DB_RMW flag to dn2id and id2entry

[openldap] / servers / slapd / passwd.c

diff --git a/servers/slapd/passwd.c b/servers/slapd/passwd.c
index 147c9b41f64303bc1f86b1c87e042f09e4952dfc..94cbeac0cf2d7631efd2376b40dd7655c4cde281 100644 (file)
--- a/servers/slapd/passwd.c
+++ b/servers/slapd/passwd.c
@@ -16,6 +16,7 @@
 
 #include "slap.h"
 
+#include <lber_pvt.h>
 #include <lutil.h>
 
 int passwd_extop(
@@ -38,28 +39,34 @@ int passwd_extop(
                return LDAP_STRONG_AUTH_REQUIRED;
        }
 
-       if( conn->c_authz_backend != NULL && conn->c_authz_backend->be_extended ) {
-               if( conn->c_authz_backend->be_restrictops & SLAP_RESTRICT_OP_MODIFY ) {
-                       *text = "authorization database is read only";
-                       rc = LDAP_UNWILLING_TO_PERFORM;
+       if( conn->c_authz_backend == NULL || !conn->c_authz_backend->be_extended ) {
+               *text = "operation not supported for current user";
+               return LDAP_UNWILLING_TO_PERFORM;
+       }
 
-               } else if( conn->c_authz_backend->be_update_ndn.bv_len ) {
-                       /* we SHOULD return a referral in this case */
-                       *refs = referral_rewrite( conn->c_authz_backend->be_update_refs,
-                               NULL, NULL, LDAP_SCOPE_DEFAULT );
-                       rc = LDAP_REFERRAL;
+       {
+               struct berval passwd = BER_BVC( LDAP_EXOP_MODIFY_PASSWD );
 
-               } else {
-                       rc = conn->c_authz_backend->be_extended(
-                               conn->c_authz_backend, conn, op,
-                               reqoid, reqdata,
-                               rspoid, rspdata, rspctrls,
-                               text, refs );
-               }
+               rc = backend_check_restrictions( conn->c_authz_backend,
+                       conn, op, &passwd, text );
+       }
+
+       if( rc != LDAP_SUCCESS ) {
+               return rc;
+       }
+
+       if( conn->c_authz_backend->be_update_ndn.bv_len ) {
+               /* we SHOULD return a referral in this case */
+               *refs = referral_rewrite( conn->c_authz_backend->be_update_refs,
+                       NULL, NULL, LDAP_SCOPE_DEFAULT );
+                       rc = LDAP_REFERRAL;
 
        } else {
-               *text = "operation not supported for current user";
-               rc = LDAP_UNWILLING_TO_PERFORM;
+               rc = conn->c_authz_backend->be_extended(
+                       conn->c_authz_backend, conn, op,
+                       reqoid, reqdata,
+                       rspoid, rspdata, rspctrls,
+                       text, refs );
        }
 
        return rc;
@@ -151,7 +158,7 @@ int slap_passwd_parse( struct berval *reqdata,
                        goto decoding_error;
                }
 
-               tag = ber_peek_tag( ber, &len);
+               tag = ber_peek_tag( ber, &len );
        }
 
        if( tag == LDAP_TAG_EXOP_MODIFY_PASSWD_NEW ) {
@@ -314,13 +321,17 @@ slap_passwd_hash(
 #endif
 
        tmp = lutil_passwd_hash( cred , hash );
-       assert( tmp != NULL );
        
 #if defined( SLAPD_CRYPT ) || defined( SLAPD_SPASSWD )
        ldap_pvt_thread_mutex_unlock( &passwd_mutex );
 #endif
+
+       if( tmp == NULL ) {
+               new->bv_len = 0;
+               new->bv_val = NULL;
+       }
+
        *new = *tmp;
        free( tmp );
-
        return;
 }