1 /* bind.c - ldbm backend bind and unbind routines */
4 * Copyright 1998-1999 The OpenLDAP Foundation, All Rights Reserved.
5 * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
13 #include <ac/socket.h>
14 #include <ac/string.h>
15 #include <ac/unistd.h>
21 static int passwd_main(
22 SLAP_EXTOP_CALLBACK_FN ext_callback,
23 Connection *conn, Operation *op, char *oid,
24 struct berval *reqdata, struct berval **rspdata, char **text )
28 struct berval *cred = NULL;
31 assert( oid != NULL );
32 assert( strcmp( LDAP_EXOP_X_MODIFY_PASSWD, oid ) == 0 );
34 if( op->o_dn == NULL || op->o_dn[0] == '\0' ) {
35 *text = ch_strdup("only authenicated users may change passwords");
36 return LDAP_STRONG_AUTH_REQUIRED;
39 if( reqdata == NULL || reqdata->bv_len == 0 ) {
40 *text = ch_strdup("data missing");
41 return LDAP_PROTOCOL_ERROR;
44 ber = ber_init( reqdata );
47 *text = ch_strdup("password decoding error");
48 return LDAP_PROTOCOL_ERROR;
51 rc = ber_scanf(ber, "{iO}", &type, &cred );
54 if( rc == LBER_ERROR ) {
55 *text = ch_strdup("data decoding error");
56 return LDAP_PROTOCOL_ERROR;
59 if( cred == NULL || cred->bv_len == 0 ) {
60 *text = ch_strdup("password missing");
61 return LDAP_PROTOCOL_ERROR;
66 *text = ch_strdup("password type unknown");
67 return LDAP_PROTOCOL_ERROR;
70 if( conn->c_authz_backend != NULL &&
71 conn->c_authz_backend->be_extended )
73 rc = conn->c_authz_backend->be_extended(
74 conn->c_authz_backend,
76 oid, cred, rspdata, text );
79 *text = ch_strdup("operation not supported for current user");
80 rc = LDAP_UNWILLING_TO_PERFORM;
88 slap_passwd_init( void )
90 return load_extop( LDAP_EXOP_X_MODIFY_PASSWD, passwd_main );
99 for ( i = 0; a->a_vals[i] != NULL; i++ ) {
103 ldap_pvt_thread_mutex_lock( &crypt_mutex );
106 result = lutil_passwd( a->a_vals[i], cred, NULL );
109 ldap_pvt_thread_mutex_unlock( &crypt_mutex );
118 struct berval * slap_passwd_generate(
119 struct berval * cred )
121 char* hash = default_passwd_hash ? default_passwd_hash : "{SSHA}";
126 ldap_pvt_thread_mutex_lock( &crypt_mutex );
129 new = lutil_passwd_generate( cred , hash );
132 ldap_pvt_thread_mutex_unlock( &crypt_mutex );