/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2004-2008 The OpenLDAP Foundation.
+ * Copyright 2004-2009 The OpenLDAP Foundation.
* Portions Copyright 2004-2005 Howard Chu, Symas Corporation.
* Portions Copyright 2004 Hewlett-Packard Company.
* All rights reserved.
static LDAPControl *
create_passcontrol( Operation *op, int exptime, int grace, LDAPPasswordPolicyError err )
{
- char berbuf[LBER_ELEMENT_SIZEOF], bb2[LBER_ELEMENT_SIZEOF];
- BerElement *ber = (BerElement *)berbuf, *b2 = (BerElement *)bb2;
+ BerElementBuffer berbuf, bb2;
+ BerElement *ber = (BerElement *) &berbuf, *b2 = (BerElement *) &bb2;
LDAPControl c = { 0 }, *cp;
struct berval bv;
}
ber_printf( ber, /*{*/ "N}" );
- if (ber_flatten2( ber, &(c.ldctl_value), 1 ) == LBER_DEFAULT) {
+ if (ber_flatten2( ber, &c.ldctl_value, 0 ) == -1) {
return NULL;
}
- (void)ber_free_buf(ber);
cp = op->o_tmpalloc( sizeof( LDAPControl ) + c.ldctl_value.bv_len, op->o_tmpmemctx );
cp->ldctl_oid = (char *)ppolicy_ctrl_oid;
cp->ldctl_iscritical = 0;
cp->ldctl_value.bv_val = (char *)&cp[1];
cp->ldctl_value.bv_len = c.ldctl_value.bv_len;
AC_MEMCPY( cp->ldctl_value.bv_val, c.ldctl_value.bv_val, c.ldctl_value.bv_len );
- ber_memfree( c.ldctl_value.bv_val );
+ (void)ber_free_buf(ber);
return cp;
}
{
char *ptr;
struct berval nv, npw;
- int i, j;
+ ber_len_t i, j;
assert (bv && (bv->bv_len > 0) && (bv->bv_val) && oldtime && oldpw );
for ( n = 0; rs->sr_ctrls[n]; n++ ) {
if ( rs->sr_ctrls[n]->ldctl_oid == ppolicy_ctrl_oid ) {
- ch_free( rs->sr_ctrls[n]->ldctl_value.bv_val );
- ch_free( rs->sr_ctrls[n] );
+ op->o_tmpfree( rs->sr_ctrls[n], op->o_tmpmemctx );
rs->sr_ctrls[n] = (LDAPControl *)(-1);
break;
}
if ( send_ctrl ) {
if ( is_pwdexop ) {
if ( rs->sr_flags & REP_CTRLS_MUSTBEFREED ) {
- slap_free_ctrls( op, oldctrls );
+ op->o_tmpfree( oldctrls, op->o_tmpmemctx );
}
oldctrls = NULL;
rs->sr_flags |= REP_CTRLS_MUSTBEFREED;
{
slap_overinst *on = (slap_overinst *) be->bd_info;
+ if ( SLAP_ISGLOBALOVERLAY( be ) ) {
+ /* do not allow slapo-ppolicy to be global by now (ITS#5858) */
+ if ( cr ){
+ snprintf( cr->msg, sizeof(cr->msg),
+ "slapo-ppolicy cannot be global" );
+ fprintf( stderr, "%s\n", cr->msg );
+ }
+ return 1;
+ }
+
/* Has User Schema been initialized yet? */
if ( !pwd_UsSchema[0].ad[0] ) {
const char *err;