xref: /illumos-gate/usr/src/lib/libldap5/sources/ldap/common/sbind.c (revision 628e3cbed6489fa1db545d8524a06cd6535af456)
1 #pragma ident	"%Z%%M%	%I%	%E% SMI"
2 
3 /*
4  * The contents of this file are subject to the Netscape Public
5  * License Version 1.1 (the "License"); you may not use this file
6  * except in compliance with the License. You may obtain a copy of
7  * the License at http://www.mozilla.org/NPL/
8  *
9  * Software distributed under the License is distributed on an "AS
10  * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
11  * implied. See the License for the specific language governing
12  * rights and limitations under the License.
13  *
14  * The Original Code is Mozilla Communicator client code, released
15  * March 31, 1998.
16  *
17  * The Initial Developer of the Original Code is Netscape
18  * Communications Corporation. Portions created by Netscape are
19  * Copyright (C) 1998-1999 Netscape Communications Corporation. All
20  * Rights Reserved.
21  *
22  * Contributor(s):
23  */
24 /*
25  *  Copyright (c) 1993 Regents of the University of Michigan.
26  *  All rights reserved.
27  */
28 /*
29  *  sbind.c
30  */
31 
32 #if 0
33 #ifndef lint
34 static char copyright[] = "@(#) Copyright (c) 1993 Regents of the University of Michigan.\nAll rights reserved.\n";
35 #endif
36 #endif
37 
38 #include "ldap-int.h"
39 
40 static int simple_bind_nolock( LDAP *ld, const char *dn, const char *passwd,
41 	int unlock_permitted );
42 static int simple_bindifnot_s( LDAP *ld, const char *dn, const char *passwd );
43 
44 /*
45  * ldap_simple_bind - bind to the ldap server.  The dn and
46  * password of the entry to which to bind are supplied.  The message id
47  * of the request initiated is returned.
48  *
49  * Example:
50  *	ldap_simple_bind( ld, "cn=manager, o=university of michigan, c=us",
51  *	    "secret" )
52  */
53 
54 int
55 LDAP_CALL
56 ldap_simple_bind( LDAP *ld, const char *dn, const char *passwd )
57 {
58 	int	rc;
59 
60 	LDAPDebug( LDAP_DEBUG_TRACE, "ldap_simple_bind\n", 0, 0, 0 );
61 
62 	if ( !NSLDAPI_VALID_LDAP_POINTER( ld )) {
63 		return( -1 );
64 	}
65 
66 	rc = simple_bind_nolock( ld, dn, passwd, 1 );
67 
68 	return( rc );
69 }
70 
71 
72 static int
73 simple_bind_nolock( LDAP *ld, const char *dn, const char *passwd,
74     int unlock_permitted )
75 {
76 	BerElement	*ber;
77 	int		rc, msgid;
78 
79 	/*
80 	 * The bind request looks like this:
81 	 *	BindRequest ::= SEQUENCE {
82 	 *		version		INTEGER,
83 	 *		name		DistinguishedName,	 -- who
84 	 *		authentication	CHOICE {
85 	 *			simple		[0] OCTET STRING -- passwd
86 	 *		}
87 	 *	}
88 	 * all wrapped up in an LDAPMessage sequence.
89 	 */
90 
91 	LDAP_MUTEX_LOCK( ld, LDAP_MSGID_LOCK );
92 	msgid = ++ld->ld_msgid;
93 	LDAP_MUTEX_UNLOCK( ld, LDAP_MSGID_LOCK );
94 
95 	if ( dn == NULL )
96 		dn = "";
97 	if ( passwd == NULL )
98 		passwd = "";
99 
100 	if ( ld->ld_cache_on && ld->ld_cache_bind != NULL ) {
101 		struct berval	bv;
102 
103 		bv.bv_val = (char *)passwd;
104 		bv.bv_len = strlen( passwd );
105 		/* if ( unlock_permitted ) LDAP_MUTEX_UNLOCK( ld ); */
106 		LDAP_MUTEX_LOCK( ld, LDAP_CACHE_LOCK );
107 		rc = (ld->ld_cache_bind)( ld, msgid, LDAP_REQ_BIND, dn, &bv,
108 		    LDAP_AUTH_SIMPLE );
109 		LDAP_MUTEX_UNLOCK( ld, LDAP_CACHE_LOCK );
110 		/* if ( unlock_permitted ) LDAP_MUTEX_LOCK( ld ); */
111 		if ( rc != 0 ) {
112 			return( rc );
113 		}
114 	}
115 
116 	/* create a message to send */
117 	if (( rc = nsldapi_alloc_ber_with_options( ld, &ber ))
118 	    != LDAP_SUCCESS ) {
119 		return( -1 );
120 	}
121 
122 	/* fill it in */
123 	if ( ber_printf( ber, "{it{ists}", msgid, LDAP_REQ_BIND,
124 	    NSLDAPI_LDAP_VERSION( ld ), dn, LDAP_AUTH_SIMPLE, passwd ) == -1 ) {
125 		LDAP_SET_LDERRNO( ld, LDAP_ENCODING_ERROR, NULL, NULL );
126 		ber_free( ber, 1 );
127 		return( -1 );
128 	}
129 
130 	if ( nsldapi_put_controls( ld, NULL, 1, ber ) != LDAP_SUCCESS ) {
131 		ber_free( ber, 1 );
132 		return( -1 );
133 	}
134 
135 	/* send the message */
136 	return( nsldapi_send_initial_request( ld, msgid, LDAP_REQ_BIND,
137 		(char *)dn, ber ));
138 }
139 
140 
141 /*
142  * ldap_simple_bind - bind to the ldap server using simple
143  * authentication.  The dn and password of the entry to which to bind are
144  * supplied.  LDAP_SUCCESS is returned upon success, the ldap error code
145  * otherwise.
146  *
147  * Example:
148  *	ldap_simple_bind_s( ld, "cn=manager, o=university of michigan, c=us",
149  *	    "secret" )
150  */
151 int
152 LDAP_CALL
153 ldap_simple_bind_s( LDAP *ld, const char *dn, const char *passwd )
154 {
155 	int		msgid;
156 	LDAPMessage	*result;
157 
158 	LDAPDebug( LDAP_DEBUG_TRACE, "ldap_simple_bind_s\n", 0, 0, 0 );
159 
160 	if ( NSLDAPI_VALID_LDAP_POINTER( ld ) &&
161 	    ( ld->ld_options & LDAP_BITOPT_RECONNECT ) != 0 ) {
162 		return( simple_bindifnot_s( ld, dn, passwd ));
163 	}
164 
165 	if ( (msgid = ldap_simple_bind( ld, dn, passwd )) == -1 )
166 		return( LDAP_GET_LDERRNO( ld, NULL, NULL ) );
167 
168 	if ( ldap_result( ld, msgid, 1, (struct timeval *) 0, &result ) == -1 )
169 		return( LDAP_GET_LDERRNO( ld, NULL, NULL ) );
170 
171 	return( ldap_result2error( ld, result, 1 ) );
172 }
173 
174 
175 /*
176  * simple_bindifnot_s() is like ldap_simple_bind_s() except that it only does
177  * a bind if the default connection is not currently bound.
178  * If a successful bind using the same DN has already taken place we just
179  * return LDAP_SUCCESS without conversing with the server at all.
180  */
181 static int
182 simple_bindifnot_s( LDAP *ld, const char *dn, const char *passwd )
183 {
184 	int		msgid, rc;
185 	LDAPMessage	*result;
186 	char		*binddn;
187 
188 	LDAPDebug( LDAP_DEBUG_TRACE, "simple_bindifnot_s\n", 0, 0, 0 );
189 
190 	if ( !NSLDAPI_VALID_LDAP_POINTER( ld )) {
191 		return( LDAP_PARAM_ERROR );
192 	}
193 
194 	if ( dn == NULL ) {
195 		dn = "";	/* to make comparisons simpler */
196 	}
197 
198 	/*
199 	 * if we are already bound using the same DN, just return LDAP_SUCCESS.
200 	 */
201 	if ( NULL != ( binddn = nsldapi_get_binddn( ld ))
202 	    && 0 == strcmp( dn, binddn )) {
203 		rc = LDAP_SUCCESS;
204 		LDAP_SET_LDERRNO( ld, rc, NULL, NULL );
205 		return rc;
206 	}
207 
208 	/*
209 	 * if the default connection has been lost and is now marked dead,
210 	 * dispose of the default connection so it will get re-established.
211 	 *
212 	 * if not, clear the bind DN and status to ensure that we don't
213 	 * report the wrong bind DN to a different thread while waiting
214 	 * for our bind result to return from the server.
215 	 */
216 	LDAP_MUTEX_LOCK( ld, LDAP_CONN_LOCK );
217 	if ( NULL != ld->ld_defconn ) {
218 	    if ( LDAP_CONNST_DEAD == ld->ld_defconn->lconn_status ) {
219 		nsldapi_free_connection( ld, ld->ld_defconn, NULL, NULL, 1, 0 );
220 		ld->ld_defconn = NULL;
221 	    } else if ( ld->ld_defconn->lconn_binddn != NULL ) {
222 		NSLDAPI_FREE( ld->ld_defconn->lconn_binddn );
223 		ld->ld_defconn->lconn_binddn = NULL;
224 		ld->ld_defconn->lconn_bound = 0;
225 	    }
226 	}
227 	LDAP_MUTEX_UNLOCK( ld, LDAP_CONN_LOCK );
228 
229 	/*
230 	 * finally, bind (this will open a new connection if necessary)
231 	 *
232 	 * do everything under the protection of the result lock to
233 	 * ensure that only one thread will be in this code at a time.
234 	 * XXXmcs: we should use a condition variable instead?
235 	 */
236 	LDAP_MUTEX_LOCK( ld, LDAP_RESULT_LOCK );
237 	if ( (msgid = simple_bind_nolock( ld, dn, passwd, 0 )) == -1 ) {
238 		rc = LDAP_GET_LDERRNO( ld, NULL, NULL );
239 		goto unlock_and_return;
240 	}
241 
242 	/*
243 	 * Note that at this point the bind request is on its way to the
244 	 * server and at any time now we will either be bound as the new
245 	 * DN (if the bind succeeded) or we will be bound as anonymous (if
246 	 * the bind failed).
247 	 */
248 
249 	/*
250 	 * Wait for the bind result.  Code inside result.c:read1msg()
251 	 * takes care of setting the connection's bind DN and status.
252 	 */
253 	if ( nsldapi_result_nolock( ld, msgid, 1, 0, (struct timeval *) 0,
254 	    &result ) == -1 ) {
255 		rc = LDAP_GET_LDERRNO( ld, NULL, NULL );
256 		goto unlock_and_return;
257 	}
258 
259 	rc = ldap_result2error( ld, result, 1 );
260 
261 unlock_and_return:
262 	LDAP_MUTEX_UNLOCK( ld, LDAP_RESULT_LOCK );
263 	return( rc );
264 }
265