[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Help! bind funny?
"Kurt D. Zeilenga" escribió:
>
> At 11:58 PM 5/14/00 +0200, Juan Gonzalo de Silva Medina wrote:
> >this is the log for slapd -d 1 -d 4 -d 128
> >
> >All execution is with equelas paramenters (except for password...)
>
> >------------------------------------------------------------
> >slapd 1.2.10-Release (Thu May 11 17:28:45 CEST 2000)
> >
> >gonzalo@localhost.localdomain:/usr/local/traer/curso/tmp/openldap-1.2.10/servers/slapd
> >ACL: access to dn=.*
> > by dn=^$$
> > by dn=.*,O=RACF
> > by dn=.*
> >
> >slapd starting
> >
> >-----[this is with a invalid password]------------------------
> >do_bind
> >do_bind: version 2 dn (CN=S5540,O=RACF) method 128
> >send_ldap_result 49::(03) CLAVE INVALIDA
> >ber_get_next on fd 7 failed errno 0 (Success)
> >*** got 0 of 0 so far
> >
> >-----[this is with a right password]--------------------------
> >do_bind
> >do_bind: version 2 dn (CN=S5540,O=RACF) method 128
> >send_ldap_result 0::
> >do_bind: bound "CN=S5540,O=RACF" to "CN=S5540,O=RACF"
> >send_ldap_result 0::
> >do_search
>
> Two send_ldap_result is very bad. Your backend shouldn't send
> a success in this case.
:-?????
What?
Hummm,
Well, my code is:
---------------------------------------------------------------
/* bind.c - shell backend bind function */
#include "portable.h"
#include <stdio.h>
#include <ac/socket.h>
#include <ac/string.h>
#include "slap.h"
#include "racf.h"
#define MAX_USUARIO 8
#define MAX_PASSWORD 8
int
racf_back_bind(
Backend *be,
Connection *conn,
Operation *op,
char *dn,
int method,
struct berval *cred,
char **edn
)
{
/* Defino y obtengo la extructura donde he guardado la configuración */
struct racf_info *ri = (struct racf_info *) be->be_private;
int rc;
int c,d;
char usuario[MAX_USUARIO+1];
char *dntmp;
char *p;
int ldn;
int lbs;
int lq;
*edn = NULL;
/* al DN recibido le quito el subfijo de la base de datos */
ldn = strlen(dn);
lbs = strlen(be->be_suffix[0]);
lq = ldn - lbs - 1; /* le quito la coma que deve de venir despues del codigo */
if(lq < 4){ /* son 4 ya que ha de tener al menos cn= (tres caracteres) */
send_ldap_result(conn, op, LDAP_INVALID_DN_SYNTAX, NULL,
"(101) Parece faltar el codigo de usuario (\"cn=<codigo>,...\")");
return ( -1 );
}
dntmp=calloc(1, lq+1);
memcpy(dntmp, dn, lq);
if(dntmp[0]!='C' || dntmp[1]!='N' || dntmp[2]!='='){
free(dntmp);
send_ldap_result(conn, op, LDAP_INVALID_DN_SYNTAX, NULL,
"(102) El formato parece incorrecto... (\"cn=<codigo>,...\")");
return ( -1 );
}
if(lq > MAX_USUARIO + 3){
free(dntmp);
send_ldap_result(conn, op, LDAP_INVALID_DN_SYNTAX, NULL,
"(103) Codigo de usuario demasiado largo");
return ( -1 );
}
memcpy(usuario, &dntmp[3], lq - 3);
usuario[lq-3]='\0';
free(dntmp);
if(cred->bv_len > MAX_PASSWORD){
send_ldap_result(conn, op, LDAP_INVALID_DN_SYNTAX, NULL,
"(104) Clave demasiado larga");
return ( -1 );
}
/***** FUNCION DE CONEXION CON RACF *****/
rc = conectar(ri->ri_servidor, ri->ri_puerto, ri->ri_transaccion, usuario, cred->bv_val);
/****************************************/
if(rc == 0) {
send_ldap_result(conn, op, LDAP_SUCCESS, NULL, NULL);
return( rc );
}
if(rc == 1) {
send_ldap_result(conn, op, LDAP_INVALID_CREDENTIALS, NULL,
"(01) USUARIO INVALIDO");
return( rc );
}
if(rc == 3) {
send_ldap_result(conn, op, LDAP_INVALID_CREDENTIALS, NULL,
"(03) CLAVE INVALIDA");
return( rc );
}
if(rc == 4) {
send_ldap_result(conn, op, LDAP_INVALID_CREDENTIALS, NULL,
"(04) CLAVE EXPIRADA");
return( rc );
}
if(rc == 5) {
send_ldap_result(conn, op, LDAP_INVALID_CREDENTIALS, NULL,
"(05) LA NUEVA CLAVE NO ES VALIDA");
return( rc );
}
if(rc == 6) {
send_ldap_result(conn, op, LDAP_INVALID_CREDENTIALS, NULL,
"(06) USUARIO REBOCADO");
return( rc );
}
if(rc == 7) {
send_ldap_result(conn, op, LDAP_INVALID_CREDENTIALS, NULL,
"(07) NO AUTORIZADO A USAR ESTE TERMINAL");
return( rc );
}
if(rc == 8) {
send_ldap_result(conn, op, LDAP_INVALID_CREDENTIALS, NULL,
"(08) NO AUTORIZADO EN ESTE DIA A ESTA HORA");
return( rc );
}
if(rc == 9) {
send_ldap_result(conn, op, LDAP_INVALID_CREDENTIALS, NULL,
"(09) NO AUTORIZADO A USAR ESTE TERMINAL EN ESTE DIA A ESTA HORA");
return( rc );
}
if(rc == 10) {
send_ldap_result(conn, op, LDAP_INVALID_CREDENTIALS, NULL,
"(10) USUARIO NO AUTORIZADO A USAR LA APLICACION");
return( rc );
}
if(rc == 30) {
send_ldap_result(conn, op, LDAP_OPERATIONS_ERROR, NULL,
"(30) SERVIDOR DE COMUNICACIONES DESCONOCIDO");
return( rc );
}
if(rc == 31) {
send_ldap_result(conn, op, LDAP_OPERATIONS_ERROR, NULL,
"(31) NO ES POSIBLE CREAR EL SOCKET DE LLAMADA");
return( rc );
}
if(rc == 32) {
send_ldap_result(conn, op, LDAP_OPERATIONS_ERROR, NULL,
"(32) NO HAY CONEXION CON EL SERVIDOR DE COMUNICACIONES");
return( rc );
}
send_ldap_result( conn, op, LDAP_OPERATIONS_ERROR, NULL,
"(XX) ERROR EN HOST");
return( rc );
}
-------------------------------------------------------------
rc=conectar(...) is a function for conect to the external site and autenticate the user + password. "conectar" not call to any function of ldap (send_ldap_result or other)...
This is a cut+paste of shell-backend :) (thanks for this).
Only a send_ldap_result is returned and edn is set to NULL (equals to shell-backend)..
>
> Note that both executions with the right password behave
> as anonymous. Something is likely a muck with your
> backend bind routine. In particular, you should look
> at what you return as edn and make sure it's not getting
> clobbered after the call.