mirrors
/
gitea
espelhamento de https://github.com/go-gitea/gitea.git
Observar 1
Favorito 0
Fork 0
Código Issues 0 Versões 211 Wiki Atividade
Você não pode selecionar mais de 25 tópicos Os tópicos devem começar com uma letra ou um número, podem incluir traços ('-') e podem ter até 35 caracteres.
8201 Commits
17 Branches
Tag: 3e61a9628c
Branches Tags
${ item.name }
Criar branch ${ searchTerm }
de 3e61a9628c
${ noResults }
gitea/vendor/gopkg.in/ldap.v3/passwdmodify.go

passwdmodify.go 5.5KB
Original Anotar Histórico

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157 
  1. // This file contains the password modify extended operation as specified in rfc 3062

  2. //

  3. // https://tools.ietf.org/html/rfc3062

  4. //

  5. 

  6. package ldap

  7. 

  8. import (

  9. 	"errors"

  10. 	"fmt"

  11. 

  12. 	"gopkg.in/asn1-ber.v1"

  13. )

  14. 

  15. const (

  16. 	passwordModifyOID = "1.3.6.1.4.1.4203.1.11.1"

  17. )

  18. 

  19. // PasswordModifyRequest implements the Password Modify Extended Operation as defined in https://www.ietf.org/rfc/rfc3062.txt

  20. type PasswordModifyRequest struct {

  21. 	// UserIdentity is an optional string representation of the user associated with the request.

  22. 	// This string may or may not be an LDAPDN [RFC2253].

  23. 	// If no UserIdentity field is present, the request acts up upon the password of the user currently associated with the LDAP session

  24. 	UserIdentity string

  25. 	// OldPassword, if present, contains the user's current password

  26. 	OldPassword string

  27. 	// NewPassword, if present, contains the desired password for this user

  28. 	NewPassword string

  29. }

  30. 

  31. // PasswordModifyResult holds the server response to a PasswordModifyRequest

  32. type PasswordModifyResult struct {

  33. 	// GeneratedPassword holds a password generated by the server, if present

  34. 	GeneratedPassword string

  35. 	// Referral are the returned referral

  36. 	Referral string

  37. }

  38. 

  39. func (r *PasswordModifyRequest) encode() (*ber.Packet, error) {

  40. 	request := ber.Encode(ber.ClassApplication, ber.TypeConstructed, ApplicationExtendedRequest, nil, "Password Modify Extended Operation")

  41. 	request.AppendChild(ber.NewString(ber.ClassContext, ber.TypePrimitive, 0, passwordModifyOID, "Extended Request Name: Password Modify OID"))

  42. 	extendedRequestValue := ber.Encode(ber.ClassContext, ber.TypePrimitive, 1, nil, "Extended Request Value: Password Modify Request")

  43. 	passwordModifyRequestValue := ber.Encode(ber.ClassUniversal, ber.TypeConstructed, ber.TagSequence, nil, "Password Modify Request")

  44. 	if r.UserIdentity != "" {

  45. 		passwordModifyRequestValue.AppendChild(ber.NewString(ber.ClassContext, ber.TypePrimitive, 0, r.UserIdentity, "User Identity"))

  46. 	}

  47. 	if r.OldPassword != "" {

  48. 		passwordModifyRequestValue.AppendChild(ber.NewString(ber.ClassContext, ber.TypePrimitive, 1, r.OldPassword, "Old Password"))

  49. 	}

  50. 	if r.NewPassword != "" {

  51. 		passwordModifyRequestValue.AppendChild(ber.NewString(ber.ClassContext, ber.TypePrimitive, 2, r.NewPassword, "New Password"))

  52. 	}

  53. 

  54. 	extendedRequestValue.AppendChild(passwordModifyRequestValue)

  55. 	request.AppendChild(extendedRequestValue)

  56. 

  57. 	return request, nil

  58. }

  59. 

  60. // NewPasswordModifyRequest creates a new PasswordModifyRequest

  61. //

  62. // According to the RFC 3602:

  63. // userIdentity is a string representing the user associated with the request.

  64. // This string may or may not be an LDAPDN (RFC 2253).

  65. // If userIdentity is empty then the operation will act on the user associated

  66. // with the session.

  67. //

  68. // oldPassword is the current user's password, it can be empty or it can be

  69. // needed depending on the session user access rights (usually an administrator

  70. // can change a user's password without knowing the current one) and the

  71. // password policy (see pwdSafeModify password policy's attribute)

  72. //

  73. // newPassword is the desired user's password. If empty the server can return

  74. // an error or generate a new password that will be available in the

  75. // PasswordModifyResult.GeneratedPassword

  76. //

  77. func NewPasswordModifyRequest(userIdentity string, oldPassword string, newPassword string) *PasswordModifyRequest {

  78. 	return &PasswordModifyRequest{

  79. 		UserIdentity: userIdentity,

  80. 		OldPassword:  oldPassword,

  81. 		NewPassword:  newPassword,

  82. 	}

  83. }

  84. 

  85. // PasswordModify performs the modification request

  86. func (l *Conn) PasswordModify(passwordModifyRequest *PasswordModifyRequest) (*PasswordModifyResult, error) {

  87. 	packet := ber.Encode(ber.ClassUniversal, ber.TypeConstructed, ber.TagSequence, nil, "LDAP Request")

  88. 	packet.AppendChild(ber.NewInteger(ber.ClassUniversal, ber.TypePrimitive, ber.TagInteger, l.nextMessageID(), "MessageID"))

  89. 

  90. 	encodedPasswordModifyRequest, err := passwordModifyRequest.encode()

  91. 	if err != nil {

  92. 		return nil, err

  93. 	}

  94. 	packet.AppendChild(encodedPasswordModifyRequest)

  95. 

  96. 	l.Debug.PrintPacket(packet)

  97. 

  98. 	msgCtx, err := l.sendMessage(packet)

  99. 	if err != nil {

  100. 		return nil, err

  101. 	}

  102. 	defer l.finishMessage(msgCtx)

  103. 

  104. 	result := &PasswordModifyResult{}

  105. 

  106. 	l.Debug.Printf("%d: waiting for response", msgCtx.id)

  107. 	packetResponse, ok := <-msgCtx.responses

  108. 	if !ok {

  109. 		return nil, NewError(ErrorNetwork, errors.New("ldap: response channel closed"))

  110. 	}

  111. 	packet, err = packetResponse.ReadPacket()

  112. 	l.Debug.Printf("%d: got response %p", msgCtx.id, packet)

  113. 	if err != nil {

  114. 		return nil, err

  115. 	}

  116. 

  117. 	if packet == nil {

  118. 		return nil, NewError(ErrorNetwork, errors.New("ldap: could not retrieve message"))

  119. 	}

  120. 

  121. 	if l.Debug {

  122. 		if err := addLDAPDescriptions(packet); err != nil {

  123. 			return nil, err

  124. 		}

  125. 		ber.PrintPacket(packet)

  126. 	}

  127. 

  128. 	if packet.Children[1].Tag == ApplicationExtendedResponse {

  129. 		err := GetLDAPError(packet)

  130. 		if err != nil {

  131. 			if IsErrorWithCode(err, LDAPResultReferral) {

  132. 				for _, child := range packet.Children[1].Children {

  133. 					if child.Tag == 3 {

  134. 						result.Referral = child.Children[0].Value.(string)

  135. 					}

  136. 				}

  137. 			}

  138. 			return result, err

  139. 		}

  140. 	} else {

  141. 		return nil, NewError(ErrorUnexpectedResponse, fmt.Errorf("unexpected Response: %d", packet.Children[1].Tag))

  142. 	}

  143. 

  144. 	extendedResponse := packet.Children[1]

  145. 	for _, child := range extendedResponse.Children {

  146. 		if child.Tag == 11 {

  147. 			passwordModifyResponseValue := ber.DecodePacket(child.Data.Bytes())

  148. 			if len(passwordModifyResponseValue.Children) == 1 {

  149. 				if passwordModifyResponseValue.Children[0].Tag == 0 {

  150. 					result.GeneratedPassword = ber.DecodeString(passwordModifyResponseValue.Children[0].Data.Bytes())

  151. 				}

  152. 			}

  153. 		}

  154. 	}

  155. 

  156. 	return result, nil

  157. }