1 /* extended.c - ldap backend extended routines */
3 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
5 * Copyright 2003-2004 The OpenLDAP Foundation.
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted only as authorized by the OpenLDAP
12 * A copy of this license is available in the file LICENSE in the
13 * top-level directory of the distribution or, alternatively, at
14 * <http://www.OpenLDAP.org/license.html>.
17 * This work was initially developed by the Howard Chu for inclusion
18 * in OpenLDAP Software and subsequently enhanced by Pierangelo
25 #include <ac/string.h>
28 #include "back-ldap.h"
31 BI_op_extended ldap_back_exop_passwd;
35 BI_op_extended *extended;
37 { (struct berval *)&slap_EXOP_MODIFY_PASSWD, ldap_back_exop_passwd },
48 for( i=0; exop_table[i].extended != NULL; i++ ) {
49 if( ber_bvcmp( exop_table[i].oid, &op->oq_extended.rs_reqoid ) == 0 ) {
50 #ifdef LDAP_BACK_PROXY_AUTHZ
52 LDAPControl **oldctrls = NULL;
55 /* FIXME: this needs to be called here, so it is
56 * called twice; maybe we could avoid the
57 * ldap_back_dobind() call inside each extended()
59 lc = ldap_back_getconn(op, rs);
60 if (!lc || !ldap_back_dobind(lc, op, rs) ) {
64 oldctrls = op->o_ctrls;
65 if ( ldap_back_proxy_authz_ctrl( lc, op, rs, &op->o_ctrls ) ) {
66 op->o_ctrls = oldctrls;
67 send_ldap_result( op, rs );
72 rc = (exop_table[i].extended)( op, rs );
74 if ( op->o_ctrls && op->o_ctrls != oldctrls ) {
75 free( op->o_ctrls[ 0 ] );
78 op->o_ctrls = oldctrls;
81 #else /* ! LDAP_BACK_PROXY_AUTHZ */
82 return (exop_table[i].extended)( op, rs );
83 #endif /* ! LDAP_BACK_PROXY_AUTHZ */
87 rs->sr_text = "not supported within naming context";
88 return LDAP_UNWILLING_TO_PERFORM;
92 ldap_back_exop_passwd(
96 struct ldapinfo *li = (struct ldapinfo *) op->o_bd->be_private;
98 req_pwdexop_s *qpw = &op->oq_pwdexop;
99 struct berval mdn = { 0, NULL }, newpw;
105 lc = ldap_back_getconn(op, rs);
106 if (!lc || !ldap_back_dobind(lc, op, rs) ) {
110 isproxy = ber_bvcmp( &op->o_req_ndn, &op->o_ndn );
113 LDAP_LOG ( ACL, DETAIL1, "ldap_back_exop_passwd: \"%s\"%s\"\n",
114 op->o_req_dn.bv_val, isproxy ? " (proxy)" : "", 0 );
116 Debug( LDAP_DEBUG_TRACE, "ldap_back_exop_passwd: \"%s\"%s\n",
117 op->o_req_dn.bv_val, isproxy ? " (proxy)" : "", 0 );
121 dc.rwmap = &li->rwmap;
122 #ifdef ENABLE_REWRITE
123 dc.conn = op->o_conn;
125 dc.ctx = "modifyPwd";
130 if ( ldap_back_dn_massage( &dc, &op->o_req_dn, &mdn ) ) {
131 send_ldap_result( op, rs );
136 rc = ldap_passwd(lc->ld, isproxy ? &mdn : NULL,
137 qpw->rs_old.bv_len ? &qpw->rs_old : NULL,
138 qpw->rs_new.bv_len ? &qpw->rs_new : NULL, op->o_ctrls, NULL, &msgid);
140 if (mdn.bv_val != op->o_req_dn.bv_val) {
144 if (rc == LDAP_SUCCESS) {
145 if (ldap_result(lc->ld, msgid, 1, NULL, &res) == -1) {
146 ldap_get_option(lc->ld, LDAP_OPT_ERROR_NUMBER, &rc);
148 /* sigh. parse twice, because parse_passwd doesn't give
149 * us the err / match / msg info.
151 rc = ldap_parse_result(lc->ld, res, &rs->sr_err, (char **)&rs->sr_matched, (char **)&rs->sr_text,
153 if (rc == LDAP_SUCCESS) {
154 if (rs->sr_err == LDAP_SUCCESS) {
155 rc = ldap_parse_passwd(lc->ld, res, &newpw);
156 if (rc == LDAP_SUCCESS && newpw.bv_val) {
157 rs->sr_type = REP_EXTENDED;
158 rs->sr_rspdata = slap_passwd_return(&newpw);
168 if (rc != LDAP_SUCCESS) {
169 rs->sr_err = ldap_back_map_result(rs);
170 send_ldap_result(op, rs);
171 if (rs->sr_matched) free((char *)rs->sr_matched);
172 if (rs->sr_text) free((char *)rs->sr_text);
173 rs->sr_matched = NULL;