libldap4/common/kbind.c

	kbind.c revision 5e45752a44935a6b2445ae1c763867d868fa3fbb
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw/*
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * Portions Copyright 1998 Sun Microsystems, Inc.  All rights reserved.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * Use is subject to license terms.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw */
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw#pragma ident	"%Z%%M%	%I%	%E% SMI"
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw/*
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw *  Copyright (c) 1993 Regents of the University of Michigan.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw *  All rights reserved.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw *
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw *  kbind.c
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw */
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw#ifndef lint
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amwstatic char copyright[] = "@(#) Copyright (c) 1993 Regents of the University of Michigan.\nAll rights reserved.\n";
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw#endif
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw#ifdef KERBEROS
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw#include <stdio.h>
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States#include <string.h>
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
12b65585e720714b31036daaa2b30eb76014048eGordon Ross#ifdef MACOS
12b65585e720714b31036daaa2b30eb76014048eGordon Ross#include <stdlib.h>
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw#include "macos.h"
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw#else /* MACOS */
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw#ifdef DOS
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw#include "msdos.h"
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw#endif /* DOS */
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw#include <krb.h>
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross#include <stdlib.h>
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw#if !defined(DOS) && !defined( _WIN32 )
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw#include <sys/types.h>
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw#endif /* !DOS && !_WIN32 */
6537f381d2d9e7b4e2f7b29c3e7a3f13be036f2eas#include <sys/time.h>
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw#include <sys/socket.h>
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw#endif /* MACOS */
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States#include "lber.h"
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States#include "ldap.h"
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw#include "ldap-private.h"
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego#include "ldap-int.h"
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw/*
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * ldap_kerberos_bind1 - initiate a bind to the ldap server using
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * kerberos authentication.  The dn is supplied.  It is assumed the user
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * already has a valid ticket granting ticket.  The msgid of the
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * request is returned on success (suitable for passing to ldap_result()),
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * -1 is returned if there's trouble.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw *
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * Example:
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw *	ldap_kerberos_bind1( ld, "cn=manager, o=university of michigan, c=us" )
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw */
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amwint
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amwldap_kerberos_bind1( LDAP *ld, char *dn )
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw{
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw	BerElement	*ber;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw	char		*cred;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw	int		rc, credlen;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw	char		*get_kerberosv4_credentials();
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw#ifdef STR_TRANSLATION
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw	int		str_translation_on;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw#endif /* STR_TRANSLATION */
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw	/*
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw	 * The bind request looks like this:
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw	 *	BindRequest ::= SEQUENCE {
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw	 *		version		INTEGER,
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw	 *		name		DistinguishedName,
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw	 *		authentication	CHOICE {
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw	 *			krbv42ldap	[1] OCTET STRING
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw	 *			krbv42dsa	[2] OCTET STRING
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States	 *		}
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw	 *	}
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw	 * all wrapped up in an LDAPMessage sequence.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw	 */
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw#if defined( SUN ) && defined( _REENTRANT )
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego	int rv;
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw        LOCK_LDAP(ld);
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego#endif
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw	Debug( LDAP_DEBUG_TRACE, catgets(slapdcat, 1, 186, "ldap_kerberos_bind1\n"), 0, 0, 0 );
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego	if ( dn == NULL )
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw		dn = "";
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw	if ( (cred = get_kerberosv4_credentials( ld, dn, "ldapserver",
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw	    &credlen )) == NULL ) {
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego#if defined( SUN ) && defined( _REENTRANT )
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego		UNLOCK_LDAP(ld);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw#endif
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego		return( -1 );	/* ld_errno should already be set */
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States	}
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego	/* create a message to send */
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw	if ( (ber = alloc_ber_with_options( ld )) == NULLBER ) {
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw		free( cred );
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego#if defined( SUN ) && defined( _REENTRANT )
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw		UNLOCK_LDAP(ld);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw#endif
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw		return( -1 );
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego	}
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw#ifdef STR_TRANSLATION
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego	if (( str_translation_on = (( ber->ber_options &
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States	    LBER_TRANSLATE_STRINGS ) != 0 ))) {	/* turn translation off */
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw		ber->ber_options &= ~LBER_TRANSLATE_STRINGS;
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego	}
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw#endif /* STR_TRANSLATION */
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw	/* fill it in */
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego	rc = ber_printf( ber, "{it{isto}}", ++ld->ld_msgid, LDAP_REQ_BIND,
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States	    ld->ld_version, dn, LDAP_AUTH_KRBV41, cred, credlen );
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw#ifdef STR_TRANSLATION
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw	if ( str_translation_on ) {	/* restore translation */
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw		ber->ber_options |= LBER_TRANSLATE_STRINGS;
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States	}
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw#endif /* STR_TRANSLATION */
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw	if ( rc == -1 ) {
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw		free( cred );
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego		ber_free( ber, 1 );
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States		ld->ld_errno = LDAP_ENCODING_ERROR;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw#if defined( SUN ) && defined( _REENTRANT )
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw		UNLOCK_LDAP(ld);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw#endif
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw		return( -1 );
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw	}
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw	free( cred );
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw#ifndef NO_CACHE
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw	if ( ld->ld_cache != NULL ) {
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw		ldap_flush_cache( ld );
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw	}
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw#endif /* !NO_CACHE */
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw	/* send the message */
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw#if defined( SUN ) && defined( _REENTRANT )
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw	rv = send_initial_request( ld, LDAP_REQ_BIND, dn, ber );
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw        UNLOCK_LDAP(ld);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw	return ( rv );
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw#else
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw	return ( send_initial_request( ld, LDAP_REQ_BIND, dn, ber ));
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw#endif
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw}
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amwint
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United Statesldap_kerberos_bind1_s( LDAP *ld, char *dn )
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw{
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw	int		msgid;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw	LDAPMessage	*res;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw	Debug( LDAP_DEBUG_TRACE, catgets(slapdcat, 1, 187, "ldap_kerberos_bind1_s\n"), 0, 0, 0 );
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw	/* initiate the bind */
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States	if ( (msgid = ldap_kerberos_bind1( ld, dn )) == -1 )
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw		return( ld->ld_errno );
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw	/* wait for a result */
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States	if ( ldap_result( ld, ld->ld_msgid, 1, (struct timeval *) 0, &res )
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw	    == -1 ) {
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States		return( ld->ld_errno );	/* ldap_result sets ld_errno */
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego	}
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego	return( ldap_result2error( ld, res, 1 ) );
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States}
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States/*
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * ldap_kerberos_bind2 - initiate a bind to the X.500 server using
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States * kerberos authentication.  The dn is supplied.  It is assumed the user
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * already has a valid ticket granting ticket.  The msgid of the
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States * request is returned on success (suitable for passing to ldap_result()),
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * -1 is returned if there's trouble.
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States *
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States * Example:
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States *	ldap_kerberos_bind2( ld, "cn=manager, o=university of michigan, c=us" )
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States */
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United Statesint
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United Statesldap_kerberos_bind2( LDAP *ld, char *dn )
12b65585e720714b31036daaa2b30eb76014048eGordon Ross{
12b65585e720714b31036daaa2b30eb76014048eGordon Ross	BerElement	*ber;
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States	char		*cred;
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States	int		rc, credlen;
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States	char		*get_kerberosv4_credentials();
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw#ifdef STR_TRANSLATION
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States	int		str_translation_on;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw#endif /* STR_TRANSLATION */
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw#if defined( SUN ) && defined( _REENTRANT )
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States	int rv;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States        LOCK_LDAP(ld);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw#endif
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States	Debug( LDAP_DEBUG_TRACE, catgets(slapdcat, 1, 188, "ldap_kerberos_bind2\n"), 0, 0, 0 );
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw	if ( dn == NULL )
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw		dn = "";
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego	if ( (cred = get_kerberosv4_credentials( ld, dn, "x500dsa", &credlen ))
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States	    == NULL ) {
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw#if defined( SUN ) && defined( _REENTRANT )
6537f381d2d9e7b4e2f7b29c3e7a3f13be036f2eas		UNLOCK_LDAP(ld);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw#endif
6537f381d2d9e7b4e2f7b29c3e7a3f13be036f2eas		return( -1 );	/* ld_errno should already be set */
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw	}
6537f381d2d9e7b4e2f7b29c3e7a3f13be036f2eas
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw	/* create a message to send */
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw	if ( (ber = alloc_ber_with_options( ld )) == NULLBER ) {
6537f381d2d9e7b4e2f7b29c3e7a3f13be036f2eas		free( cred );
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw#if defined( SUN ) && defined( _REENTRANT )
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw		UNLOCK_LDAP(ld);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw#endif
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw		return( -1 );
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw	}
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States#ifdef STR_TRANSLATION
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw	if (( str_translation_on = (( ber->ber_options &
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw	    LBER_TRANSLATE_STRINGS ) != 0 ))) {	/* turn translation off */
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw		ber->ber_options &= ~LBER_TRANSLATE_STRINGS;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw	}
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw#endif /* STR_TRANSLATION */
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw	/* fill it in */
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw	rc = ber_printf( ber, "{it{isto}}", ++ld->ld_msgid, LDAP_REQ_BIND,
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego	    ld->ld_version, dn, LDAP_AUTH_KRBV42, cred, credlen );
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States#ifdef STR_TRANSLATION
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw	if ( str_translation_on ) {	/* restore translation */
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw		ber->ber_options |= LBER_TRANSLATE_STRINGS;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw	}
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw#endif /* STR_TRANSLATION */
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw	free( cred );
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States	if ( rc == -1 ) {
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw		ber_free( ber, 1 );
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw		ld->ld_errno = LDAP_ENCODING_ERROR;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw#if defined( SUN ) && defined( _REENTRANT )
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw		UNLOCK_LDAP(ld);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw#endif
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw		return( -1 );
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw	}
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw	/* send the message */
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw#if defined( SUN ) && defined( _REENTRANT )
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw	rv = send_initial_request( ld, LDAP_REQ_BIND, dn, ber );
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw        UNLOCK_LDAP(ld);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw	return ( rv );
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States#endif
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw	return ( send_initial_request( ld, LDAP_REQ_BIND, dn, ber ));
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States}
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States/* synchronous bind to DSA using kerberos */
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amwint
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United Statesldap_kerberos_bind2_s( LDAP *ld, char *dn )
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw{
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States	int		msgid;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw	LDAPMessage	*res;
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw	Debug( LDAP_DEBUG_TRACE, catgets(slapdcat, 1, 189, "ldap_kerberos_bind2_s\n"), 0, 0, 0 );
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw	/* initiate the bind */
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw	if ( (msgid = ldap_kerberos_bind2( ld, dn )) == -1 )
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw		return( ld->ld_errno );
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw	/* wait for a result */
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw	if ( ldap_result( ld, ld->ld_msgid, 1, (struct timeval *) 0, &res )
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw	    == -1 ) {
12b65585e720714b31036daaa2b30eb76014048eGordon Ross		return( ld->ld_errno );	/* ldap_result sets ld_errno */
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw	}
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw	return( ldap_result2error( ld, res, 1 ) );
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw}
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
/* synchronous bind to ldap and DSA using kerberos */
int
ldap_kerberos_bind_s( LDAP *ld, char *dn )
{
	int	err;

	Debug( LDAP_DEBUG_TRACE, catgets(slapdcat, 1, 190, "ldap_kerberos_bind_s\n"), 0, 0, 0 );

	if ( (err = ldap_kerberos_bind1_s( ld, dn )) != LDAP_SUCCESS )
		return( err );

	return( ldap_kerberos_bind2_s( ld, dn ) );
}


#ifndef AUTHMAN
/*
 * get_kerberosv4_credentials - obtain kerberos v4 credentials for ldap.
 * The dn of the entry to which to bind is supplied.  It's assumed the
 * user already has a tgt.
 */

char *
get_kerberosv4_credentials( LDAP *ld, char *who, char *service, int *len )
{
	KTEXT_ST	ktxt;
	int		err;
	char		realm[REALM_SZ], *cred, *krbinstance;

	Debug( LDAP_DEBUG_TRACE, catgets(slapdcat, 1, 191, "get_kerberosv4_credentials\n"), 0, 0, 0 );

	if ( (err = krb_get_tf_realm( tkt_string(), realm )) != KSUCCESS ) {
#ifndef NO_USERINTERFACE
		fprintf( stderr, "krb_get_tf_realm failed (%s)\n",
		    krb_err_txt[err] );
#endif /* NO_USERINTERFACE */
		ld->ld_errno = LDAP_INVALID_CREDENTIALS;
		return( NULL );
	}

#ifdef LDAP_REFERRALS
	krbinstance = ld->ld_defconn->lconn_krbinstance;
#else /* LDAP_REFERRALS */
	krbinstance = ld->ld_host;
#endif /* LDAP_REFERRALS */

	if ( (err = krb_mk_req( &ktxt, service, krbinstance, realm, 0 ))
	    != KSUCCESS ) {
#ifndef NO_USERINTERFACE
		fprintf( stderr, "krb_mk_req failed (%s)\n", krb_err_txt[err] );
#endif /* NO_USERINTERFACE */
		ld->ld_errno = LDAP_INVALID_CREDENTIALS;
		return( NULL );
	}

	if ( ( cred = malloc( ktxt.length )) == NULL ) {
		ld->ld_errno = LDAP_NO_MEMORY;
		return( NULL );
	}

	*len = ktxt.length;
	memcpy( cred, ktxt.dat, ktxt.length );

	return( cred );
}

#endif /* !AUTHMAN */
#endif /* KERBEROS */