Set peeraddr also for IPv6, fixes ITS#1918

[openldap] / servers / slapd / passwd.c

diff --git a/servers/slapd/passwd.c b/servers/slapd/passwd.c
index 3a8ddd9c1dce03b616542d9c6722393ac9fc2d99..06cc1586a87478d2285866f4d7b2badd4b3d0bf0 100644 (file)
--- a/servers/slapd/passwd.c
+++ b/servers/slapd/passwd.c
@@ -29,6 +29,7 @@ int passwd_extop(
        const char **text,
        BerVarray *refs )
 {
+       Backend *be;
        int rc;
 
        assert( reqoid != NULL );
@@ -39,31 +40,44 @@ int passwd_extop(
                return LDAP_STRONG_AUTH_REQUIRED;
        }
 
-       if( conn->c_authz_backend == NULL || !conn->c_authz_backend->be_extended ) {
+       ldap_pvt_thread_mutex_lock( &conn->c_mutex );
+       be = conn->c_authz_backend;
+       ldap_pvt_thread_mutex_unlock( &conn->c_mutex );
+
+       if( be && !be->be_extended ) {
                *text = "operation not supported for current user";
                return LDAP_UNWILLING_TO_PERFORM;
        }
 
        {
                struct berval passwd = BER_BVC( LDAP_EXOP_MODIFY_PASSWD );
-
-               rc = backend_check_restrictions( conn->c_authz_backend,
-                       conn, op, &passwd, text );
+               rc = backend_check_restrictions( be, conn, op, &passwd, text );
        }
 
        if( rc != LDAP_SUCCESS ) {
                return rc;
        }
 
-       if( conn->c_authz_backend->be_update_ndn.bv_len ) {
+       if( be == NULL ) {
+#ifdef HAVE_CYRUS_SASL
+               rc = slap_sasl_setpass( conn, op,
+                       reqoid, reqdata,
+                       rspoid, rspdata, rspctrls,
+                       text );
+#else
+               *text = "no authz backend";
+               rc = LDAP_OTHER;
+#endif
+
+       } else if( be->be_update_ndn.bv_len ) {
                /* we SHOULD return a referral in this case */
-               *refs = referral_rewrite( conn->c_authz_backend->be_update_refs,
+               *refs = referral_rewrite( be->be_update_refs,
                        NULL, NULL, LDAP_SCOPE_DEFAULT );
                        rc = LDAP_REFERRAL;
 
        } else {
-               rc = conn->c_authz_backend->be_extended(
-                       conn->c_authz_backend, conn, op,
+               rc = be->be_extended(
+                       be, conn, op,
                        reqoid, reqdata,
                        rspoid, rspdata, rspctrls,
                        text, refs );
@@ -88,6 +102,11 @@ int slap_passwd_parse( struct berval *reqdata,
                return LDAP_SUCCESS;
        }
 
+       if( reqdata->bv_len == 0 ) {
+               *text = "empty request data field";
+               return LDAP_PROTOCOL_ERROR;
+       }
+
        /* ber_init2 uses reqdata directly, doesn't allocate new buffers */
        ber_init2( ber, reqdata, 0 );
 
@@ -204,7 +223,6 @@ decoding_error:
                        (long) len, 0, 0 );
 #endif
 
-
                *text = "data decoding error";
                rc = LDAP_PROTOCOL_ERROR;
        }
@@ -321,13 +339,17 @@ slap_passwd_hash(
 #endif
 
        tmp = lutil_passwd_hash( cred , hash );
-       assert( tmp != NULL );
        
 #if defined( SLAPD_CRYPT ) || defined( SLAPD_SPASSWD )
        ldap_pvt_thread_mutex_unlock( &passwd_mutex );
 #endif
+
+       if( tmp == NULL ) {
+               new->bv_len = 0;
+               new->bv_val = NULL;
+       }
+
        *new = *tmp;
        free( tmp );
-
        return;
 }