ITS#4049: oldPassword cannot be ignored, error for now

author Kurt Zeilenga <kurt@openldap.org>

Thu, 29 Sep 2005 08:00:33 +0000 (08:00 +0000)

committer Kurt Zeilenga <kurt@openldap.org>

Thu, 29 Sep 2005 08:00:33 +0000 (08:00 +0000)
author Kurt Zeilenga <kurt@openldap.org>
Thu, 29 Sep 2005 08:00:33 +0000 (08:00 +0000)
committer Kurt Zeilenga <kurt@openldap.org>
Thu, 29 Sep 2005 08:00:33 +0000 (08:00 +0000)
diff --git a/servers/slapd/passwd.c b/servers/slapd/passwd.c

index e803148d5d881d6f2e63bc93e4ebfc2e431936e6..f4ac394cd8f4587a3432a5e5664005ceb52bd169 100644 (file)
--- a/servers/slapd/passwd.c
+++ b/servers/slapd/passwd.c
@@ -73,8 +73,8 @@ int passwd_extop(
         qpw->rs_mods = NULL;
         qpw->rs_modtail = NULL;
  
-       rs->sr_err = slap_passwd_parse( op->ore_reqdata, &id, &qpw->rs_old,
-               &qpw->rs_new, &rs->sr_text );
+       rs->sr_err = slap_passwd_parse( op->ore_reqdata, &id,
+               &qpw->rs_old, &qpw->rs_new, &rs->sr_text );
  
         if ( rs->sr_err == LDAP_SUCCESS && !BER_BVISEMPTY( &id ) ) {
                 Statslog( LDAP_DEBUG_STATS, "%s PASSMOD id=\"%s\"%s%s\n",
@@ -200,6 +200,12 @@ int passwd_extop(
                 goto error_return;
         }
  
+       if ( qpw->rs_old.bv_val != NULL ) {
+               rs->sr_text = "unwilling to verify old password";
+               rc = LDAP_UNWILLING_TO_PERFORM;
+               goto error_return;
+       }
+
         ml = ch_malloc( sizeof(Modifications) );
         if ( !qpw->rs_modtail ) qpw->rs_modtail = &ml->sml_next;
  
diff --git a/tests/scripts/test010-passwd b/tests/scripts/test010-passwd

index 636d0cece464fa8ec3587c02e514a5f44e35689b..8de9baaaf80bf575b6f25ff3284ea113ce92becc 100755 (executable)
--- a/tests/scripts/test010-passwd
+++ b/tests/scripts/test010-passwd
@@ -60,6 +60,36 @@ $LDAPSEARCH -h $LOCALHOST -p $PORT1 \
         -b "$BASEDN" \
         'objectclass=*' >> $SEARCHOUT 2>&1
  
+echo "Using ldappasswd to test a few error conditions ..."
+echo "Pass 0" >> $TESTOUT
+$LDAPPASSWD -h $LOCALHOST -p $PORT1 \
+       -w secret -a "" -s newsecret \
+       -D "cn=md5, $BASEDN" >> $TESTOUT 2>&1
+RC=$?
+if test $RC = 0 ; then
+       echo "ldappasswd unexpectantly passed ($RC)! old empty"
+       test $KILLSERVERS != no && kill -HUP $KILLPIDS
+       exit $RC
+fi
+$LDAPPASSWD -h $LOCALHOST -p $PORT1 \
+       -w secret -a oldsecret -s "" \
+       -D "cn=md5, $BASEDN" >> $TESTOUT 2>&1
+RC=$?
+if test $RC = 0 ; then
+       echo "ldappasswd unexpectantly passed ($RC)! new empty"
+       test $KILLSERVERS != no && kill -HUP $KILLPIDS
+       exit $RC
+fi
+$LDAPPASSWD -h $LOCALHOST -p $PORT1 \
+       -w secret -a oldsecret -s newsecret \
+       -D "cn=md5, $BASEDN" >> $TESTOUT 2>&1
+RC=$?
+if test $RC = 0 ; then
+       echo "ldappasswd unexpectantly passed ($RC)! wrong old"
+       test $KILLSERVERS != no && kill -HUP $KILLPIDS
+       exit $RC
+fi
+
  echo "Using ldappasswd (PASS 1)  ..."
  echo "Pass 1" >> $TESTOUT
  $LDAPPASSWD -h $LOCALHOST -p $PORT1 \
author	Kurt Zeilenga <kurt@openldap.org>
	Thu, 29 Sep 2005 08:00:33 +0000 (08:00 +0000)
committer	Kurt Zeilenga <kurt@openldap.org>
	Thu, 29 Sep 2005 08:00:33 +0000 (08:00 +0000)
servers/slapd/passwd.c		patch \| blob \| history
tests/scripts/test010-passwd		patch \| blob \| history