Index: nslcd/myldap.c =================================================================== --- nslcd/myldap.c (revision 1064) +++ nslcd/myldap.c (working copy) @@ -1602,32 +1602,45 @@ int rc; struct berval ber_userdn, ber_oldpassword, ber_newpassword, ber_retpassword; /* check parameters */ - if (!is_valid_session(session)||(userdn==NULL)||(oldpassword==NULL)||(newpasswd==NULL)) + if (!is_valid_session(session)||(userdn==NULL)||(newpasswd==NULL)) { - log_log(LOG_ERR,"myldap_exop_passwd(): invalid parameter passed"); + log_log(LOG_ERR,"myldap_passwd(): invalid parameter passed"); errno=EINVAL; return LDAP_OTHER; } /* log the call */ - log_log(LOG_DEBUG,"myldap_exop_passwd(userdn=\"%s\")",userdn); + log_log(LOG_DEBUG,"myldap_passwd(userdn=\"%s\",oldpasswd=%s,newpasswd=\"***\")", + userdn,oldpassword?"\"***\"":"NULL"); /* translate to ber stuff */ - ber_userdn.bv_val=userdn; + ber_userdn.bv_val=(char *)userdn; ber_userdn.bv_len=strlen(userdn); - ber_oldpassword.bv_val=oldpassword; - ber_oldpassword.bv_len=strlen(oldpassword); - ber_newpassword.bv_val=newpasswd; + ber_newpassword.bv_val=(char *)newpasswd; ber_newpassword.bv_len=strlen(newpasswd); ber_retpassword.bv_val=NULL; ber_retpassword.bv_len=0; /* perform request */ - rc=ldap_passwd_s(session->ld,&ber_userdn,&ber_oldpassword,&ber_newpassword, - &ber_retpassword,NULL,NULL); + log_log(LOG_DEBUG,"myldap_passwd(): try ldap_passwd_s() without old password"); + rc=ldap_passwd_s(session->ld,&ber_userdn,NULL, + &ber_newpassword,&ber_retpassword,NULL,NULL); if (rc!=LDAP_SUCCESS) - log_log(LOG_ERR,"ldap_passwd_s() failed: %s",ldap_err2string(rc)); - - - /* FIXME: free ber_retpassword data if bv_val!=NULL */ - + log_log(LOG_ERR,"ldap_passwd_s() without old password failed: %s",ldap_err2string(rc)); + /* free returned data if needed */ + if (ber_retpassword.bv_val!=NULL) + ldap_memfree(ber_retpassword.bv_val); + if ((rc!=LDAP_SUCCESS)&&(oldpassword!=NULL)) + { + /* retry with old password */ + log_log(LOG_DEBUG,"myldap_passwd(): try ldap_passwd_s() with old password"); + ber_oldpassword.bv_val=(char *)oldpassword; + ber_oldpassword.bv_len=strlen(oldpassword); + /* perform request */ + rc=ldap_passwd_s(session->ld,&ber_userdn,&ber_oldpassword, + &ber_newpassword,&ber_retpassword,NULL,NULL); + if (rc!=LDAP_SUCCESS) + log_log(LOG_ERR,"ldap_passwd_s() with old password failed: %s",ldap_err2string(rc)); + /* free returned data if needed */ + if (ber_retpassword.bv_val!=NULL) + ldap_memfree(ber_retpassword.bv_val); + } return rc; - }