1 /* extended.c - ldap backend extended routines */
3 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
5 * Copyright 2003-2005 The OpenLDAP Foundation.
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted only as authorized by the OpenLDAP
12 * A copy of this license is available in the file LICENSE in the
13 * top-level directory of the distribution or, alternatively, at
14 * <http://www.OpenLDAP.org/license.html>.
17 * This work was initially developed by the Howard Chu for inclusion
18 * in OpenLDAP Software and subsequently enhanced by Pierangelo
25 #include <ac/string.h>
28 #include "back-ldap.h"
31 static BI_op_extended ldap_back_exop_passwd;
32 static BI_op_extended ldap_back_exop_generic;
36 BI_op_extended *extended;
38 { BER_BVC(LDAP_EXOP_MODIFY_PASSWD), ldap_back_exop_passwd },
43 ldap_back_extended_one( Operation *op, SlapReply *rs, BI_op_extended exop )
46 LDAPControl **oldctrls = NULL;
49 /* FIXME: this needs to be called here, so it is
50 * called twice; maybe we could avoid the
51 * ldap_back_dobind() call inside each extended()
53 lc = ldap_back_getconn( op, rs, LDAP_BACK_SENDERR );
54 if ( !lc || !ldap_back_dobind( lc, op, rs, LDAP_BACK_SENDERR ) ) {
58 oldctrls = op->o_ctrls;
59 if ( ldap_back_proxy_authz_ctrl( lc, op, rs, &op->o_ctrls ) ) {
60 op->o_ctrls = oldctrls;
61 send_ldap_extended( op, rs );
63 /* otherwise frontend resends result */
64 rc = rs->sr_err = SLAPD_ABANDON;
70 if ( op->o_ctrls && op->o_ctrls != oldctrls ) {
71 free( op->o_ctrls[ 0 ] );
74 op->o_ctrls = oldctrls;
78 ldap_back_release_conn( op, rs, lc );
91 for ( i = 0; exop_table[i].extended != NULL; i++ ) {
92 if ( bvmatch( &exop_table[i].oid, &op->oq_extended.rs_reqoid ) )
94 return ldap_back_extended_one( op, rs, exop_table[i].extended );
98 /* if we get here, the exop is known; the best that we can do
99 * is pass it thru as is */
100 /* FIXME: maybe a list of OIDs to pass thru would be safer */
101 return ldap_back_extended_one( op, rs, ldap_back_exop_generic );
105 ldap_back_exop_passwd(
110 req_pwdexop_s *qpw = &op->oq_pwdexop;
116 lc = ldap_back_getconn( op, rs, LDAP_BACK_SENDERR );
117 if ( !lc || !ldap_back_dobind( lc, op, rs, LDAP_BACK_SENDERR ) ) {
121 isproxy = ber_bvcmp( &op->o_req_ndn, &op->o_ndn );
123 Debug( LDAP_DEBUG_ARGS, "==> ldap_back_exop_passwd(\"%s\")%s\n",
124 op->o_req_dn.bv_val, isproxy ? " (proxy)" : "", 0 );
127 rc = ldap_passwd( lc->lc_ld, isproxy ? &op->o_req_dn : NULL,
128 qpw->rs_old.bv_val ? &qpw->rs_old : NULL,
129 qpw->rs_new.bv_val ? &qpw->rs_new : NULL,
130 op->o_ctrls, NULL, &msgid );
132 if ( rc == LDAP_SUCCESS ) {
133 if ( ldap_result( lc->lc_ld, msgid, LDAP_MSG_ALL, NULL, &res ) == -1 ) {
134 ldap_get_option( lc->lc_ld, LDAP_OPT_ERROR_NUMBER, &rc );
135 ldap_back_freeconn( op, lc, 0 );
139 /* sigh. parse twice, because parse_passwd
140 * doesn't give us the err / match / msg info.
142 rc = ldap_parse_result( lc->lc_ld, res, &rs->sr_err,
143 (char **)&rs->sr_matched,
144 (char **)&rs->sr_text,
146 #ifndef LDAP_NULL_IS_NULL
147 if ( rs->sr_matched && rs->sr_matched[ 0 ] == '\0' ) {
148 free( (char *)rs->sr_matched );
149 rs->sr_matched = NULL;
151 if ( rs->sr_text && rs->sr_text[ 0 ] == '\0' ) {
152 free( (char *)rs->sr_text );
155 #endif /* LDAP_NULL_IS_NULL */
157 if ( rc == LDAP_SUCCESS ) {
158 if ( rs->sr_err == LDAP_SUCCESS ) {
161 /* this never happens because
162 * the frontend is generating
163 * the new password, so when
164 * the passwd exop is proxied,
165 * it never delegates password
166 * generation to the remote server
168 rc = ldap_parse_passwd( lc->lc_ld, res,
170 if ( rc == LDAP_SUCCESS &&
171 !BER_BVISNULL( &newpw ) )
173 rs->sr_type = REP_EXTENDED;
174 rs->sr_rspdata = slap_passwd_return( &newpw );
175 free( newpw.bv_val );
185 if ( rc != LDAP_SUCCESS ) {
186 rs->sr_err = slap_map_api2result( rs );
187 if ( rs->sr_err == LDAP_UNAVAILABLE && do_retry ) {
189 if ( ldap_back_retry( &lc, op, rs, LDAP_BACK_SENDERR ) ) {
193 send_ldap_extended( op, rs );
194 /* otherwise frontend resends result */
195 rc = rs->sr_err = SLAPD_ABANDON;
198 /* these have to be freed anyway... */
199 if ( rs->sr_matched ) {
200 free( (char *)rs->sr_matched );
201 rs->sr_matched = NULL;
204 free( (char *)rs->sr_text );
209 ldap_back_release_conn( op, rs, lc );
216 ldap_back_exop_generic(
226 lc = ldap_back_getconn( op, rs, LDAP_BACK_SENDERR );
227 if ( !lc || !ldap_back_dobind( lc, op, rs, LDAP_BACK_SENDERR ) ) {
231 Debug( LDAP_DEBUG_ARGS, "==> ldap_back_exop_generic(%s, \"%s\")\n",
232 op->ore_reqoid.bv_val, op->o_req_dn.bv_val, 0 );
235 rc = ldap_extended_operation( lc->lc_ld,
236 op->ore_reqoid.bv_val, op->ore_reqdata,
237 op->o_ctrls, NULL, &msgid );
239 if ( rc == LDAP_SUCCESS ) {
240 if ( ldap_result( lc->lc_ld, msgid, LDAP_MSG_ALL, NULL, &res ) == -1 ) {
241 ldap_get_option( lc->lc_ld, LDAP_OPT_ERROR_NUMBER, &rc );
242 ldap_back_freeconn( op, lc, 0 );
246 /* sigh. parse twice, because parse_passwd
247 * doesn't give us the err / match / msg info.
249 rc = ldap_parse_result( lc->lc_ld, res, &rs->sr_err,
250 (char **)&rs->sr_matched,
251 (char **)&rs->sr_text,
253 #ifndef LDAP_NULL_IS_NULL
254 if ( rs->sr_matched && rs->sr_matched[ 0 ] == '\0' ) {
255 free( (char *)rs->sr_matched );
256 rs->sr_matched = NULL;
258 if ( rs->sr_text && rs->sr_text[ 0 ] == '\0' ) {
259 free( (char *)rs->sr_text );
262 #endif /* LDAP_NULL_IS_NULL */
263 if ( rc == LDAP_SUCCESS ) {
264 if ( rs->sr_err == LDAP_SUCCESS ) {
265 rc = ldap_parse_extended_result( lc->lc_ld, res,
266 (char **)&rs->sr_rspoid, &rs->sr_rspdata, 0 );
267 if ( rc == LDAP_SUCCESS ) {
268 rs->sr_type = REP_EXTENDED;
278 if ( rc != LDAP_SUCCESS ) {
279 rs->sr_err = slap_map_api2result( rs );
280 if ( rs->sr_err == LDAP_UNAVAILABLE && do_retry ) {
282 if ( ldap_back_retry( &lc, op, rs, LDAP_BACK_SENDERR ) ) {
286 send_ldap_extended( op, rs );
287 /* otherwise frontend resends result */
288 rc = rs->sr_err = SLAPD_ABANDON;
291 /* these have to be freed anyway... */
292 if ( rs->sr_matched ) {
293 free( (char *)rs->sr_matched );
294 rs->sr_matched = NULL;
297 free( (char *)rs->sr_text );
302 ldap_back_release_conn( op, rs, lc );