1*7c478bd9Sstevel@tonic-gate #pragma ident "%Z%%M% %I% %E% SMI" 2*7c478bd9Sstevel@tonic-gate 3*7c478bd9Sstevel@tonic-gate /* 4*7c478bd9Sstevel@tonic-gate * The contents of this file are subject to the Netscape Public 5*7c478bd9Sstevel@tonic-gate * License Version 1.1 (the "License"); you may not use this file 6*7c478bd9Sstevel@tonic-gate * except in compliance with the License. You may obtain a copy of 7*7c478bd9Sstevel@tonic-gate * the License at http://www.mozilla.org/NPL/ 8*7c478bd9Sstevel@tonic-gate * 9*7c478bd9Sstevel@tonic-gate * Software distributed under the License is distributed on an "AS 10*7c478bd9Sstevel@tonic-gate * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or 11*7c478bd9Sstevel@tonic-gate * implied. See the License for the specific language governing 12*7c478bd9Sstevel@tonic-gate * rights and limitations under the License. 13*7c478bd9Sstevel@tonic-gate * 14*7c478bd9Sstevel@tonic-gate * The Original Code is Mozilla Communicator client code, released 15*7c478bd9Sstevel@tonic-gate * March 31, 1998. 16*7c478bd9Sstevel@tonic-gate * 17*7c478bd9Sstevel@tonic-gate * The Initial Developer of the Original Code is Netscape 18*7c478bd9Sstevel@tonic-gate * Communications Corporation. Portions created by Netscape are 19*7c478bd9Sstevel@tonic-gate * Copyright (C) 1998-1999 Netscape Communications Corporation. All 20*7c478bd9Sstevel@tonic-gate * Rights Reserved. 21*7c478bd9Sstevel@tonic-gate * 22*7c478bd9Sstevel@tonic-gate * Contributor(s): 23*7c478bd9Sstevel@tonic-gate */ 24*7c478bd9Sstevel@tonic-gate /* 25*7c478bd9Sstevel@tonic-gate * Copyright (c) 1993 Regents of the University of Michigan. 26*7c478bd9Sstevel@tonic-gate * All rights reserved. 27*7c478bd9Sstevel@tonic-gate */ 28*7c478bd9Sstevel@tonic-gate /* 29*7c478bd9Sstevel@tonic-gate * sbind.c 30*7c478bd9Sstevel@tonic-gate */ 31*7c478bd9Sstevel@tonic-gate 32*7c478bd9Sstevel@tonic-gate #if 0 33*7c478bd9Sstevel@tonic-gate #ifndef lint 34*7c478bd9Sstevel@tonic-gate static char copyright[] = "@(#) Copyright (c) 1993 Regents of the University of Michigan.\nAll rights reserved.\n"; 35*7c478bd9Sstevel@tonic-gate #endif 36*7c478bd9Sstevel@tonic-gate #endif 37*7c478bd9Sstevel@tonic-gate 38*7c478bd9Sstevel@tonic-gate #include "ldap-int.h" 39*7c478bd9Sstevel@tonic-gate 40*7c478bd9Sstevel@tonic-gate static int simple_bind_nolock( LDAP *ld, const char *dn, const char *passwd, 41*7c478bd9Sstevel@tonic-gate int unlock_permitted ); 42*7c478bd9Sstevel@tonic-gate static int simple_bindifnot_s( LDAP *ld, const char *dn, const char *passwd ); 43*7c478bd9Sstevel@tonic-gate 44*7c478bd9Sstevel@tonic-gate /* 45*7c478bd9Sstevel@tonic-gate * ldap_simple_bind - bind to the ldap server. The dn and 46*7c478bd9Sstevel@tonic-gate * password of the entry to which to bind are supplied. The message id 47*7c478bd9Sstevel@tonic-gate * of the request initiated is returned. 48*7c478bd9Sstevel@tonic-gate * 49*7c478bd9Sstevel@tonic-gate * Example: 50*7c478bd9Sstevel@tonic-gate * ldap_simple_bind( ld, "cn=manager, o=university of michigan, c=us", 51*7c478bd9Sstevel@tonic-gate * "secret" ) 52*7c478bd9Sstevel@tonic-gate */ 53*7c478bd9Sstevel@tonic-gate 54*7c478bd9Sstevel@tonic-gate int 55*7c478bd9Sstevel@tonic-gate LDAP_CALL 56*7c478bd9Sstevel@tonic-gate ldap_simple_bind( LDAP *ld, const char *dn, const char *passwd ) 57*7c478bd9Sstevel@tonic-gate { 58*7c478bd9Sstevel@tonic-gate int rc; 59*7c478bd9Sstevel@tonic-gate 60*7c478bd9Sstevel@tonic-gate LDAPDebug( LDAP_DEBUG_TRACE, "ldap_simple_bind\n", 0, 0, 0 ); 61*7c478bd9Sstevel@tonic-gate 62*7c478bd9Sstevel@tonic-gate if ( !NSLDAPI_VALID_LDAP_POINTER( ld )) { 63*7c478bd9Sstevel@tonic-gate return( -1 ); 64*7c478bd9Sstevel@tonic-gate } 65*7c478bd9Sstevel@tonic-gate 66*7c478bd9Sstevel@tonic-gate rc = simple_bind_nolock( ld, dn, passwd, 1 ); 67*7c478bd9Sstevel@tonic-gate 68*7c478bd9Sstevel@tonic-gate return( rc ); 69*7c478bd9Sstevel@tonic-gate } 70*7c478bd9Sstevel@tonic-gate 71*7c478bd9Sstevel@tonic-gate 72*7c478bd9Sstevel@tonic-gate static int 73*7c478bd9Sstevel@tonic-gate simple_bind_nolock( LDAP *ld, const char *dn, const char *passwd, 74*7c478bd9Sstevel@tonic-gate int unlock_permitted ) 75*7c478bd9Sstevel@tonic-gate { 76*7c478bd9Sstevel@tonic-gate BerElement *ber; 77*7c478bd9Sstevel@tonic-gate int rc, msgid; 78*7c478bd9Sstevel@tonic-gate 79*7c478bd9Sstevel@tonic-gate /* 80*7c478bd9Sstevel@tonic-gate * The bind request looks like this: 81*7c478bd9Sstevel@tonic-gate * BindRequest ::= SEQUENCE { 82*7c478bd9Sstevel@tonic-gate * version INTEGER, 83*7c478bd9Sstevel@tonic-gate * name DistinguishedName, -- who 84*7c478bd9Sstevel@tonic-gate * authentication CHOICE { 85*7c478bd9Sstevel@tonic-gate * simple [0] OCTET STRING -- passwd 86*7c478bd9Sstevel@tonic-gate * } 87*7c478bd9Sstevel@tonic-gate * } 88*7c478bd9Sstevel@tonic-gate * all wrapped up in an LDAPMessage sequence. 89*7c478bd9Sstevel@tonic-gate */ 90*7c478bd9Sstevel@tonic-gate 91*7c478bd9Sstevel@tonic-gate LDAP_MUTEX_LOCK( ld, LDAP_MSGID_LOCK ); 92*7c478bd9Sstevel@tonic-gate msgid = ++ld->ld_msgid; 93*7c478bd9Sstevel@tonic-gate LDAP_MUTEX_UNLOCK( ld, LDAP_MSGID_LOCK ); 94*7c478bd9Sstevel@tonic-gate 95*7c478bd9Sstevel@tonic-gate if ( dn == NULL ) 96*7c478bd9Sstevel@tonic-gate dn = ""; 97*7c478bd9Sstevel@tonic-gate if ( passwd == NULL ) 98*7c478bd9Sstevel@tonic-gate passwd = ""; 99*7c478bd9Sstevel@tonic-gate 100*7c478bd9Sstevel@tonic-gate if ( ld->ld_cache_on && ld->ld_cache_bind != NULL ) { 101*7c478bd9Sstevel@tonic-gate struct berval bv; 102*7c478bd9Sstevel@tonic-gate 103*7c478bd9Sstevel@tonic-gate bv.bv_val = (char *)passwd; 104*7c478bd9Sstevel@tonic-gate bv.bv_len = strlen( passwd ); 105*7c478bd9Sstevel@tonic-gate /* if ( unlock_permitted ) LDAP_MUTEX_UNLOCK( ld ); */ 106*7c478bd9Sstevel@tonic-gate LDAP_MUTEX_LOCK( ld, LDAP_CACHE_LOCK ); 107*7c478bd9Sstevel@tonic-gate rc = (ld->ld_cache_bind)( ld, msgid, LDAP_REQ_BIND, dn, &bv, 108*7c478bd9Sstevel@tonic-gate LDAP_AUTH_SIMPLE ); 109*7c478bd9Sstevel@tonic-gate LDAP_MUTEX_UNLOCK( ld, LDAP_CACHE_LOCK ); 110*7c478bd9Sstevel@tonic-gate /* if ( unlock_permitted ) LDAP_MUTEX_LOCK( ld ); */ 111*7c478bd9Sstevel@tonic-gate if ( rc != 0 ) { 112*7c478bd9Sstevel@tonic-gate return( rc ); 113*7c478bd9Sstevel@tonic-gate } 114*7c478bd9Sstevel@tonic-gate } 115*7c478bd9Sstevel@tonic-gate 116*7c478bd9Sstevel@tonic-gate /* create a message to send */ 117*7c478bd9Sstevel@tonic-gate if (( rc = nsldapi_alloc_ber_with_options( ld, &ber )) 118*7c478bd9Sstevel@tonic-gate != LDAP_SUCCESS ) { 119*7c478bd9Sstevel@tonic-gate return( -1 ); 120*7c478bd9Sstevel@tonic-gate } 121*7c478bd9Sstevel@tonic-gate 122*7c478bd9Sstevel@tonic-gate /* fill it in */ 123*7c478bd9Sstevel@tonic-gate if ( ber_printf( ber, "{it{ists}", msgid, LDAP_REQ_BIND, 124*7c478bd9Sstevel@tonic-gate NSLDAPI_LDAP_VERSION( ld ), dn, LDAP_AUTH_SIMPLE, passwd ) == -1 ) { 125*7c478bd9Sstevel@tonic-gate LDAP_SET_LDERRNO( ld, LDAP_ENCODING_ERROR, NULL, NULL ); 126*7c478bd9Sstevel@tonic-gate ber_free( ber, 1 ); 127*7c478bd9Sstevel@tonic-gate return( -1 ); 128*7c478bd9Sstevel@tonic-gate } 129*7c478bd9Sstevel@tonic-gate 130*7c478bd9Sstevel@tonic-gate if ( nsldapi_put_controls( ld, NULL, 1, ber ) != LDAP_SUCCESS ) { 131*7c478bd9Sstevel@tonic-gate ber_free( ber, 1 ); 132*7c478bd9Sstevel@tonic-gate return( -1 ); 133*7c478bd9Sstevel@tonic-gate } 134*7c478bd9Sstevel@tonic-gate 135*7c478bd9Sstevel@tonic-gate /* send the message */ 136*7c478bd9Sstevel@tonic-gate return( nsldapi_send_initial_request( ld, msgid, LDAP_REQ_BIND, 137*7c478bd9Sstevel@tonic-gate (char *)dn, ber )); 138*7c478bd9Sstevel@tonic-gate } 139*7c478bd9Sstevel@tonic-gate 140*7c478bd9Sstevel@tonic-gate 141*7c478bd9Sstevel@tonic-gate /* 142*7c478bd9Sstevel@tonic-gate * ldap_simple_bind - bind to the ldap server using simple 143*7c478bd9Sstevel@tonic-gate * authentication. The dn and password of the entry to which to bind are 144*7c478bd9Sstevel@tonic-gate * supplied. LDAP_SUCCESS is returned upon success, the ldap error code 145*7c478bd9Sstevel@tonic-gate * otherwise. 146*7c478bd9Sstevel@tonic-gate * 147*7c478bd9Sstevel@tonic-gate * Example: 148*7c478bd9Sstevel@tonic-gate * ldap_simple_bind_s( ld, "cn=manager, o=university of michigan, c=us", 149*7c478bd9Sstevel@tonic-gate * "secret" ) 150*7c478bd9Sstevel@tonic-gate */ 151*7c478bd9Sstevel@tonic-gate int 152*7c478bd9Sstevel@tonic-gate LDAP_CALL 153*7c478bd9Sstevel@tonic-gate ldap_simple_bind_s( LDAP *ld, const char *dn, const char *passwd ) 154*7c478bd9Sstevel@tonic-gate { 155*7c478bd9Sstevel@tonic-gate int msgid; 156*7c478bd9Sstevel@tonic-gate LDAPMessage *result; 157*7c478bd9Sstevel@tonic-gate 158*7c478bd9Sstevel@tonic-gate LDAPDebug( LDAP_DEBUG_TRACE, "ldap_simple_bind_s\n", 0, 0, 0 ); 159*7c478bd9Sstevel@tonic-gate 160*7c478bd9Sstevel@tonic-gate if ( NSLDAPI_VALID_LDAP_POINTER( ld ) && 161*7c478bd9Sstevel@tonic-gate ( ld->ld_options & LDAP_BITOPT_RECONNECT ) != 0 ) { 162*7c478bd9Sstevel@tonic-gate return( simple_bindifnot_s( ld, dn, passwd )); 163*7c478bd9Sstevel@tonic-gate } 164*7c478bd9Sstevel@tonic-gate 165*7c478bd9Sstevel@tonic-gate if ( (msgid = ldap_simple_bind( ld, dn, passwd )) == -1 ) 166*7c478bd9Sstevel@tonic-gate return( LDAP_GET_LDERRNO( ld, NULL, NULL ) ); 167*7c478bd9Sstevel@tonic-gate 168*7c478bd9Sstevel@tonic-gate if ( ldap_result( ld, msgid, 1, (struct timeval *) 0, &result ) == -1 ) 169*7c478bd9Sstevel@tonic-gate return( LDAP_GET_LDERRNO( ld, NULL, NULL ) ); 170*7c478bd9Sstevel@tonic-gate 171*7c478bd9Sstevel@tonic-gate return( ldap_result2error( ld, result, 1 ) ); 172*7c478bd9Sstevel@tonic-gate } 173*7c478bd9Sstevel@tonic-gate 174*7c478bd9Sstevel@tonic-gate 175*7c478bd9Sstevel@tonic-gate /* 176*7c478bd9Sstevel@tonic-gate * simple_bindifnot_s() is like ldap_simple_bind_s() except that it only does 177*7c478bd9Sstevel@tonic-gate * a bind if the default connection is not currently bound. 178*7c478bd9Sstevel@tonic-gate * If a successful bind using the same DN has already taken place we just 179*7c478bd9Sstevel@tonic-gate * return LDAP_SUCCESS without conversing with the server at all. 180*7c478bd9Sstevel@tonic-gate */ 181*7c478bd9Sstevel@tonic-gate static int 182*7c478bd9Sstevel@tonic-gate simple_bindifnot_s( LDAP *ld, const char *dn, const char *passwd ) 183*7c478bd9Sstevel@tonic-gate { 184*7c478bd9Sstevel@tonic-gate int msgid, rc; 185*7c478bd9Sstevel@tonic-gate LDAPMessage *result; 186*7c478bd9Sstevel@tonic-gate char *binddn; 187*7c478bd9Sstevel@tonic-gate 188*7c478bd9Sstevel@tonic-gate LDAPDebug( LDAP_DEBUG_TRACE, "simple_bindifnot_s\n", 0, 0, 0 ); 189*7c478bd9Sstevel@tonic-gate 190*7c478bd9Sstevel@tonic-gate if ( !NSLDAPI_VALID_LDAP_POINTER( ld )) { 191*7c478bd9Sstevel@tonic-gate return( LDAP_PARAM_ERROR ); 192*7c478bd9Sstevel@tonic-gate } 193*7c478bd9Sstevel@tonic-gate 194*7c478bd9Sstevel@tonic-gate if ( dn == NULL ) { 195*7c478bd9Sstevel@tonic-gate dn = ""; /* to make comparisons simpler */ 196*7c478bd9Sstevel@tonic-gate } 197*7c478bd9Sstevel@tonic-gate 198*7c478bd9Sstevel@tonic-gate /* 199*7c478bd9Sstevel@tonic-gate * if we are already bound using the same DN, just return LDAP_SUCCESS. 200*7c478bd9Sstevel@tonic-gate */ 201*7c478bd9Sstevel@tonic-gate if ( NULL != ( binddn = nsldapi_get_binddn( ld )) 202*7c478bd9Sstevel@tonic-gate && 0 == strcmp( dn, binddn )) { 203*7c478bd9Sstevel@tonic-gate rc = LDAP_SUCCESS; 204*7c478bd9Sstevel@tonic-gate LDAP_SET_LDERRNO( ld, rc, NULL, NULL ); 205*7c478bd9Sstevel@tonic-gate return rc; 206*7c478bd9Sstevel@tonic-gate } 207*7c478bd9Sstevel@tonic-gate 208*7c478bd9Sstevel@tonic-gate /* 209*7c478bd9Sstevel@tonic-gate * if the default connection has been lost and is now marked dead, 210*7c478bd9Sstevel@tonic-gate * dispose of the default connection so it will get re-established. 211*7c478bd9Sstevel@tonic-gate * 212*7c478bd9Sstevel@tonic-gate * if not, clear the bind DN and status to ensure that we don't 213*7c478bd9Sstevel@tonic-gate * report the wrong bind DN to a different thread while waiting 214*7c478bd9Sstevel@tonic-gate * for our bind result to return from the server. 215*7c478bd9Sstevel@tonic-gate */ 216*7c478bd9Sstevel@tonic-gate LDAP_MUTEX_LOCK( ld, LDAP_CONN_LOCK ); 217*7c478bd9Sstevel@tonic-gate if ( NULL != ld->ld_defconn ) { 218*7c478bd9Sstevel@tonic-gate if ( LDAP_CONNST_DEAD == ld->ld_defconn->lconn_status ) { 219*7c478bd9Sstevel@tonic-gate nsldapi_free_connection( ld, ld->ld_defconn, NULL, NULL, 1, 0 ); 220*7c478bd9Sstevel@tonic-gate ld->ld_defconn = NULL; 221*7c478bd9Sstevel@tonic-gate } else if ( ld->ld_defconn->lconn_binddn != NULL ) { 222*7c478bd9Sstevel@tonic-gate NSLDAPI_FREE( ld->ld_defconn->lconn_binddn ); 223*7c478bd9Sstevel@tonic-gate ld->ld_defconn->lconn_binddn = NULL; 224*7c478bd9Sstevel@tonic-gate ld->ld_defconn->lconn_bound = 0; 225*7c478bd9Sstevel@tonic-gate } 226*7c478bd9Sstevel@tonic-gate } 227*7c478bd9Sstevel@tonic-gate LDAP_MUTEX_UNLOCK( ld, LDAP_CONN_LOCK ); 228*7c478bd9Sstevel@tonic-gate 229*7c478bd9Sstevel@tonic-gate /* 230*7c478bd9Sstevel@tonic-gate * finally, bind (this will open a new connection if necessary) 231*7c478bd9Sstevel@tonic-gate * 232*7c478bd9Sstevel@tonic-gate * do everything under the protection of the result lock to 233*7c478bd9Sstevel@tonic-gate * ensure that only one thread will be in this code at a time. 234*7c478bd9Sstevel@tonic-gate * XXXmcs: we should use a condition variable instead? 235*7c478bd9Sstevel@tonic-gate */ 236*7c478bd9Sstevel@tonic-gate LDAP_MUTEX_LOCK( ld, LDAP_RESULT_LOCK ); 237*7c478bd9Sstevel@tonic-gate if ( (msgid = simple_bind_nolock( ld, dn, passwd, 0 )) == -1 ) { 238*7c478bd9Sstevel@tonic-gate rc = LDAP_GET_LDERRNO( ld, NULL, NULL ); 239*7c478bd9Sstevel@tonic-gate goto unlock_and_return; 240*7c478bd9Sstevel@tonic-gate } 241*7c478bd9Sstevel@tonic-gate 242*7c478bd9Sstevel@tonic-gate /* 243*7c478bd9Sstevel@tonic-gate * Note that at this point the bind request is on its way to the 244*7c478bd9Sstevel@tonic-gate * server and at any time now we will either be bound as the new 245*7c478bd9Sstevel@tonic-gate * DN (if the bind succeeded) or we will be bound as anonymous (if 246*7c478bd9Sstevel@tonic-gate * the bind failed). 247*7c478bd9Sstevel@tonic-gate */ 248*7c478bd9Sstevel@tonic-gate 249*7c478bd9Sstevel@tonic-gate /* 250*7c478bd9Sstevel@tonic-gate * Wait for the bind result. Code inside result.c:read1msg() 251*7c478bd9Sstevel@tonic-gate * takes care of setting the connection's bind DN and status. 252*7c478bd9Sstevel@tonic-gate */ 253*7c478bd9Sstevel@tonic-gate if ( nsldapi_result_nolock( ld, msgid, 1, 0, (struct timeval *) 0, 254*7c478bd9Sstevel@tonic-gate &result ) == -1 ) { 255*7c478bd9Sstevel@tonic-gate rc = LDAP_GET_LDERRNO( ld, NULL, NULL ); 256*7c478bd9Sstevel@tonic-gate goto unlock_and_return; 257*7c478bd9Sstevel@tonic-gate } 258*7c478bd9Sstevel@tonic-gate 259*7c478bd9Sstevel@tonic-gate rc = ldap_result2error( ld, result, 1 ); 260*7c478bd9Sstevel@tonic-gate 261*7c478bd9Sstevel@tonic-gate unlock_and_return: 262*7c478bd9Sstevel@tonic-gate LDAP_MUTEX_UNLOCK( ld, LDAP_RESULT_LOCK ); 263*7c478bd9Sstevel@tonic-gate return( rc ); 264*7c478bd9Sstevel@tonic-gate } 265