From: Kurt Zeilenga Date: Wed, 20 Sep 2000 00:28:57 +0000 (+0000) Subject: merge changes from authPassword work which should fix SPASSWD code... X-Git-Tag: LDBM_PRE_GIANT_RWLOCK~1942 X-Git-Url: https://git.sur5r.net/?a=commitdiff_plain;h=50714d2d488c46c5581a3ad86384c043fc12bdc9;p=openldap merge changes from authPassword work which should fix SPASSWD code... --- diff --git a/servers/slapd/back-ldbm/bind.c b/servers/slapd/back-ldbm/bind.c index 73dddc18bb..7025dd318a 100644 --- a/servers/slapd/back-ldbm/bind.c +++ b/servers/slapd/back-ldbm/bind.c @@ -165,7 +165,7 @@ ldbm_back_bind( goto return_results; } - if ( slap_passwd_check( a, cred ) != 0 ) { + if ( slap_passwd_check( conn, a, cred ) != 0 ) { send_ldap_result( conn, op, LDAP_INVALID_CREDENTIALS, NULL, NULL, NULL, NULL ); /* stop front end from sending result */ diff --git a/servers/slapd/backend.c b/servers/slapd/backend.c index 67f45256ab..0dad539936 100644 --- a/servers/slapd/backend.c +++ b/servers/slapd/backend.c @@ -516,14 +516,17 @@ be_isroot_pw( Backend *be, const char *ndn, struct berval *cred ) return 0; } -#ifdef SLAPD_CRYPT - ldap_pvt_thread_mutex_lock( &crypt_mutex ); +#if defined( SLAPD_CRYPT ) || defined( SLAPD_PASSWD ) + ldap_pvt_thread_mutex_lock( &passwd_mutex ); +#ifdef SLAPD_SPASSWD + lutil_passwd_sasl_conn = conn->c_sasl_context; +#endif #endif result = lutil_passwd( &be->be_root_pw, cred, NULL ); -#ifdef SLAPD_CRYPT - ldap_pvt_thread_mutex_unlock( &crypt_mutex ); +#if defined( SLAPD_CRYPT ) || defined( SLAPD_PASSWD ) + ldap_pvt_thread_mutex_unlock( &passwd_mutex ); #endif return result == 0; diff --git a/servers/slapd/init.c b/servers/slapd/init.c index 5c41461dff..69f64d4b7a 100644 --- a/servers/slapd/init.c +++ b/servers/slapd/init.c @@ -40,8 +40,8 @@ char **g_argv; */ ldap_pvt_thread_pool_t connection_pool; ldap_pvt_thread_mutex_t gmtime_mutex; -#ifdef SLAPD_CRYPT -ldap_pvt_thread_mutex_t crypt_mutex; +#if defined( SLAPD_CRYPT ) || defined( SLAPD_PASSWD ) +ldap_pvt_thread_mutex_t passwd_mutex; #endif int num_conns; @@ -103,8 +103,8 @@ slap_init( int mode, const char *name ) ldap_pvt_thread_mutex_init( &num_sent_mutex ); ldap_pvt_thread_mutex_init( &gmtime_mutex ); -#ifdef SLAPD_CRYPT - ldap_pvt_thread_mutex_init( &crypt_mutex ); +#if defined( SLAPD_CRYPT ) || defined( SLAPD_PASSWD ) + ldap_pvt_thread_mutex_init( &passwd_mutex ); #endif rc = slap_sasl_init(); diff --git a/servers/slapd/passwd.c b/servers/slapd/passwd.c index 547fb44c22..39ffb398bc 100644 --- a/servers/slapd/passwd.c +++ b/servers/slapd/passwd.c @@ -217,28 +217,32 @@ struct berval * slap_passwd_return( int slap_passwd_check( + Connection *conn, Attribute *a, struct berval *cred ) { int i; - for ( i = 0; a->a_vals[i] != NULL; i++ ) { - int result; + int result = 1; -#ifdef SLAPD_CRYPT - ldap_pvt_thread_mutex_lock( &crypt_mutex ); +#if defined( SLAPD_CRYPT ) || defined( SLAPD_PASSWD ) + ldap_pvt_thread_mutex_lock( &crypt_mutex ); +#ifdef SLAPD_SPASSWD + lutil_passwd_sasl_conn = conn->c_sasl_context; #endif - - result = lutil_passwd( a->a_vals[i], cred, NULL ); - -#ifdef SLAPD_CRYPT - ldap_pvt_thread_mutex_unlock( &crypt_mutex ); #endif - if( !result ) - return result; + for ( i = 0; a->a_vals[i] != NULL; i++ ) { + if( !lutil_passwd( a->a_vals[i], cred, NULL ) ) { + result = 0; + break; + } } - return( 1 ); +#if defined( SLAPD_CRYPT ) || defined( SLAPD_PASSWD ) + ldap_pvt_thread_mutex_unlock( &passwd_mutex ); +#endif + + return result; } struct berval * slap_passwd_generate( void ) @@ -259,14 +263,14 @@ struct berval * slap_passwd_hash( struct berval *new; -#ifdef SLAPD_CRYPT - ldap_pvt_thread_mutex_lock( &crypt_mutex ); +#if defined( SLAPD_CRYPT ) || defined( SLAPD_PASSWD ) + ldap_pvt_thread_mutex_lock( &passwd_mutex ); #endif new = lutil_passwd_hash( cred , hash ); -#ifdef SLAPD_CRYPT - ldap_pvt_thread_mutex_unlock( &crypt_mutex ); +#if defined( SLAPD_CRYPT ) || defined( SLAPD_PASSWD ) + ldap_pvt_thread_mutex_unlock( &passwd_mutex ); #endif return new; diff --git a/servers/slapd/proto-slap.h b/servers/slapd/proto-slap.h index 480ac3e021..bc0ac1db88 100644 --- a/servers/slapd/proto-slap.h +++ b/servers/slapd/proto-slap.h @@ -727,6 +727,7 @@ LDAP_SLAPD_F (int) passwd_extop LDAP_P(( struct berval *** refs )); LDAP_SLAPD_F (int) slap_passwd_check( + Connection *conn, Attribute *attr, struct berval *cred ); @@ -804,8 +805,8 @@ LDAP_SLAPD_F (ldap_pvt_thread_pool_t) connection_pool; LDAP_SLAPD_F (ldap_pvt_thread_mutex_t) entry2str_mutex; LDAP_SLAPD_F (ldap_pvt_thread_mutex_t) replog_mutex; -#ifdef SLAPD_CRYPT -LDAP_SLAPD_F (ldap_pvt_thread_mutex_t) crypt_mutex; +#if defined( SLAPD_CRYPT ) || defined( SLAPD_SPASSWD ) +LDAP_SLAPD_F (ldap_pvt_thread_mutex_t) passwd_mutex; #endif LDAP_SLAPD_F (ldap_pvt_thread_mutex_t) gmtime_mutex; diff --git a/servers/slapd/sasl.c b/servers/slapd/sasl.c index f776f7d44d..3a37c5d8ca 100644 --- a/servers/slapd/sasl.c +++ b/servers/slapd/sasl.c @@ -203,11 +203,7 @@ int slap_sasl_init( void ) sasl_secprops.maxbufsize = 65536; sasl_secprops.security_flags = SASL_SEC_NOPLAINTEXT|SASL_SEC_NOANONYMOUS; -#ifdef SLAPD_SPASSWD - lutil_passwd_sasl_conn = server; -#else sasl_dispose( &server ); -#endif #endif return 0; @@ -216,9 +212,6 @@ int slap_sasl_init( void ) int slap_sasl_destroy( void ) { #ifdef HAVE_CYRUS_SASL -#ifdef SLAPD_SPASSWD - sasl_dispose( &lutil_passwd_sasl_conn ); -#endif sasl_done(); #endif return 0;