17c478bd9Sstevel@tonic-gate /*
27c478bd9Sstevel@tonic-gate * The contents of this file are subject to the Netscape Public
37c478bd9Sstevel@tonic-gate * License Version 1.1 (the "License"); you may not use this file
47c478bd9Sstevel@tonic-gate * except in compliance with the License. You may obtain a copy of
57c478bd9Sstevel@tonic-gate * the License at http://www.mozilla.org/NPL/
67c478bd9Sstevel@tonic-gate *
77c478bd9Sstevel@tonic-gate * Software distributed under the License is distributed on an "AS
87c478bd9Sstevel@tonic-gate * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
97c478bd9Sstevel@tonic-gate * implied. See the License for the specific language governing
107c478bd9Sstevel@tonic-gate * rights and limitations under the License.
117c478bd9Sstevel@tonic-gate *
127c478bd9Sstevel@tonic-gate * The Original Code is Mozilla Communicator client code, released
137c478bd9Sstevel@tonic-gate * March 31, 1998.
147c478bd9Sstevel@tonic-gate *
157c478bd9Sstevel@tonic-gate * The Initial Developer of the Original Code is Netscape
167c478bd9Sstevel@tonic-gate * Communications Corporation. Portions created by Netscape are
177c478bd9Sstevel@tonic-gate * Copyright (C) 1998-1999 Netscape Communications Corporation. All
187c478bd9Sstevel@tonic-gate * Rights Reserved.
197c478bd9Sstevel@tonic-gate *
207c478bd9Sstevel@tonic-gate * Contributor(s):
217c478bd9Sstevel@tonic-gate */
227c478bd9Sstevel@tonic-gate /*
237c478bd9Sstevel@tonic-gate * Copyright (c) 1993 Regents of the University of Michigan.
247c478bd9Sstevel@tonic-gate * All rights reserved.
257c478bd9Sstevel@tonic-gate */
267c478bd9Sstevel@tonic-gate /*
277c478bd9Sstevel@tonic-gate * sbind.c
287c478bd9Sstevel@tonic-gate */
297c478bd9Sstevel@tonic-gate
307c478bd9Sstevel@tonic-gate #if 0
31*1da57d55SToomas Soome #ifndef lint
327c478bd9Sstevel@tonic-gate static char copyright[] = "@(#) Copyright (c) 1993 Regents of the University of Michigan.\nAll rights reserved.\n";
337c478bd9Sstevel@tonic-gate #endif
347c478bd9Sstevel@tonic-gate #endif
357c478bd9Sstevel@tonic-gate
367c478bd9Sstevel@tonic-gate #include "ldap-int.h"
377c478bd9Sstevel@tonic-gate
387c478bd9Sstevel@tonic-gate static int simple_bind_nolock( LDAP *ld, const char *dn, const char *passwd,
397c478bd9Sstevel@tonic-gate int unlock_permitted );
407c478bd9Sstevel@tonic-gate static int simple_bindifnot_s( LDAP *ld, const char *dn, const char *passwd );
417c478bd9Sstevel@tonic-gate
427c478bd9Sstevel@tonic-gate /*
437c478bd9Sstevel@tonic-gate * ldap_simple_bind - bind to the ldap server. The dn and
447c478bd9Sstevel@tonic-gate * password of the entry to which to bind are supplied. The message id
457c478bd9Sstevel@tonic-gate * of the request initiated is returned.
467c478bd9Sstevel@tonic-gate *
477c478bd9Sstevel@tonic-gate * Example:
487c478bd9Sstevel@tonic-gate * ldap_simple_bind( ld, "cn=manager, o=university of michigan, c=us",
497c478bd9Sstevel@tonic-gate * "secret" )
507c478bd9Sstevel@tonic-gate */
517c478bd9Sstevel@tonic-gate
527c478bd9Sstevel@tonic-gate int
537c478bd9Sstevel@tonic-gate LDAP_CALL
ldap_simple_bind(LDAP * ld,const char * dn,const char * passwd)547c478bd9Sstevel@tonic-gate ldap_simple_bind( LDAP *ld, const char *dn, const char *passwd )
557c478bd9Sstevel@tonic-gate {
567c478bd9Sstevel@tonic-gate int rc;
577c478bd9Sstevel@tonic-gate
587c478bd9Sstevel@tonic-gate LDAPDebug( LDAP_DEBUG_TRACE, "ldap_simple_bind\n", 0, 0, 0 );
597c478bd9Sstevel@tonic-gate
607c478bd9Sstevel@tonic-gate if ( !NSLDAPI_VALID_LDAP_POINTER( ld )) {
617c478bd9Sstevel@tonic-gate return( -1 );
627c478bd9Sstevel@tonic-gate }
637c478bd9Sstevel@tonic-gate
647c478bd9Sstevel@tonic-gate rc = simple_bind_nolock( ld, dn, passwd, 1 );
657c478bd9Sstevel@tonic-gate
667c478bd9Sstevel@tonic-gate return( rc );
677c478bd9Sstevel@tonic-gate }
687c478bd9Sstevel@tonic-gate
697c478bd9Sstevel@tonic-gate
707c478bd9Sstevel@tonic-gate static int
simple_bind_nolock(LDAP * ld,const char * dn,const char * passwd,int unlock_permitted)717c478bd9Sstevel@tonic-gate simple_bind_nolock( LDAP *ld, const char *dn, const char *passwd,
727c478bd9Sstevel@tonic-gate int unlock_permitted )
737c478bd9Sstevel@tonic-gate {
747c478bd9Sstevel@tonic-gate BerElement *ber;
757c478bd9Sstevel@tonic-gate int rc, msgid;
767c478bd9Sstevel@tonic-gate
777c478bd9Sstevel@tonic-gate /*
787c478bd9Sstevel@tonic-gate * The bind request looks like this:
797c478bd9Sstevel@tonic-gate * BindRequest ::= SEQUENCE {
807c478bd9Sstevel@tonic-gate * version INTEGER,
817c478bd9Sstevel@tonic-gate * name DistinguishedName, -- who
827c478bd9Sstevel@tonic-gate * authentication CHOICE {
837c478bd9Sstevel@tonic-gate * simple [0] OCTET STRING -- passwd
847c478bd9Sstevel@tonic-gate * }
857c478bd9Sstevel@tonic-gate * }
867c478bd9Sstevel@tonic-gate * all wrapped up in an LDAPMessage sequence.
877c478bd9Sstevel@tonic-gate */
887c478bd9Sstevel@tonic-gate
897c478bd9Sstevel@tonic-gate LDAP_MUTEX_LOCK( ld, LDAP_MSGID_LOCK );
907c478bd9Sstevel@tonic-gate msgid = ++ld->ld_msgid;
917c478bd9Sstevel@tonic-gate LDAP_MUTEX_UNLOCK( ld, LDAP_MSGID_LOCK );
927c478bd9Sstevel@tonic-gate
937c478bd9Sstevel@tonic-gate if ( dn == NULL )
947c478bd9Sstevel@tonic-gate dn = "";
957c478bd9Sstevel@tonic-gate if ( passwd == NULL )
967c478bd9Sstevel@tonic-gate passwd = "";
977c478bd9Sstevel@tonic-gate
987c478bd9Sstevel@tonic-gate if ( ld->ld_cache_on && ld->ld_cache_bind != NULL ) {
997c478bd9Sstevel@tonic-gate struct berval bv;
1007c478bd9Sstevel@tonic-gate
1017c478bd9Sstevel@tonic-gate bv.bv_val = (char *)passwd;
1027c478bd9Sstevel@tonic-gate bv.bv_len = strlen( passwd );
1037c478bd9Sstevel@tonic-gate /* if ( unlock_permitted ) LDAP_MUTEX_UNLOCK( ld ); */
1047c478bd9Sstevel@tonic-gate LDAP_MUTEX_LOCK( ld, LDAP_CACHE_LOCK );
1057c478bd9Sstevel@tonic-gate rc = (ld->ld_cache_bind)( ld, msgid, LDAP_REQ_BIND, dn, &bv,
1067c478bd9Sstevel@tonic-gate LDAP_AUTH_SIMPLE );
1077c478bd9Sstevel@tonic-gate LDAP_MUTEX_UNLOCK( ld, LDAP_CACHE_LOCK );
1087c478bd9Sstevel@tonic-gate /* if ( unlock_permitted ) LDAP_MUTEX_LOCK( ld ); */
1097c478bd9Sstevel@tonic-gate if ( rc != 0 ) {
1107c478bd9Sstevel@tonic-gate return( rc );
1117c478bd9Sstevel@tonic-gate }
1127c478bd9Sstevel@tonic-gate }
1137c478bd9Sstevel@tonic-gate
1147c478bd9Sstevel@tonic-gate /* create a message to send */
1157c478bd9Sstevel@tonic-gate if (( rc = nsldapi_alloc_ber_with_options( ld, &ber ))
1167c478bd9Sstevel@tonic-gate != LDAP_SUCCESS ) {
1177c478bd9Sstevel@tonic-gate return( -1 );
1187c478bd9Sstevel@tonic-gate }
1197c478bd9Sstevel@tonic-gate
1207c478bd9Sstevel@tonic-gate /* fill it in */
1217c478bd9Sstevel@tonic-gate if ( ber_printf( ber, "{it{ists}", msgid, LDAP_REQ_BIND,
1227c478bd9Sstevel@tonic-gate NSLDAPI_LDAP_VERSION( ld ), dn, LDAP_AUTH_SIMPLE, passwd ) == -1 ) {
1237c478bd9Sstevel@tonic-gate LDAP_SET_LDERRNO( ld, LDAP_ENCODING_ERROR, NULL, NULL );
1247c478bd9Sstevel@tonic-gate ber_free( ber, 1 );
1257c478bd9Sstevel@tonic-gate return( -1 );
1267c478bd9Sstevel@tonic-gate }
1277c478bd9Sstevel@tonic-gate
1287c478bd9Sstevel@tonic-gate if ( nsldapi_put_controls( ld, NULL, 1, ber ) != LDAP_SUCCESS ) {
1297c478bd9Sstevel@tonic-gate ber_free( ber, 1 );
1307c478bd9Sstevel@tonic-gate return( -1 );
1317c478bd9Sstevel@tonic-gate }
1327c478bd9Sstevel@tonic-gate
1337c478bd9Sstevel@tonic-gate /* send the message */
1347c478bd9Sstevel@tonic-gate return( nsldapi_send_initial_request( ld, msgid, LDAP_REQ_BIND,
1357c478bd9Sstevel@tonic-gate (char *)dn, ber ));
1367c478bd9Sstevel@tonic-gate }
1377c478bd9Sstevel@tonic-gate
1387c478bd9Sstevel@tonic-gate
1397c478bd9Sstevel@tonic-gate /*
1407c478bd9Sstevel@tonic-gate * ldap_simple_bind - bind to the ldap server using simple
1417c478bd9Sstevel@tonic-gate * authentication. The dn and password of the entry to which to bind are
1427c478bd9Sstevel@tonic-gate * supplied. LDAP_SUCCESS is returned upon success, the ldap error code
1437c478bd9Sstevel@tonic-gate * otherwise.
1447c478bd9Sstevel@tonic-gate *
1457c478bd9Sstevel@tonic-gate * Example:
1467c478bd9Sstevel@tonic-gate * ldap_simple_bind_s( ld, "cn=manager, o=university of michigan, c=us",
1477c478bd9Sstevel@tonic-gate * "secret" )
1487c478bd9Sstevel@tonic-gate */
1497c478bd9Sstevel@tonic-gate int
1507c478bd9Sstevel@tonic-gate LDAP_CALL
ldap_simple_bind_s(LDAP * ld,const char * dn,const char * passwd)1517c478bd9Sstevel@tonic-gate ldap_simple_bind_s( LDAP *ld, const char *dn, const char *passwd )
1527c478bd9Sstevel@tonic-gate {
1537c478bd9Sstevel@tonic-gate int msgid;
1547c478bd9Sstevel@tonic-gate LDAPMessage *result;
1557c478bd9Sstevel@tonic-gate
1567c478bd9Sstevel@tonic-gate LDAPDebug( LDAP_DEBUG_TRACE, "ldap_simple_bind_s\n", 0, 0, 0 );
1577c478bd9Sstevel@tonic-gate
1587c478bd9Sstevel@tonic-gate if ( NSLDAPI_VALID_LDAP_POINTER( ld ) &&
1597c478bd9Sstevel@tonic-gate ( ld->ld_options & LDAP_BITOPT_RECONNECT ) != 0 ) {
1607c478bd9Sstevel@tonic-gate return( simple_bindifnot_s( ld, dn, passwd ));
1617c478bd9Sstevel@tonic-gate }
1627c478bd9Sstevel@tonic-gate
1637c478bd9Sstevel@tonic-gate if ( (msgid = ldap_simple_bind( ld, dn, passwd )) == -1 )
1647c478bd9Sstevel@tonic-gate return( LDAP_GET_LDERRNO( ld, NULL, NULL ) );
1657c478bd9Sstevel@tonic-gate
1667c478bd9Sstevel@tonic-gate if ( ldap_result( ld, msgid, 1, (struct timeval *) 0, &result ) == -1 )
1677c478bd9Sstevel@tonic-gate return( LDAP_GET_LDERRNO( ld, NULL, NULL ) );
1687c478bd9Sstevel@tonic-gate
1697c478bd9Sstevel@tonic-gate return( ldap_result2error( ld, result, 1 ) );
1707c478bd9Sstevel@tonic-gate }
1717c478bd9Sstevel@tonic-gate
1727c478bd9Sstevel@tonic-gate
1737c478bd9Sstevel@tonic-gate /*
1747c478bd9Sstevel@tonic-gate * simple_bindifnot_s() is like ldap_simple_bind_s() except that it only does
1757c478bd9Sstevel@tonic-gate * a bind if the default connection is not currently bound.
1767c478bd9Sstevel@tonic-gate * If a successful bind using the same DN has already taken place we just
1777c478bd9Sstevel@tonic-gate * return LDAP_SUCCESS without conversing with the server at all.
1787c478bd9Sstevel@tonic-gate */
1797c478bd9Sstevel@tonic-gate static int
simple_bindifnot_s(LDAP * ld,const char * dn,const char * passwd)1807c478bd9Sstevel@tonic-gate simple_bindifnot_s( LDAP *ld, const char *dn, const char *passwd )
1817c478bd9Sstevel@tonic-gate {
1827c478bd9Sstevel@tonic-gate int msgid, rc;
1837c478bd9Sstevel@tonic-gate LDAPMessage *result;
1847c478bd9Sstevel@tonic-gate char *binddn;
1857c478bd9Sstevel@tonic-gate
1867c478bd9Sstevel@tonic-gate LDAPDebug( LDAP_DEBUG_TRACE, "simple_bindifnot_s\n", 0, 0, 0 );
1877c478bd9Sstevel@tonic-gate
1887c478bd9Sstevel@tonic-gate if ( !NSLDAPI_VALID_LDAP_POINTER( ld )) {
1897c478bd9Sstevel@tonic-gate return( LDAP_PARAM_ERROR );
1907c478bd9Sstevel@tonic-gate }
1917c478bd9Sstevel@tonic-gate
1927c478bd9Sstevel@tonic-gate if ( dn == NULL ) {
1937c478bd9Sstevel@tonic-gate dn = ""; /* to make comparisons simpler */
1947c478bd9Sstevel@tonic-gate }
1957c478bd9Sstevel@tonic-gate
1967c478bd9Sstevel@tonic-gate /*
1977c478bd9Sstevel@tonic-gate * if we are already bound using the same DN, just return LDAP_SUCCESS.
1987c478bd9Sstevel@tonic-gate */
1997c478bd9Sstevel@tonic-gate if ( NULL != ( binddn = nsldapi_get_binddn( ld ))
2007c478bd9Sstevel@tonic-gate && 0 == strcmp( dn, binddn )) {
2017c478bd9Sstevel@tonic-gate rc = LDAP_SUCCESS;
2027c478bd9Sstevel@tonic-gate LDAP_SET_LDERRNO( ld, rc, NULL, NULL );
2037c478bd9Sstevel@tonic-gate return rc;
2047c478bd9Sstevel@tonic-gate }
2057c478bd9Sstevel@tonic-gate
2067c478bd9Sstevel@tonic-gate /*
2077c478bd9Sstevel@tonic-gate * if the default connection has been lost and is now marked dead,
2087c478bd9Sstevel@tonic-gate * dispose of the default connection so it will get re-established.
2097c478bd9Sstevel@tonic-gate *
2107c478bd9Sstevel@tonic-gate * if not, clear the bind DN and status to ensure that we don't
2117c478bd9Sstevel@tonic-gate * report the wrong bind DN to a different thread while waiting
2127c478bd9Sstevel@tonic-gate * for our bind result to return from the server.
2137c478bd9Sstevel@tonic-gate */
2147c478bd9Sstevel@tonic-gate LDAP_MUTEX_LOCK( ld, LDAP_CONN_LOCK );
2157c478bd9Sstevel@tonic-gate if ( NULL != ld->ld_defconn ) {
2167c478bd9Sstevel@tonic-gate if ( LDAP_CONNST_DEAD == ld->ld_defconn->lconn_status ) {
2177c478bd9Sstevel@tonic-gate nsldapi_free_connection( ld, ld->ld_defconn, NULL, NULL, 1, 0 );
2187c478bd9Sstevel@tonic-gate ld->ld_defconn = NULL;
2197c478bd9Sstevel@tonic-gate } else if ( ld->ld_defconn->lconn_binddn != NULL ) {
2207c478bd9Sstevel@tonic-gate NSLDAPI_FREE( ld->ld_defconn->lconn_binddn );
2217c478bd9Sstevel@tonic-gate ld->ld_defconn->lconn_binddn = NULL;
2227c478bd9Sstevel@tonic-gate ld->ld_defconn->lconn_bound = 0;
2237c478bd9Sstevel@tonic-gate }
2247c478bd9Sstevel@tonic-gate }
2257c478bd9Sstevel@tonic-gate LDAP_MUTEX_UNLOCK( ld, LDAP_CONN_LOCK );
2267c478bd9Sstevel@tonic-gate
2277c478bd9Sstevel@tonic-gate /*
2287c478bd9Sstevel@tonic-gate * finally, bind (this will open a new connection if necessary)
2297c478bd9Sstevel@tonic-gate *
2307c478bd9Sstevel@tonic-gate * do everything under the protection of the result lock to
2317c478bd9Sstevel@tonic-gate * ensure that only one thread will be in this code at a time.
2327c478bd9Sstevel@tonic-gate * XXXmcs: we should use a condition variable instead?
2337c478bd9Sstevel@tonic-gate */
2347c478bd9Sstevel@tonic-gate LDAP_MUTEX_LOCK( ld, LDAP_RESULT_LOCK );
2357c478bd9Sstevel@tonic-gate if ( (msgid = simple_bind_nolock( ld, dn, passwd, 0 )) == -1 ) {
2367c478bd9Sstevel@tonic-gate rc = LDAP_GET_LDERRNO( ld, NULL, NULL );
2377c478bd9Sstevel@tonic-gate goto unlock_and_return;
2387c478bd9Sstevel@tonic-gate }
2397c478bd9Sstevel@tonic-gate
2407c478bd9Sstevel@tonic-gate /*
2417c478bd9Sstevel@tonic-gate * Note that at this point the bind request is on its way to the
2427c478bd9Sstevel@tonic-gate * server and at any time now we will either be bound as the new
2437c478bd9Sstevel@tonic-gate * DN (if the bind succeeded) or we will be bound as anonymous (if
2447c478bd9Sstevel@tonic-gate * the bind failed).
2457c478bd9Sstevel@tonic-gate */
2467c478bd9Sstevel@tonic-gate
2477c478bd9Sstevel@tonic-gate /*
2487c478bd9Sstevel@tonic-gate * Wait for the bind result. Code inside result.c:read1msg()
2497c478bd9Sstevel@tonic-gate * takes care of setting the connection's bind DN and status.
2507c478bd9Sstevel@tonic-gate */
2517c478bd9Sstevel@tonic-gate if ( nsldapi_result_nolock( ld, msgid, 1, 0, (struct timeval *) 0,
2527c478bd9Sstevel@tonic-gate &result ) == -1 ) {
2537c478bd9Sstevel@tonic-gate rc = LDAP_GET_LDERRNO( ld, NULL, NULL );
2547c478bd9Sstevel@tonic-gate goto unlock_and_return;
2557c478bd9Sstevel@tonic-gate }
2567c478bd9Sstevel@tonic-gate
2577c478bd9Sstevel@tonic-gate rc = ldap_result2error( ld, result, 1 );
2587c478bd9Sstevel@tonic-gate
2597c478bd9Sstevel@tonic-gate unlock_and_return:
2607c478bd9Sstevel@tonic-gate LDAP_MUTEX_UNLOCK( ld, LDAP_RESULT_LOCK );
2617c478bd9Sstevel@tonic-gate return( rc );
2627c478bd9Sstevel@tonic-gate }
263