1/* $OpenLDAP$ */ 2/* This work is part of OpenLDAP Software <http://www.openldap.org/>. 3 * 4 * Copyright 1998-2011 The OpenLDAP Foundation. 5 * All rights reserved. 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted only as authorized by the OpenLDAP 9 * Public License. 10 * 11 * A copy of this license is available in the file LICENSE in the 12 * top-level directory of the distribution or, alternatively, at 13 * <http://www.OpenLDAP.org/license.html>. 14 */ 15/* ACKNOWLEDGEMENTS: 16 * This program was orignally developed by Kurt D. Zeilenga for inclusion in 17 * OpenLDAP Software. 18 */ 19 20#include "portable.h" 21 22#include <stdio.h> 23#include <ac/stdlib.h> 24#include <ac/string.h> 25#include <ac/time.h> 26 27#include "ldap-int.h" 28 29/* 30 * LDAP Password Modify (Extended) Operation (RFC 3062) 31 */ 32 33int ldap_parse_passwd( 34 LDAP *ld, 35 LDAPMessage *res, 36 struct berval *newpasswd ) 37{ 38 int rc; 39 struct berval *retdata = NULL; 40 41 assert( ld != NULL ); 42 assert( LDAP_VALID( ld ) ); 43 assert( res != NULL ); 44 assert( newpasswd != NULL ); 45 46 newpasswd->bv_val = NULL; 47 newpasswd->bv_len = 0; 48 49 rc = ldap_parse_extended_result( ld, res, NULL, &retdata, 0 ); 50 if ( rc != LDAP_SUCCESS ) { 51 return rc; 52 } 53 54 if ( retdata != NULL ) { 55 ber_tag_t tag; 56 BerElement *ber = ber_init( retdata ); 57 58 if ( ber == NULL ) { 59 rc = ld->ld_errno = LDAP_NO_MEMORY; 60 goto done; 61 } 62 63 /* we should check the tag */ 64 tag = ber_scanf( ber, "{o}", newpasswd ); 65 ber_free( ber, 1 ); 66 67 if ( tag == LBER_ERROR ) { 68 rc = ld->ld_errno = LDAP_DECODING_ERROR; 69 } 70 } 71 72done:; 73 ber_bvfree( retdata ); 74 75 return rc; 76} 77 78int 79ldap_passwd( LDAP *ld, 80 struct berval *user, 81 struct berval *oldpw, 82 struct berval *newpw, 83 LDAPControl **sctrls, 84 LDAPControl **cctrls, 85 int *msgidp ) 86{ 87 int rc; 88 struct berval bv = BER_BVNULL; 89 BerElement *ber = NULL; 90 91 assert( ld != NULL ); 92 assert( LDAP_VALID( ld ) ); 93 assert( msgidp != NULL ); 94 95 if( user != NULL || oldpw != NULL || newpw != NULL ) { 96 /* build change password control */ 97 ber = ber_alloc_t( LBER_USE_DER ); 98 99 if( ber == NULL ) { 100 ld->ld_errno = LDAP_NO_MEMORY; 101 return ld->ld_errno; 102 } 103 104 ber_printf( ber, "{" /*}*/ ); 105 106 if( user != NULL ) { 107 ber_printf( ber, "tO", 108 LDAP_TAG_EXOP_MODIFY_PASSWD_ID, user ); 109 } 110 111 if( oldpw != NULL ) { 112 ber_printf( ber, "tO", 113 LDAP_TAG_EXOP_MODIFY_PASSWD_OLD, oldpw ); 114 } 115 116 if( newpw != NULL ) { 117 ber_printf( ber, "tO", 118 LDAP_TAG_EXOP_MODIFY_PASSWD_NEW, newpw ); 119 } 120 121 ber_printf( ber, /*{*/ "N}" ); 122 123 rc = ber_flatten2( ber, &bv, 0 ); 124 125 if( rc < 0 ) { 126 ld->ld_errno = LDAP_ENCODING_ERROR; 127 return ld->ld_errno; 128 } 129 130 } 131 132 rc = ldap_extended_operation( ld, LDAP_EXOP_MODIFY_PASSWD, 133 bv.bv_val ? &bv : NULL, sctrls, cctrls, msgidp ); 134 135 ber_free( ber, 1 ); 136 137 return rc; 138} 139 140int 141ldap_passwd_s( 142 LDAP *ld, 143 struct berval *user, 144 struct berval *oldpw, 145 struct berval *newpw, 146 struct berval *newpasswd, 147 LDAPControl **sctrls, 148 LDAPControl **cctrls ) 149{ 150 int rc; 151 int msgid; 152 LDAPMessage *res; 153 154 rc = ldap_passwd( ld, user, oldpw, newpw, sctrls, cctrls, &msgid ); 155 if ( rc != LDAP_SUCCESS ) { 156 return rc; 157 } 158 159 if ( ldap_result( ld, msgid, LDAP_MSG_ALL, (struct timeval *) NULL, &res ) == -1 || !res ) { 160 return ld->ld_errno; 161 } 162 163 rc = ldap_parse_passwd( ld, res, newpasswd ); 164 if( rc != LDAP_SUCCESS ) { 165 ldap_msgfree( res ); 166 return rc; 167 } 168 169 return( ldap_result2error( ld, res, 1 ) ); 170} 171