summaryrefslogtreecommitdiff
path: root/usr/src/lib/libldap4/common/kbind.c
diff options
context:
space:
mode:
authorMilan Jurik <milan.jurik@xylab.cz>2012-05-19 19:59:14 -0700
committerMilan Jurik <milan.jurik@xylab.cz>2012-05-19 19:59:14 -0700
commitd387ac4c164917d885cd84bd1b62647d989033ac (patch)
tree3c8503aa5915728ea1f848bfaaecb91ab62a4d91 /usr/src/lib/libldap4/common/kbind.c
parentad2de4358b2074634b0f2355c34b0986da0e95f9 (diff)
downloadillumos-joyent-d387ac4c164917d885cd84bd1b62647d989033ac.tar.gz
2705 EOF libldap.so.4
Reviewed by: Jason King <jason.brian.king@gmail.com> Reviewed by: Albert Lee <trisk@nexenta.com> Approved by: Garrett D'Amore <garrett@damore.org>
Diffstat (limited to 'usr/src/lib/libldap4/common/kbind.c')
-rw-r--r--usr/src/lib/libldap4/common/kbind.c349
1 files changed, 0 insertions, 349 deletions
diff --git a/usr/src/lib/libldap4/common/kbind.c b/usr/src/lib/libldap4/common/kbind.c
deleted file mode 100644
index 5cc6928eca..0000000000
--- a/usr/src/lib/libldap4/common/kbind.c
+++ /dev/null
@@ -1,349 +0,0 @@
-/*
- * Portions Copyright 1998 Sun Microsystems, Inc. All rights reserved.
- * Use is subject to license terms.
- */
-
-#pragma ident "%Z%%M% %I% %E% SMI"
-
-/*
- * Copyright (c) 1993 Regents of the University of Michigan.
- * All rights reserved.
- *
- * kbind.c
- */
-
-#ifndef lint
-static char copyright[] = "@(#) Copyright (c) 1993 Regents of the University of Michigan.\nAll rights reserved.\n";
-#endif
-
-#ifdef KERBEROS
-
-#include <stdio.h>
-#include <string.h>
-
-#ifdef MACOS
-#include <stdlib.h>
-#include "macos.h"
-#else /* MACOS */
-#ifdef DOS
-#include "msdos.h"
-#endif /* DOS */
-#include <krb.h>
-#include <stdlib.h>
-#if !defined(DOS) && !defined( _WIN32 )
-#include <sys/types.h>
-#endif /* !DOS && !_WIN32 */
-#include <sys/time.h>
-#include <sys/socket.h>
-#endif /* MACOS */
-
-#include "lber.h"
-#include "ldap.h"
-#include "ldap-private.h"
-#include "ldap-int.h"
-
-
-
-/*
- * ldap_kerberos_bind1 - initiate a bind to the ldap server using
- * kerberos authentication. The dn is supplied. It is assumed the user
- * already has a valid ticket granting ticket. The msgid of the
- * request is returned on success (suitable for passing to ldap_result()),
- * -1 is returned if there's trouble.
- *
- * Example:
- * ldap_kerberos_bind1( ld, "cn=manager, o=university of michigan, c=us" )
- */
-int
-ldap_kerberos_bind1( LDAP *ld, char *dn )
-{
- BerElement *ber;
- char *cred;
- int rc, credlen;
- char *get_kerberosv4_credentials();
-#ifdef STR_TRANSLATION
- int str_translation_on;
-#endif /* STR_TRANSLATION */
-
- /*
- * The bind request looks like this:
- * BindRequest ::= SEQUENCE {
- * version INTEGER,
- * name DistinguishedName,
- * authentication CHOICE {
- * krbv42ldap [1] OCTET STRING
- * krbv42dsa [2] OCTET STRING
- * }
- * }
- * all wrapped up in an LDAPMessage sequence.
- */
-
-#if defined( SUN ) && defined( _REENTRANT )
- int rv;
-
- LOCK_LDAP(ld);
-#endif
- Debug( LDAP_DEBUG_TRACE, catgets(slapdcat, 1, 186, "ldap_kerberos_bind1\n"), 0, 0, 0 );
-
- if ( dn == NULL )
- dn = "";
-
- if ( (cred = get_kerberosv4_credentials( ld, dn, "ldapserver",
- &credlen )) == NULL ) {
-#if defined( SUN ) && defined( _REENTRANT )
- UNLOCK_LDAP(ld);
-#endif
- return( -1 ); /* ld_errno should already be set */
- }
-
- /* create a message to send */
- if ( (ber = alloc_ber_with_options( ld )) == NULLBER ) {
- free( cred );
-#if defined( SUN ) && defined( _REENTRANT )
- UNLOCK_LDAP(ld);
-#endif
- return( -1 );
- }
-
-#ifdef STR_TRANSLATION
- if (( str_translation_on = (( ber->ber_options &
- LBER_TRANSLATE_STRINGS ) != 0 ))) { /* turn translation off */
- ber->ber_options &= ~LBER_TRANSLATE_STRINGS;
- }
-#endif /* STR_TRANSLATION */
-
- /* fill it in */
- rc = ber_printf( ber, "{it{isto}}", ++ld->ld_msgid, LDAP_REQ_BIND,
- ld->ld_version, dn, LDAP_AUTH_KRBV41, cred, credlen );
-
-#ifdef STR_TRANSLATION
- if ( str_translation_on ) { /* restore translation */
- ber->ber_options |= LBER_TRANSLATE_STRINGS;
- }
-#endif /* STR_TRANSLATION */
-
- if ( rc == -1 ) {
- free( cred );
- ber_free( ber, 1 );
- ld->ld_errno = LDAP_ENCODING_ERROR;
-#if defined( SUN ) && defined( _REENTRANT )
- UNLOCK_LDAP(ld);
-#endif
- return( -1 );
- }
-
- free( cred );
-
-#ifndef NO_CACHE
- if ( ld->ld_cache != NULL ) {
- ldap_flush_cache( ld );
- }
-#endif /* !NO_CACHE */
-
- /* send the message */
-#if defined( SUN ) && defined( _REENTRANT )
- rv = send_initial_request( ld, LDAP_REQ_BIND, dn, ber );
- UNLOCK_LDAP(ld);
- return ( rv );
-#else
- return ( send_initial_request( ld, LDAP_REQ_BIND, dn, ber ));
-#endif
-}
-
-int
-ldap_kerberos_bind1_s( LDAP *ld, char *dn )
-{
- int msgid;
- LDAPMessage *res;
-
- Debug( LDAP_DEBUG_TRACE, catgets(slapdcat, 1, 187, "ldap_kerberos_bind1_s\n"), 0, 0, 0 );
-
- /* initiate the bind */
- if ( (msgid = ldap_kerberos_bind1( ld, dn )) == -1 )
- return( ld->ld_errno );
-
- /* wait for a result */
- if ( ldap_result( ld, ld->ld_msgid, 1, (struct timeval *) 0, &res )
- == -1 ) {
- return( ld->ld_errno ); /* ldap_result sets ld_errno */
- }
-
- return( ldap_result2error( ld, res, 1 ) );
-}
-
-/*
- * ldap_kerberos_bind2 - initiate a bind to the X.500 server using
- * kerberos authentication. The dn is supplied. It is assumed the user
- * already has a valid ticket granting ticket. The msgid of the
- * request is returned on success (suitable for passing to ldap_result()),
- * -1 is returned if there's trouble.
- *
- * Example:
- * ldap_kerberos_bind2( ld, "cn=manager, o=university of michigan, c=us" )
- */
-int
-ldap_kerberos_bind2( LDAP *ld, char *dn )
-{
- BerElement *ber;
- char *cred;
- int rc, credlen;
- char *get_kerberosv4_credentials();
-#ifdef STR_TRANSLATION
- int str_translation_on;
-#endif /* STR_TRANSLATION */
-
-#if defined( SUN ) && defined( _REENTRANT )
- int rv;
-
- LOCK_LDAP(ld);
-#endif
- Debug( LDAP_DEBUG_TRACE, catgets(slapdcat, 1, 188, "ldap_kerberos_bind2\n"), 0, 0, 0 );
-
- if ( dn == NULL )
- dn = "";
-
- if ( (cred = get_kerberosv4_credentials( ld, dn, "x500dsa", &credlen ))
- == NULL ) {
-#if defined( SUN ) && defined( _REENTRANT )
- UNLOCK_LDAP(ld);
-#endif
- return( -1 ); /* ld_errno should already be set */
- }
-
- /* create a message to send */
- if ( (ber = alloc_ber_with_options( ld )) == NULLBER ) {
- free( cred );
-#if defined( SUN ) && defined( _REENTRANT )
- UNLOCK_LDAP(ld);
-#endif
- return( -1 );
- }
-
-#ifdef STR_TRANSLATION
- if (( str_translation_on = (( ber->ber_options &
- LBER_TRANSLATE_STRINGS ) != 0 ))) { /* turn translation off */
- ber->ber_options &= ~LBER_TRANSLATE_STRINGS;
- }
-#endif /* STR_TRANSLATION */
-
- /* fill it in */
- rc = ber_printf( ber, "{it{isto}}", ++ld->ld_msgid, LDAP_REQ_BIND,
- ld->ld_version, dn, LDAP_AUTH_KRBV42, cred, credlen );
-
-
-#ifdef STR_TRANSLATION
- if ( str_translation_on ) { /* restore translation */
- ber->ber_options |= LBER_TRANSLATE_STRINGS;
- }
-#endif /* STR_TRANSLATION */
-
- free( cred );
-
- if ( rc == -1 ) {
- ber_free( ber, 1 );
- ld->ld_errno = LDAP_ENCODING_ERROR;
-#if defined( SUN ) && defined( _REENTRANT )
- UNLOCK_LDAP(ld);
-#endif
- return( -1 );
- }
-
- /* send the message */
-#if defined( SUN ) && defined( _REENTRANT )
- rv = send_initial_request( ld, LDAP_REQ_BIND, dn, ber );
- UNLOCK_LDAP(ld);
- return ( rv );
-#endif
- return ( send_initial_request( ld, LDAP_REQ_BIND, dn, ber ));
-}
-
-/* synchronous bind to DSA using kerberos */
-int
-ldap_kerberos_bind2_s( LDAP *ld, char *dn )
-{
- int msgid;
- LDAPMessage *res;
-
- Debug( LDAP_DEBUG_TRACE, catgets(slapdcat, 1, 189, "ldap_kerberos_bind2_s\n"), 0, 0, 0 );
-
- /* initiate the bind */
- if ( (msgid = ldap_kerberos_bind2( ld, dn )) == -1 )
- return( ld->ld_errno );
-
- /* wait for a result */
- if ( ldap_result( ld, ld->ld_msgid, 1, (struct timeval *) 0, &res )
- == -1 ) {
- return( ld->ld_errno ); /* ldap_result sets ld_errno */
- }
-
- return( ldap_result2error( ld, res, 1 ) );
-}
-
-/* synchronous bind to ldap and DSA using kerberos */
-int
-ldap_kerberos_bind_s( LDAP *ld, char *dn )
-{
- int err;
-
- Debug( LDAP_DEBUG_TRACE, catgets(slapdcat, 1, 190, "ldap_kerberos_bind_s\n"), 0, 0, 0 );
-
- if ( (err = ldap_kerberos_bind1_s( ld, dn )) != LDAP_SUCCESS )
- return( err );
-
- return( ldap_kerberos_bind2_s( ld, dn ) );
-}
-
-
-#ifndef AUTHMAN
-/*
- * get_kerberosv4_credentials - obtain kerberos v4 credentials for ldap.
- * The dn of the entry to which to bind is supplied. It's assumed the
- * user already has a tgt.
- */
-
-char *
-get_kerberosv4_credentials( LDAP *ld, char *who, char *service, int *len )
-{
- KTEXT_ST ktxt;
- int err;
- char realm[REALM_SZ], *cred, *krbinstance;
-
- Debug( LDAP_DEBUG_TRACE, catgets(slapdcat, 1, 191, "get_kerberosv4_credentials\n"), 0, 0, 0 );
-
- if ( (err = krb_get_tf_realm( tkt_string(), realm )) != KSUCCESS ) {
-#ifndef NO_USERINTERFACE
- fprintf( stderr, "krb_get_tf_realm failed (%s)\n",
- krb_err_txt[err] );
-#endif /* NO_USERINTERFACE */
- ld->ld_errno = LDAP_INVALID_CREDENTIALS;
- return( NULL );
- }
-
-#ifdef LDAP_REFERRALS
- krbinstance = ld->ld_defconn->lconn_krbinstance;
-#else /* LDAP_REFERRALS */
- krbinstance = ld->ld_host;
-#endif /* LDAP_REFERRALS */
-
- if ( (err = krb_mk_req( &ktxt, service, krbinstance, realm, 0 ))
- != KSUCCESS ) {
-#ifndef NO_USERINTERFACE
- fprintf( stderr, "krb_mk_req failed (%s)\n", krb_err_txt[err] );
-#endif /* NO_USERINTERFACE */
- ld->ld_errno = LDAP_INVALID_CREDENTIALS;
- return( NULL );
- }
-
- if ( ( cred = malloc( ktxt.length )) == NULL ) {
- ld->ld_errno = LDAP_NO_MEMORY;
- return( NULL );
- }
-
- *len = ktxt.length;
- memcpy( cred, ktxt.dat, ktxt.length );
-
- return( cred );
-}
-
-#endif /* !AUTHMAN */
-#endif /* KERBEROS */