Fix prev commit

[openldap] / servers / slapd / passwd.c

diff --git a/servers/slapd/passwd.c b/servers/slapd/passwd.c
index fde6514a417cd47ea8440ae61b81c48e7427e835..8b358c6d47562c5e8577eb3e45d413414e598a40 100644 (file)
--- a/servers/slapd/passwd.c
+++ b/servers/slapd/passwd.c
@@ -168,7 +168,7 @@ int passwd_extop(
        }
        ml->sml_values = ch_malloc( (nhash+1)*sizeof(struct berval) );
        for ( i=0; hashes[i]; i++ ) {
-               slap_passwd_hash( hashes[i], &qpw->rs_new, &hash, &rs->sr_text );
+               slap_passwd_hash_type( &qpw->rs_new, &hash, hashes[i], &rs->sr_text );
                if ( hash.bv_len == 0 ) {
                        if ( !rs->sr_text ) {
                                rs->sr_text = "password hash failed";
@@ -180,11 +180,27 @@ int passwd_extop(
        ml->sml_values[i].bv_val = NULL;
        ml->sml_nvalues = NULL;
        ml->sml_desc = slap_schema.si_ad_userPassword;
-       ml->sml_op = LDAP_MOD_REPLACE;
+       ml->sml_op = qpw->rs_old.bv_val ? LDAP_MOD_ADD : LDAP_MOD_REPLACE;
        ml->sml_next = qpw->rs_mods;
        qpw->rs_mods = ml;
-       if ( rsp ) {
-               free( qpw->rs_new.bv_val );
+       if ( qpw->rs_old.bv_val ) {
+               ml = ch_malloc( sizeof(Modifications) );
+               ml->sml_values = ch_malloc( (nhash+1)*sizeof(struct berval) );
+               for ( i=0; hashes[i]; i++ ) {
+                       slap_passwd_hash_type( &qpw->rs_old, &hash, hashes[i], &rs->sr_text );
+                       if ( hash.bv_len == 0 ) {
+                               if ( !rs->sr_text ) {
+                                       rs->sr_text = "password hash failed";
+                               }
+                               break;
+                       }
+                       ml->sml_values[i] = hash;
+               }
+               ml->sml_values[i].bv_val = NULL;
+               ml->sml_desc = slap_schema.si_ad_userPassword;
+               ml->sml_op = LDAP_MOD_DELETE;
+               ml->sml_next = qpw->rs_mods;
+               qpw->rs_mods = ml;
        }
        if ( hashes[i] ) {
                rs->sr_err = LDAP_OTHER;
@@ -194,6 +210,8 @@ int passwd_extop(
                op2.o_tag = LDAP_REQ_MODIFY;
                op2.o_callback = &cb2;
                op2.orm_modlist = qpw->rs_mods;
+               cb2.sc_private = qpw;   /* let Modify know this was pwdMod,
+                                        * if it cares... */
 
                rs->sr_err = slap_mods_opattrs( &op2, ml, qpw->rs_modtail, &rs->sr_text,
                        NULL, 0 );
@@ -208,6 +226,9 @@ int passwd_extop(
                }
        }
        slap_mods_free( qpw->rs_mods );
+       if ( rsp ) {
+               free( qpw->rs_new.bv_val );
+       }
 
        return rs->sr_err;
 }
@@ -452,15 +473,17 @@ slap_passwd_generate( struct berval *pass )
 }
 
 void
-slap_passwd_hash(
-       char *hash,
+slap_passwd_hash_type(
        struct berval * cred,
        struct berval * new,
+       char *hash,
        const char **text )
 {
        new->bv_len = 0;
        new->bv_val = NULL;
 
+       assert( hash );
+
 #if defined( SLAPD_CRYPT ) || defined( SLAPD_SPASSWD )
        ldap_pvt_thread_mutex_lock( &passwd_mutex );
 #endif
@@ -472,3 +495,19 @@ slap_passwd_hash(
 #endif
 
 }
+void
+slap_passwd_hash(
+       struct berval * cred,
+       struct berval * new,
+       const char **text )
+{
+       char *hash = NULL;
+       if ( default_passwd_hash ) {
+               hash = default_passwd_hash[0];
+       }
+       if ( !hash ) {
+               hash = (char *)defhash[0];
+       }
+
+       slap_passwd_hash_type( cred, new, hash, text );
+}