]> git.sur5r.net Git - openldap/commitdiff
projects / openldap / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 46a6131)
ITS#5146
authorQuanah Gibson-Mount <quanah@openldap.org>
Thu, 15 Nov 2007 01:22:54 +0000 (01:22 +0000)
committerQuanah Gibson-Mount <quanah@openldap.org>
Thu, 15 Nov 2007 01:22:54 +0000 (01:22 +0000)
CHANGES patch | blob | history
servers/slapd/overlays/ppolicy.c patch | blob | history

diff --git a/CHANGES b/CHANGES
index 4b5d03fa261af2ec23312c4681ef72b91bbfdd5b..8202dddd5caaeb9c6d14f16063d10346e0712608 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -5,6 +5,7 @@ OpenLDAP 2.4.7 Engineering
        Fixed slapd sasl-host parsing (ITS#5209)
        Fixed slapd filter normalization (ITS#5212)
        Fixed slapd multiple sufix checking (ITS#5186)
+       Fixed slapo-ppolicy single password check on modify (ITS#5146)
        Fixed slapo-syncprov refresh and persist cookie sending (ITS#5210)
        Fixed slapo-syncprov ignore invalid cookies (ITS#5211)
        Updated contrib addpartial module (ITS#3593)
diff --git a/servers/slapd/overlays/ppolicy.c b/servers/slapd/overlays/ppolicy.c
index e126598055cc1fd3e186c8091899474709639bce..cc401aefaaa6fb69d35db740911063e87a12dd14 100644 (file)
--- a/servers/slapd/overlays/ppolicy.c
+++ b/servers/slapd/overlays/ppolicy.c
@@ -1559,8 +1559,6 @@ ppolicy_modify( Operation *op, SlapReply *rs )
                        if ((ml->sml_op == LDAP_MOD_ADD) ||
                                (ml->sml_op == LDAP_MOD_REPLACE))
                        {
-                               addmod = ml;
-
                                /* FIXME: there's no easy way to ensure
                                 * that add does not cause multiple
                                 * userPassword values; one way (that 
@@ -1572,13 +1570,15 @@ ppolicy_modify( Operation *op, SlapReply *rs )
                                 * Let's check at least that a single value
                                 * is being added
                                 */
-                               assert( addmod->sml_values != NULL );
-                               assert( !BER_BVISNULL( &addmod->sml_values[ 0 ] ) );
-                               if ( !BER_BVISNULL( &addmod->sml_values[ 1 ] ) ) {
+                               assert( ml->sml_values != NULL );
+                               assert( !BER_BVISNULL( &ml->sml_values[ 0 ] ) );
+                               if ( addmod || !BER_BVISNULL( &ml->sml_values[ 1 ] ) ) {
                                        rs->sr_err = LDAP_CONSTRAINT_VIOLATION; 
                                        rs->sr_text = "Password policy only allows one password value";
                                        goto return_results;
                                }
+
+                               addmod = ml;
                        }
 
                } else if ( !is_at_operational( ml->sml_desc->ad_type ) ) {
Cloned from git://git.openldap.org/openldap.git