/*
* The string is passed in by value.
*/
void
valueset_add_string(Slapi_ValueSet *vs, const char *s, CSNType t, const CSN *csn)
{
Slapi_Value v;
value_init(&v,NULL,t,csn);
slapi_value_set_string(&v,s);
valuearray_add_value(&vs->va,&v);
value_done(&v);
}
void
slapi_value_free(Slapi_Value **v)
{
if(v!=NULL && *v!=NULL)
{
VALUE_DUMP(*v,"value_free");
value_done(*v);
slapi_ch_free((void **)v);
*v= NULL;
PR_INCREMENT_COUNTER(slapi_value_counter_deleted);
PR_DECREMENT_COUNTER(slapi_value_counter_exist);
}
}
void
valueset_remove_string(const Slapi_Attr *a, Slapi_ValueSet *vs, const char *s)
{
Slapi_Value v;
Slapi_Value *removed;
value_init(&v,NULL,CSN_TYPE_NONE,NULL);
slapi_value_set_string(&v,s);
removed = valuearray_remove_value(a, vs->va, &v);
if(removed) {
slapi_value_free(&removed);
}
value_done(&v);
}
int
ldbm_back_bind( Slapi_PBlock *pb )
{
backend *be;
ldbm_instance *inst;
int method;
struct berval *cred;
struct ldbminfo *li;
struct backentry *e;
Slapi_Attr *attr;
Slapi_Value **bvals;
entry_address *addr;
back_txn txn = {NULL};
/* get parameters */
slapi_pblock_get( pb, SLAPI_BACKEND, &be );
slapi_pblock_get( pb, SLAPI_PLUGIN_PRIVATE, &li );
slapi_pblock_get( pb, SLAPI_TARGET_ADDRESS, &addr );
slapi_pblock_get( pb, SLAPI_BIND_METHOD, &method );
slapi_pblock_get( pb, SLAPI_BIND_CREDENTIALS, &cred );
slapi_pblock_get( pb, SLAPI_TXN, &txn.back_txn_txn );
if ( !txn.back_txn_txn ) {
dblayer_txn_init( li, &txn );
slapi_pblock_set( pb, SLAPI_TXN, txn.back_txn_txn );
}
inst = (ldbm_instance *) be->be_instance_info;
/* always allow noauth simple binds (front end will send the result) */
if ( method == LDAP_AUTH_SIMPLE && cred->bv_len == 0 ) {
return( SLAPI_BIND_ANONYMOUS );
}
/*
* find the target entry. find_entry() takes care of referrals
* and sending errors if the entry does not exist.
*/
if (( e = find_entry( pb, be, addr, &txn )) == NULL ) {
return( SLAPI_BIND_FAIL );
}
switch ( method ) {
case LDAP_AUTH_SIMPLE:
{
Slapi_Value cv;
if ( slapi_entry_attr_find( e->ep_entry, "userpassword", &attr ) != 0 ) {
#if defined( XP_WIN32 )
if( WindowsAuthentication( e, cred ) == LDAPWA_Success ) {
break;
}
#endif
slapi_send_ldap_result( pb, LDAP_INAPPROPRIATE_AUTH, NULL,
NULL, 0, NULL );
CACHE_RETURN( &inst->inst_cache, &e );
return( SLAPI_BIND_FAIL );
}
bvals= attr_get_present_values(attr);
slapi_value_init_berval(&cv,cred);
if ( slapi_pw_find_sv( bvals, &cv ) != 0 ) {
#if defined( XP_WIN32 )
/* One last try - attempt Windows authentication,
if the user has a Windows account. */
if( WindowsAuthentication( e, cred ) == LDAPWA_Success ) {
break;
}
#endif
slapi_send_ldap_result( pb, LDAP_INVALID_CREDENTIALS, NULL,
NULL, 0, NULL );
CACHE_RETURN( &inst->inst_cache, &e );
value_done(&cv);
return( SLAPI_BIND_FAIL );
}
value_done(&cv);
}
break;
default:
slapi_send_ldap_result( pb, LDAP_STRONG_AUTH_NOT_SUPPORTED, NULL,
"auth method not supported", 0, NULL );
CACHE_RETURN( &inst->inst_cache, &e );
return( SLAPI_BIND_FAIL );
}
CACHE_RETURN( &inst->inst_cache, &e );
/* success: front end will send result */
return( SLAPI_BIND_SUCCESS );
}
