xref: /netbsd-src/external/bsd/openldap/dist/libraries/libldap/passwd.c (revision 549b59ed3ccf0d36d3097190a0db27b770f3a839) 
1*549b59edSchristos /*	$NetBSD: passwd.c,v 1.3 2021/08/14 16:14:56 christos Exp $	*/
24e6df137Slukem 
3d11b170bStron /* $OpenLDAP$ */
42de962bdSlukem /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
52de962bdSlukem  *
6*549b59edSchristos  * Copyright 1998-2021 The OpenLDAP Foundation.
72de962bdSlukem  * All rights reserved.
82de962bdSlukem  *
92de962bdSlukem  * Redistribution and use in source and binary forms, with or without
102de962bdSlukem  * modification, are permitted only as authorized by the OpenLDAP
112de962bdSlukem  * Public License.
122de962bdSlukem  *
132de962bdSlukem  * A copy of this license is available in the file LICENSE in the
142de962bdSlukem  * top-level directory of the distribution or, alternatively, at
152de962bdSlukem  * <http://www.OpenLDAP.org/license.html>.
162de962bdSlukem  */
172de962bdSlukem /* ACKNOWLEDGEMENTS:
18*549b59edSchristos  * This program was originally developed by Kurt D. Zeilenga for inclusion in
192de962bdSlukem  * OpenLDAP Software.
202de962bdSlukem  */
212de962bdSlukem 
22376af7d7Schristos #include <sys/cdefs.h>
23*549b59edSchristos __RCSID("$NetBSD: passwd.c,v 1.3 2021/08/14 16:14:56 christos Exp $");
24376af7d7Schristos 
252de962bdSlukem #include "portable.h"
262de962bdSlukem 
272de962bdSlukem #include <stdio.h>
282de962bdSlukem #include <ac/stdlib.h>
292de962bdSlukem #include <ac/string.h>
302de962bdSlukem #include <ac/time.h>
312de962bdSlukem 
322de962bdSlukem #include "ldap-int.h"
332de962bdSlukem 
342de962bdSlukem /*
352de962bdSlukem  * LDAP Password Modify (Extended) Operation (RFC 3062)
362de962bdSlukem  */
372de962bdSlukem 
ldap_parse_passwd(LDAP * ld,LDAPMessage * res,struct berval * newpasswd)382de962bdSlukem int ldap_parse_passwd(
392de962bdSlukem 	LDAP *ld,
402de962bdSlukem 	LDAPMessage *res,
412de962bdSlukem 	struct berval *newpasswd )
422de962bdSlukem {
432de962bdSlukem 	int rc;
442de962bdSlukem 	struct berval *retdata = NULL;
452de962bdSlukem 
462de962bdSlukem 	assert( ld != NULL );
472de962bdSlukem 	assert( LDAP_VALID( ld ) );
482de962bdSlukem 	assert( res != NULL );
492de962bdSlukem 	assert( newpasswd != NULL );
502de962bdSlukem 
512de962bdSlukem 	newpasswd->bv_val = NULL;
522de962bdSlukem 	newpasswd->bv_len = 0;
532de962bdSlukem 
542de962bdSlukem 	rc = ldap_parse_extended_result( ld, res, NULL, &retdata, 0 );
552de962bdSlukem 	if ( rc != LDAP_SUCCESS ) {
562de962bdSlukem 		return rc;
572de962bdSlukem 	}
582de962bdSlukem 
592de962bdSlukem 	if ( retdata != NULL ) {
602de962bdSlukem 		ber_tag_t tag;
612de962bdSlukem 		BerElement *ber = ber_init( retdata );
622de962bdSlukem 
632de962bdSlukem 		if ( ber == NULL ) {
642de962bdSlukem 			rc = ld->ld_errno = LDAP_NO_MEMORY;
652de962bdSlukem 			goto done;
662de962bdSlukem 		}
672de962bdSlukem 
682de962bdSlukem 		/* we should check the tag */
692de962bdSlukem 		tag = ber_scanf( ber, "{o}", newpasswd );
702de962bdSlukem 		ber_free( ber, 1 );
712de962bdSlukem 
722de962bdSlukem 		if ( tag == LBER_ERROR ) {
732de962bdSlukem 			rc = ld->ld_errno = LDAP_DECODING_ERROR;
742de962bdSlukem 		}
752de962bdSlukem 	}
762de962bdSlukem 
772de962bdSlukem done:;
782de962bdSlukem 	ber_bvfree( retdata );
792de962bdSlukem 
802de962bdSlukem 	return rc;
812de962bdSlukem }
822de962bdSlukem 
832de962bdSlukem int
ldap_passwd(LDAP * ld,struct berval * user,struct berval * oldpw,struct berval * newpw,LDAPControl ** sctrls,LDAPControl ** cctrls,int * msgidp)842de962bdSlukem ldap_passwd( LDAP *ld,
852de962bdSlukem 	struct berval	*user,
862de962bdSlukem 	struct berval	*oldpw,
872de962bdSlukem 	struct berval	*newpw,
882de962bdSlukem 	LDAPControl		**sctrls,
892de962bdSlukem 	LDAPControl		**cctrls,
902de962bdSlukem 	int				*msgidp )
912de962bdSlukem {
922de962bdSlukem 	int rc;
932de962bdSlukem 	struct berval bv = BER_BVNULL;
942de962bdSlukem 	BerElement *ber = NULL;
952de962bdSlukem 
962de962bdSlukem 	assert( ld != NULL );
972de962bdSlukem 	assert( LDAP_VALID( ld ) );
982de962bdSlukem 	assert( msgidp != NULL );
992de962bdSlukem 
1002de962bdSlukem 	if( user != NULL || oldpw != NULL || newpw != NULL ) {
1012de962bdSlukem 		/* build change password control */
1022de962bdSlukem 		ber = ber_alloc_t( LBER_USE_DER );
1032de962bdSlukem 
1042de962bdSlukem 		if( ber == NULL ) {
1052de962bdSlukem 			ld->ld_errno = LDAP_NO_MEMORY;
1062de962bdSlukem 			return ld->ld_errno;
1072de962bdSlukem 		}
1082de962bdSlukem 
1092de962bdSlukem 		ber_printf( ber, "{" /*}*/ );
1102de962bdSlukem 
1112de962bdSlukem 		if( user != NULL ) {
1122de962bdSlukem 			ber_printf( ber, "tO",
1132de962bdSlukem 				LDAP_TAG_EXOP_MODIFY_PASSWD_ID, user );
1142de962bdSlukem 		}
1152de962bdSlukem 
1162de962bdSlukem 		if( oldpw != NULL ) {
1172de962bdSlukem 			ber_printf( ber, "tO",
1182de962bdSlukem 				LDAP_TAG_EXOP_MODIFY_PASSWD_OLD, oldpw );
1192de962bdSlukem 		}
1202de962bdSlukem 
1212de962bdSlukem 		if( newpw != NULL ) {
1222de962bdSlukem 			ber_printf( ber, "tO",
1232de962bdSlukem 				LDAP_TAG_EXOP_MODIFY_PASSWD_NEW, newpw );
1242de962bdSlukem 		}
1252de962bdSlukem 
1262de962bdSlukem 		ber_printf( ber, /*{*/ "N}" );
1272de962bdSlukem 
1282de962bdSlukem 		rc = ber_flatten2( ber, &bv, 0 );
1292de962bdSlukem 
1302de962bdSlukem 		if( rc < 0 ) {
1312de962bdSlukem 			ld->ld_errno = LDAP_ENCODING_ERROR;
1322de962bdSlukem 			return ld->ld_errno;
1332de962bdSlukem 		}
1342de962bdSlukem 
1352de962bdSlukem 	}
1362de962bdSlukem 
1372de962bdSlukem 	rc = ldap_extended_operation( ld, LDAP_EXOP_MODIFY_PASSWD,
1382de962bdSlukem 		bv.bv_val ? &bv : NULL, sctrls, cctrls, msgidp );
1392de962bdSlukem 
1402de962bdSlukem 	ber_free( ber, 1 );
1412de962bdSlukem 
1422de962bdSlukem 	return rc;
1432de962bdSlukem }
1442de962bdSlukem 
1452de962bdSlukem int
ldap_passwd_s(LDAP * ld,struct berval * user,struct berval * oldpw,struct berval * newpw,struct berval * newpasswd,LDAPControl ** sctrls,LDAPControl ** cctrls)1462de962bdSlukem ldap_passwd_s(
1472de962bdSlukem 	LDAP *ld,
1482de962bdSlukem 	struct berval	*user,
1492de962bdSlukem 	struct berval	*oldpw,
1502de962bdSlukem 	struct berval	*newpw,
1512de962bdSlukem 	struct berval *newpasswd,
1522de962bdSlukem 	LDAPControl **sctrls,
1532de962bdSlukem 	LDAPControl **cctrls )
1542de962bdSlukem {
1552de962bdSlukem 	int		rc;
1562de962bdSlukem 	int		msgid;
1572de962bdSlukem 	LDAPMessage	*res;
1582de962bdSlukem 
1592de962bdSlukem 	rc = ldap_passwd( ld, user, oldpw, newpw, sctrls, cctrls, &msgid );
1602de962bdSlukem 	if ( rc != LDAP_SUCCESS ) {
1612de962bdSlukem 		return rc;
1622de962bdSlukem 	}
1632de962bdSlukem 
1642de962bdSlukem 	if ( ldap_result( ld, msgid, LDAP_MSG_ALL, (struct timeval *) NULL, &res ) == -1 || !res ) {
1652de962bdSlukem 		return ld->ld_errno;
1662de962bdSlukem 	}
1672de962bdSlukem 
1682de962bdSlukem 	rc = ldap_parse_passwd( ld, res, newpasswd );
1692de962bdSlukem 	if( rc != LDAP_SUCCESS ) {
1702de962bdSlukem 		ldap_msgfree( res );
1712de962bdSlukem 		return rc;
1722de962bdSlukem 	}
1732de962bdSlukem 
1742de962bdSlukem 	return( ldap_result2error( ld, res, 1 ) );
1752de962bdSlukem }
176