X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=servers%2Fslapd%2Fback-ldap%2Fextended.c;h=4403fbaaf51dcc831385f385148284100b083002;hb=56cdaa594cd9f3c683a02f3fa6952204c016e232;hp=8f643e1c9324833e5e05c903037a25124e241260;hpb=68c5f6fa985c9ea5ef2ff52ccee75b26741fea27;p=openldap

diff --git a/servers/slapd/back-ldap/extended.c b/servers/slapd/back-ldap/extended.c
index 8f643e1c93..4403fbaaf5 100644
--- a/servers/slapd/back-ldap/extended.c
+++ b/servers/slapd/back-ldap/extended.c
@@ -1,8 +1,22 @@
 /* extended.c - ldap backend extended routines */
 /* $OpenLDAP$ */
-/*
- * Copyright 1998-2003 The OpenLDAP Foundation, All Rights Reserved.
- * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 2003-2004 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This work was initially developed by the Howard Chu for inclusion
+ * in OpenLDAP Software and subsequently enhanced by Pierangelo
+ * Masarati. 
  */
 
 #include "portable.h"
@@ -33,7 +47,40 @@ ldap_back_extended(
 
 	for( i=0; exop_table[i].extended != NULL; i++ ) {
 		if( ber_bvcmp( exop_table[i].oid, &op->oq_extended.rs_reqoid ) == 0 ) {
+#ifdef LDAP_BACK_PROXY_AUTHZ 
+			struct ldapconn *lc;
+			LDAPControl **oldctrls = NULL;
+			int rc;
+
+			/* FIXME: this needs to be called here, so it is
+			 * called twice; maybe we could avoid the 
+			 * ldap_back_dobind() call inside each extended()
+			 * call ... */
+			lc = ldap_back_getconn(op, rs);
+			if (!lc || !ldap_back_dobind(lc, op, rs) ) {
+				return -1;
+			}
+
+			oldctrls = op->o_ctrls;
+			if ( ldap_back_proxy_authz_ctrl( lc, op, rs, &op->o_ctrls ) ) {
+				op->o_ctrls = oldctrls;
+				send_ldap_result( op, rs );
+				rs->sr_text = NULL;
+				return rs->sr_err;
+			}
+
+			rc = (exop_table[i].extended)( op, rs );
+
+			if ( op->o_ctrls && op->o_ctrls != oldctrls ) {
+				free( op->o_ctrls[ 0 ] );
+				free( op->o_ctrls );
+			}
+			op->o_ctrls = oldctrls;
+
+			return rc;
+#else /* ! LDAP_BACK_PROXY_AUTHZ */
 			return (exop_table[i].extended)( op, rs );
+#endif /* ! LDAP_BACK_PROXY_AUTHZ */
 		}
 	}
 
@@ -48,13 +95,11 @@ ldap_back_exop_passwd(
 {
 	struct ldapinfo *li = (struct ldapinfo *) op->o_bd->be_private;
 	struct ldapconn *lc;
-	struct berval id = { 0, NULL };
-	struct berval old = { 0, NULL };
-	struct berval new = { 0, NULL };
-	struct berval dn, mdn = { 0, NULL }, newpw;
+	req_pwdexop_s *qpw = &op->oq_pwdexop;
+	struct berval mdn = { 0, NULL }, newpw;
 	LDAPMessage *res;
 	ber_int_t msgid;
-	int rc;
+	int rc, isproxy;
 	dncookie dc;
 
 	lc = ldap_back_getconn(op, rs);
@@ -62,48 +107,37 @@ ldap_back_exop_passwd(
 		return -1;
 	}
 
-	rc = slap_passwd_parse( op->oq_extended.rs_reqdata, &id, &old, &new, &rs->sr_text );
-	if (rc != LDAP_SUCCESS)
-		return rc;
-	
-	if (id.bv_len) {
-		dn = id;
-	} else {
-		dn = op->o_dn;
-	}
+	isproxy = ber_bvcmp( &op->o_req_ndn, &op->o_ndn );
 
 #ifdef NEW_LOGGING
 	LDAP_LOG ( ACL, DETAIL1, "ldap_back_exop_passwd: \"%s\"%s\"\n",
-		dn.bv_val, id.bv_len ? " (proxy)" : "", 0 );
+		op->o_req_dn.bv_val, isproxy ? " (proxy)" : "", 0 );
 #else
 	Debug( LDAP_DEBUG_TRACE, "ldap_back_exop_passwd: \"%s\"%s\n",
-		dn.bv_val, id.bv_len ? " (proxy)" : "", 0 );
+		op->o_req_dn.bv_val, isproxy ? " (proxy)" : "", 0 );
 #endif
 
-	if (dn.bv_len == 0) {
-		rs->sr_text = "No password is associated with the Root DSE";
-		return LDAP_UNWILLING_TO_PERFORM;
-	}
-	if (id.bv_len) {
-		dc.li = li;
+	if ( isproxy ) {
+		dc.rwmap = &li->rwmap;
 #ifdef ENABLE_REWRITE
 		dc.conn = op->o_conn;
 		dc.rs = rs;
-		dc.ctx = "modifyPwd";
+		dc.ctx = "exopPasswdDN";
 #else
 		dc.tofrom = 1;
 		dc.normalized = 0;
 #endif
-		if ( ldap_back_dn_massage( &dc, &dn, &mdn ) ) {
+		if ( ldap_back_dn_massage( &dc, &op->o_req_dn, &mdn ) ) {
 			send_ldap_result( op, rs );
 			return -1;
 		}
 	}
 
-	rc = ldap_passwd(lc->ld, id.bv_len ? &mdn : NULL, old.bv_len ? &old : NULL,
-		new.bv_len ? &new : NULL, op->o_ctrls, NULL, &msgid);
+	rc = ldap_passwd(lc->ld, isproxy ? &mdn : NULL,
+		qpw->rs_old.bv_len ? &qpw->rs_old : NULL,
+		qpw->rs_new.bv_len ? &qpw->rs_new : NULL, op->o_ctrls, NULL, &msgid);
 
-	if (mdn.bv_val != dn.bv_val) {
+	if (mdn.bv_val != op->o_req_dn.bv_val) {
 		free(mdn.bv_val);
 	}