summaryrefslogtreecommitdiffstats
path: root/ldap/servers/slapd/test-plugins/testbind.c
diff options
context:
space:
mode:
authorcvsadm <cvsadm>2005-01-21 00:44:34 +0000
committercvsadm <cvsadm>2005-01-21 00:44:34 +0000
commitb2093e3016027d6b5cf06b3f91f30769bfc099e2 (patch)
treecf58939393a9032182c4fbc4441164a9456e82f8 /ldap/servers/slapd/test-plugins/testbind.c
downloadds-ldapserver7x.tar.gz
ds-ldapserver7x.tar.xz
ds-ldapserver7x.zip
Moving NSCP Directory Server from DirectoryBranch to TRUNK, initial drop. (foxworth)ldapserver7x
Diffstat (limited to 'ldap/servers/slapd/test-plugins/testbind.c')
-rw-r--r--ldap/servers/slapd/test-plugins/testbind.c252
1 files changed, 252 insertions, 0 deletions
diff --git a/ldap/servers/slapd/test-plugins/testbind.c b/ldap/servers/slapd/test-plugins/testbind.c
new file mode 100644
index 00000000..4d080a0f
--- /dev/null
+++ b/ldap/servers/slapd/test-plugins/testbind.c
@@ -0,0 +1,252 @@
+/** BEGIN COPYRIGHT BLOCK
+ * Copyright 2001 Sun Microsystems, Inc.
+ * Portions copyright 1999, 2001-2003 Netscape Communications Corporation.
+ * All rights reserved.
+ * END COPYRIGHT BLOCK **/
+
+/************************************************************
+
+ testbind.c
+
+ This source file provides an example of a pre-operation plug-in
+ function that handles authentication.
+
+ Note that the Directory Server front-end handles bind
+ operations requested by the root DN. The server does not
+ invoke your plug-in function if the client is authenicating
+ as the root DN.
+
+ To test this plug-in function, stop the server, edit the dse.ldif file
+ (in the <server_root>/slapd-<server_id>/config directory)
+ and add the following lines before restarting the server :
+
+ dn: cn=Test Bind,cn=plugins,cn=config
+ objectClass: top
+ objectClass: nsSlapdPlugin
+ objectClass: extensibleObject
+ cn: Test Bind
+ nsslapd-pluginPath: <server_root>/plugins/slapd/slapi/examples/libtest-plugin.so
+ nsslapd-pluginInitfunc: testbind_init
+ nsslapd-pluginType: preoperation
+ nsslapd-pluginEnabled: on
+ nsslapd-plugin-depends-on-type: database
+ nsslapd-pluginId: test-bind
+
+ ************************************************************/
+#include <stdio.h>
+#include <string.h>
+#include "slapi-plugin.h"
+
+Slapi_PluginDesc bindpdesc = { "test-bind", "Netscape", "0.5",
+ "sample bind pre-operation plugin" };
+
+static Slapi_ComponentId *plugin_id = NULL;
+
+
+
+
+/* Pre-operation plug-in function */
+int
+test_bind( Slapi_PBlock *pb )
+{
+ char *dn, *attrs[2] = { SLAPI_USERPWD_ATTR, NULL };
+ int method, rc = LDAP_SUCCESS;
+ struct berval *credentials;
+ struct berval **pwvals;
+ Slapi_DN *sdn = NULL;
+ Slapi_Entry *e = NULL;
+ Slapi_Attr *attr = NULL;
+
+ /* Log a message to the server error log. */
+ slapi_log_error( SLAPI_LOG_PLUGIN, "test_bind",
+ "Pre-operation bind function called.\n" );
+
+ /* Gets parameters available when processing an LDAP bind
+ operation. */
+ if ( slapi_pblock_get( pb, SLAPI_BIND_TARGET, &dn ) != 0 ||
+ slapi_pblock_get( pb, SLAPI_BIND_METHOD, &method ) != 0 ||
+ slapi_pblock_get( pb, SLAPI_BIND_CREDENTIALS, &credentials ) != 0 ) {
+
+ slapi_log_error( SLAPI_LOG_PLUGIN, "test_bind",
+ "Could not get parameters for bind operation\n" );
+ slapi_send_ldap_result( pb, LDAP_OPERATIONS_ERROR,
+ NULL, NULL, 0, NULL );
+ return( 1 );
+ }
+
+ /* Check the authentication method */
+ switch( method ) {
+ case LDAP_AUTH_SIMPLE:
+ /* First, get the entry specified by the DN. */
+ sdn = slapi_sdn_new_dn_byref( dn );
+ rc = slapi_search_internal_get_entry( sdn, attrs, &e,
+ plugin_id );
+ slapi_sdn_free( &sdn );
+
+ if ( rc != LDAP_SUCCESS ) {
+ slapi_log_error( SLAPI_LOG_PLUGIN, "test_bind",
+ "Could not find entry %s (error %d)\n",
+ dn, rc );
+ break;
+ }
+
+ /* Next, check credentials against the userpassword attribute
+ of that entry. */
+ if ( e != NULL ) {
+ Slapi_Value *credval, **pwvals;
+ int i, hint, valcount;
+
+
+ if ( slapi_entry_attr_find( e, SLAPI_USERPWD_ATTR,
+ &attr ) != 0 || slapi_attr_get_numvalues( attr,
+ &valcount ) != 0 ) {
+ slapi_log_error( SLAPI_LOG_PLUGIN, "test_bind",
+ "Entry has no %s attribute values\n",
+ SLAPI_USERPWD_ATTR );
+ rc = LDAP_INAPPROPRIATE_AUTH;
+ break;
+ }
+
+ credval = slapi_value_new_berval( credentials );
+ pwvals = (Slapi_Value **)slapi_ch_calloc( valcount,
+ sizeof( Slapi_Value * ));
+ i = 0;
+ for ( hint = slapi_attr_first_value( attr, &pwvals[i] );
+ hint != -1; hint = slapi_attr_next_value( attr,
+ hint, &pwvals[i] )) {
+ ++i;
+ }
+
+ if ( slapi_pw_find_sv( pwvals, credval ) != 0 ) {
+ slapi_log_error( SLAPI_LOG_PLUGIN, "test_bind",
+ "Credentials are not correct\n" );
+ rc = LDAP_INVALID_CREDENTIALS;
+ }
+
+ slapi_value_free( &credval );
+ slapi_ch_free( (void **)&pwvals );
+
+ if ( LDAP_SUCCESS != rc ) {
+ break;
+ }
+ } else {
+ /* This should not happen. The previous section of code
+ already checks for this case. */
+ slapi_log_error( SLAPI_LOG_PLUGIN, "test_bind",
+ "Could find entry for %s\n", dn );
+ rc = LDAP_NO_SUCH_OBJECT;
+ break;
+ }
+
+ /* Set the DN and authentication method for the connection. */
+ if ( slapi_pblock_set( pb, SLAPI_CONN_DN,
+ slapi_ch_strdup( dn ) ) != 0 ||
+ slapi_pblock_set( pb, SLAPI_CONN_AUTHMETHOD,
+ SLAPD_AUTH_SIMPLE ) != 0 ) {
+
+ slapi_log_error( SLAPI_LOG_PLUGIN, "test_bind",
+ "Failed to set DN and method for connection\n" );
+ rc = LDAP_OPERATIONS_ERROR;
+ break;
+ }
+
+ /* Send a "success" result code back to the client. */
+ slapi_log_error( SLAPI_LOG_PLUGIN, "test_bind",
+ "Authenticated: %s\n", dn );
+ rc = LDAP_SUCCESS;
+ break;
+
+ /* If NONE is specified, the client is requesting to bind anonymously.
+ Normally, this case should be handled by the server's front-end
+ before it calls this plug-in function. Just in case this does
+ get through to the plug-in function, you can handle this by
+ sending a successful result code back to the client and returning
+ 1.
+ */
+ case LDAP_AUTH_NONE:
+ slapi_log_error( SLAPI_LOG_PLUGIN, "test_bind",
+ "Authenticating anonymously\n" );
+ rc = LDAP_SUCCESS;
+ break;
+
+ /* This plug-in does not support any other method of authentication */
+ case LDAP_AUTH_SASL:
+ default:
+ slapi_log_error( SLAPI_LOG_PLUGIN, "test_bind",
+ "Unsupported authentication method requested: %d\n",
+ method );
+ rc = LDAP_AUTH_METHOD_NOT_SUPPORTED;
+ break;
+ }
+
+ slapi_send_ldap_result( pb, rc, NULL, NULL, 0, NULL );
+ return( 1 );
+}
+
+/* Pre-operation plug-in function */
+int
+test_search( Slapi_PBlock *pb )
+{
+ char *reqdn;
+
+ /* Log a message to the server error log. */
+ slapi_log_error( SLAPI_LOG_PLUGIN, "test_search",
+ "Pre-operation search function called.\n" );
+
+ /* Get requestor of search operation. This is not critical
+ to performing the search (this plug-in just serves as
+ confirmation that the bind plug-in works), so return 0
+ if this fails. */
+ if ( slapi_pblock_get( pb, SLAPI_REQUESTOR_DN, &reqdn ) != 0 ) {
+
+ slapi_log_error( SLAPI_LOG_PLUGIN, "test_search",
+ "Could not get requestor parameter for search operation\n" );
+ return( 0 );
+ }
+
+ /* Indicate who is requesting the search */
+ if ( reqdn != NULL && *reqdn != '\0' ) {
+ slapi_log_error( SLAPI_LOG_PLUGIN, "test_search",
+ "Search requested by %s\n", reqdn );
+ } else {
+ slapi_log_error( SLAPI_LOG_PLUGIN, "test_search",
+ "Search requested by anonymous client\n" );
+ }
+ return( 0 );
+}
+
+/* Initialization function */
+#ifdef _WIN32
+__declspec(dllexport)
+#endif
+int
+testbind_init( Slapi_PBlock *pb )
+{
+
+ /* Retrieve and save the plugin identity to later pass to
+ internal operations */
+ if ( slapi_pblock_get( pb, SLAPI_PLUGIN_IDENTITY, &plugin_id ) != 0 ) {
+ slapi_log_error( SLAPI_LOG_PLUGIN, "testbind_init",
+ "Failed to retrieve SLAPI_PLUGIN_IDENTITY\n" );
+ return( -1 );
+ }
+
+ /* Register the pre-operation bind function and specify
+ the server plug-in version. */
+ if ( slapi_pblock_set( pb, SLAPI_PLUGIN_VERSION,
+ SLAPI_PLUGIN_VERSION_01 ) != 0 ||
+ slapi_pblock_set( pb, SLAPI_PLUGIN_DESCRIPTION,
+ (void *)&bindpdesc ) != 0 ||
+ slapi_pblock_set( pb, SLAPI_PLUGIN_PRE_BIND_FN,
+ (void *) test_bind ) != 0 ||
+ slapi_pblock_set( pb, SLAPI_PLUGIN_PRE_SEARCH_FN,
+ (void *) test_search ) != 0 ) {
+
+ slapi_log_error( SLAPI_LOG_PLUGIN, "testbind_init",
+ "Failed to set version and functions\n" );
+ return( -1 );
+ }
+
+ return( 0 );
+}
+