2 * Copyright (C) 2002-2004 Novell, Inc.
4 * edir_ldapext.c LDAP extension for reading eDirectory universal password
6 * This program is free software; you can redistribute it and/or modify it
7 * under the terms of version 2 of the GNU General Public License as published
8 * by the Free Software Foundation.
10 * This program is distributed in the hope that it will be useful, but WITHOUT
11 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
12 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
15 * You should have received a copy of the GNU General Public License along with
16 * this program; if not, contact Novell, Inc.
18 * To contact Novell about this file by physical or electronic mail, you may
19 * find current contact information at www.novell.com.
28 /* NMAS error codes */
29 #define NMAS_E_BASE (-1600)
31 #define NMAS_SUCCESS 0
32 #define NMAS_E_SUCCESS NMAS_SUCCESS /* Alias */
33 #define NMAS_OK NMAS_SUCCESS /* Alias */
35 #define NMAS_E_FRAG_FAILURE (NMAS_E_BASE-31) /* -1631 0xFFFFF9A1 */
36 #define NMAS_E_BUFFER_OVERFLOW (NMAS_E_BASE-33) /* -1633 0xFFFFF99F */
37 #define NMAS_E_SYSTEM_RESOURCES (NMAS_E_BASE-34) /* -1634 0xFFFFF99E */
38 #define NMAS_E_INSUFFICIENT_MEMORY (NMAS_E_BASE-35) /* -1635 0xFFFFF99D */
39 #define NMAS_E_NOT_SUPPORTED (NMAS_E_BASE-36) /* -1636 0xFFFFF99C */
40 #define NMAS_E_INVALID_PARAMETER (NMAS_E_BASE-43) /* -1643 0xFFFFF995 */
41 #define NMAS_E_INVALID_VERSION (NMAS_E_BASE-52) /* -1652 0xFFFFF98C */
43 /* OID of LDAP extenstion calls to read Universal Password */
44 #define NMASLDAP_GET_PASSWORD_REQUEST "2.16.840.1.113719.1.39.42.100.13"
45 #define NMASLDAP_GET_PASSWORD_RESPONSE "2.16.840.1.113719.1.39.42.100.14"
47 #define NMAS_LDAP_EXT_VERSION 1
51 /* ------------------------------------------------------------------------
52 * berEncodePasswordData
53 * ==============================
54 * RequestBer contents:
55 * clientVersion INTEGER
56 * targetObjectDN OCTET STRING
57 * password1 OCTET STRING
58 * password2 OCTET STRING
61 * This function takes the request BER value and input data items
62 * and BER encodes the data into the BER value
64 * ------------------------------------------------------------------------ */
65 int berEncodePasswordData(
66 struct berval **requestBV,
72 BerElement *requestBer = NULL;
74 char * utf8ObjPtr = NULL;
76 char * utf8PwdPtr = NULL;
78 char * utf8Pwd2Ptr = NULL;
82 utf8ObjSize = strlen(objectDN)+1;
83 utf8ObjPtr = objectDN;
87 utf8PwdSize = strlen(password)+1;
88 utf8PwdPtr = password;
91 if (password2 != NULL)
93 utf8Pwd2Size = strlen(password2)+1;
94 utf8Pwd2Ptr = password2;
97 /* Allocate a BerElement for the request parameters.*/
98 if((requestBer = ber_alloc()) == NULL)
100 err = NMAS_E_FRAG_FAILURE;
104 if (password != NULL && password2 != NULL)
106 /* BER encode the NMAS Version, the objectDN, and the password */
107 rc = ber_printf(requestBer, "{iooo}", NMAS_LDAP_EXT_VERSION, utf8ObjPtr, utf8ObjSize, utf8PwdPtr, utf8PwdSize, utf8Pwd2Ptr, utf8Pwd2Size);
109 else if (password != NULL)
111 /* BER encode the NMAS Version, the objectDN, and the password */
112 rc = ber_printf(requestBer, "{ioo}", NMAS_LDAP_EXT_VERSION, utf8ObjPtr, utf8ObjSize, utf8PwdPtr, utf8PwdSize);
116 /* BER encode the NMAS Version and the objectDN */
117 rc = ber_printf(requestBer, "{io}", NMAS_LDAP_EXT_VERSION, utf8ObjPtr, utf8ObjSize);
122 err = NMAS_E_FRAG_FAILURE;
131 * Convert the BER we just built to a berval that we'll send with the extended request.
133 if(ber_flatten(requestBer, requestBV) == LBER_ERROR)
135 err = NMAS_E_FRAG_FAILURE;
143 ber_free(requestBer, 1);
147 } /* End of berEncodePasswordData */
149 /* ------------------------------------------------------------------------
150 * berDecodeLoginData()
151 * ==============================
152 * ResponseBer contents:
153 * serverVersion INTEGER
158 * This function takes the reply BER Value and decodes the
159 * NMAS server version and return code and if a non null retData
160 * buffer was supplied, tries to decode the the return data and length
162 * ------------------------------------------------------------------------ */
163 int berDecodeLoginData(
164 struct berval *replyBV,
170 BerElement *replyBer = NULL;
171 char *retOctStr = NULL;
172 size_t retOctStrLen = 0;
174 if((replyBer = ber_init(replyBV)) == NULL)
176 err = NMAS_E_SYSTEM_RESOURCES;
182 retOctStrLen = *retDataLen + 1;
183 retOctStr = (char *)malloc(retOctStrLen);
186 err = NMAS_E_SYSTEM_RESOURCES;
190 if( (rc = ber_scanf(replyBer, "{iis}", serverVersion, &err, retOctStr, &retOctStrLen)) != -1)
192 if (*retDataLen >= retOctStrLen)
194 memcpy(retData, retOctStr, retOctStrLen);
198 err = NMAS_E_BUFFER_OVERFLOW;
201 *retDataLen = retOctStrLen;
205 err = NMAS_E_FRAG_FAILURE;
210 if( (rc = ber_scanf(replyBer, "{ii}", serverVersion, &err)) == -1)
214 err = NMAS_E_FRAG_FAILURE;
223 ber_free(replyBer, 1);
226 if (retOctStr != NULL)
228 memset(retOctStr, 0, retOctStrLen);
233 } /* End of berDecodeLoginData */
235 /* -----------------------------------------------------------------------
236 * nmasldap_get_password()
237 * ==============================
240 * This API attempts to get the universal password
242 * ------------------------------------------------------------------------ */
243 int nmasldap_get_password(
246 size_t *pwdSize, // in bytes
251 struct berval *requestBV = NULL;
252 char *replyOID = NULL;
253 struct berval *replyBV = NULL;
256 size_t pwdBufLen, bufferLen;
258 #ifdef NOT_N_PLAT_NLM
259 int currentThreadGroupID;
262 /* Validate char parameters. */
263 if(objectDN == NULL || (strlen(objectDN) == 0) || pwdSize == NULL || ld == NULL)
265 return NMAS_E_INVALID_PARAMETER;
268 bufferLen = pwdBufLen = *pwdSize;
269 pwdBuf = (char *)malloc(pwdBufLen+2);
272 return NMAS_E_INSUFFICIENT_MEMORY;
275 #ifdef NOT_N_PLAT_NLM
276 currentThreadGroupID = SetThreadGroupID(nmasLDAPThreadGroupID);
279 err = berEncodePasswordData(&requestBV, objectDN, NULL, NULL);
285 /* Call the ldap_extended_operation (synchronously) */
286 if((err = ldap_extended_operation_s(ld, NMASLDAP_GET_PASSWORD_REQUEST, requestBV, NULL, NULL, &replyOID, &replyBV)))
291 /* Make sure there is a return OID */
294 err = NMAS_E_NOT_SUPPORTED;
298 /* Is this what we were expecting to get back. */
299 if(strcmp(replyOID, NMASLDAP_GET_PASSWORD_RESPONSE))
301 err = NMAS_E_NOT_SUPPORTED;
305 /* Do we have a good returned berval? */
309 * No; returned berval means we experienced a rather drastic error.
310 * Return operations error.
312 err = NMAS_E_SYSTEM_RESOURCES;
316 err = berDecodeLoginData(replyBV, &serverVersion, &pwdBufLen, pwdBuf);
318 if(serverVersion != NMAS_LDAP_EXT_VERSION)
320 err = NMAS_E_INVALID_VERSION;
324 if (!err && pwdBufLen != 0)
326 if (*pwdSize >= pwdBufLen+1 && pwd != NULL)
328 memcpy(pwd, pwdBuf, pwdBufLen);
329 pwd[pwdBufLen] = 0; /* add null termination */
331 *pwdSize = pwdBufLen; /* does not include null termination */
341 /* Free the return OID string if one was returned. */
344 ldap_memfree(replyOID);
347 /* Free memory allocated while building the request ber and berval. */
350 ber_bvfree(requestBV);
355 memset(pwdBuf, 0, bufferLen);
359 #ifdef NOT_N_PLAT_NLM
360 SetThreadGroupID(currentThreadGroupID);
363 /* Return the appropriate error/success code. */
365 } /* end of nmasldap_get_password */