Fix void* pointer arithmetic from ber_bvchr()

[openldap] / servers / slapd / overlays / ppolicy.c

diff --git a/servers/slapd/overlays/ppolicy.c b/servers/slapd/overlays/ppolicy.c
index 0d87840a166290f1b081f1b0f791b3d658088c9b..93d93c4c584d495315554a913a98d38bcebd7c7f 100644 (file)
--- a/servers/slapd/overlays/ppolicy.c
+++ b/servers/slapd/overlays/ppolicy.c
@@ -1155,10 +1155,11 @@ ppolicy_modify( Operation *op, SlapReply *rs )
 {
        slap_overinst           *on = (slap_overinst *)op->o_bd->bd_info;
        pp_info                 *pi = on->on_bi.bi_private;
-       int                     i, rc, mod_pw_only, pwmod, pwmop, deladd,
+       int                     i, rc, mod_pw_only, pwmod, pwmop = -1, deladd,
                                hsize = 0;
        PassPolicy              pp;
-       Modifications           *mods = NULL, *modtail, *ml, *delmod, *addmod;
+       Modifications           *mods = NULL, *modtail = NULL,
+                               *ml, *delmod, *addmod;
        Attribute               *pa, *ha, at;
        const char              *txt;
        pw_hist                 *tl = NULL, *p;
@@ -1179,14 +1180,14 @@ ppolicy_modify( Operation *op, SlapReply *rs )
         */
        if ( be_shadow_update( op )) {
                Modifications **prev;
-               int got_del_grace = 0, got_del_lock = 0, got_pw = 0;
-               Attribute *a_grace, *a_lock;
+               int got_del_grace = 0, got_del_lock = 0, got_pw = 0, got_del_fail = 0;
+               Attribute *a_grace, *a_lock, *a_fail;
 
                a_grace = attr_find( e->e_attrs, ad_pwdGraceUseTime );
                a_lock = attr_find( e->e_attrs, ad_pwdAccountLockedTime );
+               a_fail = attr_find( e->e_attrs, ad_pwdFailureTime );
 
-               for( prev = &op->oq_modify.rs_modlist, ml = *prev; ml;
-                       prev = &ml->sml_next, ml = *prev ) {
+               for( prev = &op->oq_modify.rs_modlist, ml = *prev; ml; ml = *prev ) {
 
                        if ( ml->sml_desc == slap_schema.si_ad_userPassword )
                                got_pw = 1;
@@ -1206,17 +1207,24 @@ ppolicy_modify( Operation *op, SlapReply *rs )
                                        got_del_lock = 1;
                                        if ( !a_lock )
                                                drop = 1;
+                               } else
+                               if ( ml->sml_desc == ad_pwdFailureTime ) {
+                                       got_del_fail = 1;
+                                       if ( !a_fail )
+                                               drop = 1;
                                }
                                if ( drop ) {
                                        *prev = ml->sml_next;
                                        ml->sml_next = NULL;
                                        slap_mods_free( ml, 1 );
+                                       continue;
                                }
                        }
+                       prev = &ml->sml_next;
                }
 
-               /* If we're resetting the password, make sure grace and accountlock
-                * also get removed.
+               /* If we're resetting the password, make sure grace, accountlock,
+                * and failure also get removed.
                 */
                if ( got_pw ) {
                        if ( a_grace && !got_del_grace ) {
@@ -1242,6 +1250,17 @@ ppolicy_modify( Operation *op, SlapReply *rs )
                                ml->sml_next = NULL;
                                *prev = ml;
                        }
+                       if ( a_fail && !got_del_fail ) {
+                               ml = (Modifications *) ch_malloc( sizeof( Modifications ) );
+                               ml->sml_op = LDAP_MOD_DELETE;
+                               ml->sml_flags = SLAP_MOD_INTERNAL;
+                               ml->sml_type.bv_val = NULL;
+                               ml->sml_desc = ad_pwdFailureTime;
+                               ml->sml_values = NULL;
+                               ml->sml_nvalues = NULL;
+                               ml->sml_next = NULL;
+                               *prev = ml;
+                       }
                }
                op->o_bd->bd_info = (BackendInfo *)on->on_info;
                be_entry_release_r( op, e );
@@ -1272,12 +1291,13 @@ ppolicy_modify( Operation *op, SlapReply *rs )
 
        ppolicy_get( op, e, &pp );
 
-       for(ml = op->oq_modify.rs_modlist,
+       for ( ml = op->oq_modify.rs_modlist,
                        pwmod = 0, mod_pw_only = 1,
                        deladd = 0, delmod = NULL,
                        addmod = NULL,
                        zapReset = 1;
-               ml != NULL; modtail = ml, ml = ml->sml_next ) {
+               ml != NULL; modtail = ml, ml = ml->sml_next )
+       {
                if ( ml->sml_desc == pp.ad ) {
                        pwmod = 1;
                        pwmop = ml->sml_op;
@@ -1577,6 +1597,19 @@ do_modify:
                        modtail = mods;
                }
 
+               if (attr_find(e->e_attrs, ad_pwdFailureTime )) {
+                       mods = (Modifications *) ch_malloc( sizeof( Modifications ) );
+                       mods->sml_op = LDAP_MOD_DELETE;
+                       mods->sml_flags = SLAP_MOD_INTERNAL;
+                       mods->sml_type.bv_val = NULL;
+                       mods->sml_desc = ad_pwdFailureTime;
+                       mods->sml_values = NULL;
+                       mods->sml_nvalues = NULL;
+                       mods->sml_next = NULL;
+                       modtail->sml_next = mods;
+                       modtail = mods;
+               }
+
                /* Delete the pwdReset attribute, since it's being reset */
                if ((zapReset) && (attr_find(e->e_attrs, ad_pwdReset ))) {
                        mods = (Modifications *) ch_malloc( sizeof( Modifications ) );