diff options
| author | David Boreham <dboreham@redhat.com> | 2005-01-28 20:21:18 +0000 |
|---|---|---|
| committer | David Boreham <dboreham@redhat.com> | 2005-01-28 20:21:18 +0000 |
| commit | e781114533aeef9b871d9eb45af6885165b2dd4d (patch) | |
| tree | 0cffca78ad91a955f854375cd23d7235194554dd | |
| parent | 40d1844a21406444a010994e4745027e3fd92133 (diff) | |
| download | ds-e781114533aeef9b871d9eb45af6885165b2dd4d.tar.gz ds-e781114533aeef9b871d9eb45af6885165b2dd4d.tar.xz ds-e781114533aeef9b871d9eb45af6885165b2dd4d.zip | |
Add support for password change extended operation.
| -rw-r--r-- | ldap/servers/slapd/pw.c | 41 |
1 files changed, 35 insertions, 6 deletions
diff --git a/ldap/servers/slapd/pw.c b/ldap/servers/slapd/pw.c index ab026de7..c1323cfb 100644 --- a/ldap/servers/slapd/pw.c +++ b/ldap/servers/slapd/pw.c @@ -35,6 +35,35 @@ static int pw_boolean_str2value (const char *str); /* static LDAPMod* pw_malloc_mod (char* name, char* value, int mod_op); */ +/* + * We want to be able to return errors to internal operations (which + * can come from the password change extended operation). So we have + * a special result function that does the right thing for an internal op. + */ + +static void +pw_send_ldap_result( + Slapi_PBlock *pb, + int err, + char *matched, + char *text, + int nentries, + struct berval **urls +) +{ + int internal_op = 0; + Slapi_Operation *operation = NULL; + + slapi_pblock_get (pb, SLAPI_OPERATION, &operation); + internal_op= operation_is_flag_set(operation, OP_FLAG_INTERNAL); + + if (internal_op) { + slapi_pblock_set(pb, SLAPI_PLUGIN_INTOP_RESULT, &err); + } else { + send_ldap_result(pb, err, matched, text, nentries, urls); + } +} + /* * Like slapi_value_find, except for passwords. * returns 0 if password "v" is found in "vals"; non-zero otherwise @@ -634,7 +663,7 @@ check_pw_minage ( Slapi_PBlock *pb, const Slapi_DN *sdn, struct berval **vals) pwpolicy_make_response_control ( pb, -1, -1, LDAP_PWPOLICY_PWDTOOYOUNG ); } - send_ldap_result ( pb, + pw_send_ldap_result ( pb, LDAP_CONSTRAINT_VIOLATION, NULL, "within password minimum age", 0, NULL ); slapi_entry_free( e ); @@ -673,7 +702,7 @@ check_pw_syntax ( Slapi_PBlock *pb, const Slapi_DN *sdn, Slapi_Value **vals, pwpolicy_make_response_control ( pb, -1, -1, LDAP_PWPOLICY_PWDTOOSHORT ); } - send_ldap_result ( pb, + pw_send_ldap_result ( pb, LDAP_CONSTRAINT_VIOLATION, NULL, "invalid password syntax", 0, NULL ); delete_passwdPolicy(&pwpolicy); @@ -703,7 +732,7 @@ check_pw_syntax ( Slapi_PBlock *pb, const Slapi_DN *sdn, Slapi_Value **vals, pwpolicy_make_response_control ( pb, -1, -1, LDAP_PWPOLICY_PWDINHISTORY ); } - send_ldap_result ( pb, + pw_send_ldap_result ( pb, LDAP_CONSTRAINT_VIOLATION, NULL, "password in history", 0, NULL ); slapi_entry_free( e ); @@ -721,7 +750,7 @@ check_pw_syntax ( Slapi_PBlock *pb, const Slapi_DN *sdn, Slapi_Value **vals, { if (slapi_attr_value_find(attr, (struct berval *)slapi_value_get_berval(vals[0])) == 0 ) { - send_ldap_result ( pb, + pw_send_ldap_result ( pb, LDAP_CONSTRAINT_VIOLATION ,NULL, "password in history", 0, NULL); slapi_entry_free( e ); @@ -732,7 +761,7 @@ check_pw_syntax ( Slapi_PBlock *pb, const Slapi_DN *sdn, Slapi_Value **vals, { if ( slapi_pw_find_sv ( va, vals[0] ) == 0 ) { - send_ldap_result ( pb, + pw_send_ldap_result ( pb, LDAP_CONSTRAINT_VIOLATION ,NULL, "password in history", 0, NULL); slapi_entry_free( e ); @@ -1082,7 +1111,7 @@ check_trivial_words (Slapi_PBlock *pb, Slapi_Entry *e, Slapi_Value **vals, char pwpolicy_make_response_control ( pb, -1, -1, LDAP_PWPOLICY_INVALIDPWDSYNTAX ); } - send_ldap_result ( pb, + pw_send_ldap_result ( pb, LDAP_CONSTRAINT_VIOLATION, NULL, "Password failed triviality check." " Please choose a different password.", |