1/* $OpenLDAP$ */
2/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
3 *
4 * Copyright 1998-2011 The OpenLDAP Foundation.
5 * All rights reserved.
6 *
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted only as authorized by the OpenLDAP
9 * Public License.
10 *
11 * A copy of this license is available in the file LICENSE in the
12 * top-level directory of the distribution or, alternatively, at
13 * <http://www.OpenLDAP.org/license.html>.
14 */
15/* ACKNOWLEDGEMENTS:
16 * This program was orignally developed by Kurt D. Zeilenga for inclusion in
17 * OpenLDAP Software.
18 */
19
20#include "portable.h"
21
22#include <stdio.h>
23#include <ac/stdlib.h>
24#include <ac/string.h>
25#include <ac/time.h>
26
27#include "ldap-int.h"
28
29/*
30 * LDAP Password Modify (Extended) Operation (RFC 3062)
31 */
32
33int ldap_parse_passwd(
34	LDAP *ld,
35	LDAPMessage *res,
36	struct berval *newpasswd )
37{
38	int rc;
39	struct berval *retdata = NULL;
40
41	assert( ld != NULL );
42	assert( LDAP_VALID( ld ) );
43	assert( res != NULL );
44	assert( newpasswd != NULL );
45
46	newpasswd->bv_val = NULL;
47	newpasswd->bv_len = 0;
48
49	rc = ldap_parse_extended_result( ld, res, NULL, &retdata, 0 );
50	if ( rc != LDAP_SUCCESS ) {
51		return rc;
52	}
53
54	if ( retdata != NULL ) {
55		ber_tag_t tag;
56		BerElement *ber = ber_init( retdata );
57
58		if ( ber == NULL ) {
59			rc = ld->ld_errno = LDAP_NO_MEMORY;
60			goto done;
61		}
62
63		/* we should check the tag */
64		tag = ber_scanf( ber, "{o}", newpasswd );
65		ber_free( ber, 1 );
66
67		if ( tag == LBER_ERROR ) {
68			rc = ld->ld_errno = LDAP_DECODING_ERROR;
69		}
70	}
71
72done:;
73	ber_bvfree( retdata );
74
75	return rc;
76}
77
78int
79ldap_passwd( LDAP *ld,
80	struct berval	*user,
81	struct berval	*oldpw,
82	struct berval	*newpw,
83	LDAPControl		**sctrls,
84	LDAPControl		**cctrls,
85	int				*msgidp )
86{
87	int rc;
88	struct berval bv = BER_BVNULL;
89	BerElement *ber = NULL;
90
91	assert( ld != NULL );
92	assert( LDAP_VALID( ld ) );
93	assert( msgidp != NULL );
94
95	if( user != NULL || oldpw != NULL || newpw != NULL ) {
96		/* build change password control */
97		ber = ber_alloc_t( LBER_USE_DER );
98
99		if( ber == NULL ) {
100			ld->ld_errno = LDAP_NO_MEMORY;
101			return ld->ld_errno;
102		}
103
104		ber_printf( ber, "{" /*}*/ );
105
106		if( user != NULL ) {
107			ber_printf( ber, "tO",
108				LDAP_TAG_EXOP_MODIFY_PASSWD_ID, user );
109		}
110
111		if( oldpw != NULL ) {
112			ber_printf( ber, "tO",
113				LDAP_TAG_EXOP_MODIFY_PASSWD_OLD, oldpw );
114		}
115
116		if( newpw != NULL ) {
117			ber_printf( ber, "tO",
118				LDAP_TAG_EXOP_MODIFY_PASSWD_NEW, newpw );
119		}
120
121		ber_printf( ber, /*{*/ "N}" );
122
123		rc = ber_flatten2( ber, &bv, 0 );
124
125		if( rc < 0 ) {
126			ld->ld_errno = LDAP_ENCODING_ERROR;
127			return ld->ld_errno;
128		}
129
130	}
131
132	rc = ldap_extended_operation( ld, LDAP_EXOP_MODIFY_PASSWD,
133		bv.bv_val ? &bv : NULL, sctrls, cctrls, msgidp );
134
135	ber_free( ber, 1 );
136
137	return rc;
138}
139
140int
141ldap_passwd_s(
142	LDAP *ld,
143	struct berval	*user,
144	struct berval	*oldpw,
145	struct berval	*newpw,
146	struct berval *newpasswd,
147	LDAPControl **sctrls,
148	LDAPControl **cctrls )
149{
150	int		rc;
151	int		msgid;
152	LDAPMessage	*res;
153
154	rc = ldap_passwd( ld, user, oldpw, newpw, sctrls, cctrls, &msgid );
155	if ( rc != LDAP_SUCCESS ) {
156		return rc;
157	}
158
159	if ( ldap_result( ld, msgid, LDAP_MSG_ALL, (struct timeval *) NULL, &res ) == -1 || !res ) {
160		return ld->ld_errno;
161	}
162
163	rc = ldap_parse_passwd( ld, res, newpasswd );
164	if( rc != LDAP_SUCCESS ) {
165		ldap_msgfree( res );
166		return rc;
167	}
168
169	return( ldap_result2error( ld, res, 1 ) );
170}
171