diff options
Diffstat (limited to 'service_passwords.c')
| -rw-r--r-- | service_passwords.c | 22 |
1 files changed, 21 insertions, 1 deletions
diff --git a/service_passwords.c b/service_passwords.c index bde1906..3dc432c 100644 --- a/service_passwords.c +++ b/service_passwords.c @@ -498,6 +498,10 @@ static int pre_bind(Slapi_PBlock *pb) int is_internal = 0; char *parent_dn = NULL; + char *service = NULL; + char *service_dn = NULL; + int gold_account = 0; + int gold_service = 0; int rc = 0; char fn[] = "pre_bind in service_passwords plug-in"; @@ -536,7 +540,7 @@ static int pre_bind(Slapi_PBlock *pb) } parent_dn = slapi_dn_parent(dn); - rc |= is_user(parent_dn, NULL); + rc |= is_user(parent_dn, &gold_account); slapi_ch_free_string(&parent_dn); if (rc != 0) { @@ -544,6 +548,22 @@ static int pre_bind(Slapi_PBlock *pb) return SLAPI_BIND_SUCCESS; } + service = get_virtual_service(dn); + service_dn = get_service_dn(service); + rc |= is_service(service_dn, NULL, &gold_service); + slapi_ch_free_string(&service_dn); + slapi_ch_free_string(&service); + + if (rc != 0) { + /* Invalid service */ + return SLAPI_BIND_FAIL; + } + + if (gold_service != 0 && gold_account == 0) { + /* This is a bind for a gold_service, but it's not a gold account. */ + return SLAPI_BIND_FAIL; + } + if (auth_with_password_fallback(dn, credentials) == 0) { /* auth success: set connection info */ rc |= slapi_pblock_set(pb, SLAPI_CONN_DN, dn); |