1 #pragma ident "%Z%%M% %I% %E% SMI"
2
3 /*
4 * The contents of this file are subject to the Netscape Public
5 * License Version 1.1 (the "License"); you may not use this file
6 * except in compliance with the License. You may obtain a copy of
7 * the License at http://www.mozilla.org/NPL/
8 *
9 * Software distributed under the License is distributed on an "AS
10 * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
11 * implied. See the License for the specific language governing
12 * rights and limitations under the License.
13 *
14 * The Original Code is Mozilla Communicator client code, released
15 * March 31, 1998.
16 *
17 * The Initial Developer of the Original Code is Netscape
18 * Communications Corporation. Portions created by Netscape are
19 * Copyright (C) 1998-1999 Netscape Communications Corporation. All
20 * Rights Reserved.
21 *
22 * Contributor(s):
23 */
24 /*
25 * Copyright (c) 1993 Regents of the University of Michigan.
26 * All rights reserved.
27 */
28 /*
29 * sbind.c
30 */
31
32 #if 0
33 #ifndef lint
34 static char copyright[] = "@(#) Copyright (c) 1993 Regents of the University of Michigan.\nAll rights reserved.\n";
35 #endif
36 #endif
37
38 #include "ldap-int.h"
39
40 static int simple_bind_nolock( LDAP *ld, const char *dn, const char *passwd,
41 int unlock_permitted );
42 static int simple_bindifnot_s( LDAP *ld, const char *dn, const char *passwd );
43
44 /*
45 * ldap_simple_bind - bind to the ldap server. The dn and
46 * password of the entry to which to bind are supplied. The message id
47 * of the request initiated is returned.
48 *
49 * Example:
50 * ldap_simple_bind( ld, "cn=manager, o=university of michigan, c=us",
51 * "secret" )
52 */
53
54 int
55 LDAP_CALL
ldap_simple_bind(LDAP * ld,const char * dn,const char * passwd)56 ldap_simple_bind( LDAP *ld, const char *dn, const char *passwd )
57 {
58 int rc;
59
60 LDAPDebug( LDAP_DEBUG_TRACE, "ldap_simple_bind\n", 0, 0, 0 );
61
62 if ( !NSLDAPI_VALID_LDAP_POINTER( ld )) {
63 return( -1 );
64 }
65
66 rc = simple_bind_nolock( ld, dn, passwd, 1 );
67
68 return( rc );
69 }
70
71
72 static int
simple_bind_nolock(LDAP * ld,const char * dn,const char * passwd,int unlock_permitted)73 simple_bind_nolock( LDAP *ld, const char *dn, const char *passwd,
74 int unlock_permitted )
75 {
76 BerElement *ber;
77 int rc, msgid;
78
79 /*
80 * The bind request looks like this:
81 * BindRequest ::= SEQUENCE {
82 * version INTEGER,
83 * name DistinguishedName, -- who
84 * authentication CHOICE {
85 * simple [0] OCTET STRING -- passwd
86 * }
87 * }
88 * all wrapped up in an LDAPMessage sequence.
89 */
90
91 LDAP_MUTEX_LOCK( ld, LDAP_MSGID_LOCK );
92 msgid = ++ld->ld_msgid;
93 LDAP_MUTEX_UNLOCK( ld, LDAP_MSGID_LOCK );
94
95 if ( dn == NULL )
96 dn = "";
97 if ( passwd == NULL )
98 passwd = "";
99
100 if ( ld->ld_cache_on && ld->ld_cache_bind != NULL ) {
101 struct berval bv;
102
103 bv.bv_val = (char *)passwd;
104 bv.bv_len = strlen( passwd );
105 /* if ( unlock_permitted ) LDAP_MUTEX_UNLOCK( ld ); */
106 LDAP_MUTEX_LOCK( ld, LDAP_CACHE_LOCK );
107 rc = (ld->ld_cache_bind)( ld, msgid, LDAP_REQ_BIND, dn, &bv,
108 LDAP_AUTH_SIMPLE );
109 LDAP_MUTEX_UNLOCK( ld, LDAP_CACHE_LOCK );
110 /* if ( unlock_permitted ) LDAP_MUTEX_LOCK( ld ); */
111 if ( rc != 0 ) {
112 return( rc );
113 }
114 }
115
116 /* create a message to send */
117 if (( rc = nsldapi_alloc_ber_with_options( ld, &ber ))
118 != LDAP_SUCCESS ) {
119 return( -1 );
120 }
121
122 /* fill it in */
123 if ( ber_printf( ber, "{it{ists}", msgid, LDAP_REQ_BIND,
124 NSLDAPI_LDAP_VERSION( ld ), dn, LDAP_AUTH_SIMPLE, passwd ) == -1 ) {
125 LDAP_SET_LDERRNO( ld, LDAP_ENCODING_ERROR, NULL, NULL );
126 ber_free( ber, 1 );
127 return( -1 );
128 }
129
130 if ( nsldapi_put_controls( ld, NULL, 1, ber ) != LDAP_SUCCESS ) {
131 ber_free( ber, 1 );
132 return( -1 );
133 }
134
135 /* send the message */
136 return( nsldapi_send_initial_request( ld, msgid, LDAP_REQ_BIND,
137 (char *)dn, ber ));
138 }
139
140
141 /*
142 * ldap_simple_bind - bind to the ldap server using simple
143 * authentication. The dn and password of the entry to which to bind are
144 * supplied. LDAP_SUCCESS is returned upon success, the ldap error code
145 * otherwise.
146 *
147 * Example:
148 * ldap_simple_bind_s( ld, "cn=manager, o=university of michigan, c=us",
149 * "secret" )
150 */
151 int
152 LDAP_CALL
ldap_simple_bind_s(LDAP * ld,const char * dn,const char * passwd)153 ldap_simple_bind_s( LDAP *ld, const char *dn, const char *passwd )
154 {
155 int msgid;
156 LDAPMessage *result;
157
158 LDAPDebug( LDAP_DEBUG_TRACE, "ldap_simple_bind_s\n", 0, 0, 0 );
159
160 if ( NSLDAPI_VALID_LDAP_POINTER( ld ) &&
161 ( ld->ld_options & LDAP_BITOPT_RECONNECT ) != 0 ) {
162 return( simple_bindifnot_s( ld, dn, passwd ));
163 }
164
165 if ( (msgid = ldap_simple_bind( ld, dn, passwd )) == -1 )
166 return( LDAP_GET_LDERRNO( ld, NULL, NULL ) );
167
168 if ( ldap_result( ld, msgid, 1, (struct timeval *) 0, &result ) == -1 )
169 return( LDAP_GET_LDERRNO( ld, NULL, NULL ) );
170
171 return( ldap_result2error( ld, result, 1 ) );
172 }
173
174
175 /*
176 * simple_bindifnot_s() is like ldap_simple_bind_s() except that it only does
177 * a bind if the default connection is not currently bound.
178 * If a successful bind using the same DN has already taken place we just
179 * return LDAP_SUCCESS without conversing with the server at all.
180 */
181 static int
simple_bindifnot_s(LDAP * ld,const char * dn,const char * passwd)182 simple_bindifnot_s( LDAP *ld, const char *dn, const char *passwd )
183 {
184 int msgid, rc;
185 LDAPMessage *result;
186 char *binddn;
187
188 LDAPDebug( LDAP_DEBUG_TRACE, "simple_bindifnot_s\n", 0, 0, 0 );
189
190 if ( !NSLDAPI_VALID_LDAP_POINTER( ld )) {
191 return( LDAP_PARAM_ERROR );
192 }
193
194 if ( dn == NULL ) {
195 dn = ""; /* to make comparisons simpler */
196 }
197
198 /*
199 * if we are already bound using the same DN, just return LDAP_SUCCESS.
200 */
201 if ( NULL != ( binddn = nsldapi_get_binddn( ld ))
202 && 0 == strcmp( dn, binddn )) {
203 rc = LDAP_SUCCESS;
204 LDAP_SET_LDERRNO( ld, rc, NULL, NULL );
205 return rc;
206 }
207
208 /*
209 * if the default connection has been lost and is now marked dead,
210 * dispose of the default connection so it will get re-established.
211 *
212 * if not, clear the bind DN and status to ensure that we don't
213 * report the wrong bind DN to a different thread while waiting
214 * for our bind result to return from the server.
215 */
216 LDAP_MUTEX_LOCK( ld, LDAP_CONN_LOCK );
217 if ( NULL != ld->ld_defconn ) {
218 if ( LDAP_CONNST_DEAD == ld->ld_defconn->lconn_status ) {
219 nsldapi_free_connection( ld, ld->ld_defconn, NULL, NULL, 1, 0 );
220 ld->ld_defconn = NULL;
221 } else if ( ld->ld_defconn->lconn_binddn != NULL ) {
222 NSLDAPI_FREE( ld->ld_defconn->lconn_binddn );
223 ld->ld_defconn->lconn_binddn = NULL;
224 ld->ld_defconn->lconn_bound = 0;
225 }
226 }
227 LDAP_MUTEX_UNLOCK( ld, LDAP_CONN_LOCK );
228
229 /*
230 * finally, bind (this will open a new connection if necessary)
231 *
232 * do everything under the protection of the result lock to
233 * ensure that only one thread will be in this code at a time.
234 * XXXmcs: we should use a condition variable instead?
235 */
236 LDAP_MUTEX_LOCK( ld, LDAP_RESULT_LOCK );
237 if ( (msgid = simple_bind_nolock( ld, dn, passwd, 0 )) == -1 ) {
238 rc = LDAP_GET_LDERRNO( ld, NULL, NULL );
239 goto unlock_and_return;
240 }
241
242 /*
243 * Note that at this point the bind request is on its way to the
244 * server and at any time now we will either be bound as the new
245 * DN (if the bind succeeded) or we will be bound as anonymous (if
246 * the bind failed).
247 */
248
249 /*
250 * Wait for the bind result. Code inside result.c:read1msg()
251 * takes care of setting the connection's bind DN and status.
252 */
253 if ( nsldapi_result_nolock( ld, msgid, 1, 0, (struct timeval *) 0,
254 &result ) == -1 ) {
255 rc = LDAP_GET_LDERRNO( ld, NULL, NULL );
256 goto unlock_and_return;
257 }
258
259 rc = ldap_result2error( ld, result, 1 );
260
261 unlock_and_return:
262 LDAP_MUTEX_UNLOCK( ld, LDAP_RESULT_LOCK );
263 return( rc );
264 }
265