|
Packit |
6bd9ab |
/*
|
|
Packit |
6bd9ab |
ldap_passwd_s.c - replacement function for ldap_passwd_s()
|
|
Packit |
6bd9ab |
Parts of this file were based on parts of the pam_ldap library
|
|
Packit |
6bd9ab |
(taken from _update_authtok() in pam_ldap.c).
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
Copyright (C) 1998-2004 Luke Howard
|
|
Packit |
6bd9ab |
Copyright (C) 2009, 2010, 2012 Arthur de Jong
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
This library is free software; you can redistribute it and/or
|
|
Packit |
6bd9ab |
modify it under the terms of the GNU Lesser General Public
|
|
Packit |
6bd9ab |
License as published by the Free Software Foundation; either
|
|
Packit |
6bd9ab |
version 2.1 of the License, or (at your option) any later version.
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
This library is distributed in the hope that it will be useful,
|
|
Packit |
6bd9ab |
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
Packit |
6bd9ab |
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
Packit |
6bd9ab |
Lesser General Public License for more details.
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
You should have received a copy of the GNU Lesser General Public
|
|
Packit |
6bd9ab |
License along with this library; if not, write to the Free Software
|
|
Packit |
6bd9ab |
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
|
|
Packit |
6bd9ab |
02110-1301 USA
|
|
Packit |
6bd9ab |
*/
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
#include "config.h"
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
#include <stdlib.h>
|
|
Packit |
6bd9ab |
#include <lber.h>
|
|
Packit |
6bd9ab |
#include <ldap.h>
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
#include "compat/ldap_compat.h"
|
|
Packit |
6bd9ab |
#include "compat/attrs.h"
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
#ifndef LDAP_EXOP_MODIFY_PASSWD
|
|
Packit |
6bd9ab |
#ifdef LDAP_EXOP_X_MODIFY_PASSWD
|
|
Packit |
6bd9ab |
#define LDAP_EXOP_MODIFY_PASSWD LDAP_EXOP_X_MODIFY_PASSWD
|
|
Packit |
6bd9ab |
#define LDAP_TAG_EXOP_MODIFY_PASSWD_ID LDAP_TAG_EXOP_X_MODIFY_PASSWD_ID
|
|
Packit |
6bd9ab |
#define LDAP_TAG_EXOP_MODIFY_PASSWD_OLD LDAP_TAG_EXOP_X_MODIFY_PASSWD_OLD
|
|
Packit |
6bd9ab |
#define LDAP_TAG_EXOP_MODIFY_PASSWD_NEW LDAP_TAG_EXOP_X_MODIFY_PASSWD_NEW
|
|
Packit |
6bd9ab |
#else /* not LDAP_EXOP_X_MODIFY_PASSWD */
|
|
Packit |
6bd9ab |
#define LDAP_EXOP_MODIFY_PASSWD "1.3.6.1.4.1.4203.1.11.1"
|
|
Packit |
6bd9ab |
#define LDAP_TAG_EXOP_MODIFY_PASSWD_ID ((ber_tag_t)0x80U)
|
|
Packit |
6bd9ab |
#define LDAP_TAG_EXOP_MODIFY_PASSWD_OLD ((ber_tag_t)0x81U)
|
|
Packit |
6bd9ab |
#define LDAP_TAG_EXOP_MODIFY_PASSWD_NEW ((ber_tag_t)0x82U)
|
|
Packit |
6bd9ab |
#endif /* not LDAP_EXOP_X_MODIFY_PASSWD */
|
|
Packit |
6bd9ab |
#endif /* not LDAP_EXOP_MODIFY_PASSWD */
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
#ifndef LBER_USE_DER
|
|
Packit |
6bd9ab |
#define LBER_USE_DER 1
|
|
Packit |
6bd9ab |
#endif /* not LBER_USE_DER */
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
#ifndef HAVE_BER_MEMFREE
|
|
Packit |
6bd9ab |
#define ber_memfree free
|
|
Packit |
6bd9ab |
#endif /* not HAVE_BER_MEMFREE */
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
#if !HAVE_DECL_LDAP_EXTENDED_OPERATION_S
|
|
Packit |
6bd9ab |
/* we define this ourselves here because some LDAP header versions don't
|
|
Packit |
6bd9ab |
seem to define this */
|
|
Packit |
6bd9ab |
extern int ldap_extended_operation_s(LDAP *ld, LDAP_CONST char *reqoid,
|
|
Packit |
6bd9ab |
struct berval *reqdata, LDAPControl **serverctrls,
|
|
Packit |
6bd9ab |
LDAPControl **clientctrls, char **retoidp, struct berval **retdatap);
|
|
Packit |
6bd9ab |
#endif /* not HAVE_DECL_LDAP_EXTENDED_OPERATION_S */
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
/* Replacement for password modification. user is the DN of the entry to
|
|
Packit |
6bd9ab |
change, oldpw is the old password (may not always be needed?), newpw is
|
|
Packit |
6bd9ab |
the new password to set and newpasswd is sometimes returned (though not
|
|
Packit |
6bd9ab |
by us). See RFC 3062 for details. */
|
|
Packit |
6bd9ab |
int ldap_passwd_s(LDAP *ld, struct berval *user, struct berval *oldpw,
|
|
Packit |
6bd9ab |
struct berval *newpw, struct berval UNUSED(*newpasswd),
|
|
Packit |
6bd9ab |
LDAPControl **sctrls, LDAPControl **cctrls)
|
|
Packit |
6bd9ab |
{
|
|
Packit |
6bd9ab |
#ifndef HAVE_LDAP_EXTENDED_OPERATION_S
|
|
Packit |
6bd9ab |
return LDAP_OPERATIONS_ERROR;
|
|
Packit |
6bd9ab |
#else /* HAVE_LDAP_EXTENDED_OPERATION_S */
|
|
Packit |
6bd9ab |
int rc;
|
|
Packit |
6bd9ab |
BerElement *ber;
|
|
Packit |
6bd9ab |
struct berval *bv;
|
|
Packit |
6bd9ab |
char *retoid;
|
|
Packit |
6bd9ab |
struct berval *retdata;
|
|
Packit |
6bd9ab |
/* set up request data */
|
|
Packit |
6bd9ab |
ber = ber_alloc_t(LBER_USE_DER);
|
|
Packit |
6bd9ab |
if (ber == NULL)
|
|
Packit |
6bd9ab |
return LDAP_NO_MEMORY;
|
|
Packit |
6bd9ab |
ber_printf(ber, "{");
|
|
Packit |
6bd9ab |
ber_printf(ber, "tO", LDAP_TAG_EXOP_MODIFY_PASSWD_ID, user);
|
|
Packit |
6bd9ab |
if (oldpw != NULL)
|
|
Packit |
6bd9ab |
ber_printf(ber, "tO", LDAP_TAG_EXOP_MODIFY_PASSWD_OLD, oldpw);
|
|
Packit |
6bd9ab |
ber_printf(ber, "tO", LDAP_TAG_EXOP_MODIFY_PASSWD_NEW, newpw);
|
|
Packit |
6bd9ab |
ber_printf(ber, "N}");
|
|
Packit |
6bd9ab |
rc = ber_flatten(ber, &bv;;
|
|
Packit |
6bd9ab |
ber_free(ber, 1);
|
|
Packit |
6bd9ab |
if (rc < 0)
|
|
Packit |
6bd9ab |
return LDAP_NO_MEMORY;
|
|
Packit |
6bd9ab |
/* perform the operation */
|
|
Packit |
6bd9ab |
rc = ldap_extended_operation_s(ld, LDAP_EXOP_MODIFY_PASSWD, bv, sctrls,
|
|
Packit |
6bd9ab |
cctrls, &retoid, &retdata);
|
|
Packit |
6bd9ab |
/* free data */
|
|
Packit |
6bd9ab |
ber_bvfree(bv);
|
|
Packit |
6bd9ab |
if (rc == LDAP_SUCCESS)
|
|
Packit |
6bd9ab |
{
|
|
Packit |
6bd9ab |
ber_bvfree(retdata);
|
|
Packit |
6bd9ab |
ber_memfree(retoid);
|
|
Packit |
6bd9ab |
}
|
|
Packit |
6bd9ab |
/* return result code */
|
|
Packit |
6bd9ab |
return rc;
|
|
Packit |
6bd9ab |
#endif /* HAVE_LDAP_EXTENDED_OPERATION_S */
|
|
Packit |
6bd9ab |
}
|