Author: nkinder
Update of /cvs/dirsec/ldapserver/ldap/servers/slapd In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv22785/ldap/servers/slapd
Modified Files: connection.c extendop.c passwd_extop.c slap.h Log Message: Resolves: 201332 Summary: Allow password modify extop when password reset is needed.
Index: connection.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/connection.c,v retrieving revision 1.23 retrieving revision 1.24 diff -u -r1.23 -r1.24 --- connection.c 5 Dec 2008 22:41:52 -0000 1.23 +++ connection.c 11 Dec 2008 23:05:23 -0000 1.24 @@ -449,7 +449,7 @@
if ( conn->c_needpw && op->o_tag != LDAP_REQ_MODIFY && op->o_tag != LDAP_REQ_BIND && op->o_tag != LDAP_REQ_UNBIND && - op->o_tag != LDAP_REQ_ABANDON ) + op->o_tag != LDAP_REQ_ABANDON && op->o_tag != LDAP_REQ_EXTENDED) { slapi_add_pwd_control ( pb, LDAP_CONTROL_PWEXPIRED, 0); slapi_log_access( LDAP_DEBUG_STATS, "conn=%" NSPRIu64 " op=%d %s\n",
Index: extendop.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/extendop.c,v retrieving revision 1.10 retrieving revision 1.11 diff -u -r1.10 -r1.11 --- extendop.c 5 Dec 2008 22:41:52 -0000 1.10 +++ extendop.c 11 Dec 2008 23:05:23 -0000 1.11 @@ -295,6 +295,22 @@ goto free_and_return; }
+ /* If a password change is required, only allow the password + * modify extended operation */ + if (!pb->pb_conn->c_isreplication_session && + pb->pb_conn->c_needpw && (strcmp(extoid, EXTOP_PASSWD_OID) != 0)) + { + char *dn = NULL; + slapi_pblock_get(pb, SLAPI_CONN_DN, &dn); + + (void)slapi_add_pwd_control ( pb, LDAP_CONTROL_PWEXPIRED, 0); + op_shared_log_error_access (pb, "EXT", dn ? dn : "", "need new password"); + send_ldap_result( pb, LDAP_UNWILLING_TO_PERFORM, NULL, NULL, 0, NULL ); + + slapi_ch_free_string(&dn); + goto free_and_return; + } + slapi_pblock_set( pb, SLAPI_EXT_OP_REQ_OID, extoid ); slapi_pblock_set( pb, SLAPI_EXT_OP_REQ_VALUE, &extval ); rc = plugin_call_exop_plugins( pb, extoid );
Index: passwd_extop.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/passwd_extop.c,v retrieving revision 1.17 retrieving revision 1.18 diff -u -r1.17 -r1.18 --- passwd_extop.c 27 Aug 2008 21:05:30 -0000 1.17 +++ passwd_extop.c 11 Dec 2008 23:05:23 -0000 1.18 @@ -82,9 +82,6 @@ /* number of random bytes needed to generate password */ #define LDAP_EXTOP_PASSMOD_RANDOM_BYTES 6
-/* OID of the extended operation handled by this plug-in */ -#define EXOP_PASSWD_OID "1.3.6.1.4.1.4203.1.11.1" -
Slapi_PluginDesc passwdopdesc = { "passwd_modify_plugin", "Fedora", "0.1", "Password Modify extended operation plugin" }; @@ -450,7 +447,7 @@
/* Before going any further, we'll make sure that the right extended operation plugin * has been called: i.e., the OID shipped whithin the extended operation request must - * match this very plugin's OID: EXOP_PASSWD_OID. */ + * match this very plugin's OID: EXTOP_PASSWD_OID. */ if ( slapi_pblock_get( pb, SLAPI_EXT_OP_REQ_OID, &oid ) != 0 ) { errMesg = "Could not get OID value from request.\n"; rc = LDAP_OPERATIONS_ERROR; @@ -462,7 +459,7 @@ "Received extended operation request with OID %s\n", oid ); } - if ( strcasecmp( oid, EXOP_PASSWD_OID ) != 0) { + if ( strcasecmp( oid, EXTOP_PASSWD_OID ) != 0) { errMesg = "Request OID does not match Passwd OID.\n"; rc = LDAP_OPERATIONS_ERROR; goto free_and_return; @@ -783,7 +780,7 @@
static char *passwd_oid_list[] = { - EXOP_PASSWD_OID, + EXTOP_PASSWD_OID, NULL };
@@ -812,9 +809,9 @@
/* Compare the OID specified in the configuration file against the Passwd OID. */
- if ( argv == NULL || strcmp( argv[0], EXOP_PASSWD_OID ) != 0 ) { + if ( argv == NULL || strcmp( argv[0], EXTOP_PASSWD_OID ) != 0 ) { slapi_log_error( SLAPI_LOG_PLUGIN, "passwd_modify_init", - "OID is missing or is not %s\n", EXOP_PASSWD_OID ); + "OID is missing or is not %s\n", EXTOP_PASSWD_OID ); return( -1 ); } else { oid = slapi_ch_strdup( argv[0] );
Index: slap.h =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/slap.h,v retrieving revision 1.43 retrieving revision 1.44 diff -u -r1.43 -r1.44 --- slap.h 5 Dec 2008 22:41:52 -0000 1.43 +++ slap.h 11 Dec 2008 23:05:23 -0000 1.44 @@ -540,6 +540,7 @@ /* extended operations supported by the server */ #define EXTOP_BULK_IMPORT_START_OID "2.16.840.1.113730.3.5.7" #define EXTOP_BULK_IMPORT_DONE_OID "2.16.840.1.113730.3.5.8" +#define EXTOP_PASSWD_OID "1.3.6.1.4.1.4203.1.11.1"
/* * Represents a Distinguished Name of an entry