int pam_do_bind(nssov_info *ni,TFILE *fp,Operation *op,
struct paminfo *pi)
{
int rc;
slap_callback cb = {0};
SlapReply rs = {REP_RESULT};
pi->msg.bv_val = pi->pwd.bv_val;
pi->msg.bv_len = 0;
pi->authz = NSLCD_PAM_SUCCESS;
BER_BVZERO(&pi->dn);
rc = pam_uid2dn(ni, op, pi);
if (rc) goto finish;
if (BER_BVISEMPTY(&pi->pwd)) {
rc = NSLCD_PAM_IGNORE;
goto finish;
}
/* Should only need to do this once at open time, but there's always
* the possibility that ppolicy will get loaded later.
*/
if (!ppolicy_cid) {
rc = slap_find_control_id(LDAP_CONTROL_PASSWORDPOLICYREQUEST,
&ppolicy_cid);
}
/* of course, 0 is a valid cid, but it won't be ppolicy... */
if (ppolicy_cid) {
op->o_ctrlflag[ppolicy_cid] = SLAP_CONTROL_NONCRITICAL;
}
cb.sc_response = pam_bindcb;
cb.sc_private = pi;
op->o_callback = &cb;
op->o_dn.bv_val[0] = 0;
op->o_dn.bv_len = 0;
op->o_ndn.bv_val[0] = 0;
op->o_ndn.bv_len = 0;
op->o_tag = LDAP_REQ_BIND;
op->o_protocol = LDAP_VERSION3;
op->orb_method = LDAP_AUTH_SIMPLE;
op->orb_cred = pi->pwd;
op->o_req_dn = pi->dn;
op->o_req_ndn = pi->dn;
slap_op_time( &op->o_time, &op->o_tincr );
rc = op->o_bd->be_bind( op, &rs );
memset(pi->pwd.bv_val,0,pi->pwd.bv_len);
/* quirk: on successful bind, caller has to send result. we need
* to make sure callbacks run.
*/
if (rc == LDAP_SUCCESS)
send_ldap_result(op, &rs);
switch(rs.sr_err) {
case LDAP_SUCCESS: rc = NSLCD_PAM_SUCCESS; break;
case LDAP_INVALID_CREDENTIALS: rc = NSLCD_PAM_AUTH_ERR; break;
default: rc = NSLCD_PAM_AUTH_ERR; break;
}
finish:
return rc;
}
int
frontend_init( void )
{
/* data */
frontendDB = &slap_frontendDB;
frontendDB->bd_self = frontendDB;
/* ACLs */
frontendDB->be_dfltaccess = ACL_READ;
/* limits */
frontendDB->be_def_limit.lms_t_soft = SLAPD_DEFAULT_TIMELIMIT; /* backward compatible limits */
frontendDB->be_def_limit.lms_t_hard = 0;
frontendDB->be_def_limit.lms_s_soft = SLAPD_DEFAULT_SIZELIMIT; /* backward compatible limits */
frontendDB->be_def_limit.lms_s_hard = 0;
frontendDB->be_def_limit.lms_s_unchecked = -1; /* no limit on unchecked size */
frontendDB->be_def_limit.lms_s_pr = 0; /* page limit */
frontendDB->be_def_limit.lms_s_pr_hide = 0; /* don't hide number of entries left */
frontendDB->be_def_limit.lms_s_pr_total = 0; /* number of total entries returned by pagedResults equal to hard limit */
ldap_pvt_thread_mutex_init( &frontendDB->be_pcl_mutex );
/* suffix */
frontendDB->be_suffix = ch_calloc( 2, sizeof( struct berval ) );
ber_str2bv( "", 0, 1, &frontendDB->be_suffix[0] );
BER_BVZERO( &frontendDB->be_suffix[1] );
frontendDB->be_nsuffix = ch_calloc( 2, sizeof( struct berval ) );
ber_str2bv( "", 0, 1, &frontendDB->be_nsuffix[0] );
BER_BVZERO( &frontendDB->be_nsuffix[1] );
/* info */
frontendDB->bd_info = &slap_frontendInfo;
SLAP_BFLAGS(frontendDB) |= SLAP_BFLAG_FRONTEND;
/* name */
frontendDB->bd_info->bi_type = "frontend";
/* known controls */
{
int i;
frontendDB->bd_info->bi_controls = slap_known_controls;
for ( i = 0; slap_known_controls[ i ]; i++ ) {
int cid;
if ( slap_find_control_id( slap_known_controls[ i ], &cid )
== LDAP_CONTROL_NOT_FOUND )
{
assert( 0 );
return -1;
}
frontendDB->bd_info->bi_ctrls[ cid ] = 1;
frontendDB->be_ctrls[ cid ] = 1;
}
}
/* calls */
frontendDB->bd_info->bi_op_abandon = fe_op_abandon;
frontendDB->bd_info->bi_op_add = fe_op_add;
frontendDB->bd_info->bi_op_bind = fe_op_bind;
frontendDB->bd_info->bi_op_compare = fe_op_compare;
frontendDB->bd_info->bi_op_delete = fe_op_delete;
frontendDB->bd_info->bi_op_modify = fe_op_modify;
frontendDB->bd_info->bi_op_modrdn = fe_op_modrdn;
frontendDB->bd_info->bi_op_search = fe_op_search;
frontendDB->bd_info->bi_extended = fe_extended;
frontendDB->bd_info->bi_operational = fe_aux_operational;
frontendDB->bd_info->bi_entry_get_rw = fe_entry_get_rw;
frontendDB->bd_info->bi_entry_release_rw = fe_entry_release_rw;
frontendDB->bd_info->bi_access_allowed = fe_access_allowed;
frontendDB->bd_info->bi_acl_group = fe_acl_group;
frontendDB->bd_info->bi_acl_attribute = fe_acl_attribute;
#if 0
/* FIXME: is this too early? */
return backend_startup_one( frontendDB );
#endif
return 0;
}
