From: Pierangelo Masarati Date: Mon, 1 Dec 2003 11:12:04 +0000 (+0000) Subject: ITS#2851 X-Git-Tag: OPENLDAP_REL_ENG_2_1_MP~313 X-Git-Url: https://git.sur5r.net/?a=commitdiff_plain;h=bd134e22e5ed63533f0a5884dfb75d0e726f70e3;p=openldap ITS#2851 --- diff --git a/servers/slapd/passwd.c b/servers/slapd/passwd.c index d00ae16999..2f50c2a948 100644 --- a/servers/slapd/passwd.c +++ b/servers/slapd/passwd.c @@ -32,6 +32,8 @@ int passwd_extop( Operation *op, SlapReply *rs ) { + struct berval tmpbv, id, old, new; + assert( ber_bvcmp( &slap_EXOP_MODIFY_PASSWD, &op->ore_reqoid ) == 0 ); if( op->o_dn.bv_len == 0 ) { @@ -39,9 +41,33 @@ int passwd_extop( return LDAP_STRONG_AUTH_REQUIRED; } + /* FIXME: need to parse the reqdata to determine the backend + * of the DN the passwd_extop () will apply to; this, on turn, + * requires to duplicate the reqdata because slap_passwd_parse() + * apparently alters it! + * + * Maybe we can make a lightweight version of slap_passwd_parse() + * that extracts the DN with no impact on the reqdata value? + */ + ber_dupbv_x( &tmpbv, op->oq_extended.rs_reqdata, op->o_tmpmemctx ); + rs->sr_err = slap_passwd_parse( &tmpbv, &id, &old, &new, &rs->sr_text ); + if (rs->sr_err != LDAP_SUCCESS) { + ber_memfree_x( tmpbv.bv_val, op->o_tmpmemctx ); + return rs->sr_err; + } + ldap_pvt_thread_mutex_lock( &op->o_conn->c_mutex ); - op->o_bd = op->o_conn->c_authz_backend; + /* FIXME: we select the appropriate backend based on the DN + * in the reqdata + */ + if ( id.bv_len ) { + op->o_bd = select_backend( &id, 0, 0 ); + + } else { + op->o_bd = op->o_conn->c_authz_backend; + } ldap_pvt_thread_mutex_unlock( &op->o_conn->c_mutex ); + ber_memfree_x( tmpbv.bv_val, op->o_tmpmemctx ); if( op->o_bd && !op->o_bd->be_extended ) { rs->sr_text = "operation not supported for current user";