From: Kurt Zeilenga Date: Wed, 12 Jun 2002 00:13:29 +0000 (+0000) Subject: An almost complete slap_sasl_setpass() X-Git-Tag: NO_SLAP_OP_BLOCKS~1483 X-Git-Url: https://git.sur5r.net/?a=commitdiff_plain;h=1410b3e7d9732be81c216731b4a3a15b0633ed16;p=openldap An almost complete slap_sasl_setpass() --- diff --git a/servers/slapd/passwd.c b/servers/slapd/passwd.c index 7f2a4cdfcc..06cc1586a8 100644 --- a/servers/slapd/passwd.c +++ b/servers/slapd/passwd.c @@ -44,19 +44,13 @@ int passwd_extop( be = conn->c_authz_backend; ldap_pvt_thread_mutex_unlock( &conn->c_mutex ); - if( be == NULL ) { - *text = "operation not supported for SASL user"; - return LDAP_UNWILLING_TO_PERFORM; - } - - if( !be->be_extended ) { + if( be && !be->be_extended ) { *text = "operation not supported for current user"; return LDAP_UNWILLING_TO_PERFORM; } { struct berval passwd = BER_BVC( LDAP_EXOP_MODIFY_PASSWD ); - rc = backend_check_restrictions( be, conn, op, &passwd, text ); } @@ -64,7 +58,18 @@ int passwd_extop( return rc; } - if( be->be_update_ndn.bv_len ) { + if( be == NULL ) { +#ifdef HAVE_CYRUS_SASL + rc = slap_sasl_setpass( conn, op, + reqoid, reqdata, + rspoid, rspdata, rspctrls, + text ); +#else + *text = "no authz backend"; + rc = LDAP_OTHER; +#endif + + } else if( be->be_update_ndn.bv_len ) { /* we SHOULD return a referral in this case */ *refs = referral_rewrite( be->be_update_refs, NULL, NULL, LDAP_SCOPE_DEFAULT ); diff --git a/servers/slapd/proto-slap.h b/servers/slapd/proto-slap.h index f80e53969a..ad0f101074 100644 --- a/servers/slapd/proto-slap.h +++ b/servers/slapd/proto-slap.h @@ -830,6 +830,16 @@ LDAP_SLAPD_F (int) slap_sasl_bind LDAP_P(( struct berval *cred, struct berval *edn, slap_ssf_t *ssf )); +LDAP_SLAPD_F (int) slap_sasl_setpass( + Connection *conn, + Operation *op, + const char *reqoid, + struct berval *reqdata, + char **rspoid, + struct berval **rspdata, + LDAPControl *** rspctrls, + const char **text ); + /* * saslauthz.c */ diff --git a/servers/slapd/sasl.c b/servers/slapd/sasl.c index ba1cdb0c2f..9ca2035751 100644 --- a/servers/slapd/sasl.c +++ b/servers/slapd/sasl.c @@ -1281,3 +1281,79 @@ char* slap_sasl_secprops( const char *in ) return "SASL not supported"; #endif } + +#ifdef HAVE_CYRUS_SASL +int +slap_sasl_setpass( + Connection *conn, + Operation *op, + const char *reqoid, + struct berval *reqdata, + char **rspoid, + struct berval **rspdata, + LDAPControl *** rspctrls, + const char **text ) +{ + int rc; + struct berval id = { 0, NULL }; /* needs to come from connection */ + struct berval new = { 0, NULL }; + + assert( reqoid != NULL ); + assert( strcmp( LDAP_EXOP_MODIFY_PASSWD, reqoid ) == 0 ); + + if( id.bv_len == 0 ) { + *text = "not yet implemented"; + rc = LDAP_OTHER; + } + +#ifdef NEW_LOGGING + LDAP_LOG(( "backend", LDAP_LEVEL_ENTRY, + "slap_sasl_setpass: \"%s\"\n", + id.bv_val ? id.bv_val : "" )); +#else + Debug( LDAP_DEBUG_ARGS, "==> ldbm_back_exop_passwd: \"%s\"\n", + id.bv_val ? id.bv_val : "", 0, 0 ); +#endif + + rc = slap_passwd_parse( reqdata, + NULL, NULL, &new, text ); + + if( rc != LDAP_SUCCESS ) { + goto done; + } + + if( new.bv_len == 0 ) { + slap_passwd_generate(&new); + + if( new.bv_len == 0 ) { + *text = "password generation failed."; + rc = LDAP_OTHER; + goto done; + } + + *rspdata = slap_passwd_return( &new ); + } + + rc = sasl_setpass( conn->c_sasl_context, + id.bv_val, new.bv_val, new.bv_len, SASL_SET_CREATE, + text ); + + switch(rc) { + case SASL_OK: + rc = LDAP_SUCCESS; + break; + + case SASL_NOCHANGE: + case SASL_NOMECH: + case SASL_DISABLED: + case SASL_PWLOCK: + case SASL_FAIL: + case SASL_BADPARAM: + default: + rc = LDAP_OTHER; + } + +done: + return rc; +} +#endif diff --git a/servers/slapd/tools/mimic.c b/servers/slapd/tools/mimic.c index 3db426bac4..afd1388389 100644 --- a/servers/slapd/tools/mimic.c +++ b/servers/slapd/tools/mimic.c @@ -140,12 +140,24 @@ int slap_sasl_destroy(void) return LDAP_SUCCESS; } +int slap_sasl_setpass( + Connection *conn, + Operation *op, + const char *reqoid, + struct berval *reqdata, + char **rspoid, + struct berval **rspdata, + LDAPControl *** rspctrls, + const char **text ) +{ + return LDAP_SUCCESS; +} + char * slap_sasl_secprops( const char *in ) { return NULL; } - int slap_sasl_regexp_config( const char *match, const char *replace ) { return(0);