git.sur5r.net Git - openldap/blob - servers/slapd/back-ldap/extended.c

   1 /* extended.c - ldap backend extended routines */
   2 /* $OpenLDAP$ */
   3 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
   4  *
   5  * Copyright 2003-2006 The OpenLDAP Foundation.
   6  * All rights reserved.
   7  *
   8  * Redistribution and use in source and binary forms, with or without
   9  * modification, are permitted only as authorized by the OpenLDAP
  10  * Public License.
  11  *
  12  * A copy of this license is available in the file LICENSE in the
  13  * top-level directory of the distribution or, alternatively, at
  14  * <http://www.OpenLDAP.org/license.html>.
  15  */
  16 /* ACKNOWLEDGEMENTS:
  17  * This work was initially developed by the Howard Chu for inclusion
  18  * in OpenLDAP Software and subsequently enhanced by Pierangelo
  19  * Masarati.
  20  */
  21
  22 #include "portable.h"
  23
  24 #include <stdio.h>
  25 #include <ac/string.h>
  26
  27 #include "slap.h"
  28 #include "back-ldap.h"
  29 #include "lber_pvt.h"
  30
  31 static BI_op_extended ldap_back_exop_passwd;
  32 static BI_op_extended ldap_back_exop_generic;
  33
  34 static struct exop {
  35         struct berval   oid;
  36         BI_op_extended  *extended;
  37 } exop_table[] = {
  38         { BER_BVC(LDAP_EXOP_MODIFY_PASSWD),     ldap_back_exop_passwd },
  39         { BER_BVNULL, NULL }
  40 };
  41
  42 static int
  43 ldap_back_extended_one( Operation *op, SlapReply *rs, BI_op_extended exop )
  44 {
  45         ldapconn_t      *lc;
  46         LDAPControl     **oldctrls = NULL;
  47         int             rc;
  48
  49         /* FIXME: this needs to be called here, so it is
  50          * called twice; maybe we could avoid the
  51          * ldap_back_dobind() call inside each extended()
  52          * call ... */
  53         lc = ldap_back_getconn( op, rs, LDAP_BACK_SENDERR );
  54         if ( !lc || !ldap_back_dobind( lc, op, rs, LDAP_BACK_SENDERR ) ) {
  55                 return -1;
  56         }
  57
  58         oldctrls = op->o_ctrls;
  59         if ( ldap_back_proxy_authz_ctrl( lc, op, rs, &op->o_ctrls ) ) {
  60                 op->o_ctrls = oldctrls;
  61                 send_ldap_extended( op, rs );
  62                 rs->sr_text = NULL;
  63                 /* otherwise frontend resends result */
  64                 rc = rs->sr_err = SLAPD_ABANDON;
  65                 goto done;
  66         }
  67
  68         rc = exop( op, rs );
  69
  70         if ( op->o_ctrls && op->o_ctrls != oldctrls ) {
  71                 free( op->o_ctrls[ 0 ] );
  72                 free( op->o_ctrls );
  73         }
  74         op->o_ctrls = oldctrls;
  75
  76 done:;
  77         if ( lc != NULL ) {
  78                 ldap_back_release_conn( op, rs, lc );
  79         }
  80
  81         return rc;
  82 }
  83
  84 int
  85 ldap_back_extended(
  86                 Operation       *op,
  87                 SlapReply       *rs )
  88 {
  89         int     i;
  90
  91         for ( i = 0; exop_table[i].extended != NULL; i++ ) {
  92                 if ( bvmatch( &exop_table[i].oid, &op->oq_extended.rs_reqoid ) )
  93                 {
  94                         return ldap_back_extended_one( op, rs, exop_table[i].extended );
  95                 }
  96         }
  97
  98         /* if we get here, the exop is known; the best that we can do
  99          * is pass it thru as is */
 100         /* FIXME: maybe a list of OIDs to pass thru would be safer */
 101         return ldap_back_extended_one( op, rs, ldap_back_exop_generic );
 102 }
 103
 104 static int
 105 ldap_back_exop_passwd(
 106                 Operation       *op,
 107                 SlapReply       *rs )
 108 {
 109         ldapconn_t      *lc;
 110         req_pwdexop_s   *qpw = &op->oq_pwdexop;
 111         LDAPMessage     *res;
 112         ber_int_t       msgid;
 113         int             rc, isproxy;
 114         int             do_retry = 1;
 115         char *text = NULL;
 116
 117         lc = ldap_back_getconn( op, rs, LDAP_BACK_SENDERR );
 118         if ( !lc || !ldap_back_dobind( lc, op, rs, LDAP_BACK_SENDERR ) ) {
 119                 return -1;
 120         }
 121
 122         isproxy = ber_bvcmp( &op->o_req_ndn, &op->o_ndn );
 123
 124         Debug( LDAP_DEBUG_ARGS, "==> ldap_back_exop_passwd(\"%s\")%s\n",
 125                 op->o_req_dn.bv_val, isproxy ? " (proxy)" : "", 0 );
 126
 127 retry:
 128         rc = ldap_passwd( lc->lc_ld, isproxy ? &op->o_req_dn : NULL,
 129                 qpw->rs_old.bv_val ? &qpw->rs_old : NULL,
 130                 qpw->rs_new.bv_val ? &qpw->rs_new : NULL,
 131                 op->o_ctrls, NULL, &msgid );
 132
 133         if ( rc == LDAP_SUCCESS ) {
 134                 if ( ldap_result( lc->lc_ld, msgid, LDAP_MSG_ALL, NULL, &res ) == -1 ) {
 135                         ldap_get_option( lc->lc_ld, LDAP_OPT_ERROR_NUMBER, &rc );
 136                         rs->sr_err = rc;
 137
 138                 } else {
 139                         /* sigh. parse twice, because parse_passwd
 140                          * doesn't give us the err / match / msg info.
 141                          */
 142                         rc = ldap_parse_result( lc->lc_ld, res, &rs->sr_err,
 143                                         (char **)&rs->sr_matched,
 144                                         &text,
 145                                         NULL, NULL, 0 );
 146
 147                         if ( rc == LDAP_SUCCESS ) {
 148                                 if ( rs->sr_err == LDAP_SUCCESS ) {
 149                                         struct berval   newpw;
 150
 151                                         /* this never happens because
 152                                          * the frontend is generating
 153                                          * the new password, so when
 154                                          * the passwd exop is proxied,
 155                                          * it never delegates password
 156                                          * generation to the remote server
 157                                          */
 158                                         rc = ldap_parse_passwd( lc->lc_ld, res,
 159                                                         &newpw );
 160                                         if ( rc == LDAP_SUCCESS &&
 161                                                         !BER_BVISNULL( &newpw ) )
 162                                         {
 163                                                 rs->sr_type = REP_EXTENDED;
 164                                                 rs->sr_rspdata = slap_passwd_return( &newpw );
 165                                                 free( newpw.bv_val );
 166                                         }
 167
 168                                 } else {
 169                                         rc = rs->sr_err;
 170                                 }
 171                         }
 172                         ldap_msgfree( res );
 173                 }
 174         }
 175
 176         if ( rc != LDAP_SUCCESS ) {
 177                 rs->sr_err = slap_map_api2result( rs );
 178                 if ( rs->sr_err == LDAP_UNAVAILABLE && do_retry ) {
 179                         do_retry = 0;
 180                         if ( ldap_back_retry( &lc, op, rs, LDAP_BACK_SENDERR ) ) {
 181                                 goto retry;
 182                         }
 183                 }
 184                 if ( text ) rs->sr_text = text;
 185                 send_ldap_extended( op, rs );
 186                 /* otherwise frontend resends result */
 187                 rc = rs->sr_err = SLAPD_ABANDON;
 188         }
 189
 190         /* these have to be freed anyway... */
 191         if ( rs->sr_matched ) {
 192                 free( (char *)rs->sr_matched );
 193                 rs->sr_matched = NULL;
 194         }
 195
 196         if ( text ) {
 197                 free( text );
 198                 rs->sr_text = NULL;
 199         }
 200
 201         if ( lc != NULL ) {
 202                 ldap_back_release_conn( op, rs, lc );
 203         }
 204
 205         return rc;
 206 }
 207
 208 static int
 209 ldap_back_exop_generic(
 210         Operation       *op,
 211         SlapReply       *rs )
 212 {
 213         ldapconn_t      *lc;
 214         LDAPMessage     *res;
 215         ber_int_t       msgid;
 216         int             rc;
 217         int             do_retry = 1;
 218         char *text = NULL;
 219
 220         lc = ldap_back_getconn( op, rs, LDAP_BACK_SENDERR );
 221         if ( !lc || !ldap_back_dobind( lc, op, rs, LDAP_BACK_SENDERR ) ) {
 222                 return -1;
 223         }
 224
 225         Debug( LDAP_DEBUG_ARGS, "==> ldap_back_exop_generic(%s, \"%s\")\n",
 226                 op->ore_reqoid.bv_val, op->o_req_dn.bv_val, 0 );
 227
 228 retry:
 229         rc = ldap_extended_operation( lc->lc_ld,
 230                 op->ore_reqoid.bv_val, op->ore_reqdata,
 231                 op->o_ctrls, NULL, &msgid );
 232
 233         if ( rc == LDAP_SUCCESS ) {
 234                 if ( ldap_result( lc->lc_ld, msgid, LDAP_MSG_ALL, NULL, &res ) == -1 ) {
 235                         ldap_get_option( lc->lc_ld, LDAP_OPT_ERROR_NUMBER, &rc );
 236                         rs->sr_err = rc;
 237
 238                 } else {
 239                         /* sigh. parse twice, because parse_passwd
 240                          * doesn't give us the err / match / msg info.
 241                          */
 242                         rc = ldap_parse_result( lc->lc_ld, res, &rs->sr_err,
 243                                         (char **)&rs->sr_matched,
 244                                         &text,
 245                                         NULL, NULL, 0 );
 246                         if ( rc == LDAP_SUCCESS ) {
 247                                 if ( rs->sr_err == LDAP_SUCCESS ) {
 248                                         rc = ldap_parse_extended_result( lc->lc_ld, res,
 249                                                         (char **)&rs->sr_rspoid, &rs->sr_rspdata, 0 );
 250                                         if ( rc == LDAP_SUCCESS ) {
 251                                                 rs->sr_type = REP_EXTENDED;
 252                                         }
 253
 254                                 } else {
 255                                         rc = rs->sr_err;
 256                                 }
 257                         }
 258                         ldap_msgfree( res );
 259                 }
 260         }
 261
 262         if ( rc != LDAP_SUCCESS ) {
 263                 rs->sr_err = slap_map_api2result( rs );
 264                 if ( rs->sr_err == LDAP_UNAVAILABLE && do_retry ) {
 265                         do_retry = 0;
 266                         if ( ldap_back_retry( &lc, op, rs, LDAP_BACK_SENDERR ) ) {
 267                                 goto retry;
 268                         }
 269                 }
 270                 if ( text ) rs->sr_text = text;
 271                 send_ldap_extended( op, rs );
 272                 /* otherwise frontend resends result */
 273                 rc = rs->sr_err = SLAPD_ABANDON;
 274         }
 275
 276         /* these have to be freed anyway... */
 277         if ( rs->sr_matched ) {
 278                 free( (char *)rs->sr_matched );
 279                 rs->sr_matched = NULL;
 280         }
 281
 282         if ( text ) {
 283                 free( text );
 284                 rs->sr_text = NULL;
 285         }
 286
 287         if ( lc != NULL ) {
 288                 ldap_back_release_conn( op, rs, lc );
 289         }
 290
 291         return rc;
 292 }
 293