[389-devel] q about bug 554887 - Net::LDAP password modify extop breaks; msgid in response is 0xFF
Nathan Kinder
nkinder at redhat.com
Mon Jan 25 23:21:07 UTC 2010
On 01/25/2010 03:01 PM, Rich Megginson wrote:
> https://bugzilla.redhat.com/show_bug.cgi?id=554887
>
> The problem appears to be this - passwd_extop.c line 173:
> /* We copy the connection from the original pblock into the
> * pblock we use for the internal modify operation. We do
> * this to allow the password policy code to be able to tell
> * that the password change was initiated by the user who
> * sent the extended operation instead of always assuming
> * that it was done by the root DN. */
> pb.pb_conn = pb_orig->pb_conn;
> This makes the internal ops think this is a real connection, and
> therefore it attempts to send back the result of the internal operation
> as a real result back to the client:
> send_ldap_result_ext() result.c line 357:
> if ( conn == NULL ) {
> if ( operation->o_result_handler != NULL ) {
> operation->o_result_handler( conn, operation, err,
> matched, text, nentries, urls );
> logit = 1;
> }
> goto log_and_return;
> }
>
> I don't think the passwd_extop code should use the entire connection.
> I'm thinking that perhaps just the authentication parts of the
> connection for ACI purposes. Does anyone know exactly what parts of the
> conn were needed to fulfill the requirements above?
>
See pw.c:635. It seems to be pb->pb_conn->c_dn. I'm not sure if
anything else is needed from pb_conn.
-NGK
> --
> 389-devel mailing list
> 389-devel at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/389-devel
>
More information about the 389-devel
mailing list