mirror of
https://git.openldap.org/openldap/openldap.git
synced 2025-12-24 00:29:35 -05:00
fix ITS #855 (back-sql crashes with malformed filters),
also extend bind() to something less trivial (to support SIMPLE_AUTH mode)
This commit is contained in:
Dmitry Kovalev
parent
5935a11c8e
commit
6d94ecd1b0
5 changed files with 81 additions and 5 deletions
|
|
@ -16,13 +16,88 @@
|
|||
#include "slap.h"
|
||||
#include "back-sql.h"
|
||||
#include "sql-wrap.h"
|
||||
#include "util.h"
|
||||
#include "entry-id.h"
|
||||
|
||||
void backsql_init_search(backsql_srch_info *bsi,backsql_info *bi,char *nbase,int scope,
|
||||
int slimit,int tlimit,time_t stoptime,Filter *filter,
|
||||
SQLHDBC dbh,BackendDB *be,Connection *conn,Operation *op,char **attrs);
|
||||
|
||||
int backsql_bind(BackendDB *be,Connection *conn,Operation *op,
|
||||
const char *dn,const char *ndn,int method,struct berval *cred,char** edn)
|
||||
{
|
||||
backsql_info *bi=(backsql_info*)be->be_private;
|
||||
backsql_entryID user_id,*res;
|
||||
SQLHDBC dbh;
|
||||
AttributeDescription *password = slap_schema.si_ad_userPassword;
|
||||
Entry *e,user_entry;
|
||||
Attribute *a;
|
||||
backsql_srch_info bsi;
|
||||
|
||||
Debug(LDAP_DEBUG_TRACE,"==>backsql_bind()\n",0,0,0);
|
||||
//for now, just return OK, allowing to test modify operations
|
||||
send_ldap_result(conn,op,LDAP_SUCCESS,NULL,NULL,NULL,0);
|
||||
|
||||
if ( be_isroot_pw( be, conn, ndn, cred ) )
|
||||
{
|
||||
*edn=ch_strdup(be_root_dn(be));
|
||||
Debug(LDAP_DEBUG_TRACE,"<==backsql_bind() root bind\n",0,0,0);
|
||||
return LDAP_SUCCESS;
|
||||
}
|
||||
|
||||
*edn=ch_strdup(ndn);
|
||||
|
||||
if (method == LDAP_AUTH_SIMPLE)
|
||||
{
|
||||
dbh=backsql_get_db_conn(be,conn);
|
||||
|
||||
if (!dbh)
|
||||
{
|
||||
Debug(LDAP_DEBUG_TRACE,"backsql_bind(): could not get connection handle - exiting\n",0,0,0);
|
||||
send_ldap_result(conn,op,LDAP_OTHER,"","SQL-backend error",NULL,NULL);
|
||||
return 1;
|
||||
}
|
||||
|
||||
res=backsql_dn2id(bi,&user_id,dbh,ndn);
|
||||
if (res==NULL)
|
||||
{
|
||||
Debug(LDAP_DEBUG_TRACE,"backsql_bind(): could not retrieve bind dn id - no such entry\n",0,0,0);
|
||||
send_ldap_result( conn, op, LDAP_INVALID_CREDENTIALS,NULL, NULL, NULL, NULL );
|
||||
return 1;
|
||||
}
|
||||
|
||||
backsql_init_search(&bsi,bi,(char*)ndn,LDAP_SCOPE_BASE,-1,-1,-1,NULL,dbh,
|
||||
be,conn,op,NULL);
|
||||
e=backsql_id2entry(&bsi,&user_entry,&user_id);
|
||||
if (e==NULL)
|
||||
{
|
||||
Debug(LDAP_DEBUG_TRACE,"backsql_bind(): error in backsql_id2entry() - auth failed\n",0,0,0);
|
||||
send_ldap_result( conn, op, LDAP_OTHER,NULL, NULL, NULL, NULL );
|
||||
return 1;
|
||||
}
|
||||
|
||||
if ( ! access_allowed( be, conn, op, e,password, NULL, ACL_AUTH ) )
|
||||
{
|
||||
send_ldap_result( conn, op, LDAP_INSUFFICIENT_ACCESS, NULL, NULL, NULL, NULL );
|
||||
return 1;
|
||||
}
|
||||
|
||||
if ( (a = attr_find( e->e_attrs, password )) == NULL )
|
||||
{
|
||||
send_ldap_result( conn, op, LDAP_INAPPROPRIATE_AUTH, NULL, NULL, NULL, NULL );
|
||||
return 1;
|
||||
}
|
||||
|
||||
if ( slap_passwd_check( conn, a, cred ) != 0 )
|
||||
{
|
||||
send_ldap_result( conn, op, LDAP_INVALID_CREDENTIALS,NULL, NULL, NULL, NULL );
|
||||
return 1;
|
||||
}
|
||||
}
|
||||
else /*method != SIMPLE */
|
||||
{
|
||||
send_ldap_result( conn, op, LDAP_STRONG_AUTH_NOT_SUPPORTED,
|
||||
NULL, "authentication method not supported", NULL, NULL );
|
||||
return 1;
|
||||
}
|
||||
Debug(LDAP_DEBUG_TRACE,"<==backsql_bind()\n",0,0,0);
|
||||
return 0;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -27,7 +27,7 @@ int backsql_compare(BackendDB *bd,
|
|||
const char *dn, const char *ndn,
|
||||
AttributeAssertion *ava )
|
||||
{
|
||||
Debug(LDAP_DEBUG_TRACE,"==>backsql_compare()\n",0,0,0);
|
||||
Debug(LDAP_DEBUG_TRACE,"==>backsql_compare() - not implemented\n",0,0,0);
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -173,7 +173,7 @@ int backsql_process_filter(backsql_srch_info *bsi,Filter *f)
|
|||
int done=0,len=0;
|
||||
|
||||
Debug(LDAP_DEBUG_TRACE,"==>backsql_process_filter()\n",0,0,0);
|
||||
if (f==NULL)
|
||||
if (f==NULL || f->f_choice==SLAPD_FILTER_COMPUTED)
|
||||
{
|
||||
return 0;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -45,8 +45,8 @@ void backsql_PrintErrors(SQLHENV henv, SQLHDBC hdbc, SQLHSTMT sth,int rc)
|
|||
|| rc == SQL_SUCCESS_WITH_INFO
|
||||
)
|
||||
{
|
||||
Debug(LDAP_DEBUG_TRACE,"SQL engine state: %s\n", state,0,0);
|
||||
Debug(LDAP_DEBUG_TRACE,"Native error code: %d\n",(int) iSqlCode,0,0);
|
||||
Debug(LDAP_DEBUG_TRACE,"SQL engine state: %s\n", state,0,0);
|
||||
Debug(LDAP_DEBUG_TRACE,"Message: %s\n",msg,0,0);
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -57,4 +57,5 @@ extern char backsql_def_oc_query[],backsql_def_at_query[],
|
|||
|
||||
int backsql_merge_from_clause(char **dest_from,int *dest_len,char *src_from);
|
||||
|
||||
|
||||
#endif
|
||||
Loading…
Reference in a new issue