On 01/25/2010 03:01 PM, Rich Megginson wrote: > https://bugzilla.redhat.com/show_bug.cgi?id=554887 > > The problem appears to be this - passwd_extop.c line 173: > /* We copy the connection from the original pblock into the > * pblock we use for the internal modify operation. We do > * this to allow the password policy code to be able to tell > * that the password change was initiated by the user who > * sent the extended operation instead of always assuming > * that it was done by the root DN. */ > pb.pb_conn = pb_orig->pb_conn; > This makes the internal ops think this is a real connection, and > therefore it attempts to send back the result of the internal operation > as a real result back to the client: > send_ldap_result_ext() result.c line 357: > if ( conn == NULL ) { > if ( operation->o_result_handler != NULL ) { > operation->o_result_handler( conn, operation, err, > matched, text, nentries, urls ); > logit = 1; > } > goto log_and_return; > } > > I don't think the passwd_extop code should use the entire connection. > I'm thinking that perhaps just the authentication parts of the > connection for ACI purposes. Does anyone know exactly what parts of the > conn were needed to fulfill the requirements above? > See pw.c:635. It seems to be pb->pb_conn->c_dn. I'm not sure if anything else is needed from pb_conn. -NGK > -- > 389-devel mailing list > 389-devel@xxxxxxxxxxxxxxxxxxxxxxx > https://admin.fedoraproject.org/mailman/listinfo/389-devel > -- 389-devel mailing list 389-devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/389-devel
