/*
* ldap_extended_operation_s - perform an arbitrary ldapv3 extended operation.
* the oid and data of the extended operation are supplied. LDAP_SUCCESS
* is returned upon success, the ldap error code otherwise.
*
* Example:
* struct berval exdata, exretval;
* char *exoid;
* int rc;
* ... fill in oid and data ...
* rc = ldap_extended_operation_s( ld, exoid, &exdata, &exretval );
*/
int
LDAP_CALL
ldap_extended_operation_s(
LDAP *ld,
const char *requestoid,
const struct berval *requestdata,
LDAPControl **serverctrls,
LDAPControl **clientctrls,
char **retoidp,
struct berval **retdatap
)
{
int err, msgid;
LDAPMessage *result;
if (( err = ldap_extended_operation( ld, requestoid, requestdata,
serverctrls, clientctrls, &msgid )) != LDAP_SUCCESS ) {
return( err );
}
if ( ldap_result( ld, msgid, 1, (struct timeval *) 0, &result )
== -1 ) {
return( LDAP_GET_LDERRNO( ld, NULL, NULL ) );
}
if (( err = ldap_parse_extended_result( ld, result, retoidp, retdatap,
0 )) != LDAP_SUCCESS ) {
ldap_msgfree( result );
return( err );
}
return( ldap_result2error( ld, result, 1 ) );
}
int
ldap_txn_end(
LDAP *ld,
int commit,
struct berval *txnid,
LDAPControl **sctrls,
LDAPControl **cctrls,
int *msgidp )
{
int rc;
BerElement *txnber = NULL;
struct berval *txnval = NULL;
assert( txnid != NULL );
txnber = ber_alloc_t( LBER_USE_DER );
if( commit ) {
ber_printf( txnber, "{ON}", txnid );
} else {
ber_printf( txnber, "{bON}", commit, txnid );
}
ber_flatten( txnber, &txnval );
rc = ldap_extended_operation( ld, LDAP_EXOP_X_TXN_END,
txnval, sctrls, cctrls, msgidp );
ber_free( txnber, 1 );
return rc;
}
int
ldap_turn(
LDAP *ld,
int mutual,
LDAP_CONST char* identifier,
LDAPControl **sctrls,
LDAPControl **cctrls,
int *msgidp )
{
#ifdef LDAP_EXOP_X_TURN
BerElement *turnvalber = NULL;
struct berval *turnvalp = NULL;
int rc;
turnvalber = ber_alloc_t( LBER_USE_DER );
if( mutual ) {
ber_printf( turnvalber, "{bs}", mutual, identifier );
} else {
ber_printf( turnvalber, "{s}", identifier );
}
ber_flatten( turnvalber, &turnvalp );
rc = ldap_extended_operation( ld, LDAP_EXOP_X_TURN,
turnvalp, sctrls, cctrls, msgidp );
ber_free( turnvalber, 1 );
return rc;
#else
return LDAP_CONTROL_NOT_FOUND;
#endif
}
int
ldap_start_tls( LDAP *ld,
LDAPControl **serverctrls,
LDAPControl **clientctrls,
int *msgidp )
{
return ldap_extended_operation( ld, LDAP_EXOP_START_TLS,
NULL, serverctrls, clientctrls, msgidp );
}
int
ldap_txn_start(
LDAP *ld,
LDAPControl **sctrls,
LDAPControl **cctrls,
int *msgidp )
{
return ldap_extended_operation( ld, LDAP_EXOP_X_TXN_START,
NULL, sctrls, cctrls, msgidp );
}
static int ipa_ldap_extended_op(LDAP *ld, const char *reqoid,
struct berval *control,
LDAPControl ***srvctrl)
{
struct berval *retdata = NULL;
LDAPMessage *res = NULL;
char *retoid = NULL;
struct timeval tv;
char *err = NULL;
int msgid;
int ret, rc;
ret = ldap_extended_operation(ld, reqoid, control,
NULL, NULL, &msgid);
if (ret != LDAP_SUCCESS) {
fprintf(stderr, _("Operation failed: %s\n"), ldap_err2string(ret));
return ret;
}
/* wait max 100 secs for the answer */
tv.tv_sec = 100;
tv.tv_usec = 0;
ret = ldap_result(ld, msgid, 1, &tv, &res);
if (ret == -1) {
fprintf(stderr, _("Failed to get result: %s\n"), ldap_err2string(ret));
goto done;
}
else if (res == NULL) {
fprintf(stderr, _("Timeout exceeded."));
goto done;
}
ret = ldap_parse_extended_result(ld, res, &retoid, &retdata, 0);
if (ret != LDAP_SUCCESS) {
fprintf(stderr, _("Failed to parse extended result: %s\n"),
ldap_err2string(ret));
goto done;
}
ret = ldap_parse_result(ld, res, &rc, NULL, &err, NULL, srvctrl, 0);
if (ret != LDAP_SUCCESS || rc != LDAP_SUCCESS) {
fprintf(stderr, _("Failed to parse result: %s\n"),
err ? err : ldap_err2string(ret));
if (ret == LDAP_SUCCESS) ret = rc;
goto done;
}
done:
if (err) ldap_memfree(err);
if (res) ldap_msgfree(res);
return ret;
}
int
ldap_extended_operation_s(
LDAP *ld,
LDAP_CONST char *reqoid,
struct berval *reqdata,
LDAPControl **sctrls,
LDAPControl **cctrls,
char **retoidp,
struct berval **retdatap )
{
int rc;
int msgid;
LDAPMessage *res;
#ifdef NEW_LOGGING
LDAP_LOG ( OPERATION, ENTRY, "ldap_extended_operation_s\n", 0,0,0 );
#else
Debug( LDAP_DEBUG_TRACE, "ldap_extended_operation_s\n", 0, 0, 0 );
#endif
assert( ld != NULL );
assert( LDAP_VALID( ld ) );
assert( reqoid != NULL || *reqoid == '\0' );
assert( retoidp != NULL || retdatap != NULL );
rc = ldap_extended_operation( ld, reqoid, reqdata,
sctrls, cctrls, &msgid );
if ( rc != LDAP_SUCCESS ) {
return( rc );
}
if ( ldap_result( ld, msgid, 1, (struct timeval *) NULL, &res ) == -1 ) {
return( ld->ld_errno );
}
if ( retoidp != NULL ) *retoidp = NULL;
if ( retdatap != NULL ) *retdatap = NULL;
rc = ldap_parse_extended_result( ld, res, retoidp, retdatap, 0 );
if( rc != LDAP_SUCCESS ) {
ldap_msgfree( res );
return rc;
}
return( ldap_result2error( ld, res, 1 ) );
}
int
ldap_refresh(
LDAP *ld,
struct berval *dn,
ber_int_t ttl,
LDAPControl **sctrls,
LDAPControl **cctrls,
int *msgidp )
{
struct berval bv = { 0, NULL };
BerElement *ber = NULL;
int rc;
assert( ld != NULL );
assert( LDAP_VALID( ld ) );
assert( dn != NULL );
assert( msgidp != NULL );
*msgidp = -1;
ber = ber_alloc_t( LBER_USE_DER );
if ( ber == NULL ) {
ld->ld_errno = LDAP_NO_MEMORY;
return ld->ld_errno;
}
ber_printf( ber, "{tOtiN}",
LDAP_TAG_EXOP_REFRESH_REQ_DN, dn,
LDAP_TAG_EXOP_REFRESH_REQ_TTL, ttl );
rc = ber_flatten2( ber, &bv, 0 );
if ( rc < 0 ) {
rc = ld->ld_errno = LDAP_ENCODING_ERROR;
goto done;
}
rc = ldap_extended_operation( ld, LDAP_EXOP_REFRESH, &bv,
sctrls, cctrls, msgidp );
done:
;
ber_free( ber, 1 );
return rc;
}
int
ldap_whoami( LDAP *ld,
LDAPControl **sctrls,
LDAPControl **cctrls,
int *msgidp )
{
int rc;
assert( ld != NULL );
assert( LDAP_VALID( ld ) );
assert( msgidp != NULL );
rc = ldap_extended_operation( ld, LDAP_EXOP_X_WHO_AM_I,
NULL, sctrls, cctrls, msgidp );
return rc;
}
int
ldap_extended_operation_s(
LDAP *ld,
LDAP_CONST char *reqoid,
struct berval *reqdata,
LDAPControl **sctrls,
LDAPControl **cctrls,
char **retoidp,
struct berval **retdatap )
{
int rc;
int msgid;
LDAPMessage *res;
Debug( LDAP_DEBUG_TRACE, "ldap_extended_operation_s\n", 0, 0, 0 );
assert( ld != NULL );
assert( LDAP_VALID( ld ) );
assert( reqoid != NULL && *reqoid != '\0' );
rc = ldap_extended_operation( ld, reqoid, reqdata,
sctrls, cctrls, &msgid );
if ( rc != LDAP_SUCCESS ) {
return( rc );
}
if ( ldap_result( ld, msgid, LDAP_MSG_ALL, (struct timeval *) NULL, &res ) == -1 || !res ) {
return( ld->ld_errno );
}
if ( retoidp != NULL ) *retoidp = NULL;
if ( retdatap != NULL ) *retdatap = NULL;
rc = ldap_parse_extended_result( ld, res, retoidp, retdatap, 0 );
if( rc != LDAP_SUCCESS ) {
ldap_msgfree( res );
return rc;
}
return( ldap_result2error( ld, res, 1 ) );
}
int
ldap_cancel(
LDAP *ld,
int cancelid,
LDAPControl **sctrls,
LDAPControl **cctrls,
int *msgidp )
{
BerElement *cancelidber = NULL;
struct berval *cancelidvalp = NULL;
int rc;
cancelidber = ber_alloc_t( LBER_USE_DER );
ber_printf( cancelidber, "{i}", cancelid );
ber_flatten( cancelidber, &cancelidvalp );
rc = ldap_extended_operation( ld, LDAP_EXOP_CANCEL,
cancelidvalp, sctrls, cctrls, msgidp );
ber_free( cancelidber, 1 );
return rc;
}
/***********************************************************************
* ldap_extended_operationW (WLDAP32.@)
*
* Perform an extended operation (asynchronous mode).
*
* PARAMS
* ld [I] Pointer to an LDAP context.
* oid [I] OID of the extended operation.
* data [I] Data needed by the operation.
* serverctrls [I] Array of LDAP server controls.
* clientctrls [I] Array of LDAP client controls.
* message [O] Message ID of the extended operation.
*
* RETURNS
* Success: LDAP_SUCCESS
* Failure: An LDAP error code.
*
* NOTES
* The data parameter should be set to NULL if the operation
* requires no data. Call ldap_result with the message ID to
* get the result of the operation or ldap_abandon to cancel
* the operation. The serverctrls and clientctrls parameters
* are optional and should be set to NULL if not used. Call
* ldap_close_extended_op to close the operation.
*/
ULONG CDECL ldap_extended_operationW( WLDAP32_LDAP *ld, PWCHAR oid, struct WLDAP32_berval *data,
PLDAPControlW *serverctrls, PLDAPControlW *clientctrls, ULONG *message )
{
ULONG ret = WLDAP32_LDAP_NOT_SUPPORTED;
#ifdef HAVE_LDAP
char *oidU = NULL;
LDAPControl **serverctrlsU = NULL, **clientctrlsU = NULL;
ret = WLDAP32_LDAP_NO_MEMORY;
TRACE( "(%p, %s, %p, %p, %p, %p)\n", ld, debugstr_w(oid), data, serverctrls,
clientctrls, message );
if (!ld || !message) return WLDAP32_LDAP_PARAM_ERROR;
if (oid) {
oidU = strWtoU( oid );
if (!oidU) goto exit;
}
if (serverctrls) {
serverctrlsU = controlarrayWtoU( serverctrls );
if (!serverctrlsU) goto exit;
}
if (clientctrls) {
clientctrlsU = controlarrayWtoU( clientctrls );
if (!clientctrlsU) goto exit;
}
ret = map_error( ldap_extended_operation( ld, oid ? oidU : "", (struct berval *)data,
serverctrlsU, clientctrlsU, (int *)message ));
exit:
strfreeU( oidU );
controlarrayfreeU( serverctrlsU );
controlarrayfreeU( clientctrlsU );
#endif
return ret;
}
static int
ldap_back_exop_generic(
Operation *op,
SlapReply *rs,
ldapconn_t **lcp )
{
ldapinfo_t *li = (ldapinfo_t *) op->o_bd->be_private;
ldapconn_t *lc = *lcp;
LDAPMessage *res;
ber_int_t msgid;
int rc;
int do_retry = 1;
char *text = NULL;
Debug( LDAP_DEBUG_ARGS, "==> ldap_back_exop_generic(%s, \"%s\")\n",
op->ore_reqoid.bv_val, op->o_req_dn.bv_val, 0 );
assert( lc != NULL );
assert( rs->sr_ctrls == NULL );
retry:
rc = ldap_extended_operation( lc->lc_ld,
op->ore_reqoid.bv_val, op->ore_reqdata,
op->o_ctrls, NULL, &msgid );
if ( rc == LDAP_SUCCESS ) {
/* TODO: set timeout? */
/* by now, make sure no timeout is used (ITS#6282) */
struct timeval tv = { -1, 0 };
if ( ldap_result( lc->lc_ld, msgid, LDAP_MSG_ALL, &tv, &res ) == -1 ) {
ldap_get_option( lc->lc_ld, LDAP_OPT_ERROR_NUMBER, &rc );
rs->sr_err = rc;
} else {
/* only touch when activity actually took place... */
if ( li->li_idle_timeout ) {
lc->lc_time = op->o_time;
}
/* sigh. parse twice, because parse_passwd
* doesn't give us the err / match / msg info.
*/
rc = ldap_parse_result( lc->lc_ld, res, &rs->sr_err,
(char **)&rs->sr_matched,
&text,
NULL, &rs->sr_ctrls, 0 );
if ( rc == LDAP_SUCCESS ) {
if ( rs->sr_err == LDAP_SUCCESS ) {
rc = ldap_parse_extended_result( lc->lc_ld, res,
(char **)&rs->sr_rspoid, &rs->sr_rspdata, 0 );
if ( rc == LDAP_SUCCESS ) {
rs->sr_type = REP_EXTENDED;
}
} else {
rc = rs->sr_err;
}
}
ldap_msgfree( res );
}
}
if ( rc != LDAP_SUCCESS ) {
rs->sr_err = slap_map_api2result( rs );
if ( rs->sr_err == LDAP_UNAVAILABLE && do_retry ) {
do_retry = 0;
if ( ldap_back_retry( &lc, op, rs, LDAP_BACK_SENDERR ) ) {
goto retry;
}
}
if ( LDAP_BACK_QUARANTINE( li ) ) {
ldap_back_quarantine( op, rs );
}
if ( text ) rs->sr_text = text;
send_ldap_extended( op, rs );
/* otherwise frontend resends result */
rc = rs->sr_err = SLAPD_ABANDON;
} else if ( LDAP_BACK_QUARANTINE( li ) ) {
ldap_back_quarantine( op, rs );
}
ldap_pvt_thread_mutex_lock( &li->li_counter_mutex );
ldap_pvt_mp_add( li->li_ops_completed[ SLAP_OP_EXTENDED ], 1 );
ldap_pvt_thread_mutex_unlock( &li->li_counter_mutex );
/* these have to be freed anyway... */
if ( rs->sr_matched ) {
free( (char *)rs->sr_matched );
rs->sr_matched = NULL;
}
if ( rs->sr_ctrls ) {
ldap_controls_free( rs->sr_ctrls );
rs->sr_ctrls = NULL;
}
if ( text ) {
free( text );
rs->sr_text = NULL;
}
/* in case, cleanup handler */
if ( lc == NULL ) {
*lcp = NULL;
}
return rc;
}
int
ldap_verify_credentials(LDAP *ld,
struct berval *cookie,
LDAP_CONST char *dn,
LDAP_CONST char *mechanism,
struct berval *cred,
LDAPControl **vcctrls,
LDAPControl **sctrls,
LDAPControl **cctrls,
int *msgidp)
{
int rc;
BerElement *ber;
struct berval reqdata;
assert(ld != NULL);
assert(LDAP_VALID(ld));
assert(msgidp != NULL);
ber = ber_alloc_t(LBER_USE_DER);
if (dn == NULL) dn = "";
if (mechanism == LDAP_SASL_SIMPLE) {
assert(!cookie);
rc = ber_printf(ber, "{stO" /*"}"*/,
dn, LDAP_AUTH_SIMPLE, cred);
} else {
if (!cred || BER_BVISNULL(cred)) {
if (cookie) {
rc = ber_printf(ber, "{tOst{sN}" /*"}"*/,
LDAP_TAG_EXOP_VERIFY_CREDENTIALS_COOKIE, cookie,
dn, LDAP_AUTH_SASL, mechanism);
} else {
rc = ber_printf(ber, "{st{sN}N" /*"}"*/,
dn, LDAP_AUTH_SASL, mechanism);
}
} else {
if (cookie) {
rc = ber_printf(ber, "{tOst{sON}" /*"}"*/,
LDAP_TAG_EXOP_VERIFY_CREDENTIALS_COOKIE, cookie,
dn, LDAP_AUTH_SASL, mechanism, cred);
} else {
rc = ber_printf(ber, "{st{sON}" /*"}"*/,
dn, LDAP_AUTH_SASL, mechanism, cred);
}
}
}
if (rc < 0) {
rc = ld->ld_errno = LDAP_ENCODING_ERROR;
goto done;
}
if (vcctrls && *vcctrls) {
LDAPControl *const *c;
rc = ber_printf(ber, "t{" /*"}"*/, LDAP_TAG_EXOP_VERIFY_CREDENTIALS_CONTROLS);
for (c=vcctrls; *c; c++) {
rc = ldap_pvt_put_control(*c, ber);
if (rc != LDAP_SUCCESS) {
rc = ld->ld_errno = LDAP_ENCODING_ERROR;
goto done;
}
}
rc = ber_printf(ber, /*"{{"*/ "}N}");
} else {
rc = ber_printf(ber, /*"{"*/ "N}");
}
if (rc < 0) {
rc = ld->ld_errno = LDAP_ENCODING_ERROR;
goto done;
}
rc = ber_flatten2(ber, &reqdata, 0);
if (rc < 0) {
rc = ld->ld_errno = LDAP_ENCODING_ERROR;
goto done;
}
rc = ldap_extended_operation(ld, LDAP_EXOP_VERIFY_CREDENTIALS,
&reqdata, sctrls, cctrls, msgidp);
done:
ber_free(ber, 1);
return rc;
}
int
main( int argc, char *argv[] )
{
int rc;
LDAP *ld = NULL;
char *matcheddn = NULL, *text = NULL, **refs = NULL;
LDAPControl **ctrls = NULL;
int id, code;
LDAPMessage *res = NULL;
tool_init( TOOL_EXOP );
prog = lutil_progname( "ldapexop", argc, argv );
/* LDAPv3 only */
protocol = LDAP_VERSION3;
tool_args( argc, argv );
if ( argc - optind < 1 ) {
usage();
}
ld = tool_conn_setup( 0, 0 );
tool_bind( ld );
argv += optind;
argc -= optind;
if ( strcasecmp( argv[ 0 ], "whoami" ) == 0 ) {
tool_server_controls( ld, NULL, 0 );
rc = ldap_whoami( ld, NULL, NULL, &id );
if ( rc != LDAP_SUCCESS ) {
tool_perror( "ldap_extended_operation", rc, NULL, NULL, NULL, NULL );
rc = EXIT_FAILURE;
goto skip;
}
} else if ( strcasecmp( argv[ 0 ], "cancel" ) == 0 ) {
int cancelid;
switch ( argc ) {
case 2:
if ( lutil_atoi( &cancelid, argv[ 1 ] ) != 0 || cancelid < 0 ) {
fprintf( stderr, "invalid cancelid=%s\n\n", argv[ 1 ] );
usage();
}
break;
default:
fprintf( stderr, "need cancelid\n\n" );
usage();
}
rc = ldap_cancel( ld, cancelid, NULL, NULL, &id );
if ( rc != LDAP_SUCCESS ) {
tool_perror( "ldap_cancel", rc, NULL, NULL, NULL, NULL );
rc = EXIT_FAILURE;
goto skip;
}
} else if ( strcasecmp( argv[ 0 ], "passwd" ) == 0 ) {
fprintf( stderr, "use ldappasswd(1) instead.\n\n" );
usage();
/* TODO? */
} else if ( strcasecmp( argv[ 0 ], "refresh" ) == 0 ) {
int ttl = 3600;
struct berval dn;
switch ( argc ) {
case 3:
ttl = atoi( argv[ 2 ] );
case 2:
dn.bv_val = argv[ 1 ];
dn.bv_len = strlen( dn.bv_val );
break;
default:
fprintf( stderr, _("need DN [ttl]\n\n") );
usage();
}
tool_server_controls( ld, NULL, 0 );
rc = ldap_refresh( ld, &dn, ttl, NULL, NULL, &id );
if ( rc != LDAP_SUCCESS ) {
tool_perror( "ldap_extended_operation", rc, NULL, NULL, NULL, NULL );
rc = EXIT_FAILURE;
goto skip;
}
} else {
char *p;
if ( argc != 1 ) {
usage();
}
p = strchr( argv[ 0 ], ':' );
if ( p == argv[ 0 ] ) {
usage();
}
if ( p != NULL )
*p++ = '\0';
if ( tool_is_oid( argv[ 0 ] ) ) {
struct berval reqdata;
struct berval type;
struct berval value;
int freeval;
if ( p != NULL ) {
p[ -1 ] = ':';
ldif_parse_line2( argv[ 0 ], &type, &value, &freeval );
p[ -1 ] = '\0';
if ( freeval ) {
reqdata = value;
} else {
ber_dupbv( &reqdata, &value );
}
}
tool_server_controls( ld, NULL, 0 );
rc = ldap_extended_operation( ld, argv[ 0 ], p ? &reqdata : NULL, NULL, NULL, &id );
if ( rc != LDAP_SUCCESS ) {
tool_perror( "ldap_extended_operation", rc, NULL, NULL, NULL, NULL );
rc = EXIT_FAILURE;
goto skip;
}
} else {
fprintf( stderr, "unknown exop \"%s\"\n\n", argv[ 0 ] );
usage();
}
}
for ( ; ; ) {
struct timeval tv;
if ( tool_check_abandon( ld, id ) ) {
tool_exit( ld, LDAP_CANCELLED );
}
tv.tv_sec = 0;
tv.tv_usec = 100000;
rc = ldap_result( ld, LDAP_RES_ANY, LDAP_MSG_ALL, &tv, &res );
if ( rc < 0 ) {
tool_perror( "ldap_result", rc, NULL, NULL, NULL, NULL );
rc = EXIT_FAILURE;
goto skip;
}
if ( rc != 0 ) {
break;
}
}
rc = ldap_parse_result( ld, res,
&code, &matcheddn, &text, &refs, &ctrls, 0 );
if ( rc == LDAP_SUCCESS ) {
rc = code;
}
if ( rc != LDAP_SUCCESS ) {
tool_perror( "ldap_parse_result", rc, NULL, matcheddn, text, refs );
rc = EXIT_FAILURE;
goto skip;
}
if ( strcasecmp( argv[ 0 ], "whoami" ) == 0 ) {
char *retoid = NULL;
struct berval *retdata = NULL;
rc = ldap_parse_extended_result( ld, res, &retoid, &retdata, 0 );
if ( rc != LDAP_SUCCESS ) {
tool_perror( "ldap_parse_extended_result", rc, NULL, NULL, NULL, NULL );
rc = EXIT_FAILURE;
goto skip;
}
if ( retdata != NULL ) {
if ( retdata->bv_len == 0 ) {
printf(_("anonymous\n") );
} else {
printf("%s\n", retdata->bv_val );
}
}
ber_memfree( retoid );
ber_bvfree( retdata );
} else if ( strcasecmp( argv[ 0 ], "cancel" ) == 0 ) {
/* no extended response; returns specific errors */
assert( 0 );
} else if ( strcasecmp( argv[ 0 ], "passwd" ) == 0 ) {
/* TODO */
} else if ( strcasecmp( argv[ 0 ], "refresh" ) == 0 ) {
int newttl;
rc = ldap_parse_refresh( ld, res, &newttl );
if ( rc != LDAP_SUCCESS ) {
tool_perror( "ldap_parse_refresh", rc, NULL, NULL, NULL, NULL );
rc = EXIT_FAILURE;
goto skip;
}
printf( "newttl=%d\n", newttl );
} else if ( tool_is_oid( argv[ 0 ] ) ) {
char *retoid = NULL;
struct berval *retdata = NULL;
if( ldif < 2 ) {
printf(_("# extended operation response\n"));
}
rc = ldap_parse_extended_result( ld, res, &retoid, &retdata, 0 );
if ( rc != LDAP_SUCCESS ) {
tool_perror( "ldap_parse_extended_result", rc, NULL, NULL, NULL, NULL );
rc = EXIT_FAILURE;
goto skip;
}
if ( ldif < 2 && retoid != NULL ) {
tool_write_ldif( ldif ? LDIF_PUT_COMMENT : LDIF_PUT_VALUE,
"oid", retoid, strlen(retoid) );
}
ber_memfree( retoid );
if( retdata != NULL ) {
if ( ldif < 2 ) {
tool_write_ldif( ldif ? LDIF_PUT_COMMENT : LDIF_PUT_BINARY,
"data", retdata->bv_val, retdata->bv_len );
}
ber_bvfree( retdata );
}
}
if( verbose || code != LDAP_SUCCESS ||
( matcheddn && *matcheddn ) || ( text && *text ) || refs ) {
printf( _("Result: %s (%d)\n"), ldap_err2string( code ), code );
if( text && *text ) {
printf( _("Additional info: %s\n"), text );
}
if( matcheddn && *matcheddn ) {
printf( _("Matched DN: %s\n"), matcheddn );
}
if( refs ) {
int i;
for( i=0; refs[i]; i++ ) {
printf(_("Referral: %s\n"), refs[i] );
}
}
}
if (ctrls) {
tool_print_ctrls( ld, ctrls );
ldap_controls_free( ctrls );
}
ber_memfree( text );
ber_memfree( matcheddn );
ber_memvfree( (void **) refs );
skip:
/* disconnect from server */
if ( res )
ldap_msgfree( res );
tool_exit( ld, code == LDAP_SUCCESS ? EXIT_SUCCESS : EXIT_FAILURE );
}
int
main( int argc, char *argv[] )
{
int rc;
char *user = NULL;
LDAP *ld = NULL;
struct berval bv = {0, NULL};
BerElement *ber = NULL;
int id, code = LDAP_OTHER;
LDAPMessage *res;
char *matcheddn = NULL, *text = NULL, **refs = NULL;
char *retoid = NULL;
struct berval *retdata = NULL;
LDAPControl **ctrls = NULL;
tool_init( TOOL_PASSWD );
prog = lutil_progname( "ldappasswd", argc, argv );
/* LDAPv3 only */
protocol = LDAP_VERSION3;
tool_args( argc, argv );
if( argc - optind > 1 ) {
usage();
} else if ( argc - optind == 1 ) {
user = strdup( argv[optind] );
} else {
user = NULL;
}
if( oldpwfile ) {
rc = lutil_get_filed_password( oldpwfile, &oldpw );
if( rc ) {
rc = EXIT_FAILURE;
goto done;
}
}
if( want_oldpw && oldpw.bv_val == NULL ) {
/* prompt for old password */
char *ckoldpw;
oldpw.bv_val = strdup(getpassphrase(_("Old password: "******"Re-enter old password: "******"passwords do not match\n") );
rc = EXIT_FAILURE;
goto done;
}
oldpw.bv_len = strlen( oldpw.bv_val );
}
if( newpwfile ) {
rc = lutil_get_filed_password( newpwfile, &newpw );
if( rc ) {
rc = EXIT_FAILURE;
goto done;
}
}
if( want_newpw && newpw.bv_val == NULL ) {
/* prompt for new password */
char *cknewpw;
newpw.bv_val = strdup(getpassphrase(_("New password: "******"Re-enter new password: "******"passwords do not match\n") );
rc = EXIT_FAILURE;
goto done;
}
newpw.bv_len = strlen( newpw.bv_val );
}
ld = tool_conn_setup( 0, 0 );
tool_bind( ld );
if( user != NULL || oldpw.bv_val != NULL || newpw.bv_val != NULL ) {
/* build the password modify request data */
ber = ber_alloc_t( LBER_USE_DER );
if( ber == NULL ) {
perror( "ber_alloc_t" );
rc = EXIT_FAILURE;
goto done;
}
ber_printf( ber, "{" /*}*/ );
if( user != NULL ) {
ber_printf( ber, "ts",
LDAP_TAG_EXOP_MODIFY_PASSWD_ID, user );
free(user);
}
if( oldpw.bv_val != NULL ) {
ber_printf( ber, "tO",
LDAP_TAG_EXOP_MODIFY_PASSWD_OLD, &oldpw );
free(oldpw.bv_val);
}
if( newpw.bv_val != NULL ) {
ber_printf( ber, "tO",
LDAP_TAG_EXOP_MODIFY_PASSWD_NEW, &newpw );
free(newpw.bv_val);
}
ber_printf( ber, /*{*/ "N}" );
rc = ber_flatten2( ber, &bv, 0 );
if( rc < 0 ) {
perror( "ber_flatten2" );
rc = EXIT_FAILURE;
goto done;
}
}
if ( dont ) {
rc = LDAP_SUCCESS;
goto done;
}
tool_server_controls( ld, NULL, 0);
rc = ldap_extended_operation( ld,
LDAP_EXOP_MODIFY_PASSWD, bv.bv_val ? &bv : NULL,
NULL, NULL, &id );
ber_free( ber, 1 );
if( rc != LDAP_SUCCESS ) {
tool_perror( "ldap_extended_operation", rc, NULL, NULL, NULL, NULL );
rc = EXIT_FAILURE;
goto done;
}
for ( ; ; ) {
struct timeval tv;
if ( tool_check_abandon( ld, id ) ) {
tool_exit( ld, LDAP_CANCELLED );
}
tv.tv_sec = 0;
tv.tv_usec = 100000;
rc = ldap_result( ld, LDAP_RES_ANY, LDAP_MSG_ALL, &tv, &res );
if ( rc < 0 ) {
tool_perror( "ldap_result", rc, NULL, NULL, NULL, NULL );
tool_exit( ld, rc );
}
if ( rc != 0 ) {
break;
}
}
rc = ldap_parse_result( ld, res,
&code, &matcheddn, &text, &refs, &ctrls, 0 );
if( rc != LDAP_SUCCESS ) {
tool_perror( "ldap_parse_result", rc, NULL, NULL, NULL, NULL );
rc = EXIT_FAILURE;
goto done;
}
rc = ldap_parse_extended_result( ld, res, &retoid, &retdata, 1 );
if( rc != LDAP_SUCCESS ) {
tool_perror( "ldap_parse_extended_result", rc, NULL, NULL, NULL, NULL );
rc = EXIT_FAILURE;
goto done;
}
if( retdata != NULL ) {
ber_tag_t tag;
char *s;
ber = ber_init( retdata );
if( ber == NULL ) {
perror( "ber_init" );
rc = EXIT_FAILURE;
goto done;
}
/* we should check the tag */
tag = ber_scanf( ber, "{a}", &s);
if( tag == LBER_ERROR ) {
perror( "ber_scanf" );
} else {
printf(_("New password: %s\n"), s);
ber_memfree( s );
}
ber_free( ber, 1 );
} else if ( code == LDAP_SUCCESS && newpw.bv_val == NULL ) {
tool_perror( "ldap_parse_extended_result", LDAP_DECODING_ERROR,
" new password expected", NULL, NULL, NULL );
}
if( verbose || code != LDAP_SUCCESS ||
( matcheddn && *matcheddn ) || ( text && *text ) || refs || ctrls )
{
printf( _("Result: %s (%d)\n"), ldap_err2string( code ), code );
if( text && *text ) {
printf( _("Additional info: %s\n"), text );
}
if( matcheddn && *matcheddn ) {
printf( _("Matched DN: %s\n"), matcheddn );
}
if( refs ) {
int i;
for( i=0; refs[i]; i++ ) {
printf(_("Referral: %s\n"), refs[i] );
}
}
if( ctrls ) {
tool_print_ctrls( ld, ctrls );
ldap_controls_free( ctrls );
}
}
ber_memfree( text );
ber_memfree( matcheddn );
ber_memvfree( (void **) refs );
ber_memfree( retoid );
ber_bvfree( retdata );
rc = ( code == LDAP_SUCCESS ) ? EXIT_SUCCESS : EXIT_FAILURE;
done:
/* disconnect from server */
tool_exit( ld, rc );
}
int
ldap_passwd( LDAP *ld,
struct berval *user,
struct berval *oldpw,
struct berval *newpw,
LDAPControl **sctrls,
LDAPControl **cctrls,
int *msgidp )
{
int rc;
struct berval bv = BER_BVNULL;
BerElement *ber = NULL;
assert( ld != NULL );
assert( LDAP_VALID( ld ) );
assert( msgidp != NULL );
if( user != NULL || oldpw != NULL || newpw != NULL ) {
/* build change password control */
ber = ber_alloc_t( LBER_USE_DER );
if( ber == NULL ) {
ld->ld_errno = LDAP_NO_MEMORY;
return ld->ld_errno;
}
ber_printf( ber, "{" /*}*/ );
if( user != NULL ) {
ber_printf( ber, "tO",
LDAP_TAG_EXOP_MODIFY_PASSWD_ID, user );
}
if( oldpw != NULL ) {
ber_printf( ber, "tO",
LDAP_TAG_EXOP_MODIFY_PASSWD_OLD, oldpw );
}
if( newpw != NULL ) {
ber_printf( ber, "tO",
LDAP_TAG_EXOP_MODIFY_PASSWD_NEW, newpw );
}
ber_printf( ber, /*{*/ "N}" );
rc = ber_flatten2( ber, &bv, 0 );
if( rc < 0 ) {
ld->ld_errno = LDAP_ENCODING_ERROR;
return ld->ld_errno;
}
}
rc = ldap_extended_operation( ld, LDAP_EXOP_MODIFY_PASSWD,
bv.bv_val ? &bv : NULL, sctrls, cctrls, msgidp );
ber_free( ber, 1 );
return rc;
}
int
main( int argc, char *argv[] )
{
int rc;
char *user = NULL;
LDAP *ld = NULL;
struct berval bv = {0, NULL};
BerElement *ber = NULL;
int id, code = LDAP_OTHER;
LDAPMessage *res;
char *matcheddn = NULL, *text = NULL, **refs = NULL;
char *retoid = NULL;
struct berval *retdata = NULL;
prog = lutil_progname( "ldappasswd", argc, argv );
/* LDAPv3 only */
protocol = LDAP_VERSION3;
tool_args( argc, argv );
if( argc - optind > 1 ) {
usage();
} else if ( argc - optind == 1 ) {
user = strdup( argv[optind] );
} else {
user = NULL;
}
if( oldpwfile ) {
rc = lutil_get_filed_password( prog, &oldpw );
if( rc ) return EXIT_FAILURE;
}
if( want_oldpw && oldpw.bv_val == NULL ) {
/* prompt for old password */
char *ckoldpw;
oldpw.bv_val = strdup(getpassphrase("Old password: "******"Re-enter old password: "******"passwords do not match\n" );
return EXIT_FAILURE;
}
oldpw.bv_len = strlen( oldpw.bv_val );
}
if( newpwfile ) {
rc = lutil_get_filed_password( prog, &newpw );
if( rc ) return EXIT_FAILURE;
}
if( want_newpw && newpw.bv_val == NULL ) {
/* prompt for new password */
char *cknewpw;
newpw.bv_val = strdup(getpassphrase("New password: "******"Re-enter new password: "******"passwords do not match\n" );
return EXIT_FAILURE;
}
newpw.bv_len = strlen( newpw.bv_val );
}
if( want_bindpw && passwd.bv_val == NULL ) {
/* handle bind password */
if ( pw_file ) {
rc = lutil_get_filed_password( pw_file, &passwd );
if( rc ) return EXIT_FAILURE;
} else {
passwd.bv_val = getpassphrase( "Enter LDAP Password: "******"ber_alloc_t" );
ldap_unbind( ld );
return EXIT_FAILURE;
}
ber_printf( ber, "{" /*}*/ );
if( user != NULL ) {
ber_printf( ber, "ts",
LDAP_TAG_EXOP_MODIFY_PASSWD_ID, user );
free(user);
}
if( oldpw.bv_val != NULL ) {
ber_printf( ber, "tO",
LDAP_TAG_EXOP_MODIFY_PASSWD_OLD, &oldpw );
free(oldpw.bv_val);
}
if( newpw.bv_val != NULL ) {
ber_printf( ber, "tO",
LDAP_TAG_EXOP_MODIFY_PASSWD_NEW, &newpw );
free(newpw.bv_val);
}
ber_printf( ber, /*{*/ "N}" );
rc = ber_flatten2( ber, &bv, 0 );
if( rc < 0 ) {
perror( "ber_flatten2" );
ldap_unbind( ld );
return EXIT_FAILURE;
}
}
if ( not ) {
rc = LDAP_SUCCESS;
goto skip;
}
rc = ldap_extended_operation( ld,
LDAP_EXOP_MODIFY_PASSWD, bv.bv_val ? &bv : NULL,
NULL, NULL, &id );
ber_free( ber, 1 );
if( rc != LDAP_SUCCESS ) {
ldap_perror( ld, "ldap_extended_operation" );
ldap_unbind( ld );
return EXIT_FAILURE;
}
rc = ldap_result( ld, LDAP_RES_ANY, LDAP_MSG_ALL, NULL, &res );
if ( rc < 0 ) {
ldap_perror( ld, "ldappasswd: ldap_result" );
return rc;
}
rc = ldap_parse_result( ld, res,
&code, &matcheddn, &text, &refs, NULL, 0 );
if( rc != LDAP_SUCCESS ) {
ldap_perror( ld, "ldap_parse_result" );
return rc;
}
rc = ldap_parse_extended_result( ld, res, &retoid, &retdata, 1 );
if( rc != LDAP_SUCCESS ) {
ldap_perror( ld, "ldap_parse_result" );
return rc;
}
if( retdata != NULL ) {
ber_tag_t tag;
char *s;
ber = ber_init( retdata );
if( ber == NULL ) {
perror( "ber_init" );
ldap_unbind( ld );
return EXIT_FAILURE;
}
/* we should check the tag */
tag = ber_scanf( ber, "{a}", &s);
if( tag == LBER_ERROR ) {
perror( "ber_scanf" );
} else {
printf("New password: %s\n", s);
free( s );
}
ber_free( ber, 1 );
}
if( verbose || code != LDAP_SUCCESS || matcheddn || text || refs ) {
printf( "Result: %s (%d)\n", ldap_err2string( code ), code );
if( text && *text ) {
printf( "Additional info: %s\n", text );
}
if( matcheddn && *matcheddn ) {
printf( "Matched DN: %s\n", matcheddn );
}
if( refs ) {
int i;
for( i=0; refs[i]; i++ ) {
printf("Referral: %s\n", refs[i] );
}
}
}
ber_memfree( text );
ber_memfree( matcheddn );
ber_memvfree( (void **) refs );
ber_memfree( retoid );
ber_bvfree( retdata );
skip:
/* disconnect from server */
ldap_unbind (ld);
return code == LDAP_SUCCESS ? EXIT_SUCCESS : EXIT_FAILURE;
}
