int passwd_extop( Connection *conn, Operation *op, const char *reqoid, struct berval *reqdata, char **rspoid, struct berval **rspdata, LDAPControl ***rspctrls, const char **text, BerVarray *refs ) { Backend *be; int rc; assert( reqoid != NULL ); assert( strcmp( LDAP_EXOP_MODIFY_PASSWD, reqoid ) == 0 ); if( op->o_dn.bv_len == 0 ) { *text = "only authenticated users may change passwords"; return LDAP_STRONG_AUTH_REQUIRED; } ldap_pvt_thread_mutex_lock( &conn->c_mutex ); be = conn->c_authz_backend; ldap_pvt_thread_mutex_unlock( &conn->c_mutex ); if( be && !be->be_extended ) { *text = "operation not supported for current user"; return LDAP_UNWILLING_TO_PERFORM; } { struct berval passwd = BER_BVC( LDAP_EXOP_MODIFY_PASSWD ); rc = backend_check_restrictions( be, conn, op, &passwd, text ); } if( rc != LDAP_SUCCESS ) { return rc; } if( be == NULL ) { #ifdef HAVE_CYRUS_SASL rc = slap_sasl_setpass( conn, op, reqoid, reqdata, rspoid, rspdata, rspctrls, text ); #else *text = "no authz backend"; rc = LDAP_OTHER; #endif #ifndef SLAPD_MULTIMASTER /* This does not apply to multi-master case */ } else if( be->be_update_ndn.bv_len ) { /* we SHOULD return a referral in this case */ *refs = referral_rewrite( be->be_update_refs, NULL, NULL, LDAP_SCOPE_DEFAULT ); rc = LDAP_REFERRAL; #endif /* !SLAPD_MULTIMASTER */ } else { rc = be->be_extended( be, conn, op, reqoid, reqdata, rspoid, rspdata, rspctrls, text, refs ); } return rc; }