git.sur5r.net Git - openldap/blob - servers/slapd/back-ldap/extended.c

   1 /* extended.c - ldap backend extended routines */
   2 /* $OpenLDAP$ */
   3 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
   4  *
   5  * Copyright 2003 The OpenLDAP Foundation.
   6  * All rights reserved.
   7  *
   8  * Redistribution and use in source and binary forms, with or without
   9  * modification, are permitted only as authorized by the OpenLDAP
  10  * Public License.
  11  *
  12  * A copy of this license is available in the file LICENSE in the
  13  * top-level directory of the distribution or, alternatively, at
  14  * <http://www.OpenLDAP.org/license.html>.
  15  */
  16 /* ACKNOWLEDGEMENTS:
  17  * This work was initially developed by the Howard Chu for inclusion
  18  * in OpenLDAP Software and subsequently enhanced by Pierangelo
  19  * Masarati.
  20  */
  21 /* This is an altered version */
  22
  23 #include "portable.h"
  24
  25 #include <stdio.h>
  26 #include <ac/string.h>
  27
  28 #include "slap.h"
  29 #include "back-ldap.h"
  30 #include "lber_pvt.h"
  31
  32 BI_op_extended ldap_back_exop_passwd;
  33
  34 static struct exop {
  35         struct berval *oid;
  36         BI_op_extended  *extended;
  37 } exop_table[] = {
  38         { (struct berval *)&slap_EXOP_MODIFY_PASSWD, ldap_back_exop_passwd },
  39         { NULL, NULL }
  40 };
  41
  42 int
  43 ldap_back_extended(
  44         Operation               *op,
  45         SlapReply               *rs )
  46 {
  47         int i;
  48
  49         for( i=0; exop_table[i].extended != NULL; i++ ) {
  50                 if( ber_bvcmp( exop_table[i].oid, &op->oq_extended.rs_reqoid ) == 0 ) {
  51 #ifdef LDAP_BACK_PROXY_AUTHZ
  52                         struct ldapconn *lc;
  53                         LDAPControl **oldctrls = NULL;
  54                         int rc;
  55
  56                         /* FIXME: this needs to be called here, so it is
  57                          * called twice; maybe we could avoid the
  58                          * ldap_back_dobind() call inside each extended()
  59                          * call ... */
  60                         lc = ldap_back_getconn(op, rs);
  61                         if (!lc || !ldap_back_dobind(lc, op, rs) ) {
  62                                 return -1;
  63                         }
  64
  65                         oldctrls = op->o_ctrls;
  66                         if ( ldap_back_proxy_authz_ctrl( lc, op, rs, &op->o_ctrls ) ) {
  67                                 op->o_ctrls = oldctrls;
  68                                 send_ldap_result( op, rs );
  69                                 rs->sr_text = NULL;
  70                                 return rs->sr_err;
  71                         }
  72
  73                         rc = (exop_table[i].extended)( op, rs );
  74
  75                         if ( op->o_ctrls && op->o_ctrls != oldctrls ) {
  76                                 free( op->o_ctrls[ 0 ] );
  77                                 free( op->o_ctrls );
  78                         }
  79                         op->o_ctrls = oldctrls;
  80
  81                         return rc;
  82 #else /* ! LDAP_BACK_PROXY_AUTHZ */
  83                         return (exop_table[i].extended)( op, rs );
  84 #endif /* ! LDAP_BACK_PROXY_AUTHZ */
  85                 }
  86         }
  87
  88         rs->sr_text = "not supported within naming context";
  89         return LDAP_UNWILLING_TO_PERFORM;
  90 }
  91
  92 int
  93 ldap_back_exop_passwd(
  94         Operation               *op,
  95         SlapReply               *rs )
  96 {
  97         struct ldapinfo *li = (struct ldapinfo *) op->o_bd->be_private;
  98         struct ldapconn *lc;
  99         struct berval id = { 0, NULL };
 100         struct berval old = { 0, NULL };
 101         struct berval new = { 0, NULL };
 102         struct berval dn, mdn = { 0, NULL }, newpw;
 103         LDAPMessage *res;
 104         ber_int_t msgid;
 105         int rc;
 106         dncookie dc;
 107
 108         lc = ldap_back_getconn(op, rs);
 109         if (!lc || !ldap_back_dobind(lc, op, rs) ) {
 110                 return -1;
 111         }
 112
 113         rc = slap_passwd_parse( op->oq_extended.rs_reqdata, &id, &old, &new, &rs->sr_text );
 114         if (rc != LDAP_SUCCESS)
 115                 return rc;
 116
 117         if (id.bv_len) {
 118                 dn = id;
 119         } else {
 120                 dn = op->o_dn;
 121         }
 122
 123 #ifdef NEW_LOGGING
 124         LDAP_LOG ( ACL, DETAIL1, "ldap_back_exop_passwd: \"%s\"%s\"\n",
 125                 dn.bv_val, id.bv_len ? " (proxy)" : "", 0 );
 126 #else
 127         Debug( LDAP_DEBUG_TRACE, "ldap_back_exop_passwd: \"%s\"%s\n",
 128                 dn.bv_val, id.bv_len ? " (proxy)" : "", 0 );
 129 #endif
 130
 131         if (dn.bv_len == 0) {
 132                 rs->sr_text = "No password is associated with the Root DSE";
 133                 return LDAP_UNWILLING_TO_PERFORM;
 134         }
 135         if (id.bv_len) {
 136                 dc.rwmap = &li->rwmap;
 137 #ifdef ENABLE_REWRITE
 138                 dc.conn = op->o_conn;
 139                 dc.rs = rs;
 140                 dc.ctx = "modifyPwd";
 141 #else
 142                 dc.tofrom = 1;
 143                 dc.normalized = 0;
 144 #endif
 145                 if ( ldap_back_dn_massage( &dc, &dn, &mdn ) ) {
 146                         send_ldap_result( op, rs );
 147                         return -1;
 148                 }
 149         }
 150
 151         rc = ldap_passwd(lc->ld, id.bv_len ? &mdn : NULL, old.bv_len ? &old : NULL,
 152                 new.bv_len ? &new : NULL, op->o_ctrls, NULL, &msgid);
 153
 154         if (mdn.bv_val != dn.bv_val) {
 155                 free(mdn.bv_val);
 156         }
 157
 158         if (rc == LDAP_SUCCESS) {
 159                 if (ldap_result(lc->ld, msgid, 1, NULL, &res) == -1) {
 160                         ldap_get_option(lc->ld, LDAP_OPT_ERROR_NUMBER, &rc);
 161                 } else {
 162                         /* sigh. parse twice, because parse_passwd doesn't give
 163                          * us the err / match / msg info.
 164                          */
 165                         rc = ldap_parse_result(lc->ld, res, &rs->sr_err, (char **)&rs->sr_matched, (char **)&rs->sr_text,
 166                                 NULL, NULL, 0);
 167                         if (rc == LDAP_SUCCESS) {
 168                                 if (rs->sr_err == LDAP_SUCCESS) {
 169                                         rc = ldap_parse_passwd(lc->ld, res, &newpw);
 170                                         if (rc == LDAP_SUCCESS && newpw.bv_val) {
 171                                                 rs->sr_type = REP_EXTENDED;
 172                                                 rs->sr_rspdata = slap_passwd_return(&newpw);
 173                                                 free(newpw.bv_val);
 174                                         }
 175                                 } else {
 176                                         rc = rs->sr_err;
 177                                 }
 178                         }
 179                         ldap_msgfree(res);
 180                 }
 181         }
 182         if (rc != LDAP_SUCCESS) {
 183                 rs->sr_err = ldap_back_map_result(rs);
 184                 send_ldap_result(op, rs);
 185                 if (rs->sr_matched) free((char *)rs->sr_matched);
 186                 if (rs->sr_text) free((char *)rs->sr_text);
 187                 rs->sr_matched = NULL;
 188                 rs->sr_text = NULL;
 189                 rc = -1;
 190         }
 191         return rc;
 192 }