git.sur5r.net Git - openldap/blob - servers/slapd/back-ldap/extended.c

   1 /* extended.c - ldap backend extended routines */
   2 /* $OpenLDAP$ */
   3 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
   4  *
   5  * Copyright 2003-2004 The OpenLDAP Foundation.
   6  * All rights reserved.
   7  *
   8  * Redistribution and use in source and binary forms, with or without
   9  * modification, are permitted only as authorized by the OpenLDAP
  10  * Public License.
  11  *
  12  * A copy of this license is available in the file LICENSE in the
  13  * top-level directory of the distribution or, alternatively, at
  14  * <http://www.OpenLDAP.org/license.html>.
  15  */
  16 /* ACKNOWLEDGEMENTS:
  17  * This work was initially developed by the Howard Chu for inclusion
  18  * in OpenLDAP Software and subsequently enhanced by Pierangelo
  19  * Masarati.
  20  */
  21
  22 #include "portable.h"
  23
  24 #include <stdio.h>
  25 #include <ac/string.h>
  26
  27 #include "slap.h"
  28 #include "back-ldap.h"
  29 #include "lber_pvt.h"
  30
  31 BI_op_extended ldap_back_exop_passwd;
  32
  33 static struct exop {
  34         struct berval *oid;
  35         BI_op_extended  *extended;
  36 } exop_table[] = {
  37         { (struct berval *)&slap_EXOP_MODIFY_PASSWD, ldap_back_exop_passwd },
  38         { NULL, NULL }
  39 };
  40
  41 int
  42 ldap_back_extended(
  43         Operation               *op,
  44         SlapReply               *rs )
  45 {
  46         int i;
  47
  48         for( i=0; exop_table[i].extended != NULL; i++ ) {
  49                 if( ber_bvcmp( exop_table[i].oid, &op->oq_extended.rs_reqoid ) == 0 ) {
  50 #ifdef LDAP_BACK_PROXY_AUTHZ
  51                         struct ldapconn *lc;
  52                         LDAPControl **oldctrls = NULL;
  53                         int rc;
  54
  55                         /* FIXME: this needs to be called here, so it is
  56                          * called twice; maybe we could avoid the
  57                          * ldap_back_dobind() call inside each extended()
  58                          * call ... */
  59                         lc = ldap_back_getconn(op, rs);
  60                         if (!lc || !ldap_back_dobind(lc, op, rs) ) {
  61                                 return -1;
  62                         }
  63
  64                         oldctrls = op->o_ctrls;
  65                         if ( ldap_back_proxy_authz_ctrl( lc, op, rs, &op->o_ctrls ) ) {
  66                                 op->o_ctrls = oldctrls;
  67                                 send_ldap_result( op, rs );
  68                                 rs->sr_text = NULL;
  69                                 return rs->sr_err;
  70                         }
  71
  72                         rc = (exop_table[i].extended)( op, rs );
  73
  74                         if ( op->o_ctrls && op->o_ctrls != oldctrls ) {
  75                                 free( op->o_ctrls[ 0 ] );
  76                                 free( op->o_ctrls );
  77                         }
  78                         op->o_ctrls = oldctrls;
  79
  80                         return rc;
  81 #else /* ! LDAP_BACK_PROXY_AUTHZ */
  82                         return (exop_table[i].extended)( op, rs );
  83 #endif /* ! LDAP_BACK_PROXY_AUTHZ */
  84                 }
  85         }
  86
  87         rs->sr_text = "not supported within naming context";
  88         return LDAP_UNWILLING_TO_PERFORM;
  89 }
  90
  91 int
  92 ldap_back_exop_passwd(
  93         Operation               *op,
  94         SlapReply               *rs )
  95 {
  96         struct ldapinfo *li = (struct ldapinfo *) op->o_bd->be_private;
  97         struct ldapconn *lc;
  98         req_pwdexop_s *qpw = &op->oq_pwdexop;
  99         struct berval mdn = BER_BVNULL, newpw;
 100         LDAPMessage *res;
 101         ber_int_t msgid;
 102         int rc, isproxy;
 103         int do_retry = 1;
 104         dncookie dc;
 105
 106         lc = ldap_back_getconn(op, rs);
 107         if (!lc || !ldap_back_dobind(lc, op, rs) ) {
 108                 return -1;
 109         }
 110
 111         isproxy = ber_bvcmp( &op->o_req_ndn, &op->o_ndn );
 112
 113         Debug( LDAP_DEBUG_TRACE, "ldap_back_exop_passwd: \"%s\"%s\n",
 114                 op->o_req_dn.bv_val, isproxy ? " (proxy)" : "", 0 );
 115
 116         if ( isproxy ) {
 117                 dc.rwmap = &li->rwmap;
 118 #ifdef ENABLE_REWRITE
 119                 dc.conn = op->o_conn;
 120                 dc.rs = rs;
 121                 dc.ctx = "exopPasswdDN";
 122 #else
 123                 dc.tofrom = 1;
 124                 dc.normalized = 0;
 125 #endif
 126                 if ( ldap_back_dn_massage( &dc, &op->o_req_dn, &mdn ) ) {
 127                         send_ldap_result( op, rs );
 128                         return -1;
 129                 }
 130         }
 131
 132 retry:
 133         rc = ldap_passwd(lc->ld, isproxy ? &mdn : NULL,
 134                 qpw->rs_old.bv_val ? &qpw->rs_old : NULL,
 135                 qpw->rs_new.bv_val ? &qpw->rs_new : NULL,
 136                 op->o_ctrls, NULL, &msgid);
 137
 138         if (rc == LDAP_SUCCESS) {
 139                 if (ldap_result(lc->ld, msgid, 1, NULL, &res) == -1) {
 140                         ldap_get_option(lc->ld, LDAP_OPT_ERROR_NUMBER, &rc);
 141                         ldap_back_freeconn( op, lc );
 142                         lc = NULL;
 143
 144                 } else {
 145                         /* sigh. parse twice, because parse_passwd doesn't give
 146                          * us the err / match / msg info.
 147                          */
 148                         rc = ldap_parse_result(lc->ld, res, &rs->sr_err, (char **)&rs->sr_matched, (char **)&rs->sr_text,
 149                                 NULL, NULL, 0);
 150                         if (rc == LDAP_SUCCESS) {
 151                                 if (rs->sr_err == LDAP_SUCCESS) {
 152                                         rc = ldap_parse_passwd(lc->ld, res, &newpw);
 153                                         if (rc == LDAP_SUCCESS && newpw.bv_val) {
 154                                                 rs->sr_type = REP_EXTENDED;
 155                                                 rs->sr_rspdata = slap_passwd_return(&newpw);
 156                                                 free(newpw.bv_val);
 157                                         }
 158                                 } else {
 159                                         rc = rs->sr_err;
 160                                 }
 161                         }
 162                         ldap_msgfree(res);
 163                 }
 164         }
 165         if (rc != LDAP_SUCCESS) {
 166                 rs->sr_err = slap_map_api2result( rs );
 167                 if ( rs->sr_err == LDAP_UNAVAILABLE && do_retry ) {
 168                         do_retry = 0;
 169                         if ( ldap_back_retry (lc, op, rs )) goto retry;
 170                 }
 171                 send_ldap_result(op, rs);
 172                 if (rs->sr_matched) free((char *)rs->sr_matched);
 173                 if (rs->sr_text) free((char *)rs->sr_text);
 174                 rs->sr_matched = NULL;
 175                 rs->sr_text = NULL;
 176                 rc = -1;
 177         }
 178         if (mdn.bv_val != op->o_req_dn.bv_val) {
 179                 free(mdn.bv_val);
 180         }
 181
 182         return rc;
 183 }