1 #pragma ident "%Z%%M% %I% %E% SMI" 2 3 /* 4 * The contents of this file are subject to the Netscape Public 5 * License Version 1.1 (the "License"); you may not use this file 6 * except in compliance with the License. You may obtain a copy of 7 * the License at http://www.mozilla.org/NPL/ 8 * 9 * Software distributed under the License is distributed on an "AS 10 * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or 11 * implied. See the License for the specific language governing 12 * rights and limitations under the License. 13 * 14 * The Original Code is Mozilla Communicator client code, released 15 * March 31, 1998. 16 * 17 * The Initial Developer of the Original Code is Netscape 18 * Communications Corporation. Portions created by Netscape are 19 * Copyright (C) 1998-1999 Netscape Communications Corporation. All 20 * Rights Reserved. 21 * 22 * Contributor(s): 23 */ 24 /* 25 * Copyright (c) 1993 Regents of the University of Michigan. 26 * All rights reserved. 27 */ 28 /* 29 * sbind.c 30 */ 31 32 #if 0 33 #ifndef lint 34 static char copyright[] = "@(#) Copyright (c) 1993 Regents of the University of Michigan.\nAll rights reserved.\n"; 35 #endif 36 #endif 37 38 #include "ldap-int.h" 39 40 static int simple_bind_nolock( LDAP *ld, const char *dn, const char *passwd, 41 int unlock_permitted ); 42 static int simple_bindifnot_s( LDAP *ld, const char *dn, const char *passwd ); 43 44 /* 45 * ldap_simple_bind - bind to the ldap server. The dn and 46 * password of the entry to which to bind are supplied. The message id 47 * of the request initiated is returned. 48 * 49 * Example: 50 * ldap_simple_bind( ld, "cn=manager, o=university of michigan, c=us", 51 * "secret" ) 52 */ 53 54 int 55 LDAP_CALL 56 ldap_simple_bind( LDAP *ld, const char *dn, const char *passwd ) 57 { 58 int rc; 59 60 LDAPDebug( LDAP_DEBUG_TRACE, "ldap_simple_bind\n", 0, 0, 0 ); 61 62 if ( !NSLDAPI_VALID_LDAP_POINTER( ld )) { 63 return( -1 ); 64 } 65 66 rc = simple_bind_nolock( ld, dn, passwd, 1 ); 67 68 return( rc ); 69 } 70 71 72 static int 73 simple_bind_nolock( LDAP *ld, const char *dn, const char *passwd, 74 int unlock_permitted ) 75 { 76 BerElement *ber; 77 int rc, msgid; 78 79 /* 80 * The bind request looks like this: 81 * BindRequest ::= SEQUENCE { 82 * version INTEGER, 83 * name DistinguishedName, -- who 84 * authentication CHOICE { 85 * simple [0] OCTET STRING -- passwd 86 * } 87 * } 88 * all wrapped up in an LDAPMessage sequence. 89 */ 90 91 LDAP_MUTEX_LOCK( ld, LDAP_MSGID_LOCK ); 92 msgid = ++ld->ld_msgid; 93 LDAP_MUTEX_UNLOCK( ld, LDAP_MSGID_LOCK ); 94 95 if ( dn == NULL ) 96 dn = ""; 97 if ( passwd == NULL ) 98 passwd = ""; 99 100 if ( ld->ld_cache_on && ld->ld_cache_bind != NULL ) { 101 struct berval bv; 102 103 bv.bv_val = (char *)passwd; 104 bv.bv_len = strlen( passwd ); 105 /* if ( unlock_permitted ) LDAP_MUTEX_UNLOCK( ld ); */ 106 LDAP_MUTEX_LOCK( ld, LDAP_CACHE_LOCK ); 107 rc = (ld->ld_cache_bind)( ld, msgid, LDAP_REQ_BIND, dn, &bv, 108 LDAP_AUTH_SIMPLE ); 109 LDAP_MUTEX_UNLOCK( ld, LDAP_CACHE_LOCK ); 110 /* if ( unlock_permitted ) LDAP_MUTEX_LOCK( ld ); */ 111 if ( rc != 0 ) { 112 return( rc ); 113 } 114 } 115 116 /* create a message to send */ 117 if (( rc = nsldapi_alloc_ber_with_options( ld, &ber )) 118 != LDAP_SUCCESS ) { 119 return( -1 ); 120 } 121 122 /* fill it in */ 123 if ( ber_printf( ber, "{it{ists}", msgid, LDAP_REQ_BIND, 124 NSLDAPI_LDAP_VERSION( ld ), dn, LDAP_AUTH_SIMPLE, passwd ) == -1 ) { 125 LDAP_SET_LDERRNO( ld, LDAP_ENCODING_ERROR, NULL, NULL ); 126 ber_free( ber, 1 ); 127 return( -1 ); 128 } 129 130 if ( nsldapi_put_controls( ld, NULL, 1, ber ) != LDAP_SUCCESS ) { 131 ber_free( ber, 1 ); 132 return( -1 ); 133 } 134 135 /* send the message */ 136 return( nsldapi_send_initial_request( ld, msgid, LDAP_REQ_BIND, 137 (char *)dn, ber )); 138 } 139 140 141 /* 142 * ldap_simple_bind - bind to the ldap server using simple 143 * authentication. The dn and password of the entry to which to bind are 144 * supplied. LDAP_SUCCESS is returned upon success, the ldap error code 145 * otherwise. 146 * 147 * Example: 148 * ldap_simple_bind_s( ld, "cn=manager, o=university of michigan, c=us", 149 * "secret" ) 150 */ 151 int 152 LDAP_CALL 153 ldap_simple_bind_s( LDAP *ld, const char *dn, const char *passwd ) 154 { 155 int msgid; 156 LDAPMessage *result; 157 158 LDAPDebug( LDAP_DEBUG_TRACE, "ldap_simple_bind_s\n", 0, 0, 0 ); 159 160 if ( NSLDAPI_VALID_LDAP_POINTER( ld ) && 161 ( ld->ld_options & LDAP_BITOPT_RECONNECT ) != 0 ) { 162 return( simple_bindifnot_s( ld, dn, passwd )); 163 } 164 165 if ( (msgid = ldap_simple_bind( ld, dn, passwd )) == -1 ) 166 return( LDAP_GET_LDERRNO( ld, NULL, NULL ) ); 167 168 if ( ldap_result( ld, msgid, 1, (struct timeval *) 0, &result ) == -1 ) 169 return( LDAP_GET_LDERRNO( ld, NULL, NULL ) ); 170 171 return( ldap_result2error( ld, result, 1 ) ); 172 } 173 174 175 /* 176 * simple_bindifnot_s() is like ldap_simple_bind_s() except that it only does 177 * a bind if the default connection is not currently bound. 178 * If a successful bind using the same DN has already taken place we just 179 * return LDAP_SUCCESS without conversing with the server at all. 180 */ 181 static int 182 simple_bindifnot_s( LDAP *ld, const char *dn, const char *passwd ) 183 { 184 int msgid, rc; 185 LDAPMessage *result; 186 char *binddn; 187 188 LDAPDebug( LDAP_DEBUG_TRACE, "simple_bindifnot_s\n", 0, 0, 0 ); 189 190 if ( !NSLDAPI_VALID_LDAP_POINTER( ld )) { 191 return( LDAP_PARAM_ERROR ); 192 } 193 194 if ( dn == NULL ) { 195 dn = ""; /* to make comparisons simpler */ 196 } 197 198 /* 199 * if we are already bound using the same DN, just return LDAP_SUCCESS. 200 */ 201 if ( NULL != ( binddn = nsldapi_get_binddn( ld )) 202 && 0 == strcmp( dn, binddn )) { 203 rc = LDAP_SUCCESS; 204 LDAP_SET_LDERRNO( ld, rc, NULL, NULL ); 205 return rc; 206 } 207 208 /* 209 * if the default connection has been lost and is now marked dead, 210 * dispose of the default connection so it will get re-established. 211 * 212 * if not, clear the bind DN and status to ensure that we don't 213 * report the wrong bind DN to a different thread while waiting 214 * for our bind result to return from the server. 215 */ 216 LDAP_MUTEX_LOCK( ld, LDAP_CONN_LOCK ); 217 if ( NULL != ld->ld_defconn ) { 218 if ( LDAP_CONNST_DEAD == ld->ld_defconn->lconn_status ) { 219 nsldapi_free_connection( ld, ld->ld_defconn, NULL, NULL, 1, 0 ); 220 ld->ld_defconn = NULL; 221 } else if ( ld->ld_defconn->lconn_binddn != NULL ) { 222 NSLDAPI_FREE( ld->ld_defconn->lconn_binddn ); 223 ld->ld_defconn->lconn_binddn = NULL; 224 ld->ld_defconn->lconn_bound = 0; 225 } 226 } 227 LDAP_MUTEX_UNLOCK( ld, LDAP_CONN_LOCK ); 228 229 /* 230 * finally, bind (this will open a new connection if necessary) 231 * 232 * do everything under the protection of the result lock to 233 * ensure that only one thread will be in this code at a time. 234 * XXXmcs: we should use a condition variable instead? 235 */ 236 LDAP_MUTEX_LOCK( ld, LDAP_RESULT_LOCK ); 237 if ( (msgid = simple_bind_nolock( ld, dn, passwd, 0 )) == -1 ) { 238 rc = LDAP_GET_LDERRNO( ld, NULL, NULL ); 239 goto unlock_and_return; 240 } 241 242 /* 243 * Note that at this point the bind request is on its way to the 244 * server and at any time now we will either be bound as the new 245 * DN (if the bind succeeded) or we will be bound as anonymous (if 246 * the bind failed). 247 */ 248 249 /* 250 * Wait for the bind result. Code inside result.c:read1msg() 251 * takes care of setting the connection's bind DN and status. 252 */ 253 if ( nsldapi_result_nolock( ld, msgid, 1, 0, (struct timeval *) 0, 254 &result ) == -1 ) { 255 rc = LDAP_GET_LDERRNO( ld, NULL, NULL ); 256 goto unlock_and_return; 257 } 258 259 rc = ldap_result2error( ld, result, 1 ); 260 261 unlock_and_return: 262 LDAP_MUTEX_UNLOCK( ld, LDAP_RESULT_LOCK ); 263 return( rc ); 264 } 265