1 1.1 christos /* $NetBSD: bind.c,v 1.3 2025/09/05 21:16:31 christos Exp $ */ 2 1.1 christos 3 1.1 christos /* OpenLDAP WiredTiger backend */ 4 1.1 christos /* $OpenLDAP$ */ 5 1.1 christos /* This work is part of OpenLDAP Software <http://www.openldap.org/>. 6 1.1 christos * 7 1.3 christos * Copyright 2002-2024 The OpenLDAP Foundation. 8 1.1 christos * All rights reserved. 9 1.1 christos * 10 1.1 christos * Redistribution and use in source and binary forms, with or without 11 1.1 christos * modification, are permitted only as authorized by the OpenLDAP 12 1.1 christos * Public License. 13 1.1 christos * 14 1.1 christos * A copy of this license is available in the file LICENSE in the 15 1.1 christos * top-level directory of the distribution or, alternatively, at 16 1.1 christos * <http://www.OpenLDAP.org/license.html>. 17 1.1 christos */ 18 1.1 christos /* ACKNOWLEDGEMENTS: 19 1.1 christos * This work was developed by HAMANO Tsukasa <hamano (at) osstech.co.jp> 20 1.1 christos * based on back-bdb for inclusion in OpenLDAP Software. 21 1.1 christos * WiredTiger is a product of MongoDB Inc. 22 1.1 christos */ 23 1.1 christos 24 1.1 christos #include <sys/cdefs.h> 25 1.1 christos __RCSID("$NetBSD: bind.c,v 1.3 2025/09/05 21:16:31 christos Exp $"); 26 1.1 christos 27 1.1 christos #include "portable.h" 28 1.1 christos 29 1.1 christos #include <stdio.h> 30 1.1 christos #include "back-wt.h" 31 1.1 christos #include "slap-config.h" 32 1.1 christos 33 1.1 christos int 34 1.1 christos wt_bind( Operation *op, SlapReply *rs ) 35 1.1 christos { 36 1.1 christos struct wt_info *wi = (struct wt_info *) op->o_bd->be_private; 37 1.1 christos wt_ctx *wc; 38 1.1 christos int rc; 39 1.1 christos Entry *e = NULL; 40 1.1 christos Attribute *a; 41 1.1 christos AttributeDescription *password = slap_schema.si_ad_userPassword; 42 1.1 christos 43 1.3 christos Debug( LDAP_DEBUG_ARGS, "==> wt_bind: dn: %s\n", 44 1.1 christos op->o_req_dn.bv_val ); 45 1.1 christos 46 1.1 christos /* allow noauth binds */ 47 1.1 christos switch ( be_rootdn_bind( op, NULL ) ) { 48 1.1 christos case LDAP_SUCCESS: 49 1.1 christos /* frontend will send result */ 50 1.1 christos return rs->sr_err = LDAP_SUCCESS; 51 1.1 christos 52 1.1 christos default: 53 1.1 christos /* give the database a chance */ 54 1.1 christos /* NOTE: this behavior departs from that of other backends, 55 1.1 christos * since the others, in case of password checking failure 56 1.1 christos * do not give the database a chance. If an entry with 57 1.1 christos * rootdn's name does not exist in the database the result 58 1.1 christos * will be the same. See ITS#4962 for discussion. */ 59 1.1 christos break; 60 1.1 christos } 61 1.1 christos 62 1.1 christos wc = wt_ctx_get(op, wi); 63 1.1 christos if( !wc ){ 64 1.1 christos Debug( LDAP_DEBUG_ANY, 65 1.3 christos "wt_bind: wt_ctx_get failed\n" ); 66 1.1 christos rs->sr_err = LDAP_OTHER; 67 1.1 christos rs->sr_text = "internal error"; 68 1.1 christos send_ldap_result( op, rs ); 69 1.1 christos return rs->sr_err; 70 1.1 christos } 71 1.1 christos 72 1.1 christos /* get entry */ 73 1.1 christos rc = wt_dn2entry(op->o_bd, wc, &op->o_req_ndn, &e); 74 1.1 christos switch( rc ) { 75 1.1 christos case 0: 76 1.1 christos break; 77 1.1 christos case WT_NOTFOUND: 78 1.1 christos rs->sr_err = LDAP_INVALID_CREDENTIALS; 79 1.1 christos send_ldap_result( op, rs ); 80 1.1 christos return rs->sr_err; 81 1.1 christos default: 82 1.1 christos rs->sr_err = LDAP_OTHER; 83 1.1 christos rs->sr_text = "internal error"; 84 1.1 christos send_ldap_result( op, rs ); 85 1.1 christos return rs->sr_err; 86 1.1 christos } 87 1.1 christos 88 1.1 christos ber_dupbv( &op->oq_bind.rb_edn, &e->e_name ); 89 1.1 christos 90 1.1 christos /* check for deleted */ 91 1.1 christos if ( is_entry_subentry( e ) ) { 92 1.1 christos /* entry is an subentry, don't allow bind */ 93 1.1 christos Debug( LDAP_DEBUG_TRACE, "entry is subentry\n" ); 94 1.1 christos rs->sr_err = LDAP_INVALID_CREDENTIALS; 95 1.1 christos goto done; 96 1.1 christos } 97 1.1 christos 98 1.1 christos if ( is_entry_alias( e ) ) { 99 1.1 christos /* entry is an alias, don't allow bind */ 100 1.1 christos Debug( LDAP_DEBUG_TRACE, "entry is alias\n" ); 101 1.1 christos rs->sr_err = LDAP_INVALID_CREDENTIALS; 102 1.1 christos goto done; 103 1.1 christos } 104 1.1 christos 105 1.1 christos if ( is_entry_referral( e ) ) { 106 1.1 christos Debug( LDAP_DEBUG_TRACE, "entry is referral\n" ); 107 1.1 christos rs->sr_err = LDAP_INVALID_CREDENTIALS; 108 1.1 christos goto done; 109 1.1 christos } 110 1.1 christos 111 1.1 christos switch ( op->oq_bind.rb_method ) { 112 1.1 christos case LDAP_AUTH_SIMPLE: 113 1.1 christos a = attr_find( e->e_attrs, password ); 114 1.1 christos if ( a == NULL ) { 115 1.1 christos rs->sr_err = LDAP_INVALID_CREDENTIALS; 116 1.1 christos goto done; 117 1.1 christos } 118 1.1 christos 119 1.1 christos if ( slap_passwd_check( op, e, a, &op->oq_bind.rb_cred, 120 1.1 christos &rs->sr_text ) != 0 ) 121 1.1 christos { 122 1.1 christos /* failure; stop front end from sending result */ 123 1.1 christos rs->sr_err = LDAP_INVALID_CREDENTIALS; 124 1.1 christos goto done; 125 1.1 christos } 126 1.1 christos rs->sr_err = 0; 127 1.1 christos break; 128 1.1 christos 129 1.1 christos default: 130 1.1 christos rs->sr_err = LDAP_STRONG_AUTH_NOT_SUPPORTED; 131 1.1 christos rs->sr_text = "authentication method not supported"; 132 1.1 christos } 133 1.1 christos 134 1.1 christos done: 135 1.1 christos /* free entry */ 136 1.1 christos if (e) { 137 1.1 christos wt_entry_return(e); 138 1.1 christos } 139 1.1 christos if (rs->sr_err) { 140 1.1 christos send_ldap_result( op, rs ); 141 1.1 christos if ( rs->sr_ref ) { 142 1.1 christos ber_bvarray_free( rs->sr_ref ); 143 1.1 christos rs->sr_ref = NULL; 144 1.1 christos } 145 1.1 christos } 146 1.1 christos return rs->sr_err; 147 1.1 christos } 148 1.1 christos 149 1.1 christos /* 150 1.1 christos * Local variables: 151 1.1 christos * indent-tabs-mode: t 152 1.1 christos * tab-width: 4 153 1.1 christos * c-basic-offset: 4 154 1.1 christos * End: 155 1.1 christos */ 156
Indexes created Sun Mar 29 00:23:15 UTC 2026