- struct ldapinfo *li = (struct ldapinfo *) op->o_bd->be_private;
- struct ldapconn *lc;
- struct berval id = { 0, NULL };
- struct berval old = { 0, NULL };
- struct berval new = { 0, NULL };
- struct berval dn, mdn = { 0, NULL }, newpw;
- LDAPMessage *res;
- ber_int_t msgid;
- int rc;
-
- lc = ldap_back_getconn(op, rs);
- if (!lc || !ldap_back_dobind(lc, op, rs) ) {
- return -1;
+ ldapinfo_t *li = (ldapinfo_t *) op->o_bd->be_private;
+
+ ldapconn_t *lc = *lcp;
+ req_pwdexop_s *qpw = &op->oq_pwdexop;
+ LDAPMessage *res;
+ ber_int_t msgid;
+ int rc, isproxy, freedn = 0;
+ int do_retry = 1;
+ char *text = NULL;
+ struct berval dn = op->o_req_dn,
+ ndn = op->o_req_ndn;
+
+ assert( lc != NULL );
+ assert( rs->sr_ctrls == NULL );
+
+ if ( BER_BVISNULL( &ndn ) && op->ore_reqdata != NULL ) {
+ /* NOTE: most of this code is mutated
+ * from slap_passwd_parse();
+ * But here we only need
+ * the first berval... */
+
+ ber_tag_t tag;
+ ber_len_t len = -1;
+ BerElementBuffer berbuf;
+ BerElement *ber = (BerElement *)&berbuf;
+
+ struct berval tmpid = BER_BVNULL;
+
+ if ( op->ore_reqdata->bv_len == 0 ) {
+ return LDAP_PROTOCOL_ERROR;
+ }
+
+ /* ber_init2 uses reqdata directly, doesn't allocate new buffers */
+ ber_init2( ber, op->ore_reqdata, 0 );
+
+ tag = ber_scanf( ber, "{" /*}*/ );
+
+ if ( tag == LBER_ERROR ) {
+ return LDAP_PROTOCOL_ERROR;
+ }
+
+ tag = ber_peek_tag( ber, &len );
+ if ( tag == LDAP_TAG_EXOP_MODIFY_PASSWD_ID ) {
+ tag = ber_get_stringbv( ber, &tmpid, LBER_BV_NOTERM );
+
+ if ( tag == LBER_ERROR ) {
+ return LDAP_PROTOCOL_ERROR;
+ }
+ }
+
+ if ( !BER_BVISEMPTY( &tmpid ) ) {
+ char idNull = tmpid.bv_val[tmpid.bv_len];
+ tmpid.bv_val[tmpid.bv_len] = '\0';
+ rs->sr_err = dnPrettyNormal( NULL, &tmpid, &dn,
+ &ndn, op->o_tmpmemctx );
+ tmpid.bv_val[tmpid.bv_len] = idNull;
+ if ( rs->sr_err != LDAP_SUCCESS ) {
+ /* should have been successfully parsed earlier! */
+ return rs->sr_err;
+ }
+ freedn = 1;
+
+ } else {
+ dn = op->o_dn;
+ ndn = op->o_ndn;
+ }