From: Howard Chu Date: Mon, 1 Dec 2003 12:38:11 +0000 (+0000) Subject: Consolidate passwd extop in frontend X-Git-Tag: OPENLDAP_REL_ENG_2_1_MP~308 X-Git-Url: https://git.sur5r.net/?a=commitdiff_plain;h=94f7141dda9eced809d33e30892f646a31f7e4fa;p=openldap Consolidate passwd extop in frontend --- diff --git a/servers/slapd/back-bdb/extended.c b/servers/slapd/back-bdb/extended.c index 64f4ff18d9..5d8cfc6ab0 100644 --- a/servers/slapd/back-bdb/extended.c +++ b/servers/slapd/back-bdb/extended.c @@ -27,7 +27,6 @@ static struct exop { struct berval *oid; BI_op_extended *extended; } exop_table[] = { - { (struct berval *)&slap_EXOP_MODIFY_PASSWD, bdb_exop_passwd }, { NULL, NULL } }; diff --git a/servers/slapd/back-bdb/passwd.c b/servers/slapd/back-bdb/passwd.c deleted file mode 100644 index 70624de6e9..0000000000 --- a/servers/slapd/back-bdb/passwd.c +++ /dev/null @@ -1,330 +0,0 @@ -/* passwd.c - bdb backend password routines */ -/* $OpenLDAP$ */ -/* This work is part of OpenLDAP Software . - * - * Copyright 2000-2003 The OpenLDAP Foundation. - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted only as authorized by the OpenLDAP - * Public License. - * - * A copy of this license is available in the file LICENSE in the - * top-level directory of the distribution or, alternatively, at - * . - */ - -#include "portable.h" - -#include -#include - -#include "back-bdb.h" -#include "external.h" -#include "lber_pvt.h" - -int -bdb_exop_passwd( Operation *op, SlapReply *rs ) -{ - struct bdb_info *bdb = (struct bdb_info *) op->o_bd->be_private; - int rc; - Entry *e = NULL; - EntryInfo *ei; - struct berval hash = { 0, NULL }; - DB_TXN *ltid = NULL, *lt2; - struct bdb_op_info opinfo; - char textbuf[SLAP_TEXT_BUFLEN]; - size_t textlen = sizeof textbuf; - - struct berval id = { 0, NULL }; - struct berval new = { 0, NULL }; - - struct berval dn = { 0, NULL }; - struct berval ndn = { 0, NULL }; - - u_int32_t locker = 0; - DB_LOCK lock; - - int num_retries = 0; - - assert( ber_bvcmp( &slap_EXOP_MODIFY_PASSWD, &op->oq_extended.rs_reqoid ) == 0 ); - - rc = slap_passwd_parse( op->oq_extended.rs_reqdata, - &id, NULL, &new, &rs->sr_text ); - -#ifdef NEW_LOGGING - LDAP_LOG ( ACL, ENTRY, - "==>bdb_exop_passwd: \"%s\"\n", id.bv_val ? id.bv_val : "", 0, 0 ); -#else - Debug( LDAP_DEBUG_ARGS, "==> bdb_exop_passwd: \"%s\"\n", - id.bv_val ? id.bv_val : "", 0, 0 ); -#endif - - if( rc != LDAP_SUCCESS ) { - goto done; - } - - if( new.bv_len == 0 ) { - slap_passwd_generate(&new); - - if( new.bv_len == 0 ) { - rs->sr_text = "password generation failed."; - rc = LDAP_OTHER; - goto done; - } - - rs->sr_rspdata = slap_passwd_return( &new ); - } - - slap_passwd_hash( &new, &hash, &rs->sr_text ); - - if( hash.bv_len == 0 ) { - if( !rs->sr_text ) rs->sr_text = "password hash failed"; - rc = LDAP_OTHER; - goto done; - } - - if( id.bv_len ) { - dn = id; - } else { - dn = op->o_dn; - } - -#ifdef NEW_LOGGING - LDAP_LOG ( ACL, DETAIL1, "bdb_exop_passwd: \"%s\"%s\"\n", - dn.bv_val, id.bv_len ? " (proxy)" : "", 0 ); -#else - Debug( LDAP_DEBUG_TRACE, "bdb_exop_passwd: \"%s\"%s\n", - dn.bv_val, id.bv_len ? " (proxy)" : "", 0 ); -#endif - - if( dn.bv_len == 0 ) { - rs->sr_text = "No password is associated with the Root DSE"; - rc = LDAP_UNWILLING_TO_PERFORM; - goto done; - } - - rc = dnNormalize( 0, NULL, NULL, &dn, &ndn, op->o_tmpmemctx ); - if( rc != LDAP_SUCCESS ) { - rs->sr_text = "Invalid DN"; - goto done; - } - - if( 0 ) { -retry: /* transaction retry */ - if ( e != NULL ) { - bdb_unlocked_cache_return_entry_w(&bdb->bi_cache, e); - } -#ifdef NEW_LOGGING - LDAP_LOG ( ACL, DETAIL1, "bdb_exop_passwd: retrying...\n", 0, 0, 0 ); -#else - Debug( LDAP_DEBUG_TRACE, "bdb_exop_passwd: retrying...\n", 0, 0, 0 ); -#endif - rc = TXN_ABORT( ltid ); - ltid = NULL; - op->o_private = NULL; - op->o_do_not_cache = opinfo.boi_acl_cache; - if( rc != 0 ) { - rc = LDAP_OTHER; - rs->sr_text = "internal error"; - goto done; - } - ldap_pvt_thread_yield(); - bdb_trans_backoff( ++num_retries ); - } - - /* begin transaction */ - rc = TXN_BEGIN( bdb->bi_dbenv, NULL, <id, - bdb->bi_db_opflags ); - rs->sr_text = NULL; - if( rc != 0 ) { -#ifdef NEW_LOGGING - LDAP_LOG ( ACL, ERR, - "bdb_exop_passwd: txn_begin failed: %s (%d)\n", - db_strerror(rc), rc, 0 ); -#else - Debug( LDAP_DEBUG_TRACE, - "bdb_exop_passwd: txn_begin failed: %s (%d)\n", - db_strerror(rc), rc, 0 ); -#endif - rc = LDAP_OTHER; - rs->sr_text = "internal error"; - goto done; - } - - locker = TXN_ID ( ltid ); - - opinfo.boi_bdb = op->o_bd; - opinfo.boi_txn = ltid; - opinfo.boi_locker = locker; - opinfo.boi_err = 0; - opinfo.boi_acl_cache = op->o_do_not_cache; - op->o_private = &opinfo; - - /* get entry */ - rc = bdb_dn2entry( op, ltid, &ndn, &ei, 0 , locker, &lock ); - - switch(rc) { - case DB_LOCK_DEADLOCK: - case DB_LOCK_NOTGRANTED: - goto retry; - case DB_NOTFOUND: - case 0: - break; - case LDAP_BUSY: - rs->sr_text = "ldap server busy"; - goto done; - default: - rc = LDAP_OTHER; - rs->sr_text = "internal error"; - goto done; - } - - if ( ei ) e = ei->bei_e; - - if ( e == NULL || is_entry_glue( e )) { - /* FIXME: dn2entry() should return non-glue entry */ - rs->sr_text = "could not locate authorization entry"; - rc = LDAP_NO_SUCH_OBJECT; - goto done; - } - -#ifdef BDB_SUBENTRIES - if( is_entry_subentry( e ) ) { - /* entry is a subentry, don't allow operation */ - rs->sr_text = "authorization entry is subentry"; - rc = LDAP_OTHER; - goto done; - } -#endif - -#ifdef BDB_ALIASES - if( is_entry_alias( e ) ) { - /* entry is an alias, don't allow operation */ - rs->sr_text = "authorization entry is alias"; - rc = LDAP_ALIAS_PROBLEM; - goto done; - } -#endif - - if( is_entry_referral( e ) ) { - /* entry is an referral, don't allow operation */ - rs->sr_text = "authorization entry is referral"; - rc = LDAP_OTHER; - goto done; - } - - /* nested transaction */ - rc = TXN_BEGIN( bdb->bi_dbenv, ltid, <2, - bdb->bi_db_opflags ); - rs->sr_text = NULL; - if( rc != 0 ) { -#ifdef NEW_LOGGING - LDAP_LOG ( OPERATION, ERR, - "bdb_exop_passwd: txn_begin(2) failed: %s (%d)\n", - db_strerror(rs->sr_err), rs->sr_err, 0 ); -#else - Debug( LDAP_DEBUG_TRACE, - "bdb_exop_passwd: txn_begin(2) failed: %s (%d)\n", - db_strerror(rs->sr_err), rs->sr_err, 0 ); -#endif - rc = LDAP_OTHER; - rs->sr_text = "internal error"; - goto done; - } - - { - Modifications ml; - struct berval vals[2]; - Entry dummy, *save; - - save = e; - dummy = *e; - e = &dummy; - - vals[0] = hash; - vals[1].bv_val = NULL; - - ml.sml_desc = slap_schema.si_ad_userPassword; - ml.sml_values = vals; - ml.sml_nvalues = NULL; - ml.sml_op = LDAP_MOD_REPLACE; - ml.sml_next = NULL; - - rc = bdb_modify_internal( op, lt2, - &ml, e, &rs->sr_text, textbuf, textlen ); - - if ( (rc == LDAP_INSUFFICIENT_ACCESS) && opinfo.boi_err ) { - rc = opinfo.boi_err; - } - switch(rc) { - case DB_LOCK_DEADLOCK: - case DB_LOCK_NOTGRANTED: - rs->sr_text = NULL; - goto retry; - case 0: - rs->sr_text = NULL; - break; - default: - rc = LDAP_OTHER; - rs->sr_text = "entry modify failed"; - goto done; - } - - /* change the entry itself */ - rc = bdb_id2entry_update( op->o_bd, lt2, e ); - if( rc != 0 ) { - switch(rc) { - case DB_LOCK_DEADLOCK: - case DB_LOCK_NOTGRANTED: - goto retry; - } - rs->sr_text = "entry update failed"; - rc = LDAP_OTHER; - } - if ( TXN_COMMIT( lt2, 0 ) != 0 ) { - rc = LDAP_OTHER; - rs->sr_text = "txn_commit(2) failed"; - } - - if( rc == 0 ) { - if( op->o_noop ) { - rc = TXN_ABORT( ltid ); - } else { - bdb_cache_modify( save, e->e_attrs, - bdb->bi_dbenv, locker, &lock ); - rc = TXN_COMMIT( ltid, 0 ); - } - ltid = NULL; - } - op->o_private = NULL; - - if( rc == LDAP_SUCCESS ) { - op->o_req_dn = e->e_name; - op->o_req_ndn = e->e_nname; - op->oq_modify.rs_modlist = &ml; - replog( op ); - op->oq_extended.rs_reqoid = slap_EXOP_MODIFY_PASSWD; - } - } - -done: - if( e != NULL ) { - bdb_unlocked_cache_return_entry_w( &bdb->bi_cache, e ); - } - - if( hash.bv_val != NULL ) { - free( hash.bv_val ); - } - - if( ndn.bv_val != NULL ) { - op->o_tmpfree( ndn.bv_val, op->o_tmpmemctx ); - } - - if( ltid != NULL ) { - TXN_ABORT( ltid ); - op->o_private = NULL; - } - - return rc; -} diff --git a/servers/slapd/back-bdb/proto-bdb.h b/servers/slapd/back-bdb/proto-bdb.h index cf21aa9775..a7d997ede2 100644 --- a/servers/slapd/back-bdb/proto-bdb.h +++ b/servers/slapd/back-bdb/proto-bdb.h @@ -379,13 +379,6 @@ int bdb_modify_internal( char *textbuf, size_t textlen ); -/* - * passwd.c - */ -#define bdb_exop_passwd BDB_SYMBOL(exop_passwd) - -BI_op_extended bdb_exop_passwd; - /* * cache.c diff --git a/servers/slapd/back-ldbm/extended.c b/servers/slapd/back-ldbm/extended.c index 3318f47044..a631577856 100644 --- a/servers/slapd/back-ldbm/extended.c +++ b/servers/slapd/back-ldbm/extended.c @@ -30,7 +30,6 @@ struct exop { struct berval *oid; BI_op_extended *extended; } exop_table[] = { - { (struct berval *)&slap_EXOP_MODIFY_PASSWD, ldbm_back_exop_passwd }, { NULL, NULL } }; diff --git a/servers/slapd/back-ldbm/passwd.c b/servers/slapd/back-ldbm/passwd.c deleted file mode 100644 index ac1f0897fc..0000000000 --- a/servers/slapd/back-ldbm/passwd.c +++ /dev/null @@ -1,202 +0,0 @@ -/* passwd.c - ldbm backend password routines */ -/* $OpenLDAP$ */ -/* This work is part of OpenLDAP Software . - * - * Copyright 1998-2003 The OpenLDAP Foundation. - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted only as authorized by the OpenLDAP - * Public License. - * - * A copy of this license is available in the file LICENSE in the - * top-level directory of the distribution or, alternatively, at - * . - */ - -#include "portable.h" - -#include - -#include -#include - -#include "slap.h" -#include "back-ldbm.h" -#include "proto-back-ldbm.h" -#include "lber_pvt.h" - -int -ldbm_back_exop_passwd( - Operation *op, - SlapReply *rs ) -{ - struct ldbminfo *li = (struct ldbminfo *) op->o_bd->be_private; - int rc; - Entry *e = NULL; - struct berval hash = { 0, NULL }; - - struct berval id = { 0, NULL }; - struct berval new = { 0, NULL }; - - struct berval dn = { 0, NULL }; - struct berval ndn = { 0, NULL }; - - assert( ber_bvcmp( &slap_EXOP_MODIFY_PASSWD, &op->oq_extended.rs_reqoid ) == 0 ); - - rc = slap_passwd_parse( op->oq_extended.rs_reqdata, - &id, NULL, &new, &rs->sr_text ); - -#ifdef NEW_LOGGING - LDAP_LOG( BACK_LDBM, ENTRY, - "ldbm_back_exop_passwd: \"%s\"\n", id.bv_val ? id.bv_val : "", 0,0 ); -#else - Debug( LDAP_DEBUG_ARGS, "==> ldbm_back_exop_passwd: \"%s\"\n", - id.bv_val ? id.bv_val : "", 0, 0 ); -#endif - - if( rc != LDAP_SUCCESS ) { - goto done; - } - - if( new.bv_len == 0 ) { - slap_passwd_generate(&new); - - if( new.bv_len == 0 ) { - rs->sr_text = "password generation failed."; - rc = LDAP_OTHER; - goto done; - } - - rs->sr_rspdata = slap_passwd_return( &new ); - } - - slap_passwd_hash( &new, &hash, &rs->sr_text ); - - if( hash.bv_len == 0 ) { - if( !rs->sr_text ) rs->sr_text = "password hash failed"; - rc = LDAP_OTHER; - goto done; - } - - if( id.bv_len ) { - dn = id; - } else { - dn = op->o_dn; - } - -#ifdef NEW_LOGGING - LDAP_LOG( BACK_LDBM, DETAIL1, - "ldbm_back_exop_passwd: \"%s\"%s\n", - dn.bv_val, id.bv_len ? " (proxy)" : "", 0 ); -#else - Debug( LDAP_DEBUG_TRACE, "passwd: \"%s\"%s\n", - dn.bv_val, id.bv_len ? " (proxy)" : "", 0 ); -#endif - - if( dn.bv_len == 0 ) { - rs->sr_text = "No password is associated with the Root DSE"; - rc = LDAP_UNWILLING_TO_PERFORM; - goto done; - } - - rc = dnNormalize( 0, NULL, NULL, &dn, &ndn, op->o_tmpmemctx ); - if( rc != LDAP_SUCCESS ) { - rs->sr_text = "Invalid DN"; - goto done; - } - - /* grab giant lock for writing */ - ldap_pvt_thread_rdwr_wlock(&li->li_giant_rwlock); - - e = dn2entry_w( op->o_bd, &ndn, NULL ); - - if ( e == NULL || is_entry_glue( e )) { - /* FIXME : dn2entry() should return non-glue entry */ - ldap_pvt_thread_rdwr_wunlock(&li->li_giant_rwlock); - rs->sr_text = "could not locate authorization entry"; - rc = LDAP_NO_SUCH_OBJECT; - goto done; - } - -#ifdef LDBM_SUBENTRIES - if( is_entry_subentry( e ) ) { - /* entry is a subentry, don't allow operation */ - rs->sr_text = "authorization entry is subentry"; - rc = LDAP_OTHER; - goto done; - } -#endif - - if( is_entry_alias( e ) ) { - /* entry is an alias, don't allow operation */ - rs->sr_text = "authorization entry is alias"; - rc = LDAP_ALIAS_PROBLEM; - goto done; - } - - rc = LDAP_OTHER; - - if( is_entry_referral( e ) ) { - /* entry is an referral, don't allow operation */ - rs->sr_text = "authorization entry is referral"; - goto done; - } - - { - Modifications ml; - struct berval vals[2]; - char textbuf[SLAP_TEXT_BUFLEN]; /* non-returnable */ - - vals[0] = hash; - vals[1].bv_val = NULL; - - ml.sml_desc = slap_schema.si_ad_userPassword; - ml.sml_values = vals; - ml.sml_nvalues = vals; - ml.sml_op = LDAP_MOD_REPLACE; - ml.sml_next = NULL; - - rc = ldbm_modify_internal( op, - &ml, e, &rs->sr_text, textbuf, - sizeof( textbuf ) ); - - /* FIXME: ldbm_modify_internal may set *text = textbuf, - * which is BAD */ - if ( rs->sr_text == textbuf ) { - rs->sr_text = NULL; - } - - if( rc ) { - /* cannot return textbuf */ - rs->sr_text = "entry modify failed"; - goto done; - } - - /* change the entry itself */ - if( id2entry_add( op->o_bd, e ) != 0 ) { - rs->sr_text = "entry update failed"; - rc = LDAP_OTHER; - } - - if( rc == LDAP_SUCCESS ) { - replog( op ); - } - } - -done: - if( e != NULL ) { - cache_return_entry_w( &li->li_cache, e ); - ldap_pvt_thread_rdwr_wunlock(&li->li_giant_rwlock); - } - - if( hash.bv_val != NULL ) { - free( hash.bv_val ); - } - - if( ndn.bv_val != NULL ) { - op->o_tmpfree( ndn.bv_val, op->o_tmpmemctx ); - } - - return rc; -} diff --git a/servers/slapd/back-ldbm/proto-back-ldbm.h b/servers/slapd/back-ldbm/proto-back-ldbm.h index c659c198ff..e19854318f 100644 --- a/servers/slapd/back-ldbm/proto-back-ldbm.h +++ b/servers/slapd/back-ldbm/proto-back-ldbm.h @@ -194,11 +194,6 @@ key_read LDAP_P(( struct berval *k, ID_BLOCK **idout )); -/* - * passwd.c - */ -extern BI_op_extended ldbm_back_exop_passwd; - /* * modify.c * These prototypes are placed here because they are used by modify and diff --git a/servers/slapd/passwd.c b/servers/slapd/passwd.c index 2f50c2a948..2e083dc4bd 100644 --- a/servers/slapd/passwd.c +++ b/servers/slapd/passwd.c @@ -32,8 +32,13 @@ int passwd_extop( Operation *op, SlapReply *rs ) { - struct berval tmpbv, id, old, new; - + struct berval id = {0, NULL}, old = {0, NULL}, new = {0, NULL}, + dn, ndn, hash, vals[2]; + int freenew = 0; + Modifications ml, **modtail; + Operation op2; + slap_callback cb = { slap_null_cb, NULL }; + assert( ber_bvcmp( &slap_EXOP_MODIFY_PASSWD, &op->ore_reqoid ) == 0 ); if( op->o_dn.bv_len == 0 ) { @@ -41,35 +46,35 @@ int passwd_extop( return LDAP_STRONG_AUTH_REQUIRED; } - /* FIXME: need to parse the reqdata to determine the backend - * of the DN the passwd_extop () will apply to; this, on turn, - * requires to duplicate the reqdata because slap_passwd_parse() - * apparently alters it! - * - * Maybe we can make a lightweight version of slap_passwd_parse() - * that extracts the DN with no impact on the reqdata value? - */ - ber_dupbv_x( &tmpbv, op->oq_extended.rs_reqdata, op->o_tmpmemctx ); - rs->sr_err = slap_passwd_parse( &tmpbv, &id, &old, &new, &rs->sr_text ); - if (rs->sr_err != LDAP_SUCCESS) { - ber_memfree_x( tmpbv.bv_val, op->o_tmpmemctx ); + rs->sr_err = slap_passwd_parse( op->oq_extended.rs_reqdata, &id, + &old, &new, &rs->sr_text ); + if ( rs->sr_err != LDAP_SUCCESS ) { return rs->sr_err; } - - ldap_pvt_thread_mutex_lock( &op->o_conn->c_mutex ); - /* FIXME: we select the appropriate backend based on the DN - * in the reqdata - */ + if ( id.bv_len ) { - op->o_bd = select_backend( &id, 0, 0 ); - + dn = id; + /* ndn is in tmpmem, so we don't need to free it */ + rs->sr_err = dnNormalize( 0, NULL, NULL, &dn, &ndn, op->o_tmpmemctx ); + if ( rs->sr_err != LDAP_SUCCESS ) { + rs->sr_text = "Invalid DN"; + return rs->sr_err; + } + op->o_bd = select_backend( &ndn, 0, 0 ); } else { + dn = op->o_dn; + ndn = op->o_ndn; + ldap_pvt_thread_mutex_lock( &op->o_conn->c_mutex ); op->o_bd = op->o_conn->c_authz_backend; + ldap_pvt_thread_mutex_unlock( &op->o_conn->c_mutex ); } - ldap_pvt_thread_mutex_unlock( &op->o_conn->c_mutex ); - ber_memfree_x( tmpbv.bv_val, op->o_tmpmemctx ); - if( op->o_bd && !op->o_bd->be_extended ) { + if ( ndn.bv_len == 0 ) { + rs->sr_text = "no password is associated with the Root DSE"; + return LDAP_UNWILLING_TO_PERFORM; + } + + if( op->o_bd && !op->o_bd->be_modify ) { rs->sr_text = "operation not supported for current user"; return LDAP_UNWILLING_TO_PERFORM; } @@ -81,15 +86,16 @@ int passwd_extop( if( op->o_bd == NULL ) { #ifdef HAVE_CYRUS_SASL - rs->sr_err = slap_sasl_setpass( op, rs ); + return slap_sasl_setpass( op, rs ); #else rs->sr_text = "no authz backend"; - rs->sr_err = LDAP_OTHER; + return LDAP_OTHER; #endif + } #ifndef SLAPD_MULTIMASTER /* This does not apply to multi-master case */ - } else if( op->o_bd->be_update_ndn.bv_len ) { + if( op->o_bd->be_update_ndn.bv_len ) { /* we SHOULD return a referral in this case */ BerVarray defref = NULL; if ( !LDAP_STAILQ_EMPTY( &op->o_bd->be_syncinfo )) { @@ -104,12 +110,54 @@ int passwd_extop( NULL, NULL, LDAP_SCOPE_DEFAULT ); } rs->sr_ref = defref; - rs->sr_err = LDAP_REFERRAL; + return LDAP_REFERRAL; + } #endif /* !SLAPD_MULTIMASTER */ - - } else { - rs->sr_err = op->o_bd->be_extended( op, rs ); + if ( new.bv_len == 0 ) { + slap_passwd_generate( &new ); + freenew = 1; + } + if ( new.bv_len == 0 ) { + rs->sr_text = "password generation failed"; + return LDAP_OTHER; + } + slap_passwd_hash( &new, &hash, &rs->sr_text ); + if ( freenew ) { + free( new.bv_val ); + } + if ( hash.bv_len == 0 ) { + if ( !rs->sr_text ) { + rs->sr_text = "password hash failed"; + } + return LDAP_OTHER; + } + vals[0] = hash; + vals[1].bv_val = NULL; + ml.sml_desc = slap_schema.si_ad_userPassword; + ml.sml_values = vals; + ml.sml_nvalues = NULL; + ml.sml_op = LDAP_MOD_REPLACE; + ml.sml_next = NULL; + + op2 = *op; + op2.o_tag = LDAP_REQ_MODIFY; + op2.o_callback = &cb; + op2.o_req_dn = dn; + op2.o_req_ndn = ndn; + op2.orm_modlist = &ml; + + modtail = &ml.sml_next; + rs->sr_err = slap_mods_opattrs( &op2, &ml, modtail, &rs->sr_text, + NULL, 0 ); + + if ( rs->sr_err == LDAP_SUCCESS ) { + rs->sr_err = op2.o_bd->be_modify( &op2, rs ); + if ( rs->sr_err == LDAP_SUCCESS ) { + replog( &op2 ); + } } + slap_mods_free( ml.sml_next ); + free( hash.bv_val ); return rs->sr_err; }