git.sur5r.net Git - openldap/blob - servers/slapd/back-ldap/extended.c

   1 /* extended.c - ldap backend extended routines */
   2 /* $OpenLDAP$ */
   3 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
   4  *
   5  * Copyright 2003-2006 The OpenLDAP Foundation.
   6  * All rights reserved.
   7  *
   8  * Redistribution and use in source and binary forms, with or without
   9  * modification, are permitted only as authorized by the OpenLDAP
  10  * Public License.
  11  *
  12  * A copy of this license is available in the file LICENSE in the
  13  * top-level directory of the distribution or, alternatively, at
  14  * <http://www.OpenLDAP.org/license.html>.
  15  */
  16 /* ACKNOWLEDGEMENTS:
  17  * This work was initially developed by the Howard Chu for inclusion
  18  * in OpenLDAP Software and subsequently enhanced by Pierangelo
  19  * Masarati.
  20  */
  21
  22 #include "portable.h"
  23
  24 #include <stdio.h>
  25 #include <ac/string.h>
  26
  27 #include "slap.h"
  28 #include "back-ldap.h"
  29 #include "lber_pvt.h"
  30
  31 static BI_op_extended ldap_back_exop_passwd;
  32 static BI_op_extended ldap_back_exop_generic;
  33
  34 static struct exop {
  35         struct berval   oid;
  36         BI_op_extended  *extended;
  37 } exop_table[] = {
  38         { BER_BVC(LDAP_EXOP_MODIFY_PASSWD),     ldap_back_exop_passwd },
  39         { BER_BVNULL, NULL }
  40 };
  41
  42 static int
  43 ldap_back_extended_one( Operation *op, SlapReply *rs, BI_op_extended exop )
  44 {
  45         ldapconn_t      *lc;
  46         LDAPControl     **oldctrls = NULL;
  47         int             rc;
  48
  49         /* FIXME: this needs to be called here, so it is
  50          * called twice; maybe we could avoid the
  51          * ldap_back_dobind() call inside each extended()
  52          * call ... */
  53         lc = ldap_back_getconn( op, rs, LDAP_BACK_SENDERR );
  54         if ( !lc || !ldap_back_dobind( lc, op, rs, LDAP_BACK_SENDERR ) ) {
  55                 return -1;
  56         }
  57
  58         oldctrls = op->o_ctrls;
  59         if ( ldap_back_proxy_authz_ctrl( lc, op, rs, &op->o_ctrls ) ) {
  60                 op->o_ctrls = oldctrls;
  61                 send_ldap_extended( op, rs );
  62                 rs->sr_text = NULL;
  63                 /* otherwise frontend resends result */
  64                 rc = rs->sr_err = SLAPD_ABANDON;
  65                 goto done;
  66         }
  67
  68         rc = exop( op, rs );
  69
  70         if ( op->o_ctrls && op->o_ctrls != oldctrls ) {
  71                 free( op->o_ctrls[ 0 ] );
  72                 free( op->o_ctrls );
  73         }
  74         op->o_ctrls = oldctrls;
  75
  76 done:;
  77         if ( lc != NULL ) {
  78                 ldap_back_release_conn( op, rs, lc );
  79         }
  80
  81         return rc;
  82 }
  83
  84 int
  85 ldap_back_extended(
  86                 Operation       *op,
  87                 SlapReply       *rs )
  88 {
  89         int     i;
  90
  91         for ( i = 0; exop_table[i].extended != NULL; i++ ) {
  92                 if ( bvmatch( &exop_table[i].oid, &op->oq_extended.rs_reqoid ) )
  93                 {
  94                         return ldap_back_extended_one( op, rs, exop_table[i].extended );
  95                 }
  96         }
  97
  98         /* if we get here, the exop is known; the best that we can do
  99          * is pass it thru as is */
 100         /* FIXME: maybe a list of OIDs to pass thru would be safer */
 101         return ldap_back_extended_one( op, rs, ldap_back_exop_generic );
 102 }
 103
 104 static int
 105 ldap_back_exop_passwd(
 106                 Operation       *op,
 107                 SlapReply       *rs )
 108 {
 109         ldapconn_t      *lc;
 110         req_pwdexop_s   *qpw = &op->oq_pwdexop;
 111         LDAPMessage     *res;
 112         ber_int_t       msgid;
 113         int             rc, isproxy;
 114         int             do_retry = 1;
 115
 116         lc = ldap_back_getconn( op, rs, LDAP_BACK_SENDERR );
 117         if ( !lc || !ldap_back_dobind( lc, op, rs, LDAP_BACK_SENDERR ) ) {
 118                 return -1;
 119         }
 120
 121         isproxy = ber_bvcmp( &op->o_req_ndn, &op->o_ndn );
 122
 123         Debug( LDAP_DEBUG_ARGS, "==> ldap_back_exop_passwd(\"%s\")%s\n",
 124                 op->o_req_dn.bv_val, isproxy ? " (proxy)" : "", 0 );
 125
 126 retry:
 127         rc = ldap_passwd( lc->lc_ld, isproxy ? &op->o_req_dn : NULL,
 128                 qpw->rs_old.bv_val ? &qpw->rs_old : NULL,
 129                 qpw->rs_new.bv_val ? &qpw->rs_new : NULL,
 130                 op->o_ctrls, NULL, &msgid );
 131
 132         if ( rc == LDAP_SUCCESS ) {
 133                 if ( ldap_result( lc->lc_ld, msgid, LDAP_MSG_ALL, NULL, &res ) == -1 ) {
 134                         ldap_get_option( lc->lc_ld, LDAP_OPT_ERROR_NUMBER, &rc );
 135                         ldap_back_freeconn( op, lc, 0 );
 136                         lc = NULL;
 137
 138                 } else {
 139                         /* sigh. parse twice, because parse_passwd
 140                          * doesn't give us the err / match / msg info.
 141                          */
 142                         rc = ldap_parse_result( lc->lc_ld, res, &rs->sr_err,
 143                                         (char **)&rs->sr_matched,
 144                                         (char **)&rs->sr_text,
 145                                         NULL, NULL, 0 );
 146 #ifndef LDAP_NULL_IS_NULL
 147                         if ( rs->sr_matched && rs->sr_matched[ 0 ] == '\0' ) {
 148                                 free( (char *)rs->sr_matched );
 149                                 rs->sr_matched = NULL;
 150                         }
 151                         if ( rs->sr_text && rs->sr_text[ 0 ] == '\0' ) {
 152                                 free( (char *)rs->sr_text );
 153                                 rs->sr_text = NULL;
 154                         }
 155 #endif /* LDAP_NULL_IS_NULL */
 156
 157                         if ( rc == LDAP_SUCCESS ) {
 158                                 if ( rs->sr_err == LDAP_SUCCESS ) {
 159                                         struct berval   newpw;
 160
 161                                         /* this never happens because
 162                                          * the frontend is generating
 163                                          * the new password, so when
 164                                          * the passwd exop is proxied,
 165                                          * it never delegates password
 166                                          * generation to the remote server
 167                                          */
 168                                         rc = ldap_parse_passwd( lc->lc_ld, res,
 169                                                         &newpw );
 170                                         if ( rc == LDAP_SUCCESS &&
 171                                                         !BER_BVISNULL( &newpw ) )
 172                                         {
 173                                                 rs->sr_type = REP_EXTENDED;
 174                                                 rs->sr_rspdata = slap_passwd_return( &newpw );
 175                                                 free( newpw.bv_val );
 176                                         }
 177
 178                                 } else {
 179                                         rc = rs->sr_err;
 180                                 }
 181                         }
 182                         ldap_msgfree( res );
 183                 }
 184         }
 185         if ( rc != LDAP_SUCCESS ) {
 186                 rs->sr_err = slap_map_api2result( rs );
 187                 if ( rs->sr_err == LDAP_UNAVAILABLE && do_retry ) {
 188                         do_retry = 0;
 189                         if ( ldap_back_retry( &lc, op, rs, LDAP_BACK_SENDERR ) ) {
 190                                 goto retry;
 191                         }
 192                 }
 193                 send_ldap_extended( op, rs );
 194                 /* otherwise frontend resends result */
 195                 rc = rs->sr_err = SLAPD_ABANDON;
 196         }
 197
 198         /* these have to be freed anyway... */
 199         if ( rs->sr_matched ) {
 200                 free( (char *)rs->sr_matched );
 201                 rs->sr_matched = NULL;
 202         }
 203         if ( rs->sr_text ) {
 204                 free( (char *)rs->sr_text );
 205                 rs->sr_text = NULL;
 206         }
 207
 208         if ( lc != NULL ) {
 209                 ldap_back_release_conn( op, rs, lc );
 210         }
 211
 212         return rc;
 213 }
 214
 215 static int
 216 ldap_back_exop_generic(
 217         Operation       *op,
 218         SlapReply       *rs )
 219 {
 220         ldapconn_t      *lc;
 221         LDAPMessage     *res;
 222         ber_int_t       msgid;
 223         int             rc;
 224         int             do_retry = 1;
 225
 226         lc = ldap_back_getconn( op, rs, LDAP_BACK_SENDERR );
 227         if ( !lc || !ldap_back_dobind( lc, op, rs, LDAP_BACK_SENDERR ) ) {
 228                 return -1;
 229         }
 230
 231         Debug( LDAP_DEBUG_ARGS, "==> ldap_back_exop_generic(%s, \"%s\")\n",
 232                 op->ore_reqoid.bv_val, op->o_req_dn.bv_val, 0 );
 233
 234 retry:
 235         rc = ldap_extended_operation( lc->lc_ld,
 236                 op->ore_reqoid.bv_val, op->ore_reqdata,
 237                 op->o_ctrls, NULL, &msgid );
 238
 239         if ( rc == LDAP_SUCCESS ) {
 240                 if ( ldap_result( lc->lc_ld, msgid, LDAP_MSG_ALL, NULL, &res ) == -1 ) {
 241                         ldap_get_option( lc->lc_ld, LDAP_OPT_ERROR_NUMBER, &rc );
 242                         ldap_back_freeconn( op, lc, 0 );
 243                         lc = NULL;
 244
 245                 } else {
 246                         /* sigh. parse twice, because parse_passwd
 247                          * doesn't give us the err / match / msg info.
 248                          */
 249                         rc = ldap_parse_result( lc->lc_ld, res, &rs->sr_err,
 250                                         (char **)&rs->sr_matched,
 251                                         (char **)&rs->sr_text,
 252                                         NULL, NULL, 0 );
 253 #ifndef LDAP_NULL_IS_NULL
 254                         if ( rs->sr_matched && rs->sr_matched[ 0 ] == '\0' ) {
 255                                 free( (char *)rs->sr_matched );
 256                                 rs->sr_matched = NULL;
 257                         }
 258                         if ( rs->sr_text && rs->sr_text[ 0 ] == '\0' ) {
 259                                 free( (char *)rs->sr_text );
 260                                 rs->sr_text = NULL;
 261                         }
 262 #endif /* LDAP_NULL_IS_NULL */
 263                         if ( rc == LDAP_SUCCESS ) {
 264                                 if ( rs->sr_err == LDAP_SUCCESS ) {
 265                                         rc = ldap_parse_extended_result( lc->lc_ld, res,
 266                                                         (char **)&rs->sr_rspoid, &rs->sr_rspdata, 0 );
 267                                         if ( rc == LDAP_SUCCESS ) {
 268                                                 rs->sr_type = REP_EXTENDED;
 269                                         }
 270
 271                                 } else {
 272                                         rc = rs->sr_err;
 273                                 }
 274                         }
 275                         ldap_msgfree( res );
 276                 }
 277         }
 278         if ( rc != LDAP_SUCCESS ) {
 279                 rs->sr_err = slap_map_api2result( rs );
 280                 if ( rs->sr_err == LDAP_UNAVAILABLE && do_retry ) {
 281                         do_retry = 0;
 282                         if ( ldap_back_retry( &lc, op, rs, LDAP_BACK_SENDERR ) ) {
 283                                 goto retry;
 284                         }
 285                 }
 286                 send_ldap_extended( op, rs );
 287                 /* otherwise frontend resends result */
 288                 rc = rs->sr_err = SLAPD_ABANDON;
 289         }
 290
 291         /* these have to be freed anyway... */
 292         if ( rs->sr_matched ) {
 293                 free( (char *)rs->sr_matched );
 294                 rs->sr_matched = NULL;
 295         }
 296         if ( rs->sr_text ) {
 297                 free( (char *)rs->sr_text );
 298                 rs->sr_text = NULL;
 299         }
 300
 301         if ( lc != NULL ) {
 302                 ldap_back_release_conn( op, rs, lc );
 303         }
 304
 305         return rc;
 306 }
 307