X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=servers%2Fslapd%2Fback-ldap%2Fextended.c;h=4403fbaaf51dcc831385f385148284100b083002;hb=56cdaa594cd9f3c683a02f3fa6952204c016e232;hp=5b839bee01acb9806eb8a8d2f0e8837a190d508e;hpb=e8c58b4e7f21caa6c0b6006e3528cbad9b8aed45;p=openldap

diff --git a/servers/slapd/back-ldap/extended.c b/servers/slapd/back-ldap/extended.c
index 5b839bee01..4403fbaaf5 100644
--- a/servers/slapd/back-ldap/extended.c
+++ b/servers/slapd/back-ldap/extended.c
@@ -1,8 +1,22 @@
 /* extended.c - ldap backend extended routines */
 /* $OpenLDAP$ */
-/*
- * Copyright 1998-2003 The OpenLDAP Foundation, All Rights Reserved.
- * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 2003-2004 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This work was initially developed by the Howard Chu for inclusion
+ * in OpenLDAP Software and subsequently enhanced by Pierangelo
+ * Masarati. 
  */
 
 #include "portable.h"
@@ -33,7 +47,40 @@ ldap_back_extended(
 
 	for( i=0; exop_table[i].extended != NULL; i++ ) {
 		if( ber_bvcmp( exop_table[i].oid, &op->oq_extended.rs_reqoid ) == 0 ) {
+#ifdef LDAP_BACK_PROXY_AUTHZ 
+			struct ldapconn *lc;
+			LDAPControl **oldctrls = NULL;
+			int rc;
+
+			/* FIXME: this needs to be called here, so it is
+			 * called twice; maybe we could avoid the 
+			 * ldap_back_dobind() call inside each extended()
+			 * call ... */
+			lc = ldap_back_getconn(op, rs);
+			if (!lc || !ldap_back_dobind(lc, op, rs) ) {
+				return -1;
+			}
+
+			oldctrls = op->o_ctrls;
+			if ( ldap_back_proxy_authz_ctrl( lc, op, rs, &op->o_ctrls ) ) {
+				op->o_ctrls = oldctrls;
+				send_ldap_result( op, rs );
+				rs->sr_text = NULL;
+				return rs->sr_err;
+			}
+
+			rc = (exop_table[i].extended)( op, rs );
+
+			if ( op->o_ctrls && op->o_ctrls != oldctrls ) {
+				free( op->o_ctrls[ 0 ] );
+				free( op->o_ctrls );
+			}
+			op->o_ctrls = oldctrls;
+
+			return rc;
+#else /* ! LDAP_BACK_PROXY_AUTHZ */
 			return (exop_table[i].extended)( op, rs );
+#endif /* ! LDAP_BACK_PROXY_AUTHZ */
 		}
 	}
 
@@ -48,77 +95,49 @@ ldap_back_exop_passwd(
 {
 	struct ldapinfo *li = (struct ldapinfo *) op->o_bd->be_private;
 	struct ldapconn *lc;
-	struct berval id = { 0, NULL };
-	struct berval old = { 0, NULL };
-	struct berval new = { 0, NULL };
-	struct berval dn, mdn = { 0, NULL }, newpw;
+	req_pwdexop_s *qpw = &op->oq_pwdexop;
+	struct berval mdn = { 0, NULL }, newpw;
 	LDAPMessage *res;
 	ber_int_t msgid;
-	int rc;
+	int rc, isproxy;
+	dncookie dc;
 
-	lc = ldap_back_getconn(li, op, rs);
-	if (!lc || !ldap_back_dobind(li, lc, op, rs) ) {
+	lc = ldap_back_getconn(op, rs);
+	if (!lc || !ldap_back_dobind(lc, op, rs) ) {
 		return -1;
 	}
 
-	rc = slap_passwd_parse( op->oq_extended.rs_reqdata, &id, &old, &new, &rs->sr_text );
-	if (rc != LDAP_SUCCESS)
-		return rc;
-	
-	if (id.bv_len) {
-		dn = id;
-	} else {
-		dn = op->o_dn;
-	}
+	isproxy = ber_bvcmp( &op->o_req_ndn, &op->o_ndn );
 
 #ifdef NEW_LOGGING
 	LDAP_LOG ( ACL, DETAIL1, "ldap_back_exop_passwd: \"%s\"%s\"\n",
-		dn.bv_val, id.bv_len ? " (proxy)" : "", 0 );
+		op->o_req_dn.bv_val, isproxy ? " (proxy)" : "", 0 );
 #else
 	Debug( LDAP_DEBUG_TRACE, "ldap_back_exop_passwd: \"%s\"%s\n",
-		dn.bv_val, id.bv_len ? " (proxy)" : "", 0 );
+		op->o_req_dn.bv_val, isproxy ? " (proxy)" : "", 0 );
 #endif
 
-	if (dn.bv_len == 0) {
-		rs->sr_text = "No password is associated with the Root DSE";
-		return LDAP_UNWILLING_TO_PERFORM;
-	}
-	if (id.bv_len) {
+	if ( isproxy ) {
+		dc.rwmap = &li->rwmap;
 #ifdef ENABLE_REWRITE
-		switch ( rewrite_session( li->rwinfo, "modifyPwd", dn.bv_val, op->o_conn, &mdn.bv_val ) ) {
-		case REWRITE_REGEXEC_OK:
-			if ( mdn.bv_val == NULL ) {
-				mdn.bv_val = dn.bv_val;
-			}
-			mdn.bv_len = strlen(mdn.bv_val);
-#ifdef NEW_LOGGING
-			LDAP_LOG( BACK_LDAP, DETAIL1,
-				"[rw] modifyPwd: \"%s\" -> \"%s\"\n", dn.bv_val, mdn.bv_val, 0 );
-#else /* !NEW_LOGGING */
-			Debug( LDAP_DEBUG_ARGS, "rw> modifyPwd: \"%s\" -> \"%s\"\n%s",
-					dn.bv_val, mdn.bv_val, "" );
-#endif /* !NEW_LOGGING */
-			break;
-
-		case REWRITE_REGEXEC_UNWILLING:
-			send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM,
-					"Operation not allowed" );
-			return( -1 );
-
-		case REWRITE_REGEXEC_ERR:
-			send_ldap_error( op, rs, LDAP_OTHER,
-					"Rewrite error" );
-			return( -1 );
+		dc.conn = op->o_conn;
+		dc.rs = rs;
+		dc.ctx = "exopPasswdDN";
+#else
+		dc.tofrom = 1;
+		dc.normalized = 0;
+#endif
+		if ( ldap_back_dn_massage( &dc, &op->o_req_dn, &mdn ) ) {
+			send_ldap_result( op, rs );
+			return -1;
 		}
-#else /* !ENABLE_REWRITE */
-		ldap_back_dn_massage( li, &dn, &mdn, 0, 1 );
-#endif /* !ENABLE_REWRITE */
 	}
 
-	rc = ldap_passwd(lc->ld, id.bv_len ? &mdn : NULL, old.bv_len ? &old : NULL,
-		new.bv_len ? &new : NULL, op->o_ctrls, NULL, &msgid);
+	rc = ldap_passwd(lc->ld, isproxy ? &mdn : NULL,
+		qpw->rs_old.bv_len ? &qpw->rs_old : NULL,
+		qpw->rs_new.bv_len ? &qpw->rs_new : NULL, op->o_ctrls, NULL, &msgid);
 
-	if (mdn.bv_val != dn.bv_val) {
+	if (mdn.bv_val != op->o_req_dn.bv_val) {
 		free(mdn.bv_val);
 	}
 
@@ -147,7 +166,7 @@ ldap_back_exop_passwd(
 		}
 	}
 	if (rc != LDAP_SUCCESS) {
-		rs->sr_err = ldap_back_map_result(rc);
+		rs->sr_err = ldap_back_map_result(rs);
 		send_ldap_result(op, rs);
 		if (rs->sr_matched) free((char *)rs->sr_matched);
 		if (rs->sr_text) free((char *)rs->sr_text);