int pam_do_bind(nssov_info *ni,TFILE *fp,Operation *op, struct paminfo *pi) { int rc; slap_callback cb = {0}; SlapReply rs = {REP_RESULT}; pi->msg.bv_val = pi->pwd.bv_val; pi->msg.bv_len = 0; pi->authz = NSLCD_PAM_SUCCESS; BER_BVZERO(&pi->dn); rc = pam_uid2dn(ni, op, pi); if (rc) goto finish; if (BER_BVISEMPTY(&pi->pwd)) { rc = NSLCD_PAM_IGNORE; goto finish; } /* Should only need to do this once at open time, but there's always * the possibility that ppolicy will get loaded later. */ if (!ppolicy_cid) { rc = slap_find_control_id(LDAP_CONTROL_PASSWORDPOLICYREQUEST, &ppolicy_cid); } /* of course, 0 is a valid cid, but it won't be ppolicy... */ if (ppolicy_cid) { op->o_ctrlflag[ppolicy_cid] = SLAP_CONTROL_NONCRITICAL; } cb.sc_response = pam_bindcb; cb.sc_private = pi; op->o_callback = &cb; op->o_dn.bv_val[0] = 0; op->o_dn.bv_len = 0; op->o_ndn.bv_val[0] = 0; op->o_ndn.bv_len = 0; op->o_tag = LDAP_REQ_BIND; op->o_protocol = LDAP_VERSION3; op->orb_method = LDAP_AUTH_SIMPLE; op->orb_cred = pi->pwd; op->o_req_dn = pi->dn; op->o_req_ndn = pi->dn; slap_op_time( &op->o_time, &op->o_tincr ); rc = op->o_bd->be_bind( op, &rs ); memset(pi->pwd.bv_val,0,pi->pwd.bv_len); /* quirk: on successful bind, caller has to send result. we need * to make sure callbacks run. */ if (rc == LDAP_SUCCESS) send_ldap_result(op, &rs); switch(rs.sr_err) { case LDAP_SUCCESS: rc = NSLCD_PAM_SUCCESS; break; case LDAP_INVALID_CREDENTIALS: rc = NSLCD_PAM_AUTH_ERR; break; default: rc = NSLCD_PAM_AUTH_ERR; break; } finish: return rc; }
int frontend_init( void ) { /* data */ frontendDB = &slap_frontendDB; frontendDB->bd_self = frontendDB; /* ACLs */ frontendDB->be_dfltaccess = ACL_READ; /* limits */ frontendDB->be_def_limit.lms_t_soft = SLAPD_DEFAULT_TIMELIMIT; /* backward compatible limits */ frontendDB->be_def_limit.lms_t_hard = 0; frontendDB->be_def_limit.lms_s_soft = SLAPD_DEFAULT_SIZELIMIT; /* backward compatible limits */ frontendDB->be_def_limit.lms_s_hard = 0; frontendDB->be_def_limit.lms_s_unchecked = -1; /* no limit on unchecked size */ frontendDB->be_def_limit.lms_s_pr = 0; /* page limit */ frontendDB->be_def_limit.lms_s_pr_hide = 0; /* don't hide number of entries left */ frontendDB->be_def_limit.lms_s_pr_total = 0; /* number of total entries returned by pagedResults equal to hard limit */ ldap_pvt_thread_mutex_init( &frontendDB->be_pcl_mutex ); /* suffix */ frontendDB->be_suffix = ch_calloc( 2, sizeof( struct berval ) ); ber_str2bv( "", 0, 1, &frontendDB->be_suffix[0] ); BER_BVZERO( &frontendDB->be_suffix[1] ); frontendDB->be_nsuffix = ch_calloc( 2, sizeof( struct berval ) ); ber_str2bv( "", 0, 1, &frontendDB->be_nsuffix[0] ); BER_BVZERO( &frontendDB->be_nsuffix[1] ); /* info */ frontendDB->bd_info = &slap_frontendInfo; SLAP_BFLAGS(frontendDB) |= SLAP_BFLAG_FRONTEND; /* name */ frontendDB->bd_info->bi_type = "frontend"; /* known controls */ { int i; frontendDB->bd_info->bi_controls = slap_known_controls; for ( i = 0; slap_known_controls[ i ]; i++ ) { int cid; if ( slap_find_control_id( slap_known_controls[ i ], &cid ) == LDAP_CONTROL_NOT_FOUND ) { assert( 0 ); return -1; } frontendDB->bd_info->bi_ctrls[ cid ] = 1; frontendDB->be_ctrls[ cid ] = 1; } } /* calls */ frontendDB->bd_info->bi_op_abandon = fe_op_abandon; frontendDB->bd_info->bi_op_add = fe_op_add; frontendDB->bd_info->bi_op_bind = fe_op_bind; frontendDB->bd_info->bi_op_compare = fe_op_compare; frontendDB->bd_info->bi_op_delete = fe_op_delete; frontendDB->bd_info->bi_op_modify = fe_op_modify; frontendDB->bd_info->bi_op_modrdn = fe_op_modrdn; frontendDB->bd_info->bi_op_search = fe_op_search; frontendDB->bd_info->bi_extended = fe_extended; frontendDB->bd_info->bi_operational = fe_aux_operational; frontendDB->bd_info->bi_entry_get_rw = fe_entry_get_rw; frontendDB->bd_info->bi_entry_release_rw = fe_entry_release_rw; frontendDB->bd_info->bi_access_allowed = fe_access_allowed; frontendDB->bd_info->bi_acl_group = fe_acl_group; frontendDB->bd_info->bi_acl_attribute = fe_acl_attribute; #if 0 /* FIXME: is this too early? */ return backend_startup_one( frontendDB ); #endif return 0; }