kbind.c revision 5e45752a44935a6b2445ae1c763867d868fa3fbb
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * Portions Copyright 1998 Sun Microsystems, Inc. All rights reserved.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * Use is subject to license terms.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw#pragma ident "%Z%%M% %I% %E% SMI"
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * Copyright (c) 1993 Regents of the University of Michigan.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * All rights reserved.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amwstatic char copyright[] = "@(#) Copyright (c) 1993 Regents of the University of Michigan.\nAll rights reserved.\n";
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States#include <string.h>
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw#else /* MACOS */
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw#endif /* DOS */
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw#endif /* !DOS && !_WIN32 */
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw#endif /* MACOS */
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States#include "lber.h"
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States#include "ldap.h"
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * ldap_kerberos_bind1 - initiate a bind to the ldap server using
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * kerberos authentication. The dn is supplied. It is assumed the user
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * already has a valid ticket granting ticket. The msgid of the
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * request is returned on success (suitable for passing to ldap_result()),
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * -1 is returned if there's trouble.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * Example:
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * ldap_kerberos_bind1( ld, "cn=manager, o=university of michigan, c=us" )
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw#endif /* STR_TRANSLATION */
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * The bind request looks like this:
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * BindRequest ::= SEQUENCE {
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * version INTEGER,
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * name DistinguishedName,
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * authentication CHOICE {
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * krbv42ldap [1] OCTET STRING
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * krbv42dsa [2] OCTET STRING
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States * }
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * all wrapped up in an LDAPMessage sequence.
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw Debug( LDAP_DEBUG_TRACE, catgets(slapdcat, 1, 186, "ldap_kerberos_bind1\n"), 0, 0, 0 );
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw if ( (cred = get_kerberosv4_credentials( ld, dn, "ldapserver",
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego return( -1 ); /* ld_errno should already be set */
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States }
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego /* create a message to send */
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw if ( (ber = alloc_ber_with_options( ld )) == NULLBER ) {
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw return( -1 );
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego if (( str_translation_on = (( ber->ber_options &
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States LBER_TRANSLATE_STRINGS ) != 0 ))) { /* turn translation off */
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw#endif /* STR_TRANSLATION */
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw /* fill it in */
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego rc = ber_printf( ber, "{it{isto}}", ++ld->ld_msgid, LDAP_REQ_BIND,
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States ld->ld_version, dn, LDAP_AUTH_KRBV41, cred, credlen );
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States }
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw#endif /* STR_TRANSLATION */
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States ld->ld_errno = LDAP_ENCODING_ERROR;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw return( -1 );
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw#endif /* !NO_CACHE */
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw /* send the message */
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw rv = send_initial_request( ld, LDAP_REQ_BIND, dn, ber );
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw return ( rv );
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw return ( send_initial_request( ld, LDAP_REQ_BIND, dn, ber ));
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United Statesldap_kerberos_bind1_s( LDAP *ld, char *dn )
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw Debug( LDAP_DEBUG_TRACE, catgets(slapdcat, 1, 187, "ldap_kerberos_bind1_s\n"), 0, 0, 0 );
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw /* initiate the bind */
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States if ( (msgid = ldap_kerberos_bind1( ld, dn )) == -1 )
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw /* wait for a result */
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States if ( ldap_result( ld, ld->ld_msgid, 1, (struct timeval *) 0, &res )
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States return( ld->ld_errno ); /* ldap_result sets ld_errno */
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States}
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States/*
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * ldap_kerberos_bind2 - initiate a bind to the X.500 server using
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States * kerberos authentication. The dn is supplied. It is assumed the user
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * already has a valid ticket granting ticket. The msgid of the
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States * request is returned on success (suitable for passing to ldap_result()),
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * -1 is returned if there's trouble.
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States *
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States * Example:
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States * ldap_kerberos_bind2( ld, "cn=manager, o=university of michigan, c=us" )
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States */
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United Statesint
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United Statesldap_kerberos_bind2( LDAP *ld, char *dn )
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States char *cred;
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States int rc, credlen;
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States char *get_kerberosv4_credentials();
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States int str_translation_on;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw#endif /* STR_TRANSLATION */
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States int rv;
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States LOCK_LDAP(ld);
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States Debug( LDAP_DEBUG_TRACE, catgets(slapdcat, 1, 188, "ldap_kerberos_bind2\n"), 0, 0, 0 );
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego if ( (cred = get_kerberosv4_credentials( ld, dn, "x500dsa", &credlen ))
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States == NULL ) {
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw /* create a message to send */
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw if ( (ber = alloc_ber_with_options( ld )) == NULLBER ) {
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw return( -1 );
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States#ifdef STR_TRANSLATION
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw LBER_TRANSLATE_STRINGS ) != 0 ))) { /* turn translation off */
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw#endif /* STR_TRANSLATION */
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw /* fill it in */
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw rc = ber_printf( ber, "{it{isto}}", ++ld->ld_msgid, LDAP_REQ_BIND,
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego ld->ld_version, dn, LDAP_AUTH_KRBV42, cred, credlen );
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States#ifdef STR_TRANSLATION
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw#endif /* STR_TRANSLATION */
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States if ( rc == -1 ) {
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw return( -1 );
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw /* send the message */
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw rv = send_initial_request( ld, LDAP_REQ_BIND, dn, ber );
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw return ( rv );
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States#endif
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw return ( send_initial_request( ld, LDAP_REQ_BIND, dn, ber ));
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States}
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States/* synchronous bind to DSA using kerberos */
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United Statesldap_kerberos_bind2_s( LDAP *ld, char *dn )
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States int msgid;
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw Debug( LDAP_DEBUG_TRACE, catgets(slapdcat, 1, 189, "ldap_kerberos_bind2_s\n"), 0, 0, 0 );
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw /* initiate the bind */
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw /* wait for a result */
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw if ( ldap_result( ld, ld->ld_msgid, 1, (struct timeval *) 0, &res )
12b65585e720714b31036daaa2b30eb76014048eGordon Ross return( ld->ld_errno ); /* ldap_result sets ld_errno */
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States
int err;
return( err );
#ifndef AUTHMAN
int err;
#ifndef NO_USERINTERFACE
return( NULL );
#ifdef LDAP_REFERRALS
!= KSUCCESS ) {
#ifndef NO_USERINTERFACE
return( NULL );
return( NULL );
return( cred );