provide replacement functions for ldap_initialize() and ldap_passwd_s() and centralise LDAP compatibility hacks into ldap_compat.h

git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1007 ef36b2f9-881f-0410-afb5-c4e39611909c
author: Arthur de Jong <arthur@arthurdejong.org> 2009-10-17 12:17:33 +0200
committer: Arthur de Jong <arthur@arthurdejong.org> 2009-10-17 12:17:33 +0200
commit: 5a3eb1df560f29c4692e01594fc63d22bb4c50ee (patch)
tree: 743af66e1b0ad82ab676621f8514b4c60e77c483 /compat/ldap_passwd_s.c
parent: 6cf3eb58587e80d851aa53d0a250c7839fa15b02 (diff)
1 files changed, 105 insertions, 0 deletions
diff --git a/compat/ldap_passwd_s.c b/compat/ldap_passwd_s.c
new file mode 100644
index 0000000..fde8022
--- /dev/null
+++ b/compat/ldap_passwd_s.c
@@ -0,0 +1,105 @@
+/*
+   ldap_passwd_s.c - replacement function for ldap_passwd_s()
+   Parts of this file were based on parts of the pam_ldap library
+   (taken from _update_authtok() in pam_ldap.c).
+
+   Copyright (C) 1998-2004 Luke Howard
+   Copyright (C) 2009 Arthur de Jong
+
+   This library is free software; you can redistribute it and/or
+   modify it under the terms of the GNU Lesser General Public
+   License as published by the Free Software Foundation; either
+   version 2.1 of the License, or (at your option) any later version.
+
+   This library is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+   Lesser General Public License for more details.
+
+   You should have received a copy of the GNU Lesser General Public
+   License along with this library; if not, write to the Free Software
+   Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+   02110-1301 USA
+*/
+
+#include "config.h"
+
+#include <stdlib.h>
+#include <lber.h>
+#include <ldap.h>
+
+#include "compat/ldap_compat.h"
+#include "nslcd/log.h"
+
+#ifndef LDAP_EXOP_MODIFY_PASSWD
+#ifdef LDAP_EXOP_X_MODIFY_PASSWD
+#define LDAP_EXOP_MODIFY_PASSWD LDAP_EXOP_X_MODIFY_PASSWD
+#define LDAP_TAG_EXOP_MODIFY_PASSWD_ID LDAP_TAG_EXOP_X_MODIFY_PASSWD_ID
+#define LDAP_TAG_EXOP_MODIFY_PASSWD_OLD LDAP_TAG_EXOP_X_MODIFY_PASSWD_OLD
+#define LDAP_TAG_EXOP_MODIFY_PASSWD_NEW LDAP_TAG_EXOP_X_MODIFY_PASSWD_NEW
+#else /* not LDAP_EXOP_X_MODIFY_PASSWD */
+#define LDAP_EXOP_MODIFY_PASSWD "1.3.6.1.4.1.4203.1.11.1"
+#define LDAP_TAG_EXOP_MODIFY_PASSWD_ID ((ber_tag_t) 0x80U)
+#define LDAP_TAG_EXOP_MODIFY_PASSWD_OLD ((ber_tag_t) 0x81U)
+#define LDAP_TAG_EXOP_MODIFY_PASSWD_NEW ((ber_tag_t) 0x82U)
+#endif /* not LDAP_EXOP_X_MODIFY_PASSWD */
+#endif /* not LDAP_EXOP_MODIFY_PASSWD */
+
+#ifndef LBER_USE_DER
+#define LBER_USE_DER 1
+#endif /* not LBER_USE_DER */
+
+#ifndef HAVE_BER_MEMFREE
+#define ber_memfree free
+#endif /* not HAVE_BER_MEMFREE */
+
+/* we define this ourselves here because some LDAP header versions don't
+   seem to define this */
+int ldap_extended_operation_s(LDAP *ld,LDAP_CONST char *reqoid,
+    struct berval *reqdata,LDAPControl **serverctrls,LDAPControl **clientctrls,
+    char **retoidp,struct berval **retdatap);
+
+/* Replacement for password modification. user is the DN of the entry to
+   change, oldpw is the old password (may not always be needed?), newpw is
+   the new password to set and newpasswd is sometimes returned (though not
+   by us). */
+int ldap_passwd_s(LDAP *ld,struct berval *user,struct berval *oldpw,
+                  struct berval *newpw,struct berval *newpasswd,
+                  LDAPControl **sctrls,LDAPControl **cctrls)
+{
+#ifndef HAVE_LDAP_EXTENDED_OPERATION_S
+  return LDAP_OPERATIONS_ERROR;
+#else /* HAVE_LDAP_EXTENDED_OPERATION_S */
+  int rc;
+  BerElement *ber;
+  struct berval *bv;
+  char *retoid;
+  struct berval *retdata;
+  /* set up request data */
+  ber=ber_alloc_t(LBER_USE_DER);
+  if (ber==NULL)
+    return LDAP_NO_MEMORY;
+  ber_printf(ber,"{");
+  ber_printf(ber,"tO",LDAP_TAG_EXOP_MODIFY_PASSWD_ID,user);
+  if (oldpw!=NULL)
+    ber_printf(ber,"tO",LDAP_TAG_EXOP_MODIFY_PASSWD_OLD,oldpw);
+  ber_printf(ber,"tO",LDAP_TAG_EXOP_MODIFY_PASSWD_NEW,newpw);
+  ber_printf(ber,"N}");
+  rc=ber_flatten(ber,&bv);
+  ber_free(ber,1);
+  if (rc<0)
+    return LDAP_NO_MEMORY;
+  /* perform the operation */
+  rc=ldap_extended_operation_s(ld,LDAP_EXOP_MODIFY_PASSWD,bv,sctrls,cctrls,
+                               &retoid,&retdata);
+  /* free data */
+  ber_bvfree(bv);
+  if (rc==LDAP_SUCCESS)
+  {
+    ber_bvfree(retdata);
+    ber_memfree(retoid);
+  }
+  /* return result code */
+  return rc;
+#endif /* HAVE_LDAP_EXTENDED_OPERATION_S */
+}
author	Arthur de Jong <arthur@arthurdejong.org>	2009-10-17 12:17:33 +0200
committer	Arthur de Jong <arthur@arthurdejong.org>	2009-10-17 12:17:33 +0200
commit	5a3eb1df560f29c4692e01594fc63d22bb4c50ee (patch)
tree	743af66e1b0ad82ab676621f8514b4c60e77c483 /compat/ldap_passwd_s.c
parent	6cf3eb58587e80d851aa53d0a250c7839fa15b02 (diff)