1 /* extended.c - ldap backend extended routines */
3 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
5 * Copyright 2003-2007 The OpenLDAP Foundation.
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted only as authorized by the OpenLDAP
12 * A copy of this license is available in the file LICENSE in the
13 * top-level directory of the distribution or, alternatively, at
14 * <http://www.OpenLDAP.org/license.html>.
17 * This work was initially developed by the Howard Chu for inclusion
18 * in OpenLDAP Software and subsequently enhanced by Pierangelo
25 #include <ac/string.h>
28 #include "back-ldap.h"
31 static BI_op_extended ldap_back_exop_passwd;
32 static BI_op_extended ldap_back_exop_generic;
36 BI_op_extended *extended;
38 { BER_BVC(LDAP_EXOP_MODIFY_PASSWD), ldap_back_exop_passwd },
43 ldap_back_extended_one( Operation *op, SlapReply *rs, BI_op_extended exop )
45 ldapinfo_t *li = (ldapinfo_t *) op->o_bd->be_private;
47 ldapconn_t *lc = NULL;
48 LDAPControl **oldctrls = NULL;
51 /* FIXME: this needs to be called here, so it is
52 * called twice; maybe we could avoid the
53 * ldap_back_dobind() call inside each extended()
55 if ( !ldap_back_dobind( &lc, op, rs, LDAP_BACK_SENDERR ) ) {
59 oldctrls = op->o_ctrls;
60 if ( ldap_back_proxy_authz_ctrl( &lc->lc_bound_ndn,
61 li->li_version, &li->li_idassert, op, rs, &op->o_ctrls ) )
63 op->o_ctrls = oldctrls;
64 send_ldap_extended( op, rs );
66 /* otherwise frontend resends result */
67 rc = rs->sr_err = SLAPD_ABANDON;
73 if ( op->o_ctrls && op->o_ctrls != oldctrls ) {
74 free( op->o_ctrls[ 0 ] );
77 op->o_ctrls = oldctrls;
81 ldap_back_release_conn( li, lc );
94 for ( i = 0; exop_table[i].extended != NULL; i++ ) {
95 if ( bvmatch( &exop_table[i].oid, &op->oq_extended.rs_reqoid ) )
97 return ldap_back_extended_one( op, rs, exop_table[i].extended );
101 /* if we get here, the exop is known; the best that we can do
102 * is pass it thru as is */
103 /* FIXME: maybe a list of OIDs to pass thru would be safer */
104 return ldap_back_extended_one( op, rs, ldap_back_exop_generic );
108 ldap_back_exop_passwd(
112 ldapinfo_t *li = (ldapinfo_t *) op->o_bd->be_private;
114 ldapconn_t *lc = NULL;
115 req_pwdexop_s *qpw = &op->oq_pwdexop;
122 if ( !ldap_back_dobind( &lc, op, rs, LDAP_BACK_SENDERR ) ) {
126 isproxy = ber_bvcmp( &op->o_req_ndn, &op->o_ndn );
128 Debug( LDAP_DEBUG_ARGS, "==> ldap_back_exop_passwd(\"%s\")%s\n",
129 op->o_req_dn.bv_val, isproxy ? " (proxy)" : "", 0 );
132 rc = ldap_passwd( lc->lc_ld, isproxy ? &op->o_req_dn : NULL,
133 qpw->rs_old.bv_val ? &qpw->rs_old : NULL,
134 qpw->rs_new.bv_val ? &qpw->rs_new : NULL,
135 op->o_ctrls, NULL, &msgid );
137 if ( rc == LDAP_SUCCESS ) {
138 if ( ldap_result( lc->lc_ld, msgid, LDAP_MSG_ALL, NULL, &res ) == -1 ) {
139 ldap_get_option( lc->lc_ld, LDAP_OPT_ERROR_NUMBER, &rc );
143 /* only touch when activity actually took place... */
144 if ( li->li_idle_timeout && lc ) {
145 lc->lc_time = op->o_time;
148 /* sigh. parse twice, because parse_passwd
149 * doesn't give us the err / match / msg info.
151 rc = ldap_parse_result( lc->lc_ld, res, &rs->sr_err,
152 (char **)&rs->sr_matched,
156 if ( rc == LDAP_SUCCESS ) {
157 if ( rs->sr_err == LDAP_SUCCESS ) {
160 /* this never happens because
161 * the frontend is generating
162 * the new password, so when
163 * the passwd exop is proxied,
164 * it never delegates password
165 * generation to the remote server
167 rc = ldap_parse_passwd( lc->lc_ld, res,
169 if ( rc == LDAP_SUCCESS &&
170 !BER_BVISNULL( &newpw ) )
172 rs->sr_type = REP_EXTENDED;
173 rs->sr_rspdata = slap_passwd_return( &newpw );
174 free( newpw.bv_val );
185 if ( rc != LDAP_SUCCESS ) {
186 rs->sr_err = slap_map_api2result( rs );
187 if ( rs->sr_err == LDAP_UNAVAILABLE && do_retry ) {
189 if ( ldap_back_retry( &lc, op, rs, LDAP_BACK_SENDERR ) ) {
194 if ( LDAP_BACK_QUARANTINE( li ) ) {
195 ldap_back_quarantine( op, rs );
198 if ( text ) rs->sr_text = text;
199 send_ldap_extended( op, rs );
200 /* otherwise frontend resends result */
201 rc = rs->sr_err = SLAPD_ABANDON;
203 } else if ( LDAP_BACK_QUARANTINE( li ) ) {
204 ldap_back_quarantine( op, rs );
207 /* these have to be freed anyway... */
208 if ( rs->sr_matched ) {
209 free( (char *)rs->sr_matched );
210 rs->sr_matched = NULL;
219 ldap_back_release_conn( li, lc );
226 ldap_back_exop_generic(
230 ldapinfo_t *li = (ldapinfo_t *) op->o_bd->be_private;
232 ldapconn_t *lc = NULL;
239 if ( !ldap_back_dobind( &lc, op, rs, LDAP_BACK_SENDERR ) ) {
243 Debug( LDAP_DEBUG_ARGS, "==> ldap_back_exop_generic(%s, \"%s\")\n",
244 op->ore_reqoid.bv_val, op->o_req_dn.bv_val, 0 );
247 rc = ldap_extended_operation( lc->lc_ld,
248 op->ore_reqoid.bv_val, op->ore_reqdata,
249 op->o_ctrls, NULL, &msgid );
251 if ( rc == LDAP_SUCCESS ) {
252 if ( ldap_result( lc->lc_ld, msgid, LDAP_MSG_ALL, NULL, &res ) == -1 ) {
253 ldap_get_option( lc->lc_ld, LDAP_OPT_ERROR_NUMBER, &rc );
257 /* only touch when activity actually took place... */
258 if ( li->li_idle_timeout && lc ) {
259 lc->lc_time = op->o_time;
262 /* sigh. parse twice, because parse_passwd
263 * doesn't give us the err / match / msg info.
265 rc = ldap_parse_result( lc->lc_ld, res, &rs->sr_err,
266 (char **)&rs->sr_matched,
269 if ( rc == LDAP_SUCCESS ) {
270 if ( rs->sr_err == LDAP_SUCCESS ) {
271 rc = ldap_parse_extended_result( lc->lc_ld, res,
272 (char **)&rs->sr_rspoid, &rs->sr_rspdata, 0 );
273 if ( rc == LDAP_SUCCESS ) {
274 rs->sr_type = REP_EXTENDED;
285 if ( rc != LDAP_SUCCESS ) {
286 rs->sr_err = slap_map_api2result( rs );
287 if ( rs->sr_err == LDAP_UNAVAILABLE && do_retry ) {
289 if ( ldap_back_retry( &lc, op, rs, LDAP_BACK_SENDERR ) ) {
294 if ( LDAP_BACK_QUARANTINE( li ) ) {
295 ldap_back_quarantine( op, rs );
298 if ( text ) rs->sr_text = text;
299 send_ldap_extended( op, rs );
300 /* otherwise frontend resends result */
301 rc = rs->sr_err = SLAPD_ABANDON;
303 } else if ( LDAP_BACK_QUARANTINE( li ) ) {
304 ldap_back_quarantine( op, rs );
307 /* these have to be freed anyway... */
308 if ( rs->sr_matched ) {
309 free( (char *)rs->sr_matched );
310 rs->sr_matched = NULL;
319 ldap_back_release_conn( li, lc );