[Fedora-directory-commits] ldapserver/ldap/servers/slapd connection.c, 1.23, 1.24 extendop.c, 1.10, 1.11 passwd_extop.c, 1.17, 1.18 slap.h, 1.43, 1.44

Nathan Kinder nkinder at fedoraproject.org
Thu Dec 11 23:05:25 UTC 2008 

Author: nkinder

Update of /cvs/dirsec/ldapserver/ldap/servers/slapd
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv22785/ldap/servers/slapd

Modified Files:
	connection.c extendop.c passwd_extop.c slap.h 
Log Message:
Resolves: 201332
Summary: Allow password modify extop when password reset is needed.



Index: connection.c
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/connection.c,v
retrieving revision 1.23
retrieving revision 1.24
diff -u -r1.23 -r1.24
--- connection.c	5 Dec 2008 22:41:52 -0000	1.23
+++ connection.c	11 Dec 2008 23:05:23 -0000	1.24
@@ -449,7 +449,7 @@
 
 	if ( conn->c_needpw && op->o_tag != LDAP_REQ_MODIFY &&
 		op->o_tag != LDAP_REQ_BIND && op->o_tag != LDAP_REQ_UNBIND && 
-		op->o_tag != LDAP_REQ_ABANDON )
+		op->o_tag != LDAP_REQ_ABANDON && op->o_tag != LDAP_REQ_EXTENDED)
 	{
 		slapi_add_pwd_control ( pb, LDAP_CONTROL_PWEXPIRED, 0);	
 		slapi_log_access( LDAP_DEBUG_STATS, "conn=%" NSPRIu64 " op=%d %s\n",


Index: extendop.c
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/extendop.c,v
retrieving revision 1.10
retrieving revision 1.11
diff -u -r1.10 -r1.11
--- extendop.c	5 Dec 2008 22:41:52 -0000	1.10
+++ extendop.c	11 Dec 2008 23:05:23 -0000	1.11
@@ -295,6 +295,22 @@
 		goto free_and_return;
 	}
 
+	/* If a password change is required, only allow the password
+	 * modify extended operation */
+	if (!pb->pb_conn->c_isreplication_session &&
+                pb->pb_conn->c_needpw && (strcmp(extoid, EXTOP_PASSWD_OID) != 0))
+	{
+		char *dn = NULL;
+		slapi_pblock_get(pb, SLAPI_CONN_DN, &dn);
+
+		(void)slapi_add_pwd_control ( pb, LDAP_CONTROL_PWEXPIRED, 0);
+		op_shared_log_error_access (pb, "EXT", dn ? dn : "", "need new password");
+		send_ldap_result( pb, LDAP_UNWILLING_TO_PERFORM, NULL, NULL, 0, NULL );
+
+		slapi_ch_free_string(&dn);
+		goto free_and_return;
+	}
+
 	slapi_pblock_set( pb, SLAPI_EXT_OP_REQ_OID, extoid );
 	slapi_pblock_set( pb, SLAPI_EXT_OP_REQ_VALUE, &extval );
 	rc = plugin_call_exop_plugins( pb, extoid );


Index: passwd_extop.c
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/passwd_extop.c,v
retrieving revision 1.17
retrieving revision 1.18
diff -u -r1.17 -r1.18
--- passwd_extop.c	27 Aug 2008 21:05:30 -0000	1.17
+++ passwd_extop.c	11 Dec 2008 23:05:23 -0000	1.18
@@ -82,9 +82,6 @@
 /* number of random bytes needed to generate password */
 #define LDAP_EXTOP_PASSMOD_RANDOM_BYTES	6
 
-/* OID of the extended operation handled by this plug-in */
-#define EXOP_PASSWD_OID	"1.3.6.1.4.1.4203.1.11.1"
-
 
 Slapi_PluginDesc passwdopdesc = { "passwd_modify_plugin", "Fedora", "0.1",
 	"Password Modify extended operation plugin" };
@@ -450,7 +447,7 @@
 
 	/* Before going any further, we'll make sure that the right extended operation plugin
 	 * has been called: i.e., the OID shipped whithin the extended operation request must 
-	 * match this very plugin's OID: EXOP_PASSWD_OID. */
+	 * match this very plugin's OID: EXTOP_PASSWD_OID. */
 	if ( slapi_pblock_get( pb, SLAPI_EXT_OP_REQ_OID, &oid ) != 0 ) {
 		errMesg = "Could not get OID value from request.\n";
 		rc = LDAP_OPERATIONS_ERROR;
@@ -462,7 +459,7 @@
 				 "Received extended operation request with OID %s\n", oid );
 	}
 	
-	if ( strcasecmp( oid, EXOP_PASSWD_OID ) != 0) {
+	if ( strcasecmp( oid, EXTOP_PASSWD_OID ) != 0) {
 	        errMesg = "Request OID does not match Passwd OID.\n";
 		rc = LDAP_OPERATIONS_ERROR;
 		goto free_and_return;
@@ -783,7 +780,7 @@
 
 
 static char *passwd_oid_list[] = {
-	EXOP_PASSWD_OID,
+	EXTOP_PASSWD_OID,
 	NULL
 };
 
@@ -812,9 +809,9 @@
 
 	/* Compare the OID specified in the configuration file against the Passwd OID. */
 
-	if ( argv == NULL || strcmp( argv[0], EXOP_PASSWD_OID ) != 0 ) {
+	if ( argv == NULL || strcmp( argv[0], EXTOP_PASSWD_OID ) != 0 ) {
 		slapi_log_error( SLAPI_LOG_PLUGIN, "passwd_modify_init", 
-				 "OID is missing or is not %s\n", EXOP_PASSWD_OID );
+				 "OID is missing or is not %s\n", EXTOP_PASSWD_OID );
 		return( -1 );
 	} else {
 		oid = slapi_ch_strdup( argv[0] );


Index: slap.h
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/slap.h,v
retrieving revision 1.43
retrieving revision 1.44
diff -u -r1.43 -r1.44
--- slap.h	5 Dec 2008 22:41:52 -0000	1.43
+++ slap.h	11 Dec 2008 23:05:23 -0000	1.44
@@ -540,6 +540,7 @@
 /* extended operations supported by the server */
 #define EXTOP_BULK_IMPORT_START_OID     "2.16.840.1.113730.3.5.7"
 #define EXTOP_BULK_IMPORT_DONE_OID      "2.16.840.1.113730.3.5.8"
+#define EXTOP_PASSWD_OID		"1.3.6.1.4.1.4203.1.11.1"
 
 /* 
  * Represents a Distinguished Name of an entry

More information about the Fedora-directory-commits mailing list