xref: /titanic_52/usr/src/lib/libldap5/sources/ldap/common/bind.c (revision 7c478bd95313f5f23a4c958a745db2134aa03244)
1*7c478bd9Sstevel@tonic-gate #pragma ident	"%Z%%M%	%I%	%E% SMI"
2*7c478bd9Sstevel@tonic-gate 
3*7c478bd9Sstevel@tonic-gate /*
4*7c478bd9Sstevel@tonic-gate  * The contents of this file are subject to the Netscape Public
5*7c478bd9Sstevel@tonic-gate  * License Version 1.1 (the "License"); you may not use this file
6*7c478bd9Sstevel@tonic-gate  * except in compliance with the License. You may obtain a copy of
7*7c478bd9Sstevel@tonic-gate  * the License at http://www.mozilla.org/NPL/
8*7c478bd9Sstevel@tonic-gate  *
9*7c478bd9Sstevel@tonic-gate  * Software distributed under the License is distributed on an "AS
10*7c478bd9Sstevel@tonic-gate  * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
11*7c478bd9Sstevel@tonic-gate  * implied. See the License for the specific language governing
12*7c478bd9Sstevel@tonic-gate  * rights and limitations under the License.
13*7c478bd9Sstevel@tonic-gate  *
14*7c478bd9Sstevel@tonic-gate  * The Original Code is Mozilla Communicator client code, released
15*7c478bd9Sstevel@tonic-gate  * March 31, 1998.
16*7c478bd9Sstevel@tonic-gate  *
17*7c478bd9Sstevel@tonic-gate  * The Initial Developer of the Original Code is Netscape
18*7c478bd9Sstevel@tonic-gate  * Communications Corporation. Portions created by Netscape are
19*7c478bd9Sstevel@tonic-gate  * Copyright (C) 1998-1999 Netscape Communications Corporation. All
20*7c478bd9Sstevel@tonic-gate  * Rights Reserved.
21*7c478bd9Sstevel@tonic-gate  *
22*7c478bd9Sstevel@tonic-gate  * Contributor(s):
23*7c478bd9Sstevel@tonic-gate  */
24*7c478bd9Sstevel@tonic-gate /*
25*7c478bd9Sstevel@tonic-gate  *  bind.c
26*7c478bd9Sstevel@tonic-gate  */
27*7c478bd9Sstevel@tonic-gate 
28*7c478bd9Sstevel@tonic-gate #if 0
29*7c478bd9Sstevel@tonic-gate #ifndef lint
30*7c478bd9Sstevel@tonic-gate static char copyright[] = "@(#) Copyright (c) 1990 Regents of the University of Michigan.\nAll rights reserved.\n";
31*7c478bd9Sstevel@tonic-gate #endif
32*7c478bd9Sstevel@tonic-gate #endif
33*7c478bd9Sstevel@tonic-gate 
34*7c478bd9Sstevel@tonic-gate #include "ldap-int.h"
35*7c478bd9Sstevel@tonic-gate 
36*7c478bd9Sstevel@tonic-gate /*
37*7c478bd9Sstevel@tonic-gate  * ldap_bind - bind to the ldap server. The dn and password
38*7c478bd9Sstevel@tonic-gate  * of the entry to which to bind are supplied, along with the authentication
39*7c478bd9Sstevel@tonic-gate  * method to use.  The msgid of the bind request is returned on success,
40*7c478bd9Sstevel@tonic-gate  * -1 if there's trouble.  Note, the kerberos support assumes the user already
41*7c478bd9Sstevel@tonic-gate  * has a valid tgt for now.  ldap_result() should be called to find out the
42*7c478bd9Sstevel@tonic-gate  * outcome of the bind request.
43*7c478bd9Sstevel@tonic-gate  *
44*7c478bd9Sstevel@tonic-gate  * Example:
45*7c478bd9Sstevel@tonic-gate  *	ldap_bind( ld, "cn=manager, o=university of michigan, c=us", "secret",
46*7c478bd9Sstevel@tonic-gate  *	    LDAP_AUTH_SIMPLE )
47*7c478bd9Sstevel@tonic-gate  */
48*7c478bd9Sstevel@tonic-gate 
49*7c478bd9Sstevel@tonic-gate int
50*7c478bd9Sstevel@tonic-gate LDAP_CALL
51*7c478bd9Sstevel@tonic-gate ldap_bind( LDAP *ld, const char *dn, const char *passwd, int authmethod )
52*7c478bd9Sstevel@tonic-gate {
53*7c478bd9Sstevel@tonic-gate 	/*
54*7c478bd9Sstevel@tonic-gate 	 * The bind request looks like this:
55*7c478bd9Sstevel@tonic-gate 	 *	BindRequest ::= SEQUENCE {
56*7c478bd9Sstevel@tonic-gate 	 *		version		INTEGER,
57*7c478bd9Sstevel@tonic-gate 	 *		name		DistinguishedName,	 -- who
58*7c478bd9Sstevel@tonic-gate 	 *		authentication	CHOICE {
59*7c478bd9Sstevel@tonic-gate 	 *			simple		[0] OCTET STRING -- passwd
60*7c478bd9Sstevel@tonic-gate 	 *		}
61*7c478bd9Sstevel@tonic-gate 	 *	}
62*7c478bd9Sstevel@tonic-gate 	 * all wrapped up in an LDAPMessage sequence.
63*7c478bd9Sstevel@tonic-gate 	 */
64*7c478bd9Sstevel@tonic-gate 
65*7c478bd9Sstevel@tonic-gate 	LDAPDebug( LDAP_DEBUG_TRACE, "ldap_bind\n", 0, 0, 0 );
66*7c478bd9Sstevel@tonic-gate 
67*7c478bd9Sstevel@tonic-gate 	if ( !NSLDAPI_VALID_LDAP_POINTER( ld )) {
68*7c478bd9Sstevel@tonic-gate 		return( -1 );
69*7c478bd9Sstevel@tonic-gate 	}
70*7c478bd9Sstevel@tonic-gate 
71*7c478bd9Sstevel@tonic-gate 	switch ( authmethod ) {
72*7c478bd9Sstevel@tonic-gate 	case LDAP_AUTH_SIMPLE:
73*7c478bd9Sstevel@tonic-gate 		return( ldap_simple_bind( ld, dn, passwd ) );
74*7c478bd9Sstevel@tonic-gate 
75*7c478bd9Sstevel@tonic-gate 	default:
76*7c478bd9Sstevel@tonic-gate 		LDAP_SET_LDERRNO( ld, LDAP_AUTH_UNKNOWN, NULL, NULL );
77*7c478bd9Sstevel@tonic-gate 		return( -1 );
78*7c478bd9Sstevel@tonic-gate 	}
79*7c478bd9Sstevel@tonic-gate }
80*7c478bd9Sstevel@tonic-gate 
81*7c478bd9Sstevel@tonic-gate /*
82*7c478bd9Sstevel@tonic-gate  * ldap_bind_s - bind to the ldap server.  The dn and password
83*7c478bd9Sstevel@tonic-gate  * of the entry to which to bind are supplied, along with the authentication
84*7c478bd9Sstevel@tonic-gate  * method to use.  This routine just calls whichever bind routine is
85*7c478bd9Sstevel@tonic-gate  * appropriate and returns the result of the bind (e.g. LDAP_SUCCESS or
86*7c478bd9Sstevel@tonic-gate  * some other error indication).  Note, the kerberos support assumes the
87*7c478bd9Sstevel@tonic-gate  * user already has a valid tgt for now.
88*7c478bd9Sstevel@tonic-gate  *
89*7c478bd9Sstevel@tonic-gate  * Examples:
90*7c478bd9Sstevel@tonic-gate  *	ldap_bind_s( ld, "cn=manager, o=university of michigan, c=us",
91*7c478bd9Sstevel@tonic-gate  *	    "secret", LDAP_AUTH_SIMPLE )
92*7c478bd9Sstevel@tonic-gate  *	ldap_bind_s( ld, "cn=manager, o=university of michigan, c=us",
93*7c478bd9Sstevel@tonic-gate  *	    NULL, LDAP_AUTH_KRBV4 )
94*7c478bd9Sstevel@tonic-gate  */
95*7c478bd9Sstevel@tonic-gate int
96*7c478bd9Sstevel@tonic-gate LDAP_CALL
97*7c478bd9Sstevel@tonic-gate ldap_bind_s( LDAP *ld, const char *dn, const char *passwd, int authmethod )
98*7c478bd9Sstevel@tonic-gate {
99*7c478bd9Sstevel@tonic-gate 	int	err;
100*7c478bd9Sstevel@tonic-gate 
101*7c478bd9Sstevel@tonic-gate 	LDAPDebug( LDAP_DEBUG_TRACE, "ldap_bind_s\n", 0, 0, 0 );
102*7c478bd9Sstevel@tonic-gate 
103*7c478bd9Sstevel@tonic-gate 	switch ( authmethod ) {
104*7c478bd9Sstevel@tonic-gate 	case LDAP_AUTH_SIMPLE:
105*7c478bd9Sstevel@tonic-gate 		return( ldap_simple_bind_s( ld, dn, passwd ) );
106*7c478bd9Sstevel@tonic-gate 
107*7c478bd9Sstevel@tonic-gate 	default:
108*7c478bd9Sstevel@tonic-gate 		err = LDAP_AUTH_UNKNOWN;
109*7c478bd9Sstevel@tonic-gate 		LDAP_SET_LDERRNO( ld, err, NULL, NULL );
110*7c478bd9Sstevel@tonic-gate 		return( err );
111*7c478bd9Sstevel@tonic-gate 	}
112*7c478bd9Sstevel@tonic-gate }
113*7c478bd9Sstevel@tonic-gate 
114*7c478bd9Sstevel@tonic-gate 
115*7c478bd9Sstevel@tonic-gate void
116*7c478bd9Sstevel@tonic-gate LDAP_CALL
117*7c478bd9Sstevel@tonic-gate ldap_set_rebind_proc( LDAP *ld, LDAP_REBINDPROC_CALLBACK *rebindproc,
118*7c478bd9Sstevel@tonic-gate     void *arg )
119*7c478bd9Sstevel@tonic-gate {
120*7c478bd9Sstevel@tonic-gate 	if ( ld == NULL ) {
121*7c478bd9Sstevel@tonic-gate 		if ( !nsldapi_initialized ) {
122*7c478bd9Sstevel@tonic-gate 			nsldapi_initialize_defaults();
123*7c478bd9Sstevel@tonic-gate 		}
124*7c478bd9Sstevel@tonic-gate 		ld = &nsldapi_ld_defaults;
125*7c478bd9Sstevel@tonic-gate 	}
126*7c478bd9Sstevel@tonic-gate 
127*7c478bd9Sstevel@tonic-gate 	if ( NSLDAPI_VALID_LDAP_POINTER( ld )) {
128*7c478bd9Sstevel@tonic-gate 		LDAP_MUTEX_LOCK( ld, LDAP_OPTION_LOCK );
129*7c478bd9Sstevel@tonic-gate 		ld->ld_rebind_fn = rebindproc;
130*7c478bd9Sstevel@tonic-gate 		ld->ld_rebind_arg = arg;
131*7c478bd9Sstevel@tonic-gate 		LDAP_MUTEX_UNLOCK( ld, LDAP_OPTION_LOCK );
132*7c478bd9Sstevel@tonic-gate 	}
133*7c478bd9Sstevel@tonic-gate }
134*7c478bd9Sstevel@tonic-gate 
135*7c478bd9Sstevel@tonic-gate 
136*7c478bd9Sstevel@tonic-gate /*
137*7c478bd9Sstevel@tonic-gate  * return a pointer to the bind DN for the default connection (a copy is
138*7c478bd9Sstevel@tonic-gate  * not made).  If there is no bind DN available, NULL is returned.
139*7c478bd9Sstevel@tonic-gate  */
140*7c478bd9Sstevel@tonic-gate char *
141*7c478bd9Sstevel@tonic-gate nsldapi_get_binddn( LDAP *ld )
142*7c478bd9Sstevel@tonic-gate {
143*7c478bd9Sstevel@tonic-gate 	char	*binddn;
144*7c478bd9Sstevel@tonic-gate 
145*7c478bd9Sstevel@tonic-gate 	binddn = NULL;	/* default -- assume they are not bound */
146*7c478bd9Sstevel@tonic-gate 
147*7c478bd9Sstevel@tonic-gate 	LDAP_MUTEX_LOCK( ld, LDAP_CONN_LOCK );
148*7c478bd9Sstevel@tonic-gate 	if ( NULL != ld->ld_defconn && LDAP_CONNST_CONNECTED ==
149*7c478bd9Sstevel@tonic-gate 	    ld->ld_defconn->lconn_status && ld->ld_defconn->lconn_bound ) {
150*7c478bd9Sstevel@tonic-gate 		if (( binddn = ld->ld_defconn->lconn_binddn ) == NULL ) {
151*7c478bd9Sstevel@tonic-gate 			binddn = "";
152*7c478bd9Sstevel@tonic-gate 		}
153*7c478bd9Sstevel@tonic-gate 	}
154*7c478bd9Sstevel@tonic-gate 	LDAP_MUTEX_UNLOCK( ld, LDAP_CONN_LOCK );
155*7c478bd9Sstevel@tonic-gate 
156*7c478bd9Sstevel@tonic-gate 	return( binddn );
157*7c478bd9Sstevel@tonic-gate }
158