mirror of
https://git.openldap.org/openldap/openldap.git
synced 2024-12-21 03:10:25 +08:00
Make slap_passwd_parse non-destructive
This commit is contained in:
parent
a3547e2758
commit
ebb9e029a7
@ -125,11 +125,9 @@ ldap_back_exop_passwd(
|
|||||||
assert( rs->sr_ctrls == NULL );
|
assert( rs->sr_ctrls == NULL );
|
||||||
|
|
||||||
if ( BER_BVISNULL( &ndn ) && op->ore_reqdata != NULL ) {
|
if ( BER_BVISNULL( &ndn ) && op->ore_reqdata != NULL ) {
|
||||||
/* NOTE: most of this code is mutuated
|
/* NOTE: most of this code is mutated
|
||||||
* from slap_passwd_parse(); we can't call
|
* from slap_passwd_parse();
|
||||||
* that function since now the request data
|
* But here we only need
|
||||||
* has been destroyed by NULL-terminating
|
|
||||||
* the bervals. Luckily enough, we only need
|
|
||||||
* the first berval... */
|
* the first berval... */
|
||||||
|
|
||||||
ber_tag_t tag;
|
ber_tag_t tag;
|
||||||
@ -154,7 +152,7 @@ ldap_back_exop_passwd(
|
|||||||
|
|
||||||
tag = ber_peek_tag( ber, &len );
|
tag = ber_peek_tag( ber, &len );
|
||||||
if ( tag == LDAP_TAG_EXOP_MODIFY_PASSWD_ID ) {
|
if ( tag == LDAP_TAG_EXOP_MODIFY_PASSWD_ID ) {
|
||||||
tag = ber_scanf( ber, "m", &tmpid );
|
tag = ber_get_stringbv( ber, &tmpid, LBER_BV_NOTERM );
|
||||||
|
|
||||||
if ( tag == LBER_ERROR ) {
|
if ( tag == LBER_ERROR ) {
|
||||||
return LDAP_PROTOCOL_ERROR;
|
return LDAP_PROTOCOL_ERROR;
|
||||||
@ -162,8 +160,11 @@ ldap_back_exop_passwd(
|
|||||||
}
|
}
|
||||||
|
|
||||||
if ( !BER_BVISEMPTY( &tmpid ) ) {
|
if ( !BER_BVISEMPTY( &tmpid ) ) {
|
||||||
|
char idNull = tmpid.bv_val[tmpid.bv_len];
|
||||||
|
tmpid.bv_val[tmpid.bv_len] = '\0';
|
||||||
rs->sr_err = dnPrettyNormal( NULL, &tmpid, &dn,
|
rs->sr_err = dnPrettyNormal( NULL, &tmpid, &dn,
|
||||||
&ndn, op->o_tmpmemctx );
|
&ndn, op->o_tmpmemctx );
|
||||||
|
tmpid.bv_val[tmpid.bv_len] = idNull;
|
||||||
if ( rs->sr_err != LDAP_SUCCESS ) {
|
if ( rs->sr_err != LDAP_SUCCESS ) {
|
||||||
/* should have been successfully parsed earlier! */
|
/* should have been successfully parsed earlier! */
|
||||||
return rs->sr_err;
|
return rs->sr_err;
|
||||||
|
@ -844,8 +844,11 @@ rwm_exop_passwd( Operation *op, SlapReply *rs )
|
|||||||
}
|
}
|
||||||
|
|
||||||
if ( !BER_BVISNULL( &id ) ) {
|
if ( !BER_BVISNULL( &id ) ) {
|
||||||
|
char idNul = id.bv_val[id.bv_len];
|
||||||
|
id.bv_val[id.bv_len] = '\0';
|
||||||
rs->sr_err = dnPrettyNormal( NULL, &id, &op->o_req_dn,
|
rs->sr_err = dnPrettyNormal( NULL, &id, &op->o_req_dn,
|
||||||
&op->o_req_ndn, op->o_tmpmemctx );
|
&op->o_req_ndn, op->o_tmpmemctx );
|
||||||
|
id.bv_val[id.bv_len] = idNul;
|
||||||
if ( rs->sr_err != LDAP_SUCCESS ) {
|
if ( rs->sr_err != LDAP_SUCCESS ) {
|
||||||
rs->sr_text = "Invalid DN";
|
rs->sr_text = "Invalid DN";
|
||||||
return rs->sr_err;
|
return rs->sr_err;
|
||||||
@ -865,27 +868,6 @@ rwm_exop_passwd( Operation *op, SlapReply *rs )
|
|||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
ber = ber_alloc_t( LBER_USE_DER );
|
|
||||||
if ( !ber ) {
|
|
||||||
rs->sr_err = LDAP_OTHER;
|
|
||||||
rs->sr_text = "No memory";
|
|
||||||
return rs->sr_err;
|
|
||||||
}
|
|
||||||
ber_printf( ber, "{" );
|
|
||||||
if ( !BER_BVISNULL( &id )) {
|
|
||||||
ber_printf( ber, "tO", LDAP_TAG_EXOP_MODIFY_PASSWD_ID,
|
|
||||||
&op->o_req_dn );
|
|
||||||
}
|
|
||||||
if ( !BER_BVISNULL( &pwold )) {
|
|
||||||
ber_printf( ber, "tO", LDAP_TAG_EXOP_MODIFY_PASSWD_OLD, &pwold );
|
|
||||||
}
|
|
||||||
if ( !BER_BVISNULL( &pwnew )) {
|
|
||||||
ber_printf( ber, "tO", LDAP_TAG_EXOP_MODIFY_PASSWD_NEW, &pwnew );
|
|
||||||
}
|
|
||||||
ber_printf( ber, "N}" );
|
|
||||||
ber_flatten( ber, &op->ore_reqdata );
|
|
||||||
ber_free( ber, 1 );
|
|
||||||
|
|
||||||
op->o_callback = &roc->cb;
|
op->o_callback = &roc->cb;
|
||||||
|
|
||||||
return SLAP_CB_CONTINUE;
|
return SLAP_CB_CONTINUE;
|
||||||
|
@ -53,7 +53,7 @@ int passwd_extop(
|
|||||||
Modifications *ml;
|
Modifications *ml;
|
||||||
slap_callback cb = { NULL, slap_null_cb, NULL, NULL };
|
slap_callback cb = { NULL, slap_null_cb, NULL, NULL };
|
||||||
int i, nhash;
|
int i, nhash;
|
||||||
char **hashes;
|
char **hashes, idNul;
|
||||||
int rc;
|
int rc;
|
||||||
BackendDB *op_be;
|
BackendDB *op_be;
|
||||||
int freenewpw = 0;
|
int freenewpw = 0;
|
||||||
@ -77,6 +77,10 @@ int passwd_extop(
|
|||||||
rs->sr_err = slap_passwd_parse( op->ore_reqdata, &id,
|
rs->sr_err = slap_passwd_parse( op->ore_reqdata, &id,
|
||||||
&qpw->rs_old, &qpw->rs_new, &rs->sr_text );
|
&qpw->rs_old, &qpw->rs_new, &rs->sr_text );
|
||||||
|
|
||||||
|
if ( !BER_BVISNULL( &id )) {
|
||||||
|
idNul = id.bv_val[id.bv_len];
|
||||||
|
id.bv_val[id.bv_len] = '\0';
|
||||||
|
}
|
||||||
if ( rs->sr_err == LDAP_SUCCESS && !BER_BVISEMPTY( &id ) ) {
|
if ( rs->sr_err == LDAP_SUCCESS && !BER_BVISEMPTY( &id ) ) {
|
||||||
Statslog( LDAP_DEBUG_STATS, "%s PASSMOD id=\"%s\"%s%s\n",
|
Statslog( LDAP_DEBUG_STATS, "%s PASSMOD id=\"%s\"%s%s\n",
|
||||||
op->o_log_prefix, id.bv_val,
|
op->o_log_prefix, id.bv_val,
|
||||||
@ -90,12 +94,15 @@ int passwd_extop(
|
|||||||
}
|
}
|
||||||
|
|
||||||
if ( rs->sr_err != LDAP_SUCCESS ) {
|
if ( rs->sr_err != LDAP_SUCCESS ) {
|
||||||
|
if ( !BER_BVISNULL( &id ))
|
||||||
|
id.bv_val[id.bv_len] = idNul;
|
||||||
return rs->sr_err;
|
return rs->sr_err;
|
||||||
}
|
}
|
||||||
|
|
||||||
if ( !BER_BVISEMPTY( &id ) ) {
|
if ( !BER_BVISEMPTY( &id ) ) {
|
||||||
rs->sr_err = dnPrettyNormal( NULL, &id, &op->o_req_dn,
|
rs->sr_err = dnPrettyNormal( NULL, &id, &op->o_req_dn,
|
||||||
&op->o_req_ndn, op->o_tmpmemctx );
|
&op->o_req_ndn, op->o_tmpmemctx );
|
||||||
|
id.bv_val[id.bv_len] = idNul;
|
||||||
if ( rs->sr_err != LDAP_SUCCESS ) {
|
if ( rs->sr_err != LDAP_SUCCESS ) {
|
||||||
rs->sr_text = "Invalid DN";
|
rs->sr_text = "Invalid DN";
|
||||||
rc = rs->sr_err;
|
rc = rs->sr_err;
|
||||||
@ -318,6 +325,10 @@ error_return:;
|
|||||||
return rc;
|
return rc;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/* NOTE: The DN in *id is NOT NUL-terminated here. dnNormalize will
|
||||||
|
* reject it in this condition, the caller must NUL-terminate it.
|
||||||
|
* FIXME: should dnNormalize still be complaining about that?
|
||||||
|
*/
|
||||||
int slap_passwd_parse( struct berval *reqdata,
|
int slap_passwd_parse( struct berval *reqdata,
|
||||||
struct berval *id,
|
struct berval *id,
|
||||||
struct berval *oldpass,
|
struct berval *oldpass,
|
||||||
@ -342,9 +353,9 @@ int slap_passwd_parse( struct berval *reqdata,
|
|||||||
/* ber_init2 uses reqdata directly, doesn't allocate new buffers */
|
/* ber_init2 uses reqdata directly, doesn't allocate new buffers */
|
||||||
ber_init2( ber, reqdata, 0 );
|
ber_init2( ber, reqdata, 0 );
|
||||||
|
|
||||||
tag = ber_scanf( ber, "{" /*}*/ );
|
tag = ber_skip_tag( ber, &len );
|
||||||
|
|
||||||
if( tag == LBER_ERROR ) {
|
if( tag != LBER_SEQUENCE ) {
|
||||||
Debug( LDAP_DEBUG_TRACE,
|
Debug( LDAP_DEBUG_TRACE,
|
||||||
"slap_passwd_parse: decoding error\n", 0, 0, 0 );
|
"slap_passwd_parse: decoding error\n", 0, 0, 0 );
|
||||||
rc = LDAP_PROTOCOL_ERROR;
|
rc = LDAP_PROTOCOL_ERROR;
|
||||||
@ -362,7 +373,7 @@ int slap_passwd_parse( struct berval *reqdata,
|
|||||||
goto done;
|
goto done;
|
||||||
}
|
}
|
||||||
|
|
||||||
tag = ber_scanf( ber, "m", id );
|
tag = ber_get_stringbv( ber, id, LBER_BV_NOTERM );
|
||||||
|
|
||||||
if( tag == LBER_ERROR ) {
|
if( tag == LBER_ERROR ) {
|
||||||
Debug( LDAP_DEBUG_TRACE, "slap_passwd_parse: ID parse failed.\n",
|
Debug( LDAP_DEBUG_TRACE, "slap_passwd_parse: ID parse failed.\n",
|
||||||
@ -384,7 +395,7 @@ int slap_passwd_parse( struct berval *reqdata,
|
|||||||
goto done;
|
goto done;
|
||||||
}
|
}
|
||||||
|
|
||||||
tag = ber_scanf( ber, "m", oldpass );
|
tag = ber_get_stringbv( ber, oldpass, LBER_BV_NOTERM );
|
||||||
|
|
||||||
if( tag == LBER_ERROR ) {
|
if( tag == LBER_ERROR ) {
|
||||||
Debug( LDAP_DEBUG_TRACE, "slap_passwd_parse: OLD parse failed.\n",
|
Debug( LDAP_DEBUG_TRACE, "slap_passwd_parse: OLD parse failed.\n",
|
||||||
@ -415,7 +426,7 @@ int slap_passwd_parse( struct berval *reqdata,
|
|||||||
goto done;
|
goto done;
|
||||||
}
|
}
|
||||||
|
|
||||||
tag = ber_scanf( ber, "m", newpass );
|
tag = ber_get_stringbv( ber, newpass, LBER_BV_NOTERM );
|
||||||
|
|
||||||
if( tag == LBER_ERROR ) {
|
if( tag == LBER_ERROR ) {
|
||||||
Debug( LDAP_DEBUG_TRACE, "slap_passwd_parse: NEW parse failed.\n",
|
Debug( LDAP_DEBUG_TRACE, "slap_passwd_parse: NEW parse failed.\n",
|
||||||
|
Loading…
Reference in New Issue
Block a user