An almost complete slap_sasl_setpass()

2025-12-30 19:49:35 -05:00 · 2002-06-12 00:13:29 +00:00 · 2002-06-12 00:13:29 +00:00 · 1410b3e7d9
commit 1410b3e7d9
parent d6e7f0f630
4 changed files with 112 additions and 9 deletions
--- a/servers/slapd/passwd.c
+++ b/servers/slapd/passwd.c
@ -44,19 +44,13 @@ int passwd_extop(
 	be = conn->c_authz_backend;
 	ldap_pvt_thread_mutex_unlock( &conn->c_mutex );

-	if( be == NULL ) {
-		*text = "operation not supported for SASL user";
-		return LDAP_UNWILLING_TO_PERFORM;
-	}
-
-	if( !be->be_extended ) {
+	if( be && !be->be_extended ) {
 		*text = "operation not supported for current user";
 		return LDAP_UNWILLING_TO_PERFORM;
 	}

 	{
 		struct berval passwd = BER_BVC( LDAP_EXOP_MODIFY_PASSWD );
-
 		rc = backend_check_restrictions( be, conn, op, &passwd, text );
 	}

@ -64,7 +58,18 @@ int passwd_extop(
 		return rc;
 	}

-	if( be->be_update_ndn.bv_len ) {
+	if( be == NULL ) {
+#ifdef HAVE_CYRUS_SASL
+		rc = slap_sasl_setpass( conn, op,
+			reqoid, reqdata,
+			rspoid, rspdata, rspctrls,
+			text );
+#else
+		*text = "no authz backend";
+		rc = LDAP_OTHER;
+#endif
+
+	} else if( be->be_update_ndn.bv_len ) {
 		/* we SHOULD return a referral in this case */
 		*refs = referral_rewrite( be->be_update_refs,
 			NULL, NULL, LDAP_SCOPE_DEFAULT );
--- a/servers/slapd/proto-slap.h
+++ b/servers/slapd/proto-slap.h
@ -830,6 +830,16 @@ LDAP_SLAPD_F (int) slap_sasl_bind LDAP_P((
 	struct berval *cred,
 	struct berval *edn, slap_ssf_t *ssf ));

+LDAP_SLAPD_F (int) slap_sasl_setpass(
+	Connection      *conn,
+	Operation       *op,
+	const char      *reqoid,
+	struct berval   *reqdata,
+	char            **rspoid,
+	struct berval   **rspdata,
+	LDAPControl     *** rspctrls,
+	const char      **text );
+
 /*
 * saslauthz.c
 */
--- a/servers/slapd/sasl.c
+++ b/servers/slapd/sasl.c
@ -1281,3 +1281,79 @@ char* slap_sasl_secprops( const char *in )
 	return "SASL not supported";
 #endif
 }
+
+#ifdef HAVE_CYRUS_SASL
+int
+slap_sasl_setpass(
+	Connection      *conn,
+	Operation       *op,
+	const char      *reqoid,
+	struct berval   *reqdata,
+	char            **rspoid,
+	struct berval   **rspdata,
+	LDAPControl     *** rspctrls,
+	const char      **text )
+{
+	int rc;
+	struct berval id = { 0, NULL };	/* needs to come from connection */
+	struct berval new = { 0, NULL };
+
+	assert( reqoid != NULL );
+	assert( strcmp( LDAP_EXOP_MODIFY_PASSWD, reqoid ) == 0 );
+
+	if( id.bv_len == 0 ) {
+		*text = "not yet implemented";
+		rc = LDAP_OTHER;
+	}
+
+#ifdef NEW_LOGGING
+	LDAP_LOG(( "backend", LDAP_LEVEL_ENTRY,
+		"slap_sasl_setpass: \"%s\"\n",
+		id.bv_val ? id.bv_val : "" ));
+#else
+	Debug( LDAP_DEBUG_ARGS, "==> ldbm_back_exop_passwd: \"%s\"\n",
+		id.bv_val ? id.bv_val : "", 0, 0 );
+#endif
+
+	rc = slap_passwd_parse( reqdata,
+		NULL, NULL, &new, text );
+
+	if( rc != LDAP_SUCCESS ) {
+		goto done;
+	}
+
+	if( new.bv_len == 0 ) {
+		slap_passwd_generate(&new);
+
+		if( new.bv_len == 0 ) {
+			*text = "password generation failed.";
+			rc = LDAP_OTHER;
+			goto done;
+		}
+		
+		*rspdata = slap_passwd_return( &new );
+	}
+
+	rc = sasl_setpass( conn->c_sasl_context,
+		id.bv_val, new.bv_val, new.bv_len, SASL_SET_CREATE,
+		text );
+
+	switch(rc) {
+		case SASL_OK:
+			rc = LDAP_SUCCESS;
+			break;
+
+		case SASL_NOCHANGE:
+		case SASL_NOMECH:
+		case SASL_DISABLED:
+		case SASL_PWLOCK:
+		case SASL_FAIL:
+		case SASL_BADPARAM:
+		default:
+			rc = LDAP_OTHER;
+	}
+
+done:
+	return rc;
+}
+#endif
--- a/servers/slapd/tools/mimic.c
+++ b/servers/slapd/tools/mimic.c
@ -140,12 +140,24 @@ int slap_sasl_destroy(void)
 	return LDAP_SUCCESS;
 }

+int slap_sasl_setpass(
+	Connection      *conn,
+	Operation       *op,
+	const char      *reqoid,
+	struct berval   *reqdata,
+	char            **rspoid,
+	struct berval   **rspdata,
+	LDAPControl     *** rspctrls,
+	const char      **text )
+{
+	return LDAP_SUCCESS;
+}
+
 char * slap_sasl_secprops( const char *in )
 {
 	return NULL;
 }

-
 int slap_sasl_regexp_config( const char *match, const char *replace )
 {
 	return(0);