X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=servers%2Fslapd%2Fpasswd.c;h=06cc1586a87478d2285866f4d7b2badd4b3d0bf0;hb=62139b6ef3634529c6d1ff726c337e685ea38cf8;hp=3a8ddd9c1dce03b616542d9c6722393ac9fc2d99;hpb=af02eee0d544cb7e10d143169d33b5002a018157;p=openldap

diff --git a/servers/slapd/passwd.c b/servers/slapd/passwd.c
index 3a8ddd9c1d..06cc1586a8 100644
--- a/servers/slapd/passwd.c
+++ b/servers/slapd/passwd.c
@@ -29,6 +29,7 @@ int passwd_extop(
 	const char **text,
 	BerVarray *refs )
 {
+	Backend *be;
 	int rc;
 
 	assert( reqoid != NULL );
@@ -39,31 +40,44 @@ int passwd_extop(
 		return LDAP_STRONG_AUTH_REQUIRED;
 	}
 
-	if( conn->c_authz_backend == NULL || !conn->c_authz_backend->be_extended ) {
+	ldap_pvt_thread_mutex_lock( &conn->c_mutex );
+	be = conn->c_authz_backend;
+	ldap_pvt_thread_mutex_unlock( &conn->c_mutex );
+
+	if( be && !be->be_extended ) {
 		*text = "operation not supported for current user";
 		return LDAP_UNWILLING_TO_PERFORM;
 	}
 
 	{
 		struct berval passwd = BER_BVC( LDAP_EXOP_MODIFY_PASSWD );
-
-		rc = backend_check_restrictions( conn->c_authz_backend,
-			conn, op, &passwd, text );
+		rc = backend_check_restrictions( be, conn, op, &passwd, text );
 	}
 
 	if( rc != LDAP_SUCCESS ) {
 		return rc;
 	}
 
-	if( conn->c_authz_backend->be_update_ndn.bv_len ) {
+	if( be == NULL ) {
+#ifdef HAVE_CYRUS_SASL
+		rc = slap_sasl_setpass( conn, op,
+			reqoid, reqdata,
+			rspoid, rspdata, rspctrls,
+			text );
+#else
+		*text = "no authz backend";
+		rc = LDAP_OTHER;
+#endif
+
+	} else if( be->be_update_ndn.bv_len ) {
 		/* we SHOULD return a referral in this case */
-		*refs = referral_rewrite( conn->c_authz_backend->be_update_refs,
+		*refs = referral_rewrite( be->be_update_refs,
 			NULL, NULL, LDAP_SCOPE_DEFAULT );
 			rc = LDAP_REFERRAL;
 
 	} else {
-		rc = conn->c_authz_backend->be_extended(
-			conn->c_authz_backend, conn, op,
+		rc = be->be_extended(
+			be, conn, op,
 			reqoid, reqdata,
 			rspoid, rspdata, rspctrls,
 			text, refs );
@@ -88,6 +102,11 @@ int slap_passwd_parse( struct berval *reqdata,
 		return LDAP_SUCCESS;
 	}
 
+	if( reqdata->bv_len == 0 ) {
+		*text = "empty request data field";
+		return LDAP_PROTOCOL_ERROR;
+	}
+
 	/* ber_init2 uses reqdata directly, doesn't allocate new buffers */
 	ber_init2( ber, reqdata, 0 );
 
@@ -204,7 +223,6 @@ decoding_error:
 			(long) len, 0, 0 );
 #endif
 
-
 		*text = "data decoding error";
 		rc = LDAP_PROTOCOL_ERROR;
 	}
@@ -321,13 +339,17 @@ slap_passwd_hash(
 #endif
 
 	tmp = lutil_passwd_hash( cred , hash );
-	assert( tmp != NULL );
 	
 #if defined( SLAPD_CRYPT ) || defined( SLAPD_SPASSWD )
 	ldap_pvt_thread_mutex_unlock( &passwd_mutex );
 #endif
+
+	if( tmp == NULL ) {
+		new->bv_len = 0;
+		new->bv_val = NULL;
+	}
+
 	*new = *tmp;
 	free( tmp );
-
 	return;
 }