git.sur5r.net Git - openldap/blob - servers/slapd/back-ldap/extended.c

   1 /* extended.c - ldap backend extended routines */
   2 /* $OpenLDAP$ */
   3 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
   4  *
   5  * Copyright 2003-2004 The OpenLDAP Foundation.
   6  * All rights reserved.
   7  *
   8  * Redistribution and use in source and binary forms, with or without
   9  * modification, are permitted only as authorized by the OpenLDAP
  10  * Public License.
  11  *
  12  * A copy of this license is available in the file LICENSE in the
  13  * top-level directory of the distribution or, alternatively, at
  14  * <http://www.OpenLDAP.org/license.html>.
  15  */
  16 /* ACKNOWLEDGEMENTS:
  17  * This work was initially developed by the Howard Chu for inclusion
  18  * in OpenLDAP Software and subsequently enhanced by Pierangelo
  19  * Masarati.
  20  */
  21
  22 #include "portable.h"
  23
  24 #include <stdio.h>
  25 #include <ac/string.h>
  26
  27 #include "slap.h"
  28 #include "back-ldap.h"
  29 #include "lber_pvt.h"
  30
  31 BI_op_extended ldap_back_exop_passwd;
  32
  33 static struct exop {
  34         struct berval *oid;
  35         BI_op_extended  *extended;
  36 } exop_table[] = {
  37         { (struct berval *)&slap_EXOP_MODIFY_PASSWD, ldap_back_exop_passwd },
  38         { NULL, NULL }
  39 };
  40
  41 int
  42 ldap_back_extended(
  43         Operation               *op,
  44         SlapReply               *rs )
  45 {
  46         int i;
  47
  48         for( i=0; exop_table[i].extended != NULL; i++ ) {
  49                 if( ber_bvcmp( exop_table[i].oid, &op->oq_extended.rs_reqoid ) == 0 ) {
  50 #ifdef LDAP_BACK_PROXY_AUTHZ
  51                         struct ldapconn *lc;
  52                         LDAPControl **oldctrls = NULL;
  53                         int rc;
  54
  55                         /* FIXME: this needs to be called here, so it is
  56                          * called twice; maybe we could avoid the
  57                          * ldap_back_dobind() call inside each extended()
  58                          * call ... */
  59                         lc = ldap_back_getconn(op, rs);
  60                         if (!lc || !ldap_back_dobind(lc, op, rs) ) {
  61                                 return -1;
  62                         }
  63
  64                         oldctrls = op->o_ctrls;
  65                         if ( ldap_back_proxy_authz_ctrl( lc, op, rs, &op->o_ctrls ) ) {
  66                                 op->o_ctrls = oldctrls;
  67                                 send_ldap_result( op, rs );
  68                                 rs->sr_text = NULL;
  69                                 return rs->sr_err;
  70                         }
  71
  72                         rc = (exop_table[i].extended)( op, rs );
  73
  74                         if ( op->o_ctrls && op->o_ctrls != oldctrls ) {
  75                                 free( op->o_ctrls[ 0 ] );
  76                                 free( op->o_ctrls );
  77                         }
  78                         op->o_ctrls = oldctrls;
  79
  80                         return rc;
  81 #else /* ! LDAP_BACK_PROXY_AUTHZ */
  82                         return (exop_table[i].extended)( op, rs );
  83 #endif /* ! LDAP_BACK_PROXY_AUTHZ */
  84                 }
  85         }
  86
  87         rs->sr_text = "not supported within naming context";
  88         return LDAP_UNWILLING_TO_PERFORM;
  89 }
  90
  91 int
  92 ldap_back_exop_passwd(
  93         Operation               *op,
  94         SlapReply               *rs )
  95 {
  96         struct ldapinfo *li = (struct ldapinfo *) op->o_bd->be_private;
  97         struct ldapconn *lc;
  98         req_pwdexop_s *qpw = &op->oq_pwdexop;
  99         struct berval mdn = BER_BVNULL, newpw;
 100         LDAPMessage *res;
 101         ber_int_t msgid;
 102         int rc, isproxy;
 103         dncookie dc;
 104
 105         lc = ldap_back_getconn(op, rs);
 106         if (!lc || !ldap_back_dobind(lc, op, rs) ) {
 107                 return -1;
 108         }
 109
 110         isproxy = ber_bvcmp( &op->o_req_ndn, &op->o_ndn );
 111
 112         Debug( LDAP_DEBUG_TRACE, "ldap_back_exop_passwd: \"%s\"%s\n",
 113                 op->o_req_dn.bv_val, isproxy ? " (proxy)" : "", 0 );
 114
 115         if ( isproxy ) {
 116                 dc.rwmap = &li->rwmap;
 117 #ifdef ENABLE_REWRITE
 118                 dc.conn = op->o_conn;
 119                 dc.rs = rs;
 120                 dc.ctx = "exopPasswdDN";
 121 #else
 122                 dc.tofrom = 1;
 123                 dc.normalized = 0;
 124 #endif
 125                 if ( ldap_back_dn_massage( &dc, &op->o_req_dn, &mdn ) ) {
 126                         send_ldap_result( op, rs );
 127                         return -1;
 128                 }
 129         }
 130
 131         rc = ldap_passwd(lc->ld, isproxy ? &mdn : NULL,
 132                 qpw->rs_old.bv_val ? &qpw->rs_old : NULL,
 133                 qpw->rs_new.bv_val ? &qpw->rs_new : NULL,
 134                 op->o_ctrls, NULL, &msgid);
 135
 136         if (mdn.bv_val != op->o_req_dn.bv_val) {
 137                 free(mdn.bv_val);
 138         }
 139
 140         if (rc == LDAP_SUCCESS) {
 141                 if (ldap_result(lc->ld, msgid, 1, NULL, &res) == -1) {
 142                         ldap_get_option(lc->ld, LDAP_OPT_ERROR_NUMBER, &rc);
 143                         ldap_back_freeconn( op, lc );
 144                         lc = NULL;
 145
 146                 } else {
 147                         /* sigh. parse twice, because parse_passwd doesn't give
 148                          * us the err / match / msg info.
 149                          */
 150                         rc = ldap_parse_result(lc->ld, res, &rs->sr_err, (char **)&rs->sr_matched, (char **)&rs->sr_text,
 151                                 NULL, NULL, 0);
 152                         if (rc == LDAP_SUCCESS) {
 153                                 if (rs->sr_err == LDAP_SUCCESS) {
 154                                         rc = ldap_parse_passwd(lc->ld, res, &newpw);
 155                                         if (rc == LDAP_SUCCESS && newpw.bv_val) {
 156                                                 rs->sr_type = REP_EXTENDED;
 157                                                 rs->sr_rspdata = slap_passwd_return(&newpw);
 158                                                 free(newpw.bv_val);
 159                                         }
 160                                 } else {
 161                                         rc = rs->sr_err;
 162                                 }
 163                         }
 164                         ldap_msgfree(res);
 165                 }
 166         }
 167         if (rc != LDAP_SUCCESS) {
 168                 rs->sr_err = slap_map_api2result( rs );
 169                 send_ldap_result(op, rs);
 170                 if (rs->sr_matched) free((char *)rs->sr_matched);
 171                 if (rs->sr_text) free((char *)rs->sr_text);
 172                 rs->sr_matched = NULL;
 173                 rs->sr_text = NULL;
 174                 rc = -1;
 175         }
 176         return rc;
 177 }