Esempio n. 1
0
int passwd_extop(
    Connection *conn, Operation *op,
    const char *reqoid,
    struct berval *reqdata,
    char **rspoid,
    struct berval **rspdata,
    LDAPControl ***rspctrls,
    const char **text,
    BerVarray *refs )
{
    Backend *be;
    int rc;

    assert( reqoid != NULL );
    assert( strcmp( LDAP_EXOP_MODIFY_PASSWD, reqoid ) == 0 );

    if( op->o_dn.bv_len == 0 ) {
        *text = "only authenticated users may change passwords";
        return LDAP_STRONG_AUTH_REQUIRED;
    }

    ldap_pvt_thread_mutex_lock( &conn->c_mutex );
    be = conn->c_authz_backend;
    ldap_pvt_thread_mutex_unlock( &conn->c_mutex );

    if( be && !be->be_extended ) {
        *text = "operation not supported for current user";
        return LDAP_UNWILLING_TO_PERFORM;
    }

    {
        struct berval passwd = BER_BVC( LDAP_EXOP_MODIFY_PASSWD );
        rc = backend_check_restrictions( be, conn, op, &passwd, text );
    }

    if( rc != LDAP_SUCCESS ) {
        return rc;
    }

    if( be == NULL ) {
#ifdef HAVE_CYRUS_SASL
        rc = slap_sasl_setpass( conn, op,
                                reqoid, reqdata,
                                rspoid, rspdata, rspctrls,
                                text );
#else
        *text = "no authz backend";
        rc = LDAP_OTHER;
#endif

#ifndef SLAPD_MULTIMASTER
        /* This does not apply to multi-master case */
    } else if( be->be_update_ndn.bv_len ) {
        /* we SHOULD return a referral in this case */
        *refs = referral_rewrite( be->be_update_refs,
                                  NULL, NULL, LDAP_SCOPE_DEFAULT );
        rc = LDAP_REFERRAL;
#endif /* !SLAPD_MULTIMASTER */

    } else {
        rc = be->be_extended(
                 be, conn, op,
                 reqoid, reqdata,
                 rspoid, rspdata, rspctrls,
                 text, refs );
    }

    return rc;
}