diff options
author | Martin Nagy <mnagy@redhat.com> | 2009-08-03 16:00:00 +0200 |
---|---|---|
committer | Martin Nagy <mnagy@redhat.com> | 2009-08-04 16:50:54 +0200 |
commit | 8adf6d5b56d036bd9a3c08e999bf3f0ecfe3c4a1 (patch) | |
tree | ef32243422ea5745ac16b9585f5ed11661e3c372 | |
parent | 146a55139f090dcdc5ee424679f729f4c3820b99 (diff) | |
download | ldap_driver-8adf6d5b56d036bd9a3c08e999bf3f0ecfe3c4a1.tar.gz ldap_driver-8adf6d5b56d036bd9a3c08e999bf3f0ecfe3c4a1.tar.xz ldap_driver-8adf6d5b56d036bd9a3c08e999bf3f0ecfe3c4a1.zip |
Cleanup of authentication code
Mostly adding logging statements and removing some olds stuff.
-rw-r--r-- | src/ldap_helper.c | 47 |
1 files changed, 18 insertions, 29 deletions
diff --git a/src/ldap_helper.c b/src/ldap_helper.c index efd49da..b4152d3 100644 --- a/src/ldap_helper.c +++ b/src/ldap_helper.c @@ -1215,7 +1215,7 @@ ldap_query(ldap_connection_t *ldap_conn, const char *base, int scope, char **att str_buf(ldap_conn->query_string)); if (ldap_conn->handle == NULL) { - log_error("bug in ldap_query(): ldap_conn->handle is NULL"); + log_bug("ldap_conn->handle is NULL"); return ISC_R_FAILURE; } @@ -1443,51 +1443,40 @@ ldap_sasl_interact(LDAP *ld, unsigned flags, void *defaults, void *sin) if (ld == NULL || sin == NULL) return LDAP_PARAM_ERROR; + log_debug(4, "doing interactive bind"); for (in = sin; in != NULL && in->id != SASL_CB_LIST_END; in++) { switch (in->id) { case SASL_CB_USER: - log_error("SASL_CB_USER"); + log_debug(4, "got request for SASL_CB_USER"); in->result = str_buf(ldap_inst->sasl_user); in->len = str_len(ldap_inst->sasl_user); ret = LDAP_SUCCESS; break; - case SASL_CB_NOECHOPROMPT: - log_error("SASL_CB_NOECHOPROMPT"); - in->result = NULL; - in->len = 0; - ret = LDAP_OTHER; - break; - case SASL_CB_ECHOPROMPT: - log_error("SASL_CB_ECHOPROMPT"); - in->result = NULL; - in->len = 0; - ret = LDAP_OTHER; - break; case SASL_CB_GETREALM: - log_error("SASL_CB_GETREALM"); - in->result = NULL; - in->len = 0; - ret = LDAP_OTHER; + log_debug(4, "got request for SASL_CB_GETREALM"); + in->result = str_buf(ldap_inst->sasl_realm); + in->len = str_len(ldap_inst->sasl_realm); + ret = LDAP_SUCCESS; break; +#if 0 case SASL_CB_AUTHNAME: - log_error("SASL_CB_AUTHNAME"); + log_debug(4, "got request for SASL_CB_AUTHNAME"); in->result = str_buf(ldap_inst->sasl_user); in->len = str_len(ldap_inst->sasl_user); ret = LDAP_SUCCESS; break; +#endif case SASL_CB_PASS: - log_error("SASL_CB_PASS"); + log_debug(4, "got request for SASL_CB_PASS"); in->result = str_buf(ldap_inst->password); in->len = str_len(ldap_inst->password); ret = LDAP_SUCCESS; break; default: - log_error("SASL_UNKNOWN"); in->result = NULL; in->len = 0; ret = LDAP_OTHER; } - log_error("result: %s", (char *)(in->result?in->result:"")); } return ret; @@ -1545,9 +1534,6 @@ ldap_reconnect(ldap_connection_t *ldap_conn) ldap_instance_t *ldap_inst; const char *bind_dn = NULL; const char *password = NULL; -#if 0 - struct berval *servercred = NULL; -#endif ldap_inst = ldap_conn->database; @@ -1562,6 +1548,8 @@ ldap_reconnect(ldap_connection_t *ldap_conn) return ISC_R_FAILURE; } + /* If either bind_dn or the password is not set, we will use + * password-less bind. */ if (str_len(ldap_inst->bind_dn) > 0 && str_len(ldap_inst->password) > 0) { bind_dn = str_buf(ldap_inst->bind_dn); password = str_buf(ldap_inst->password); @@ -1593,7 +1581,6 @@ ldap_reconnect(ldap_connection_t *ldap_conn) ret = ldap_simple_bind_s(ldap_conn->handle, bind_dn, password); break; case AUTH_SASL: - if (strcmp(str_buf(ldap_inst->sasl_mech), "GSSAPI") == 0) { isc_result_t result; LOCK(&ldap_inst->kinit_lock); @@ -1605,7 +1592,8 @@ ldap_reconnect(ldap_connection_t *ldap_conn) return result; } - log_error("%s", str_buf(ldap_inst->sasl_mech)); + log_debug(4, "trying interactive bind using %s mechanism", + str_buf(ldap_inst->sasl_mech)); ret = ldap_sasl_interactive_bind_s(ldap_conn->handle, NULL, str_buf(ldap_inst->sasl_mech), NULL, NULL, LDAP_SASL_QUIET, @@ -1613,8 +1601,7 @@ ldap_reconnect(ldap_connection_t *ldap_conn) ldap_inst); break; default: - log_error("bug in ldap_connect(): unsupported " - "authentication mechanism"); + log_bug("unsupported authentication mechanism"); ret = LDAP_OTHER; break; } @@ -1623,6 +1610,8 @@ ldap_reconnect(ldap_connection_t *ldap_conn) log_error("bind to LDAP server failed: %s", ldap_err2string(ret)); return ISC_R_FAILURE; + } else { + log_debug(2, "bind to LDAP server successful"); } ldap_conn->tries = 0; |