From: Howard Chu Date: Mon, 1 Dec 2003 12:51:54 +0000 (+0000) Subject: Let the backend have a crack at the op (for back-ldap etc.), then do it X-Git-Tag: OPENLDAP_REL_ENG_2_1_MP~307 X-Git-Url: https://git.sur5r.net/?a=commitdiff_plain;h=b552cdb5c7b82251d3bb6f65d2d5794d18a5d4cf;p=openldap Let the backend have a crack at the op (for back-ldap etc.), then do it in the frontend if the backend doesn't. --- diff --git a/servers/slapd/passwd.c b/servers/slapd/passwd.c index 2e083dc4bd..0138b24933 100644 --- a/servers/slapd/passwd.c +++ b/servers/slapd/passwd.c @@ -33,7 +33,7 @@ int passwd_extop( SlapReply *rs ) { struct berval id = {0, NULL}, old = {0, NULL}, new = {0, NULL}, - dn, ndn, hash, vals[2]; + dn, ndn, hash, vals[2], tmpbv; int freenew = 0; Modifications ml, **modtail; Operation op2; @@ -46,8 +46,8 @@ int passwd_extop( return LDAP_STRONG_AUTH_REQUIRED; } - rs->sr_err = slap_passwd_parse( op->oq_extended.rs_reqdata, &id, - &old, &new, &rs->sr_text ); + ber_dupbv_x( &tmpbv, op->oq_extended.rs_reqdata, op->o_tmpmemctx ); + rs->sr_err = slap_passwd_parse( &tmpbv, &id, &old, &new, &rs->sr_text ); if ( rs->sr_err != LDAP_SUCCESS ) { return rs->sr_err; } @@ -69,13 +69,17 @@ int passwd_extop( ldap_pvt_thread_mutex_unlock( &op->o_conn->c_mutex ); } - if ( ndn.bv_len == 0 ) { - rs->sr_text = "no password is associated with the Root DSE"; - return LDAP_UNWILLING_TO_PERFORM; + if( op->o_bd == NULL ) { +#ifdef HAVE_CYRUS_SASL + return slap_sasl_setpass( op, rs ); +#else + rs->sr_text = "no authz backend"; + return LDAP_OTHER; +#endif } - if( op->o_bd && !op->o_bd->be_modify ) { - rs->sr_text = "operation not supported for current user"; + if ( ndn.bv_len == 0 ) { + rs->sr_text = "no password is associated with the Root DSE"; return LDAP_UNWILLING_TO_PERFORM; } @@ -84,14 +88,6 @@ int passwd_extop( return rs->sr_err; } - if( op->o_bd == NULL ) { -#ifdef HAVE_CYRUS_SASL - return slap_sasl_setpass( op, rs ); -#else - rs->sr_text = "no authz backend"; - return LDAP_OTHER; -#endif - } #ifndef SLAPD_MULTIMASTER /* This does not apply to multi-master case */ @@ -113,6 +109,21 @@ int passwd_extop( return LDAP_REFERRAL; } #endif /* !SLAPD_MULTIMASTER */ + + /* Give the backend a chance to handle this itself */ + if ( op->o_bd->be_extended ) { + rs->sr_err = op->o_bd->be_extended( op, rs ); + if ( rs->sr_err != LDAP_UNWILLING_TO_PERFORM ) { + return rs->sr_err; + } + } + + /* The backend didn't handle it, so try it here */ + if( op->o_bd && !op->o_bd->be_modify ) { + rs->sr_text = "operation not supported for current user"; + return LDAP_UNWILLING_TO_PERFORM; + } + if ( new.bv_len == 0 ) { slap_passwd_generate( &new ); freenew = 1;