]> git.sur5r.net Git - openldap/blob - servers/slapd/back-ldap/extended.c
Merge remote branch 'origin/mdb.master'
[openldap] / servers / slapd / back-ldap / extended.c
1 /* extended.c - ldap backend extended routines */
2 /* $OpenLDAP$ */
3 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
4  *
5  * Copyright 2003-2011 The OpenLDAP Foundation.
6  * All rights reserved.
7  *
8  * Redistribution and use in source and binary forms, with or without
9  * modification, are permitted only as authorized by the OpenLDAP
10  * Public License.
11  *
12  * A copy of this license is available in the file LICENSE in the
13  * top-level directory of the distribution or, alternatively, at
14  * <http://www.OpenLDAP.org/license.html>.
15  */
16 /* ACKNOWLEDGEMENTS:
17  * This work was initially developed by the Howard Chu for inclusion
18  * in OpenLDAP Software and subsequently enhanced by Pierangelo
19  * Masarati. 
20  */
21
22 #include "portable.h"
23
24 #include <stdio.h>
25 #include <ac/string.h>
26
27 #include "slap.h"
28 #include "back-ldap.h"
29 #include "lber_pvt.h"
30
31 typedef int (ldap_back_exop_f)( Operation *op, SlapReply *rs, ldapconn_t **lc );
32
33 static ldap_back_exop_f ldap_back_exop_passwd;
34 static ldap_back_exop_f ldap_back_exop_generic;
35
36 static struct exop {
37         struct berval           oid;
38         ldap_back_exop_f        *extended;
39 } exop_table[] = {
40         { BER_BVC(LDAP_EXOP_MODIFY_PASSWD),     ldap_back_exop_passwd },
41         { BER_BVNULL, NULL }
42 };
43
44 static int
45 ldap_back_extended_one( Operation *op, SlapReply *rs, ldap_back_exop_f exop )
46 {
47         ldapinfo_t      *li = (ldapinfo_t *) op->o_bd->be_private;
48
49         ldapconn_t      *lc = NULL;
50         LDAPControl     **ctrls = NULL, **oldctrls = NULL;
51         int             rc;
52
53         /* FIXME: this needs to be called here, so it is
54          * called twice; maybe we could avoid the 
55          * ldap_back_dobind() call inside each extended()
56          * call ... */
57         if ( !ldap_back_dobind( &lc, op, rs, LDAP_BACK_SENDERR ) ) {
58                 return -1;
59         }
60
61         ctrls = op->o_ctrls;
62         if ( ldap_back_controls_add( op, rs, lc, &ctrls ) )
63         {
64                 op->o_ctrls = oldctrls;
65                 send_ldap_extended( op, rs );
66                 rs->sr_text = NULL;
67                 /* otherwise frontend resends result */
68                 rc = rs->sr_err = SLAPD_ABANDON;
69                 goto done;
70         }
71
72         op->o_ctrls = ctrls;
73         rc = exop( op, rs, &lc );
74
75         op->o_ctrls = oldctrls;
76         (void)ldap_back_controls_free( op, rs, &ctrls );
77
78 done:;
79         if ( lc != NULL ) {
80                 ldap_back_release_conn( li, lc );
81         }
82                         
83         return rc;
84 }
85
86 int
87 ldap_back_extended(
88                 Operation       *op,
89                 SlapReply       *rs )
90 {
91         int     i;
92
93         RS_ASSERT( !(rs->sr_flags & REP_ENTRY_MASK) );
94         rs->sr_flags &= ~REP_ENTRY_MASK;        /* paranoia */
95
96         for ( i = 0; exop_table[i].extended != NULL; i++ ) {
97                 if ( bvmatch( &exop_table[i].oid, &op->oq_extended.rs_reqoid ) )
98                 {
99                         return ldap_back_extended_one( op, rs, exop_table[i].extended );
100                 }
101         }
102
103         /* if we get here, the exop is known; the best that we can do
104          * is pass it thru as is */
105         /* FIXME: maybe a list of OIDs to pass thru would be safer */
106         return ldap_back_extended_one( op, rs, ldap_back_exop_generic );
107 }
108
109 static int
110 ldap_back_exop_passwd(
111         Operation       *op,
112         SlapReply       *rs,
113         ldapconn_t      **lcp )
114 {
115         ldapinfo_t      *li = (ldapinfo_t *) op->o_bd->be_private;
116
117         ldapconn_t      *lc = *lcp;
118         req_pwdexop_s   *qpw = &op->oq_pwdexop;
119         LDAPMessage     *res;
120         ber_int_t       msgid;
121         int             rc, isproxy, freedn = 0;
122         int             do_retry = 1;
123         char            *text = NULL;
124         struct berval   dn = op->o_req_dn,
125                         ndn = op->o_req_ndn;
126
127         assert( lc != NULL );
128         assert( rs->sr_ctrls == NULL );
129
130         if ( BER_BVISNULL( &ndn ) && op->ore_reqdata != NULL ) {
131                 /* NOTE: most of this code is mutated
132                  * from slap_passwd_parse();
133                  * But here we only need
134                  * the first berval... */
135
136                 ber_tag_t tag;
137                 ber_len_t len = -1;
138                 BerElementBuffer berbuf;
139                 BerElement *ber = (BerElement *)&berbuf;
140
141                 struct berval   tmpid = BER_BVNULL;
142
143                 if ( op->ore_reqdata->bv_len == 0 ) {
144                         return LDAP_PROTOCOL_ERROR;
145                 }
146
147                 /* ber_init2 uses reqdata directly, doesn't allocate new buffers */
148                 ber_init2( ber, op->ore_reqdata, 0 );
149
150                 tag = ber_scanf( ber, "{" /*}*/ );
151
152                 if ( tag == LBER_ERROR ) {
153                         return LDAP_PROTOCOL_ERROR;
154                 }
155
156                 tag = ber_peek_tag( ber, &len );
157                 if ( tag == LDAP_TAG_EXOP_MODIFY_PASSWD_ID ) {
158                         tag = ber_get_stringbv( ber, &tmpid, LBER_BV_NOTERM );
159
160                         if ( tag == LBER_ERROR ) {
161                                 return LDAP_PROTOCOL_ERROR;
162                         }
163                 }
164
165                 if ( !BER_BVISEMPTY( &tmpid ) ) {
166                         char idNull = tmpid.bv_val[tmpid.bv_len];
167                         tmpid.bv_val[tmpid.bv_len] = '\0';
168                         rs->sr_err = dnPrettyNormal( NULL, &tmpid, &dn,
169                                 &ndn, op->o_tmpmemctx );
170                         tmpid.bv_val[tmpid.bv_len] = idNull;
171                         if ( rs->sr_err != LDAP_SUCCESS ) {
172                                 /* should have been successfully parsed earlier! */
173                                 return rs->sr_err;
174                         }
175                         freedn = 1;
176
177                 } else {
178                         dn = op->o_dn;
179                         ndn = op->o_ndn;
180                 }
181         }
182
183         isproxy = ber_bvcmp( &ndn, &op->o_ndn );
184
185         Debug( LDAP_DEBUG_ARGS, "==> ldap_back_exop_passwd(\"%s\")%s\n",
186                 dn.bv_val, isproxy ? " (proxy)" : "", 0 );
187
188 retry:
189         rc = ldap_passwd( lc->lc_ld, isproxy ? &dn : NULL,
190                 qpw->rs_old.bv_val ? &qpw->rs_old : NULL,
191                 qpw->rs_new.bv_val ? &qpw->rs_new : NULL,
192                 op->o_ctrls, NULL, &msgid );
193
194         if ( rc == LDAP_SUCCESS ) {
195                 /* TODO: set timeout? */
196                 /* by now, make sure no timeout is used (ITS#6282) */
197                 struct timeval tv = { -1, 0 };
198                 if ( ldap_result( lc->lc_ld, msgid, LDAP_MSG_ALL, &tv, &res ) == -1 ) {
199                         ldap_get_option( lc->lc_ld, LDAP_OPT_ERROR_NUMBER, &rc );
200                         rs->sr_err = rc;
201
202                 } else {
203                         /* only touch when activity actually took place... */
204                         if ( li->li_idle_timeout && lc ) {
205                                 lc->lc_time = op->o_time;
206                         }
207
208                         /* sigh. parse twice, because parse_passwd
209                          * doesn't give us the err / match / msg info.
210                          */
211                         rc = ldap_parse_result( lc->lc_ld, res, &rs->sr_err,
212                                         (char **)&rs->sr_matched,
213                                         &text,
214                                         NULL, &rs->sr_ctrls, 0 );
215
216                         if ( rc == LDAP_SUCCESS ) {
217                                 if ( rs->sr_err == LDAP_SUCCESS ) {
218                                         struct berval   newpw;
219
220                                         /* this never happens because 
221                                          * the frontend is generating 
222                                          * the new password, so when
223                                          * the passwd exop is proxied,
224                                          * it never delegates password
225                                          * generation to the remote server
226                                          */
227                                         rc = ldap_parse_passwd( lc->lc_ld, res,
228                                                         &newpw );
229                                         if ( rc == LDAP_SUCCESS &&
230                                                         !BER_BVISNULL( &newpw ) )
231                                         {
232                                                 rs->sr_type = REP_EXTENDED;
233                                                 rs->sr_rspdata = slap_passwd_return( &newpw );
234                                                 free( newpw.bv_val );
235                                         }
236
237                                 } else {
238                                         rc = rs->sr_err;
239                                 }
240                         }
241                         ldap_msgfree( res );
242                 }
243         }
244
245         if ( rc != LDAP_SUCCESS ) {
246                 rs->sr_err = slap_map_api2result( rs );
247                 if ( rs->sr_err == LDAP_UNAVAILABLE && do_retry ) {
248                         do_retry = 0;
249                         if ( ldap_back_retry( &lc, op, rs, LDAP_BACK_SENDERR ) ) {
250                                 goto retry;
251                         }
252                 }
253
254                 if ( LDAP_BACK_QUARANTINE( li ) ) {
255                         ldap_back_quarantine( op, rs );
256                 }
257
258                 if ( text ) rs->sr_text = text;
259                 send_ldap_extended( op, rs );
260                 /* otherwise frontend resends result */
261                 rc = rs->sr_err = SLAPD_ABANDON;
262
263         } else if ( LDAP_BACK_QUARANTINE( li ) ) {
264                 ldap_back_quarantine( op, rs );
265         }
266
267         if ( freedn ) {
268                 op->o_tmpfree( dn.bv_val, op->o_tmpmemctx );
269                 op->o_tmpfree( ndn.bv_val, op->o_tmpmemctx );
270         }
271
272         /* these have to be freed anyway... */
273         if ( rs->sr_matched ) {
274                 free( (char *)rs->sr_matched );
275                 rs->sr_matched = NULL;
276         }
277
278         if ( rs->sr_ctrls ) {
279                 ldap_controls_free( rs->sr_ctrls );
280                 rs->sr_ctrls = NULL;
281         }
282
283         if ( text ) {
284                 free( text );
285                 rs->sr_text = NULL;
286         }
287
288         /* in case, cleanup handler */
289         if ( lc == NULL ) {
290                 *lcp = NULL;
291         }
292
293         return rc;
294 }
295
296 static int
297 ldap_back_exop_generic(
298         Operation       *op,
299         SlapReply       *rs,
300         ldapconn_t      **lcp )
301 {
302         ldapinfo_t      *li = (ldapinfo_t *) op->o_bd->be_private;
303
304         ldapconn_t      *lc = *lcp;
305         LDAPMessage     *res;
306         ber_int_t       msgid;
307         int             rc;
308         int             do_retry = 1;
309         char            *text = NULL;
310
311         Debug( LDAP_DEBUG_ARGS, "==> ldap_back_exop_generic(%s, \"%s\")\n",
312                 op->ore_reqoid.bv_val, op->o_req_dn.bv_val, 0 );
313         assert( lc != NULL );
314         assert( rs->sr_ctrls == NULL );
315
316 retry:
317         rc = ldap_extended_operation( lc->lc_ld,
318                 op->ore_reqoid.bv_val, op->ore_reqdata,
319                 op->o_ctrls, NULL, &msgid );
320
321         if ( rc == LDAP_SUCCESS ) {
322                 /* TODO: set timeout? */
323                 /* by now, make sure no timeout is used (ITS#6282) */
324                 struct timeval tv = { -1, 0 };
325                 if ( ldap_result( lc->lc_ld, msgid, LDAP_MSG_ALL, &tv, &res ) == -1 ) {
326                         ldap_get_option( lc->lc_ld, LDAP_OPT_ERROR_NUMBER, &rc );
327                         rs->sr_err = rc;
328
329                 } else {
330                         /* only touch when activity actually took place... */
331                         if ( li->li_idle_timeout && lc ) {
332                                 lc->lc_time = op->o_time;
333                         }
334
335                         /* sigh. parse twice, because parse_passwd
336                          * doesn't give us the err / match / msg info.
337                          */
338                         rc = ldap_parse_result( lc->lc_ld, res, &rs->sr_err,
339                                         (char **)&rs->sr_matched,
340                                         &text,
341                                         NULL, &rs->sr_ctrls, 0 );
342                         if ( rc == LDAP_SUCCESS ) {
343                                 if ( rs->sr_err == LDAP_SUCCESS ) {
344                                         rc = ldap_parse_extended_result( lc->lc_ld, res,
345                                                         (char **)&rs->sr_rspoid, &rs->sr_rspdata, 0 );
346                                         if ( rc == LDAP_SUCCESS ) {
347                                                 rs->sr_type = REP_EXTENDED;
348                                         }
349
350                                 } else {
351                                         rc = rs->sr_err;
352                                 }
353                         }
354                         ldap_msgfree( res );
355                 }
356         }
357
358         if ( rc != LDAP_SUCCESS ) {
359                 rs->sr_err = slap_map_api2result( rs );
360                 if ( rs->sr_err == LDAP_UNAVAILABLE && do_retry ) {
361                         do_retry = 0;
362                         if ( ldap_back_retry( &lc, op, rs, LDAP_BACK_SENDERR ) ) {
363                                 goto retry;
364                         }
365                 }
366
367                 if ( LDAP_BACK_QUARANTINE( li ) ) {
368                         ldap_back_quarantine( op, rs );
369                 }
370
371                 if ( text ) rs->sr_text = text;
372                 send_ldap_extended( op, rs );
373                 /* otherwise frontend resends result */
374                 rc = rs->sr_err = SLAPD_ABANDON;
375
376         } else if ( LDAP_BACK_QUARANTINE( li ) ) {
377                 ldap_back_quarantine( op, rs );
378         }
379
380         /* these have to be freed anyway... */
381         if ( rs->sr_matched ) {
382                 free( (char *)rs->sr_matched );
383                 rs->sr_matched = NULL;
384         }
385
386         if ( rs->sr_ctrls ) {
387                 ldap_controls_free( rs->sr_ctrls );
388                 rs->sr_ctrls = NULL;
389         }
390
391         if ( text ) {
392                 free( text );
393                 rs->sr_text = NULL;
394         }
395
396         /* in case, cleanup handler */
397         if ( lc == NULL ) {
398                 *lcp = NULL;
399         }
400
401         return rc;
402 }