#include <lutil.h>
int passwd_extop(
- SLAP_EXTOP_CALLBACK_FN ext_callback,
Connection *conn, Operation *op,
const char *reqoid,
struct berval *reqdata,
return LDAP_STRONG_AUTH_REQUIRED;
}
- if( conn->c_authz_backend != NULL && conn->c_authz_backend->be_extended )
- {
- if( global_readonly || conn->c_authz_backend->be_readonly ) {
+ if( conn->c_authz_backend != NULL && conn->c_authz_backend->be_extended ) {
+ if( conn->c_authz_backend->be_restrictops & SLAP_RESTRICT_OP_MODIFY ) {
*text = "authorization database is read only";
rc = LDAP_UNWILLING_TO_PERFORM;
int
slap_passwd_check(
+ Connection *conn,
Attribute *a,
struct berval *cred )
{
int i;
- for ( i = 0; a->a_vals[i] != NULL; i++ ) {
- int result;
+ int result = 1;
-#ifdef SLAPD_CRYPT
- ldap_pvt_thread_mutex_lock( &crypt_mutex );
+#if defined( SLAPD_CRYPT ) || defined( SLAPD_SPASSWD )
+ ldap_pvt_thread_mutex_lock( &passwd_mutex );
+#ifdef SLAPD_SPASSWD
+ lutil_passwd_sasl_conn = conn->c_sasl_context;
#endif
-
- result = lutil_passwd( a->a_vals[i], cred, NULL );
-
-#ifdef SLAPD_CRYPT
- ldap_pvt_thread_mutex_unlock( &crypt_mutex );
#endif
- if( !result )
- return result;
+ for ( i = 0; a->a_vals[i] != NULL; i++ ) {
+ if( !lutil_passwd( a->a_vals[i], cred, NULL ) ) {
+ result = 0;
+ break;
+ }
}
- return( 1 );
+#if defined( SLAPD_CRYPT ) || defined( SLAPD_SPASSWD )
+#ifdef SLAPD_SPASSWD
+ lutil_passwd_sasl_conn = NULL;
+#endif
+ ldap_pvt_thread_mutex_unlock( &passwd_mutex );
+#endif
+
+ return result;
}
struct berval * slap_passwd_generate( void )
struct berval *new;
-#ifdef SLAPD_CRYPT
- ldap_pvt_thread_mutex_lock( &crypt_mutex );
+#if defined( SLAPD_CRYPT ) || defined( SLAPD_SPASSWD )
+ ldap_pvt_thread_mutex_lock( &passwd_mutex );
#endif
new = lutil_passwd_hash( cred , hash );
-#ifdef SLAPD_CRYPT
- ldap_pvt_thread_mutex_unlock( &crypt_mutex );
+#if defined( SLAPD_CRYPT ) || defined( SLAPD_SPASSWD )
+ ldap_pvt_thread_mutex_unlock( &passwd_mutex );
#endif
return new;
projects / openldap / blobdiff