|
@@ -343,20 +343,21 @@ pw_encodevals_ext( Slapi_PBlock *pb, const Slapi_DN *sdn, Slapi_Value **vals )
|
|
|
passwdPolicy *pwpolicy=NULL;
|
|
passwdPolicy *pwpolicy=NULL;
|
|
|
char *(*pws_enc) ( char *pwd ) = NULL;
|
|
char *(*pws_enc) ( char *pwd ) = NULL;
|
|
|
|
|
|
|
|
- if ( vals == NULL ) {
|
|
|
|
|
|
|
+ if ( (NULL == pb) || (NULL == vals) ) {
|
|
|
return( 0 );
|
|
return( 0 );
|
|
|
}
|
|
}
|
|
|
|
|
|
|
|
/* new_passwdPolicy gives us a local policy if sdn and pb are set and
|
|
/* new_passwdPolicy gives us a local policy if sdn and pb are set and
|
|
|
can be used to find a local policy, else we get the global policy */
|
|
can be used to find a local policy, else we get the global policy */
|
|
|
- pwpolicy = new_passwdPolicy(pb, sdn ? (char*)slapi_sdn_get_ndn(sdn) : NULL );
|
|
|
|
|
|
|
+ pwpolicy = new_passwdPolicy(pb, sdn ? (char*)slapi_sdn_get_ndn(sdn) : NULL);
|
|
|
|
|
+ if (pwpolicy) {
|
|
|
|
|
+ if (pwpolicy->pw_storagescheme) {
|
|
|
|
|
+ pws_enc = pwpolicy->pw_storagescheme->pws_enc;
|
|
|
|
|
+ }
|
|
|
|
|
|
|
|
- if (pwpolicy->pw_storagescheme) {
|
|
|
|
|
- pws_enc = pwpolicy->pw_storagescheme->pws_enc;
|
|
|
|
|
|
|
+ delete_passwdPolicy(&pwpolicy);
|
|
|
}
|
|
}
|
|
|
|
|
|
|
|
- delete_passwdPolicy(&pwpolicy);
|
|
|
|
|
-
|
|
|
|
|
/* Password scheme encryption function was not found */
|
|
/* Password scheme encryption function was not found */
|
|
|
if ( pws_enc == NULL ) {
|
|
if ( pws_enc == NULL ) {
|
|
|
return( 0 );
|
|
return( 0 );
|
|
@@ -1527,19 +1528,23 @@ new_passwdPolicy(Slapi_PBlock *pb, const char *dn)
|
|
|
char ebuf[ BUFSIZ ];
|
|
char ebuf[ BUFSIZ ];
|
|
|
int optype = -1;
|
|
int optype = -1;
|
|
|
|
|
|
|
|
|
|
+ /* RFE - is there a way to make this work for non-existent entries
|
|
|
|
|
+ * when we don't pass in pb? We'll need to do this if we add support
|
|
|
|
|
+ * for password policy plug-ins. */
|
|
|
|
|
+ if (NULL == pb) {
|
|
|
|
|
+ LDAPDebug0Args(LDAP_DEBUG_ANY,
|
|
|
|
|
+ "new_passwdPolicy: NULL pblock was passed.\n");
|
|
|
|
|
+ return NULL;
|
|
|
|
|
+ }
|
|
|
slapdFrontendConfig = getFrontendConfig();
|
|
slapdFrontendConfig = getFrontendConfig();
|
|
|
pwdpolicy = (passwdPolicy *)slapi_ch_calloc(1, sizeof(passwdPolicy));
|
|
pwdpolicy = (passwdPolicy *)slapi_ch_calloc(1, sizeof(passwdPolicy));
|
|
|
|
|
|
|
|
- if (pb) {
|
|
|
|
|
- slapi_pblock_get( pb, SLAPI_OPERATION_TYPE, &optype );
|
|
|
|
|
- }
|
|
|
|
|
|
|
+ slapi_pblock_get( pb, SLAPI_OPERATION_TYPE, &optype );
|
|
|
|
|
|
|
|
if (dn && (slapdFrontendConfig->pwpolicy_local == 1)) {
|
|
if (dn && (slapdFrontendConfig->pwpolicy_local == 1)) {
|
|
|
/* If we're doing an add, COS does not apply yet so we check
|
|
/* If we're doing an add, COS does not apply yet so we check
|
|
|
parents for the pwdpolicysubentry. We look only for virtual
|
|
parents for the pwdpolicysubentry. We look only for virtual
|
|
|
attributes, because real ones are for single-target policy. */
|
|
attributes, because real ones are for single-target policy. */
|
|
|
- /* NGK - is there a way to make this work for non-existent entries when we don't pass in pb? We'll
|
|
|
|
|
- * need to do this if we add support for password policy plug-ins. */
|
|
|
|
|
if (optype == SLAPI_OPERATION_ADD) {
|
|
if (optype == SLAPI_OPERATION_ADD) {
|
|
|
char *parentdn = slapi_ch_strdup(dn);
|
|
char *parentdn = slapi_ch_strdup(dn);
|
|
|
char *nextdn = NULL;
|
|
char *nextdn = NULL;
|
Noriko Hosoi