Fix cancel cleanup

[openldap] / servers / slapd / overlays / ppolicy.c

diff --git a/servers/slapd/overlays/ppolicy.c b/servers/slapd/overlays/ppolicy.c
index d1e69e6fe016083224a7db9183a95bd6a7d49be0..f572875fef781615c35a269607984e3babb6149f 100644 (file)
--- a/servers/slapd/overlays/ppolicy.c
+++ b/servers/slapd/overlays/ppolicy.c
@@ -1143,7 +1143,7 @@ ppolicy_add(
                        }
                }
                /* If password aging is in effect, set the pwdChangedTime */
-               if (( pp.pwdMaxAge || pp.pwdMinAge ) && !be_isupdate( op )) {
+               if (( pp.pwdMaxAge || pp.pwdMinAge ) && !be_shadow_update( op )) {
                        struct berval timestamp;
                        char timebuf[ LDAP_LUTIL_GENTIME_BUFSIZE ];
                        struct tm *ltm;
@@ -1173,7 +1173,6 @@ ppolicy_modify( Operation *op, SlapReply *rs )
        PassPolicy              pp;
        Modifications           *mods = NULL, *modtail, *ml, *delmod, *addmod;
        Attribute               *pa, *ha, *ra, at;
-       int                     repl_user = be_isupdate( op );
        const char              *txt;
        pw_hist                 *tl = NULL, *p;
        int                     zapReset, send_ctrl = 0;
@@ -1376,7 +1375,8 @@ ppolicy_modify( Operation *op, SlapReply *rs )
                const char *txt;
                
                bv = oldpw.bv_val ? &oldpw : delmod->sml_values;
-               rc = slap_passwd_check( op->o_conn, pa, bv, &txt );
+               /* FIXME: no access checking? */
+               rc = slap_passwd_check( op, NULL, pa, bv, &txt );
                if (rc != LDAP_SUCCESS) {
                        Debug( LDAP_DEBUG_TRACE,
                                "old password check failed: %s\n", txt, 0, 0 );
@@ -1420,7 +1420,8 @@ ppolicy_modify( Operation *op, SlapReply *rs )
                /*
                 * Last check - the password history.
                 */
-               if (slap_passwd_check( op->o_conn, pa, bv, &txt ) == LDAP_SUCCESS) {
+               /* FIXME: no access checking? */
+               if (slap_passwd_check( op, NULL, pa, bv, &txt ) == LDAP_SUCCESS) {
                        /*
                         * This is bad - it means that the user is attempting
                         * to set the password to the same as the old one.
@@ -1442,7 +1443,8 @@ ppolicy_modify( Operation *op, SlapReply *rs )
                cr[1].bv_val = NULL;
                for(p=tl; p; p=p->next) {
                        cr[0] = p->pw;
-                       rc = slap_passwd_check( op->o_conn, &at, bv, &txt );
+                       /* FIXME: no access checking? */
+                       rc = slap_passwd_check( op, NULL, &at, bv, &txt );
                        
                        if (rc != LDAP_SUCCESS) continue;
                        
@@ -1454,7 +1456,7 @@ ppolicy_modify( Operation *op, SlapReply *rs )
        }
 
 do_modify:
-       if ((pwmod) && (!repl_user)) {
+       if ((pwmod) && (!be_shadow_update( op ))) {
                struct berval timestamp;
                char timebuf[ LDAP_LUTIL_GENTIME_BUFSIZE ];
                struct tm *ltm;
@@ -1704,6 +1706,14 @@ ppolicy_db_init(
        return 0;
 }
 
+static int
+ppolicy_db_open(
+    BackendDB *be
+)
+{
+       return overlay_register_control( be, LDAP_CONTROL_PASSWORDPOLICYREQUEST );
+}
+
 static int
 ppolicy_close(
        BackendDB *be
@@ -1800,7 +1810,7 @@ int ppolicy_init()
        }
 
        code = register_supported_control( LDAP_CONTROL_PASSWORDPOLICYREQUEST,
-               SLAP_CTRL_ADD|SLAP_CTRL_BIND|SLAP_CTRL_MODIFY, extops,
+               SLAP_CTRL_ADD|SLAP_CTRL_BIND|SLAP_CTRL_MODIFY|SLAP_CTRL_HIDE, extops,
                ppolicy_parseCtrl, &ppolicy_cid );
        if ( code != LDAP_SUCCESS ) {
                fprintf( stderr, "Failed to register control %d\n", code );
@@ -1811,6 +1821,7 @@ int ppolicy_init()
 
        ppolicy.on_bi.bi_type = "ppolicy";
        ppolicy.on_bi.bi_db_init = ppolicy_db_init;
+       ppolicy.on_bi.bi_db_open = ppolicy_db_open;
        ppolicy.on_bi.bi_db_config = ppolicy_config;
        ppolicy.on_bi.bi_db_close = ppolicy_close;