gitea/vendor/github.com/go-ldap/ldap/v3/passwdmodify.go

package ldap

import (
	"fmt"

	ber "github.com/go-asn1-ber/asn1-ber"
)

const (
	passwordModifyOID = "1.3.6.1.4.1.4203.1.11.1"
)

// PasswordModifyRequest implements the Password Modify Extended Operation as defined in https://www.ietf.org/rfc/rfc3062.txt
type PasswordModifyRequest struct {
	// UserIdentity is an optional string representation of the user associated with the request.
	// This string may or may not be an LDAPDN [RFC2253].
	// If no UserIdentity field is present, the request acts up upon the password of the user currently associated with the LDAP session
	UserIdentity string
	// OldPassword, if present, contains the user's current password
	OldPassword string
	// NewPassword, if present, contains the desired password for this user
	NewPassword string
}

// PasswordModifyResult holds the server response to a PasswordModifyRequest
type PasswordModifyResult struct {
	// GeneratedPassword holds a password generated by the server, if present
	GeneratedPassword string
	// Referral are the returned referral
	Referral string
}

func (req *PasswordModifyRequest) appendTo(envelope *ber.Packet) error {
	pkt := ber.Encode(ber.ClassApplication, ber.TypeConstructed, ApplicationExtendedRequest, nil, "Password Modify Extended Operation")
	pkt.AppendChild(ber.NewString(ber.ClassContext, ber.TypePrimitive, 0, passwordModifyOID, "Extended Request Name: Password Modify OID"))

	extendedRequestValue := ber.Encode(ber.ClassContext, ber.TypePrimitive, 1, nil, "Extended Request Value: Password Modify Request")
	passwordModifyRequestValue := ber.Encode(ber.ClassUniversal, ber.TypeConstructed, ber.TagSequence, nil, "Password Modify Request")
	if req.UserIdentity != "" {
		passwordModifyRequestValue.AppendChild(ber.NewString(ber.ClassContext, ber.TypePrimitive, 0, req.UserIdentity, "User Identity"))
	}
	if req.OldPassword != "" {
		passwordModifyRequestValue.AppendChild(ber.NewString(ber.ClassContext, ber.TypePrimitive, 1, req.OldPassword, "Old Password"))
	}
	if req.NewPassword != "" {
		passwordModifyRequestValue.AppendChild(ber.NewString(ber.ClassContext, ber.TypePrimitive, 2, req.NewPassword, "New Password"))
	}
	extendedRequestValue.AppendChild(passwordModifyRequestValue)

	pkt.AppendChild(extendedRequestValue)

	envelope.AppendChild(pkt)

	return nil
}

// NewPasswordModifyRequest creates a new PasswordModifyRequest
//
// According to the RFC 3602 (https://tools.ietf.org/html/rfc3062):
// userIdentity is a string representing the user associated with the request.
// This string may or may not be an LDAPDN (RFC 2253).
// If userIdentity is empty then the operation will act on the user associated
// with the session.
//
// oldPassword is the current user's password, it can be empty or it can be
// needed depending on the session user access rights (usually an administrator
// can change a user's password without knowing the current one) and the
// password policy (see pwdSafeModify password policy's attribute)
//
// newPassword is the desired user's password. If empty the server can return
// an error or generate a new password that will be available in the
// PasswordModifyResult.GeneratedPassword
//
func NewPasswordModifyRequest(userIdentity string, oldPassword string, newPassword string) *PasswordModifyRequest {
	return &PasswordModifyRequest{
		UserIdentity: userIdentity,
		OldPassword:  oldPassword,
		NewPassword:  newPassword,
	}
}

// PasswordModify performs the modification request
func (l *Conn) PasswordModify(passwordModifyRequest *PasswordModifyRequest) (*PasswordModifyResult, error) {
	msgCtx, err := l.doRequest(passwordModifyRequest)
	if err != nil {
		return nil, err
	}
	defer l.finishMessage(msgCtx)

	packet, err := l.readPacket(msgCtx)
	if err != nil {
		return nil, err
	}

	result := &PasswordModifyResult{}

	if packet.Children[1].Tag == ApplicationExtendedResponse {
		err := GetLDAPError(packet)
		if err != nil {
			if IsErrorWithCode(err, LDAPResultReferral) {
				for _, child := range packet.Children[1].Children {
					if child.Tag == 3 {
						result.Referral = child.Children[0].Value.(string)
					}
				}
			}
			return result, err
		}
	} else {
		return nil, NewError(ErrorUnexpectedResponse, fmt.Errorf("unexpected Response: %d", packet.Children[1].Tag))
	}

	extendedResponse := packet.Children[1]
	for _, child := range extendedResponse.Children {
		if child.Tag == 11 {
			passwordModifyResponseValue := ber.DecodePacket(child.Data.Bytes())
			if len(passwordModifyResponseValue.Children) == 1 {
				if passwordModifyResponseValue.Children[0].Tag == 0 {
					result.GeneratedPassword = ber.DecodeString(passwordModifyResponseValue.Children[0].Data.Bytes())
				}
			}
		}
	}

	return result, nil
}
Added all required dependencies 2016-11-03 22:16:01 +00:00			`package ldap`

			`import (`
			`"fmt"`

[Vendor] Update go-ldap to v3.2.4 (#13163) * [Vendor] update go-ldap to v3.0.3 * update go-ldap to v3.2.4 Co-authored-by: techknowlogick <techknowlogick@gitea.io> 2020-10-15 19:27:33 +00:00			`ber "github.com/go-asn1-ber/asn1-ber"`
Added all required dependencies 2016-11-03 22:16:01 +00:00			`)`

			`const (`
			`passwordModifyOID = "1.3.6.1.4.1.4203.1.11.1"`
			`)`

			`// PasswordModifyRequest implements the Password Modify Extended Operation as defined in https://www.ietf.org/rfc/rfc3062.txt`
			`type PasswordModifyRequest struct {`
			`// UserIdentity is an optional string representation of the user associated with the request.`
			`// This string may or may not be an LDAPDN [RFC2253].`
			`// If no UserIdentity field is present, the request acts up upon the password of the user currently associated with the LDAP session`
			`UserIdentity string`
			`// OldPassword, if present, contains the user's current password`
			`OldPassword string`
			`// NewPassword, if present, contains the desired password for this user`
			`NewPassword string`
			`}`

			`// PasswordModifyResult holds the server response to a PasswordModifyRequest`
			`type PasswordModifyResult struct {`
			`// GeneratedPassword holds a password generated by the server, if present`
			`GeneratedPassword string`
Move to ldap.v3 to fix #5928 (#6105) Signed-off-by: Andrew Thornton <art27@cantab.net> 2019-02-18 12:34:37 +00:00			`// Referral are the returned referral`
			`Referral string`
Added all required dependencies 2016-11-03 22:16:01 +00:00			`}`

[Vendor] Update go-ldap to v3.2.4 (#13163) * [Vendor] update go-ldap to v3.0.3 * update go-ldap to v3.2.4 Co-authored-by: techknowlogick <techknowlogick@gitea.io> 2020-10-15 19:27:33 +00:00			`func (req PasswordModifyRequest) appendTo(envelope ber.Packet) error {`
			`pkt := ber.Encode(ber.ClassApplication, ber.TypeConstructed, ApplicationExtendedRequest, nil, "Password Modify Extended Operation")`
			`pkt.AppendChild(ber.NewString(ber.ClassContext, ber.TypePrimitive, 0, passwordModifyOID, "Extended Request Name: Password Modify OID"))`

Added all required dependencies 2016-11-03 22:16:01 +00:00			`extendedRequestValue := ber.Encode(ber.ClassContext, ber.TypePrimitive, 1, nil, "Extended Request Value: Password Modify Request")`
			`passwordModifyRequestValue := ber.Encode(ber.ClassUniversal, ber.TypeConstructed, ber.TagSequence, nil, "Password Modify Request")`
[Vendor] Update go-ldap to v3.2.4 (#13163) * [Vendor] update go-ldap to v3.0.3 * update go-ldap to v3.2.4 Co-authored-by: techknowlogick <techknowlogick@gitea.io> 2020-10-15 19:27:33 +00:00			`if req.UserIdentity != "" {`
			`passwordModifyRequestValue.AppendChild(ber.NewString(ber.ClassContext, ber.TypePrimitive, 0, req.UserIdentity, "User Identity"))`
Added all required dependencies 2016-11-03 22:16:01 +00:00			`}`
[Vendor] Update go-ldap to v3.2.4 (#13163) * [Vendor] update go-ldap to v3.0.3 * update go-ldap to v3.2.4 Co-authored-by: techknowlogick <techknowlogick@gitea.io> 2020-10-15 19:27:33 +00:00			`if req.OldPassword != "" {`
			`passwordModifyRequestValue.AppendChild(ber.NewString(ber.ClassContext, ber.TypePrimitive, 1, req.OldPassword, "Old Password"))`
Added all required dependencies 2016-11-03 22:16:01 +00:00			`}`
[Vendor] Update go-ldap to v3.2.4 (#13163) * [Vendor] update go-ldap to v3.0.3 * update go-ldap to v3.2.4 Co-authored-by: techknowlogick <techknowlogick@gitea.io> 2020-10-15 19:27:33 +00:00			`if req.NewPassword != "" {`
			`passwordModifyRequestValue.AppendChild(ber.NewString(ber.ClassContext, ber.TypePrimitive, 2, req.NewPassword, "New Password"))`
Added all required dependencies 2016-11-03 22:16:01 +00:00			`}`
			`extendedRequestValue.AppendChild(passwordModifyRequestValue)`

[Vendor] Update go-ldap to v3.2.4 (#13163) * [Vendor] update go-ldap to v3.0.3 * update go-ldap to v3.2.4 Co-authored-by: techknowlogick <techknowlogick@gitea.io> 2020-10-15 19:27:33 +00:00			`pkt.AppendChild(extendedRequestValue)`

			`envelope.AppendChild(pkt)`

			`return nil`
Added all required dependencies 2016-11-03 22:16:01 +00:00			`}`

			`// NewPasswordModifyRequest creates a new PasswordModifyRequest`
			`//`
[Vendor] Update go-ldap to v3.2.4 (#13163) * [Vendor] update go-ldap to v3.0.3 * update go-ldap to v3.2.4 Co-authored-by: techknowlogick <techknowlogick@gitea.io> 2020-10-15 19:27:33 +00:00			`// According to the RFC 3602 (https://tools.ietf.org/html/rfc3062):`
Added all required dependencies 2016-11-03 22:16:01 +00:00			`// userIdentity is a string representing the user associated with the request.`
			`// This string may or may not be an LDAPDN (RFC 2253).`
			`// If userIdentity is empty then the operation will act on the user associated`
			`// with the session.`
			`//`
			`// oldPassword is the current user's password, it can be empty or it can be`
			`// needed depending on the session user access rights (usually an administrator`
			`// can change a user's password without knowing the current one) and the`
			`// password policy (see pwdSafeModify password policy's attribute)`
			`//`
			`// newPassword is the desired user's password. If empty the server can return`
			`// an error or generate a new password that will be available in the`
			`// PasswordModifyResult.GeneratedPassword`
			`//`
			`func NewPasswordModifyRequest(userIdentity string, oldPassword string, newPassword string) *PasswordModifyRequest {`
			`return &PasswordModifyRequest{`
			`UserIdentity: userIdentity,`
			`OldPassword: oldPassword,`
			`NewPassword: newPassword,`
			`}`
			`}`

			`// PasswordModify performs the modification request`
			`func (l Conn) PasswordModify(passwordModifyRequest PasswordModifyRequest) (*PasswordModifyResult, error) {`
[Vendor] Update go-ldap to v3.2.4 (#13163) * [Vendor] update go-ldap to v3.0.3 * update go-ldap to v3.2.4 Co-authored-by: techknowlogick <techknowlogick@gitea.io> 2020-10-15 19:27:33 +00:00			`msgCtx, err := l.doRequest(passwordModifyRequest)`
Added all required dependencies 2016-11-03 22:16:01 +00:00			`if err != nil {`
			`return nil, err`
			`}`
			`defer l.finishMessage(msgCtx)`

[Vendor] Update go-ldap to v3.2.4 (#13163) * [Vendor] update go-ldap to v3.0.3 * update go-ldap to v3.2.4 Co-authored-by: techknowlogick <techknowlogick@gitea.io> 2020-10-15 19:27:33 +00:00			`packet, err := l.readPacket(msgCtx)`
Added all required dependencies 2016-11-03 22:16:01 +00:00			`if err != nil {`
			`return nil, err`
			`}`

[Vendor] Update go-ldap to v3.2.4 (#13163) * [Vendor] update go-ldap to v3.0.3 * update go-ldap to v3.2.4 Co-authored-by: techknowlogick <techknowlogick@gitea.io> 2020-10-15 19:27:33 +00:00			`result := &PasswordModifyResult{}`
Added all required dependencies 2016-11-03 22:16:01 +00:00
			`if packet.Children[1].Tag == ApplicationExtendedResponse {`
Move to ldap.v3 to fix #5928 (#6105) Signed-off-by: Andrew Thornton <art27@cantab.net> 2019-02-18 12:34:37 +00:00			`err := GetLDAPError(packet)`
			`if err != nil {`
			`if IsErrorWithCode(err, LDAPResultReferral) {`
			`for _, child := range packet.Children[1].Children {`
			`if child.Tag == 3 {`
			`result.Referral = child.Children[0].Value.(string)`
			`}`
			`}`
			`}`
			`return result, err`
Added all required dependencies 2016-11-03 22:16:01 +00:00			`}`
			`} else {`
Move to ldap.v3 to fix #5928 (#6105) Signed-off-by: Andrew Thornton <art27@cantab.net> 2019-02-18 12:34:37 +00:00			`return nil, NewError(ErrorUnexpectedResponse, fmt.Errorf("unexpected Response: %d", packet.Children[1].Tag))`
Added all required dependencies 2016-11-03 22:16:01 +00:00			`}`

			`extendedResponse := packet.Children[1]`
			`for _, child := range extendedResponse.Children {`
			`if child.Tag == 11 {`
Request for public keys only if LDAP attribute is set (#5816) * Update go-ldap dependency * Request for public keys only if attribute is set 2019-01-23 23:25:33 +00:00			`passwordModifyResponseValue := ber.DecodePacket(child.Data.Bytes())`
			`if len(passwordModifyResponseValue.Children) == 1 {`
			`if passwordModifyResponseValue.Children[0].Tag == 0 {`
			`result.GeneratedPassword = ber.DecodeString(passwordModifyResponseValue.Children[0].Data.Bytes())`
Added all required dependencies 2016-11-03 22:16:01 +00:00			`}`
			`}`
			`}`
			`}`

			`return result, nil`
			`}`