1 /* bind.c - ldbm backend bind and unbind routines */
4 * Copyright 1998-1999 The OpenLDAP Foundation, All Rights Reserved.
5 * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
13 #include <ac/socket.h>
14 #include <ac/string.h>
15 #include <ac/unistd.h>
22 SLAP_EXTOP_CALLBACK_FN ext_callback,
23 Connection *conn, Operation *op, char *oid,
24 struct berval *reqdata,
25 struct berval **rspdata,
26 LDAPControl ***rspctrls,
31 assert( oid != NULL );
32 assert( strcmp( LDAP_EXOP_X_MODIFY_PASSWD, oid ) == 0 );
34 if( op->o_dn == NULL || op->o_dn[0] == '\0' ) {
35 *text = ch_strdup("only authenicated users may change passwords");
36 return LDAP_STRONG_AUTH_REQUIRED;
39 if( conn->c_authz_backend != NULL &&
40 conn->c_authz_backend->be_extended )
42 rc = conn->c_authz_backend->be_extended(
43 conn->c_authz_backend,
44 conn, op, oid, reqdata, rspdata, rspctrls, text );
47 *text = ch_strdup("operation not supported for current user");
48 rc = LDAP_UNWILLING_TO_PERFORM;
54 int slap_passwd_parse( struct berval *reqdata,
60 int rc = LDAP_SUCCESS;
65 if( reqdata == NULL ) {
69 ber = ber_init( reqdata );
72 Debug( LDAP_DEBUG_TRACE, "slap_passwd_parse: ber_init failed\n",
74 *text = ch_strdup("password decoding error");
75 return LDAP_PROTOCOL_ERROR;
78 tag = ber_peek_tag( ber, &len );
80 if( tag == LDAP_TAG_EXOP_X_MODIFY_PASSWD_ID ) {
82 Debug( LDAP_DEBUG_TRACE, "slap_passwd_parse: ID not allowed.\n",
84 *text = "user must change own password";
85 rc = LDAP_UNWILLING_TO_PERFORM;
89 tag = ber_scanf( ber, "O", id );
91 if( tag == LBER_ERROR ) {
92 Debug( LDAP_DEBUG_TRACE, "slap_passwd_parse: ID parse failed.\n",
97 tag = ber_peek_tag( ber, &len);
100 if( tag == LDAP_TAG_EXOP_X_MODIFY_PASSWD_OLD ) {
102 Debug( LDAP_DEBUG_TRACE, "slap_passwd_parse: OLD not allowed.\n",
104 *text = "use bind to verify old password";
105 rc = LDAP_UNWILLING_TO_PERFORM;
109 tag = ber_scanf( ber, "O", old );
111 if( tag == LBER_ERROR ) {
112 Debug( LDAP_DEBUG_TRACE, "slap_passwd_parse: ID parse failed.\n",
117 tag = ber_peek_tag( ber, &len);
120 if( tag == LDAP_TAG_EXOP_X_MODIFY_PASSWD_NEW ) {
122 Debug( LDAP_DEBUG_TRACE, "slap_passwd_parse: NEW not allowed.\n",
124 *text = "user specified passwords disallowed";
125 rc = LDAP_UNWILLING_TO_PERFORM;
129 tag = ber_scanf( ber, "O", new );
131 if( tag == LBER_ERROR ) {
132 Debug( LDAP_DEBUG_TRACE, "slap_passwd_parse: OLD parse failed.\n",
137 tag = ber_peek_tag( ber, &len );
142 Debug( LDAP_DEBUG_TRACE,
143 "slap_passwd_parse: decoding error, len=%ld\n",
146 *text = ch_strdup("data decoding error");
147 rc = LDAP_PROTOCOL_ERROR;
151 if( rc != LDAP_SUCCESS ) {
172 struct berval * slap_passwd_return(
173 struct berval *cred )
177 BerElement *ber = ber_alloc_t(LBER_USE_DER);
179 assert( cred != NULL );
181 Debug( LDAP_DEBUG_TRACE, "slap_passwd_return: %ld\n",
182 (long) cred->bv_len, 0, 0 );
184 if( ber == NULL ) return NULL;
186 rc = ber_printf( ber, "tO",
187 LDAP_TAG_EXOP_X_MODIFY_PASSWD_NEW, cred );
194 (void) ber_flatten( ber, &bv );
204 struct berval *cred )
207 for ( i = 0; a->a_vals[i] != NULL; i++ ) {
211 ldap_pvt_thread_mutex_lock( &crypt_mutex );
214 result = lutil_passwd( a->a_vals[i], cred, NULL );
217 ldap_pvt_thread_mutex_unlock( &crypt_mutex );
226 struct berval * slap_passwd_generate( void )
228 Debug( LDAP_DEBUG_TRACE, "slap_passwd_generate\n", 0, 0, 0 );
229 return lutil_passwd_generate( 8 );
232 struct berval * slap_passwd_hash(
233 struct berval * cred )
235 char* hash = default_passwd_hash ? default_passwd_hash : "{SSHA}";
240 ldap_pvt_thread_mutex_lock( &crypt_mutex );
243 new = lutil_passwd_hash( cred , hash );
246 ldap_pvt_thread_mutex_unlock( &crypt_mutex );