1 /* bind.c - ldbm backend bind and unbind routines */
4 * Copyright 1998-1999 The OpenLDAP Foundation, All Rights Reserved.
5 * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
13 #include <ac/socket.h>
14 #include <ac/string.h>
15 #include <ac/unistd.h>
22 SLAP_EXTOP_CALLBACK_FN ext_callback,
23 Connection *conn, Operation *op, char *oid,
24 struct berval *reqdata, struct berval **rspdata, char **text )
28 assert( oid != NULL );
29 assert( strcmp( LDAP_EXOP_X_MODIFY_PASSWD, oid ) == 0 );
31 if( op->o_dn == NULL || op->o_dn[0] == '\0' ) {
32 *text = ch_strdup("only authenicated users may change passwords");
33 return LDAP_STRONG_AUTH_REQUIRED;
36 if( reqdata == NULL || reqdata->bv_len == 0 ) {
37 *text = ch_strdup("request data missing");
38 return LDAP_PROTOCOL_ERROR;
41 if( conn->c_authz_backend != NULL &&
42 conn->c_authz_backend->be_extended )
44 rc = conn->c_authz_backend->be_extended(
45 conn->c_authz_backend,
46 conn, op, oid, reqdata, rspdata, text );
49 *text = ch_strdup("operation not supported for current user");
50 rc = LDAP_UNWILLING_TO_PERFORM;
56 int slap_passwd_parse( struct berval *reqdata,
62 int rc = LDAP_SUCCESS;
67 assert( reqdata != NULL );
69 ber = ber_init( reqdata );
72 Debug( LDAP_DEBUG_TRACE, "slap_passwd_parse: ber_init failed\n",
74 *text = ch_strdup("password decoding error");
75 return LDAP_PROTOCOL_ERROR;
78 tag = ber_scanf(ber, "{" /*}*/);
80 if( tag == LBER_ERROR ) {
84 tag = ber_peek_tag( ber, &len );
86 if( tag == LDAP_TAG_EXOP_X_MODIFY_PASSWD_ID ) {
88 Debug( LDAP_DEBUG_TRACE, "slap_passwd_parse: ID not allowed.\n",
90 *text = "user must change own password";
91 rc = LDAP_UNWILLING_TO_PERFORM;
95 tag = ber_scanf( ber, "O", id );
97 if( tag == LBER_ERROR ) {
98 Debug( LDAP_DEBUG_TRACE, "slap_passwd_parse: ID parse failed.\n",
103 tag = ber_peek_tag( ber, &len);
106 if( tag == LDAP_TAG_EXOP_X_MODIFY_PASSWD_OLD ) {
108 Debug( LDAP_DEBUG_TRACE, "slap_passwd_parse: OLD not allowed.\n",
110 *text = "use bind to verify old password";
111 rc = LDAP_UNWILLING_TO_PERFORM;
115 tag = ber_scanf( ber, "O", old );
117 if( tag == LBER_ERROR ) {
118 Debug( LDAP_DEBUG_TRACE, "slap_passwd_parse: ID parse failed.\n",
123 tag = ber_peek_tag( ber, &len);
126 if( tag == LDAP_TAG_EXOP_X_MODIFY_PASSWD_NEW ) {
128 Debug( LDAP_DEBUG_TRACE, "slap_passwd_parse: NEW not allowed.\n",
130 *text = "user specified passwords disallowed";
131 rc = LDAP_UNWILLING_TO_PERFORM;
135 tag = ber_scanf( ber, "O", new );
137 if( tag == LBER_ERROR ) {
138 Debug( LDAP_DEBUG_TRACE, "slap_passwd_parse: OLD parse failed.\n",
143 tag = ber_peek_tag( ber, &len );
148 Debug( LDAP_DEBUG_TRACE,
149 "slap_passwd_parse: decoding error, len=%ld\n",
152 *text = ch_strdup("data decoding error");
153 rc = LDAP_PROTOCOL_ERROR;
157 if( rc != LDAP_SUCCESS ) {
181 struct berval *cred )
184 for ( i = 0; a->a_vals[i] != NULL; i++ ) {
188 ldap_pvt_thread_mutex_lock( &crypt_mutex );
191 result = lutil_passwd( a->a_vals[i], cred, NULL );
194 ldap_pvt_thread_mutex_unlock( &crypt_mutex );
203 struct berval * slap_passwd_generate(
204 struct berval * cred )
206 char* hash = default_passwd_hash ? default_passwd_hash : "{SSHA}";
211 ldap_pvt_thread_mutex_lock( &crypt_mutex );
214 new = lutil_passwd_generate( cred , hash );
217 ldap_pvt_thread_mutex_unlock( &crypt_mutex );