add new ber dump routine (behind NEW_LOGGING)

[openldap] / servers / slapd / passwd.c

diff --git a/servers/slapd/passwd.c b/servers/slapd/passwd.c
index e2611643aef87aea96d43b754314e0ca00c1d89d..63110da27139c33830be51c5fdc79db42bb7c1ed 100644 (file)
--- a/servers/slapd/passwd.c
+++ b/servers/slapd/passwd.c
@@ -1,7 +1,7 @@
 /* bind.c - ldbm backend bind and unbind routines */
 /* $OpenLDAP$ */
 /*
- * Copyright 1998-1999 The OpenLDAP Foundation, All Rights Reserved.
+ * Copyright 1998-2000 The OpenLDAP Foundation, All Rights Reserved.
  * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
  */
 
@@ -19,14 +19,13 @@
 #include <lutil.h>
 
 int passwd_extop(
-       SLAP_EXTOP_CALLBACK_FN ext_callback,
        Connection *conn, Operation *op,
-       char *reqoid,
+       const char *reqoid,
        struct berval *reqdata,
        char **rspoid,
        struct berval **rspdata,
        LDAPControl ***rspctrls,
-       char **text,
+       const char **text,
        struct berval ***refs )
 {
        int rc;
@@ -39,9 +38,8 @@ int passwd_extop(
                return LDAP_STRONG_AUTH_REQUIRED;
        }
 
-       if( conn->c_authz_backend != NULL && conn->c_authz_backend->be_extended )
-       {
-               if( global_readonly || conn->c_authz_backend->be_readonly ) {
+       if( conn->c_authz_backend != NULL && conn->c_authz_backend->be_extended ) {
+               if( conn->c_authz_backend->be_restrictops & SLAP_RESTRICT_OP_MODIFY ) {
                        *text = "authorization database is read only";
                        rc = LDAP_UNWILLING_TO_PERFORM;
 
@@ -70,7 +68,7 @@ int slap_passwd_parse( struct berval *reqdata,
        struct berval **id,
        struct berval **oldpass,
        struct berval **newpass,
-       char **text )
+       const char **text )
 {
        int rc = LDAP_SUCCESS;
        ber_tag_t tag;
@@ -202,7 +200,7 @@ struct berval * slap_passwd_return(
 
        if( ber == NULL ) return NULL;
        
-       rc = ber_printf( ber, "{tO}",
+       rc = ber_printf( ber, "{tON}",
                LDAP_TAG_EXOP_X_MODIFY_PASSWD_GEN, cred );
 
        if( rc == -1 ) {
@@ -219,28 +217,35 @@ struct berval * slap_passwd_return(
 
 int
 slap_passwd_check(
+       Connection *conn,
        Attribute *a,
        struct berval *cred )
 {
        int     i;
-       for ( i = 0; a->a_vals[i] != NULL; i++ ) {
-               int result;
+       int result = 1;
 
-#ifdef SLAPD_CRYPT
-               ldap_pvt_thread_mutex_lock( &crypt_mutex );
+#if defined( SLAPD_CRYPT ) || defined( SLAPD_SPASSWD )
+       ldap_pvt_thread_mutex_lock( &passwd_mutex );
+#ifdef SLAPD_SPASSWD
+       lutil_passwd_sasl_conn = conn->c_sasl_context;
 #endif
-
-               result = lutil_passwd( a->a_vals[i], cred, NULL );
-
-#ifdef SLAPD_CRYPT
-               ldap_pvt_thread_mutex_unlock( &crypt_mutex );
 #endif
 
-               if( !result )
-                       return result;
+       for ( i = 0; a->a_vals[i] != NULL; i++ ) {
+               if( !lutil_passwd( a->a_vals[i], cred, NULL ) ) {
+                       result = 0;
+                       break;
+               }
        }
 
-       return( 1 );
+#if defined( SLAPD_CRYPT ) || defined( SLAPD_SPASSWD )
+#ifdef SLAPD_SPASSWD
+       lutil_passwd_sasl_conn = NULL;
+#endif
+       ldap_pvt_thread_mutex_unlock( &passwd_mutex );
+#endif
+
+       return result;
 }
 
 struct berval * slap_passwd_generate( void )
@@ -261,14 +266,14 @@ struct berval * slap_passwd_hash(
 
        struct berval *new;
 
-#ifdef SLAPD_CRYPT
-       ldap_pvt_thread_mutex_lock( &crypt_mutex );
+#if defined( SLAPD_CRYPT ) || defined( SLAPD_SPASSWD )
+       ldap_pvt_thread_mutex_lock( &passwd_mutex );
 #endif
 
        new = lutil_passwd_hash( cred , hash );
        
-#ifdef SLAPD_CRYPT
-       ldap_pvt_thread_mutex_unlock( &crypt_mutex );
+#if defined( SLAPD_CRYPT ) || defined( SLAPD_SPASSWD )
+       ldap_pvt_thread_mutex_unlock( &passwd_mutex );
 #endif
 
        return new;