git.sur5r.net Git - openldap/blob - servers/slapd/back-ldap/extended.c

   1 /* extended.c - ldap backend extended routines */
   2 /* $OpenLDAP$ */
   3 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
   4  *
   5  * Copyright 2003-2004 The OpenLDAP Foundation.
   6  * All rights reserved.
   7  *
   8  * Redistribution and use in source and binary forms, with or without
   9  * modification, are permitted only as authorized by the OpenLDAP
  10  * Public License.
  11  *
  12  * A copy of this license is available in the file LICENSE in the
  13  * top-level directory of the distribution or, alternatively, at
  14  * <http://www.OpenLDAP.org/license.html>.
  15  */
  16 /* ACKNOWLEDGEMENTS:
  17  * This work was initially developed by the Howard Chu for inclusion
  18  * in OpenLDAP Software and subsequently enhanced by Pierangelo
  19  * Masarati.
  20  */
  21
  22 #include "portable.h"
  23
  24 #include <stdio.h>
  25 #include <ac/string.h>
  26
  27 #include "slap.h"
  28 #include "back-ldap.h"
  29 #include "lber_pvt.h"
  30
  31 BI_op_extended ldap_back_exop_passwd;
  32
  33 static struct exop {
  34         struct berval *oid;
  35         BI_op_extended  *extended;
  36 } exop_table[] = {
  37         { (struct berval *)&slap_EXOP_MODIFY_PASSWD, ldap_back_exop_passwd },
  38         { NULL, NULL }
  39 };
  40
  41 int
  42 ldap_back_extended(
  43         Operation               *op,
  44         SlapReply               *rs )
  45 {
  46         int i;
  47
  48         for( i=0; exop_table[i].extended != NULL; i++ ) {
  49                 if( ber_bvcmp( exop_table[i].oid, &op->oq_extended.rs_reqoid ) == 0 ) {
  50 #ifdef LDAP_BACK_PROXY_AUTHZ
  51                         struct ldapconn *lc;
  52                         LDAPControl **oldctrls = NULL;
  53                         int rc;
  54
  55                         /* FIXME: this needs to be called here, so it is
  56                          * called twice; maybe we could avoid the
  57                          * ldap_back_dobind() call inside each extended()
  58                          * call ... */
  59                         lc = ldap_back_getconn(op, rs);
  60                         if (!lc || !ldap_back_dobind(lc, op, rs) ) {
  61                                 return -1;
  62                         }
  63
  64                         oldctrls = op->o_ctrls;
  65                         if ( ldap_back_proxy_authz_ctrl( lc, op, rs, &op->o_ctrls ) ) {
  66                                 op->o_ctrls = oldctrls;
  67                                 send_ldap_result( op, rs );
  68                                 rs->sr_text = NULL;
  69                                 return rs->sr_err;
  70                         }
  71
  72                         rc = (exop_table[i].extended)( op, rs );
  73
  74                         if ( op->o_ctrls && op->o_ctrls != oldctrls ) {
  75                                 free( op->o_ctrls[ 0 ] );
  76                                 free( op->o_ctrls );
  77                         }
  78                         op->o_ctrls = oldctrls;
  79
  80                         return rc;
  81 #else /* ! LDAP_BACK_PROXY_AUTHZ */
  82                         return (exop_table[i].extended)( op, rs );
  83 #endif /* ! LDAP_BACK_PROXY_AUTHZ */
  84                 }
  85         }
  86
  87         rs->sr_text = "not supported within naming context";
  88         return LDAP_UNWILLING_TO_PERFORM;
  89 }
  90
  91 int
  92 ldap_back_exop_passwd(
  93         Operation               *op,
  94         SlapReply               *rs )
  95 {
  96         struct ldapinfo *li = (struct ldapinfo *) op->o_bd->be_private;
  97         struct ldapconn *lc;
  98         struct berval id = { 0, NULL };
  99         struct berval old = { 0, NULL };
 100         struct berval new = { 0, NULL };
 101         struct berval dn, mdn = { 0, NULL }, newpw;
 102         LDAPMessage *res;
 103         ber_int_t msgid;
 104         int rc;
 105         dncookie dc;
 106
 107         lc = ldap_back_getconn(op, rs);
 108         if (!lc || !ldap_back_dobind(lc, op, rs) ) {
 109                 return -1;
 110         }
 111
 112         rc = slap_passwd_parse( op->oq_extended.rs_reqdata, &id, &old, &new, &rs->sr_text );
 113         if (rc != LDAP_SUCCESS)
 114                 return rc;
 115
 116         if (id.bv_len) {
 117                 dn = id;
 118         } else {
 119                 dn = op->o_dn;
 120         }
 121
 122 #ifdef NEW_LOGGING
 123         LDAP_LOG ( ACL, DETAIL1, "ldap_back_exop_passwd: \"%s\"%s\"\n",
 124                 dn.bv_val, id.bv_len ? " (proxy)" : "", 0 );
 125 #else
 126         Debug( LDAP_DEBUG_TRACE, "ldap_back_exop_passwd: \"%s\"%s\n",
 127                 dn.bv_val, id.bv_len ? " (proxy)" : "", 0 );
 128 #endif
 129
 130         if (dn.bv_len == 0) {
 131                 rs->sr_text = "No password is associated with the Root DSE";
 132                 return LDAP_UNWILLING_TO_PERFORM;
 133         }
 134         if (id.bv_len) {
 135                 dc.rwmap = &li->rwmap;
 136 #ifdef ENABLE_REWRITE
 137                 dc.conn = op->o_conn;
 138                 dc.rs = rs;
 139                 dc.ctx = "modifyPwd";
 140 #else
 141                 dc.tofrom = 1;
 142                 dc.normalized = 0;
 143 #endif
 144                 if ( ldap_back_dn_massage( &dc, &dn, &mdn ) ) {
 145                         send_ldap_result( op, rs );
 146                         return -1;
 147                 }
 148         }
 149
 150         rc = ldap_passwd(lc->ld, id.bv_len ? &mdn : NULL, old.bv_len ? &old : NULL,
 151                 new.bv_len ? &new : NULL, op->o_ctrls, NULL, &msgid);
 152
 153         if (mdn.bv_val != dn.bv_val) {
 154                 free(mdn.bv_val);
 155         }
 156
 157         if (rc == LDAP_SUCCESS) {
 158                 if (ldap_result(lc->ld, msgid, 1, NULL, &res) == -1) {
 159                         ldap_get_option(lc->ld, LDAP_OPT_ERROR_NUMBER, &rc);
 160                 } else {
 161                         /* sigh. parse twice, because parse_passwd doesn't give
 162                          * us the err / match / msg info.
 163                          */
 164                         rc = ldap_parse_result(lc->ld, res, &rs->sr_err, (char **)&rs->sr_matched, (char **)&rs->sr_text,
 165                                 NULL, NULL, 0);
 166                         if (rc == LDAP_SUCCESS) {
 167                                 if (rs->sr_err == LDAP_SUCCESS) {
 168                                         rc = ldap_parse_passwd(lc->ld, res, &newpw);
 169                                         if (rc == LDAP_SUCCESS && newpw.bv_val) {
 170                                                 rs->sr_type = REP_EXTENDED;
 171                                                 rs->sr_rspdata = slap_passwd_return(&newpw);
 172                                                 free(newpw.bv_val);
 173                                         }
 174                                 } else {
 175                                         rc = rs->sr_err;
 176                                 }
 177                         }
 178                         ldap_msgfree(res);
 179                 }
 180         }
 181         if (rc != LDAP_SUCCESS) {
 182                 rs->sr_err = ldap_back_map_result(rs);
 183                 send_ldap_result(op, rs);
 184                 if (rs->sr_matched) free((char *)rs->sr_matched);
 185                 if (rs->sr_text) free((char *)rs->sr_text);
 186                 rs->sr_matched = NULL;
 187                 rs->sr_text = NULL;
 188                 rc = -1;
 189         }
 190         return rc;
 191 }