From: Howard Chu Date: Mon, 5 Jun 2006 20:13:40 +0000 (+0000) Subject: Fix ITS#4576 reset restrict after successful pw mod X-Git-Tag: OPENLDAP_REL_ENG_2_4_3ALPHA~9^2~181 X-Git-Url: https://git.sur5r.net/?a=commitdiff_plain;h=e1b17653d679b81fa3265a28f5e317f52c5302c9;p=openldap Fix ITS#4576 reset restrict after successful pw mod --- diff --git a/servers/slapd/overlays/ppolicy.c b/servers/slapd/overlays/ppolicy.c index aa343a1946..d7df8105a1 100644 --- a/servers/slapd/overlays/ppolicy.c +++ b/servers/slapd/overlays/ppolicy.c @@ -1276,6 +1276,19 @@ ppolicy_add( return SLAP_CB_CONTINUE; } +static int +ppolicy_mod_cb( Operation *op, SlapReply *rs ) +{ + slap_callback *sc = op->o_callback; + op->o_callback = sc->sc_next; + if ( rs->sr_err == LDAP_SUCCESS ) { + ch_free( pwcons[op->o_conn->c_conn_idx].dn.bv_val ); + BER_BVZERO( &pwcons[op->o_conn->c_conn_idx].dn ); + } + op->o_tmpfree( sc, op->o_tmpmemctx ); + return SLAP_CB_CONTINUE; +} + static int ppolicy_modify( Operation *op, SlapReply *rs ) { @@ -1673,7 +1686,22 @@ do_modify: struct berval timestamp; char timebuf[ LDAP_LUTIL_GENTIME_BUFSIZE ]; time_t now = slap_get_time(); - + + /* If the conn is restricted, set a callback to clear it + * if the pwmod succeeds + */ + if (!BER_BVISEMPTY( &pwcons[op->o_conn->c_conn_idx].dn )) { + slap_callback *sc = op->o_tmpcalloc( 1, sizeof( slap_callback ), + op->o_tmpmemctx ); + sc->sc_next = op->o_callback; + /* Must use sc_response to insure we reset on success, before + * the client sees the response. Must use sc_cleanup to insure + * that it gets cleaned up if sc_response is not called. + */ + sc->sc_response = ppolicy_mod_cb; + sc->sc_cleanup = ppolicy_mod_cb; + } + /* * keep the necessary pwd.. operational attributes * up to date.