Commit 1410b3e7 authored by Kurt Zeilenga's avatar Kurt Zeilenga
Browse files

An almost complete slap_sasl_setpass()

parent d6e7f0f6
......@@ -44,19 +44,13 @@ int passwd_extop(
be = conn->c_authz_backend;
ldap_pvt_thread_mutex_unlock( &conn->c_mutex );
if( be == NULL ) {
*text = "operation not supported for SASL user";
return LDAP_UNWILLING_TO_PERFORM;
}
if( !be->be_extended ) {
if( be && !be->be_extended ) {
*text = "operation not supported for current user";
return LDAP_UNWILLING_TO_PERFORM;
}
{
struct berval passwd = BER_BVC( LDAP_EXOP_MODIFY_PASSWD );
rc = backend_check_restrictions( be, conn, op, &passwd, text );
}
......@@ -64,7 +58,18 @@ int passwd_extop(
return rc;
}
if( be->be_update_ndn.bv_len ) {
if( be == NULL ) {
#ifdef HAVE_CYRUS_SASL
rc = slap_sasl_setpass( conn, op,
reqoid, reqdata,
rspoid, rspdata, rspctrls,
text );
#else
*text = "no authz backend";
rc = LDAP_OTHER;
#endif
} else if( be->be_update_ndn.bv_len ) {
/* we SHOULD return a referral in this case */
*refs = referral_rewrite( be->be_update_refs,
NULL, NULL, LDAP_SCOPE_DEFAULT );
......
......@@ -830,6 +830,16 @@ LDAP_SLAPD_F (int) slap_sasl_bind LDAP_P((
struct berval *cred,
struct berval *edn, slap_ssf_t *ssf ));
LDAP_SLAPD_F (int) slap_sasl_setpass(
Connection *conn,
Operation *op,
const char *reqoid,
struct berval *reqdata,
char **rspoid,
struct berval **rspdata,
LDAPControl *** rspctrls,
const char **text );
/*
* saslauthz.c
*/
......
......@@ -1281,3 +1281,79 @@ char* slap_sasl_secprops( const char *in )
return "SASL not supported";
#endif
}
#ifdef HAVE_CYRUS_SASL
int
slap_sasl_setpass(
Connection *conn,
Operation *op,
const char *reqoid,
struct berval *reqdata,
char **rspoid,
struct berval **rspdata,
LDAPControl *** rspctrls,
const char **text )
{
int rc;
struct berval id = { 0, NULL }; /* needs to come from connection */
struct berval new = { 0, NULL };
assert( reqoid != NULL );
assert( strcmp( LDAP_EXOP_MODIFY_PASSWD, reqoid ) == 0 );
if( id.bv_len == 0 ) {
*text = "not yet implemented";
rc = LDAP_OTHER;
}
#ifdef NEW_LOGGING
LDAP_LOG(( "backend", LDAP_LEVEL_ENTRY,
"slap_sasl_setpass: \"%s\"\n",
id.bv_val ? id.bv_val : "" ));
#else
Debug( LDAP_DEBUG_ARGS, "==> ldbm_back_exop_passwd: \"%s\"\n",
id.bv_val ? id.bv_val : "", 0, 0 );
#endif
rc = slap_passwd_parse( reqdata,
NULL, NULL, &new, text );
if( rc != LDAP_SUCCESS ) {
goto done;
}
if( new.bv_len == 0 ) {
slap_passwd_generate(&new);
if( new.bv_len == 0 ) {
*text = "password generation failed.";
rc = LDAP_OTHER;
goto done;
}
*rspdata = slap_passwd_return( &new );
}
rc = sasl_setpass( conn->c_sasl_context,
id.bv_val, new.bv_val, new.bv_len, SASL_SET_CREATE,
text );
switch(rc) {
case SASL_OK:
rc = LDAP_SUCCESS;
break;
case SASL_NOCHANGE:
case SASL_NOMECH:
case SASL_DISABLED:
case SASL_PWLOCK:
case SASL_FAIL:
case SASL_BADPARAM:
default:
rc = LDAP_OTHER;
}
done:
return rc;
}
#endif
......@@ -140,12 +140,24 @@ int slap_sasl_destroy(void)
return LDAP_SUCCESS;
}
int slap_sasl_setpass(
Connection *conn,
Operation *op,
const char *reqoid,
struct berval *reqdata,
char **rspoid,
struct berval **rspdata,
LDAPControl *** rspctrls,
const char **text )
{
return LDAP_SUCCESS;
}
char * slap_sasl_secprops( const char *in )
{
return NULL;
}
int slap_sasl_regexp_config( const char *match, const char *replace )
{
return(0);
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment