tonic-gate 81*0Sstevel@tonic-gate /* 82*0Sstevel@tonic-gate * ldap_bind_s - bind to the ldap server. The dn and password 83*0Sstevel@tonic-gate * of the entry to which to bind are supplied, along with the authentication 84*0Sstevel@tonic-gate * method to use. This routine just calls whichever bind routine is 85*0Sstevel@tonic-gate * appropriate and returns the result of the bind (e.g. LDAP_SUCCESS or 86*0Sstevel@tonic-gate * some other error indication). Note, the kerberos support assumes the 87*0Sstevel@tonic-gate * user already has a valid tgt for now. 88*0Sstevel@tonic-gate * 89*0Sstevel@tonic-gate * Examples: 90*0Sstevel@tonic-gate * ldap_bind_s( ld, "cn=manager, o=university of michigan, c=us", 91*0Sstevel@tonic-gate * "secret", LDAP_AUTH_SIMPLE ) 92*0Sstevel@tonic-gate * ldap_bind_s( ld, "cn=manager, o=university of michigan, c=us", 93*0Sstevel@tonic-gate * NULL, LDAP_AUTH_KRBV4 ) 94*0Sstevel@tonic-gate */ 95*0Sstevel@tonic-gate int 96*0Sstevel@tonic-gate LDAP_CALL 97*0Sstevel@tonic-gate ldap_bind_s( LDAP *ld, const char *dn, const char *passwd, int authmethod ) 98*0Sstevel@tonic-gate { 99*0Sstevel@tonic-gate int err; 100*0Sstevel@tonic-gate 101*0Sstevel@tonic-gate LDAPDebug( LDAP_DEBUG_TRACE, "ldap_bind_s\n", 0, 0, 0 ); 102*0Sstevel@tonic-gate 103*0Sstevel@tonic-gate switch ( authmethod ) { 104*0Sstevel@tonic-gate case LDAP_AUTH_SIMPLE: 105*0Sstevel@tonic-gate return( ldap_simple_bind_s( ld, dn, passwd ) ); 106*0Sstevel@tonic-gate 107*0Sstevel@tonic-gate default: 108*0Sstevel@tonic-gate err = LDAP_AUTH_UNKNOWN; 109*0Sstevel@tonic-gate LDAP_SET_LDERRNO( ld, err, NULL, NULL ); 110*0Sstevel@tonic-gate return( err ); 111*0Sstevel@tonic-gate } 112*0Sstevel@tonic-gate } 113*0Sstevel@tonic-gate 114*0Sstevel@tonic-gate 115*0Sstevel@tonic-gate void 116*0Sstevel@tonic-gate LDAP_CALL 117*0Sstevel@tonic-gate ldap_set_rebind_proc( LDAP *ld, LDAP_REBINDPROC_CALLBACK *rebindproc, 118*0Sstevel@tonic-gate void *arg ) 119*0Sstevel@tonic-gate { 120*0Sstevel@tonic-gate if ( ld == NULL ) { 121*0Sstevel@tonic-gate if ( !nsldapi_initialized ) { 122*0Sstevel@tonic-gate nsldapi_initialize_defaults(); 123*0Sstevel@tonic-gate } 124*0Sstevel@tonic-gate ld = &nsldapi_ld_defaults; 125*0Sstevel@tonic-gate } 126*0Sstevel@tonic-gate 127*0Sstevel@tonic-gate if ( NSLDAPI_VALID_LDAP_POINTER( ld )) { 128*0Sstevel@tonic-gate LDAP_MUTEX_LOCK( ld, LDAP_OPTION_LOCK ); 129*0Sstevel@tonic-gate ld->ld_rebind_fn = rebindproc; 130*0Sstevel@tonic-gate ld->ld_rebind_arg = arg; 131*0Sstevel@tonic-gate LDAP_MUTEX_UNLOCK( ld, LDAP_OPTION_LOCK ); 132*0Sstevel@tonic-gate } 133*0Sstevel@tonic-gate } 134*0Sstevel@tonic-gate 135*0Sstevel@tonic-gate 136*0Sstevel@tonic-gate /* 137*0Sstevel@tonic-gate * return a pointer to the bind DN for the default connection (a copy is 138*0Sstevel@tonic-gate * not made). If there is no bind DN available, NULL is returned. 139*0Sstevel@tonic-gate */ 140*0Sstevel@tonic-gate char * 141*0Sstevel@tonic-gate nsldapi_get_binddn( LDAP *ld ) 142*0Sstevel@tonic-gate { 143*0Sstevel@tonic-gate char *binddn; 144*0Sstevel@tonic-gate 145*0Sstevel@tonic-gate binddn = NULL; /* default -- assume they are not bound */ 146*0Sstevel@tonic-gate 147*0Sstevel@tonic-gate LDAP_MUTEX_LOCK( ld, LDAP_CONN_LOCK ); 148*0Sstevel@tonic-gate if ( NULL != ld->ld_defconn && LDAP_CONNST_CONNECTED == 149*0Sstevel@tonic-gate ld->ld_defconn->lconn_status && ld->ld_defconn->lconn_bound ) { 150*0Sstevel@tonic-gate if (( binddn = ld->ld_defconn->lconn_binddn ) == NULL ) { 151*0Sstevel@tonic-gate binddn = ""; 152*0Sstevel@tonic-gate } 153*0Sstevel@tonic-gate } 154*0Sstevel@tonic-gate LDAP_MUTEX_UNLOCK( ld, LDAP_CONN_LOCK ); 155*0Sstevel@tonic-gate 156*0Sstevel@tonic-gate return( binddn ); 157*0Sstevel@tonic-gate } 158