X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=servers%2Fslapd%2Fpasswd.c;h=f45b974272d4bb57a657a29aea2d56f4c2313c0f;hb=ecfb311f8f2b4f8b8e74c0ee88b8ef572e792c99;hp=94cbeac0cf2d7631efd2376b40dd7655c4cde281;hpb=4832cc09d3feae2896e9373606674ee2d9a84997;p=openldap diff --git a/servers/slapd/passwd.c b/servers/slapd/passwd.c index 94cbeac0cf..f45b974272 100644 --- a/servers/slapd/passwd.c +++ b/servers/slapd/passwd.c @@ -29,6 +29,7 @@ int passwd_extop( const char **text, BerVarray *refs ) { + Backend *be; int rc; assert( reqoid != NULL ); @@ -39,31 +40,44 @@ int passwd_extop( return LDAP_STRONG_AUTH_REQUIRED; } - if( conn->c_authz_backend == NULL || !conn->c_authz_backend->be_extended ) { + ldap_pvt_thread_mutex_lock( &conn->c_mutex ); + be = conn->c_authz_backend; + ldap_pvt_thread_mutex_unlock( &conn->c_mutex ); + + if( be && !be->be_extended ) { *text = "operation not supported for current user"; return LDAP_UNWILLING_TO_PERFORM; } { struct berval passwd = BER_BVC( LDAP_EXOP_MODIFY_PASSWD ); - - rc = backend_check_restrictions( conn->c_authz_backend, - conn, op, &passwd, text ); + rc = backend_check_restrictions( be, conn, op, &passwd, text ); } if( rc != LDAP_SUCCESS ) { return rc; } - if( conn->c_authz_backend->be_update_ndn.bv_len ) { + if( be == NULL ) { +#ifdef HAVE_CYRUS_SASL + rc = slap_sasl_setpass( conn, op, + reqoid, reqdata, + rspoid, rspdata, rspctrls, + text ); +#else + *text = "no authz backend"; + rc = LDAP_OTHER; +#endif + + } else if( be->be_update_ndn.bv_len ) { /* we SHOULD return a referral in this case */ - *refs = referral_rewrite( conn->c_authz_backend->be_update_refs, + *refs = referral_rewrite( be->be_update_refs, NULL, NULL, LDAP_SCOPE_DEFAULT ); rc = LDAP_REFERRAL; } else { - rc = conn->c_authz_backend->be_extended( - conn->c_authz_backend, conn, op, + rc = be->be_extended( + be, conn, op, reqoid, reqdata, rspoid, rspdata, rspctrls, text, refs ); @@ -88,6 +102,11 @@ int slap_passwd_parse( struct berval *reqdata, return LDAP_SUCCESS; } + if( reqdata->bv_len == 0 ) { + *text = "empty request data field"; + return LDAP_PROTOCOL_ERROR; + } + /* ber_init2 uses reqdata directly, doesn't allocate new buffers */ ber_init2( ber, reqdata, 0 ); @@ -100,8 +119,8 @@ int slap_passwd_parse( struct berval *reqdata, if( tag == LDAP_TAG_EXOP_MODIFY_PASSWD_ID ) { if( id == NULL ) { #ifdef NEW_LOGGING - LDAP_LOG(( "operation", LDAP_LEVEL_ERR, - "slap_passwd_parse: ID not allowed.\n")); + LDAP_LOG( OPERATION, ERR, + "slap_passwd_parse: ID not allowed.\n", 0, 0, 0 ); #else Debug( LDAP_DEBUG_TRACE, "slap_passwd_parse: ID not allowed.\n", 0, 0, 0 ); @@ -116,8 +135,8 @@ int slap_passwd_parse( struct berval *reqdata, if( tag == LBER_ERROR ) { #ifdef NEW_LOGGING - LDAP_LOG(( "operation", LDAP_LEVEL_ERR, - "slap_passwd_parse: ID parse failed.\n")); + LDAP_LOG( OPERATION, ERR, + "slap_passwd_parse: ID parse failed.\n", 0, 0, 0 ); #else Debug( LDAP_DEBUG_TRACE, "slap_passwd_parse: ID parse failed.\n", 0, 0, 0 ); @@ -132,8 +151,8 @@ int slap_passwd_parse( struct berval *reqdata, if( tag == LDAP_TAG_EXOP_MODIFY_PASSWD_OLD ) { if( oldpass == NULL ) { #ifdef NEW_LOGGING - LDAP_LOG(( "operation", LDAP_LEVEL_ERR, - "slap_passwd_parse: OLD not allowed.\n" )); + LDAP_LOG( OPERATION, ERR, + "slap_passwd_parse: OLD not allowed.\n" , 0, 0, 0 ); #else Debug( LDAP_DEBUG_TRACE, "slap_passwd_parse: OLD not allowed.\n", 0, 0, 0 ); @@ -148,8 +167,8 @@ int slap_passwd_parse( struct berval *reqdata, if( tag == LBER_ERROR ) { #ifdef NEW_LOGGING - LDAP_LOG(( "operation", LDAP_LEVEL_ERR, - "slap_passwd_parse: ID parse failed.\n" )); + LDAP_LOG( OPERATION, ERR, + "slap_passwd_parse: ID parse failed.\n" , 0, 0, 0 ); #else Debug( LDAP_DEBUG_TRACE, "slap_passwd_parse: ID parse failed.\n", 0, 0, 0 ); @@ -164,8 +183,8 @@ int slap_passwd_parse( struct berval *reqdata, if( tag == LDAP_TAG_EXOP_MODIFY_PASSWD_NEW ) { if( newpass == NULL ) { #ifdef NEW_LOGGING - LDAP_LOG(( "operation", LDAP_LEVEL_ERR, - "slap_passwd_parse: NEW not allowed.\n" )); + LDAP_LOG( OPERATION, ERR, + "slap_passwd_parse: NEW not allowed.\n", 0, 0, 0 ); #else Debug( LDAP_DEBUG_TRACE, "slap_passwd_parse: NEW not allowed.\n", 0, 0, 0 ); @@ -180,8 +199,8 @@ int slap_passwd_parse( struct berval *reqdata, if( tag == LBER_ERROR ) { #ifdef NEW_LOGGING - LDAP_LOG(( "operation", LDAP_LEVEL_ERR, - "slap_passwd_parse: OLD parse failed.\n")); + LDAP_LOG( OPERATION, ERR, + "slap_passwd_parse: OLD parse failed.\n", 0, 0, 0 ); #else Debug( LDAP_DEBUG_TRACE, "slap_passwd_parse: OLD parse failed.\n", 0, 0, 0 ); @@ -196,15 +215,14 @@ int slap_passwd_parse( struct berval *reqdata, if( len != 0 ) { decoding_error: #ifdef NEW_LOGGING - LDAP_LOG(( "operation", LDAP_LEVEL_ERR, - "slap_passwd_parse: decoding error, len=%ld\n", (long)len )); + LDAP_LOG( OPERATION, ERR, + "slap_passwd_parse: decoding error, len=%ld\n", (long)len, 0, 0 ); #else Debug( LDAP_DEBUG_TRACE, "slap_passwd_parse: decoding error, len=%ld\n", (long) len, 0, 0 ); #endif - *text = "data decoding error"; rc = LDAP_PROTOCOL_ERROR; } @@ -225,8 +243,8 @@ struct berval * slap_passwd_return( assert( cred != NULL ); #ifdef NEW_LOGGING - LDAP_LOG(( "operation", LDAP_LEVEL_ENTRY, - "slap_passwd_return: %ld\n",(long)cred->bv_len )); + LDAP_LOG( OPERATION, ENTRY, + "slap_passwd_return: %ld\n",(long)cred->bv_len, 0, 0 ); #else Debug( LDAP_DEBUG_TRACE, "slap_passwd_return: %ld\n", (long) cred->bv_len, 0, 0 ); @@ -284,8 +302,7 @@ slap_passwd_generate( struct berval *pass ) { struct berval *tmp; #ifdef NEW_LOGGING - LDAP_LOG(( "operation", LDAP_LEVEL_ENTRY, - "slap_passwd_generate: begin\n" )); + LDAP_LOG( OPERATION, ENTRY, "slap_passwd_generate: begin\n", 0, 0, 0 ); #else Debug( LDAP_DEBUG_TRACE, "slap_passwd_generate\n", 0, 0, 0 ); #endif