From: Howard Chu <hyc@openldap.org>
Date: Mon, 15 Mar 2004 19:52:17 +0000 (+0000)
Subject: Delete old password if provided
X-Git-Tag: OPENLDAP_REL_ENG_2_2_BP~294
X-Git-Url: https://git.sur5r.net/?a=commitdiff_plain;h=0c9b308781b9f2bbc5ee29d3a94351a7c390272e;p=openldap

Delete old password if provided
---

diff --git a/servers/slapd/passwd.c b/servers/slapd/passwd.c
index fde6514a41..5b9fcf61b7 100644
--- a/servers/slapd/passwd.c
+++ b/servers/slapd/passwd.c
@@ -180,11 +180,27 @@ int passwd_extop(
 	ml->sml_values[i].bv_val = NULL;
 	ml->sml_nvalues = NULL;
 	ml->sml_desc = slap_schema.si_ad_userPassword;
-	ml->sml_op = LDAP_MOD_REPLACE;
+	ml->sml_op = qpw->rs_old.bv_val ? LDAP_MOD_ADD : LDAP_MOD_REPLACE;
 	ml->sml_next = qpw->rs_mods;
 	qpw->rs_mods = ml;
-	if ( rsp ) {
-		free( qpw->rs_new.bv_val );
+	if ( qpw->rs_old.bv_val ) {
+		ml = ch_malloc( sizeof(Modifications) );
+		ml->sml_values = ch_malloc( (nhash+1)*sizeof(struct berval) );
+		for ( i=0; hashes[i]; i++ ) {
+			slap_passwd_hash( hashes[i], &qpw->rs_old, &hash, &rs->sr_text );
+			if ( hash.bv_len == 0 ) {
+				if ( !rs->sr_text ) {
+					rs->sr_text = "password hash failed";
+				}
+				break;
+			}
+			ml->sml_values[i] = hash;
+		}
+		ml->sml_values[i].bv_val = NULL;
+		ml->sml_desc = slap_schema.si_ad_userPassword;
+		ml->sml_op = LDAP_MOD_DELETE;
+		ml->sml_next = qpw->rs_mods;
+		qpw->rs_mods = ml;
 	}
 	if ( hashes[i] ) {
 		rs->sr_err = LDAP_OTHER;
@@ -194,6 +210,8 @@ int passwd_extop(
 		op2.o_tag = LDAP_REQ_MODIFY;
 		op2.o_callback = &cb2;
 		op2.orm_modlist = qpw->rs_mods;
+		cb2.sc_private = qpw;	/* let Modify know this was pwdMod,
+					 * if it cares... */
 
 		rs->sr_err = slap_mods_opattrs( &op2, ml, qpw->rs_modtail, &rs->sr_text,
 			NULL, 0 );
@@ -208,6 +226,9 @@ int passwd_extop(
 		}
 	}
 	slap_mods_free( qpw->rs_mods );
+	if ( rsp ) {
+		free( qpw->rs_new.bv_val );
+	}
 
 	return rs->sr_err;
 }
@@ -461,6 +482,15 @@ slap_passwd_hash(
 	new->bv_len = 0;
 	new->bv_val = NULL;
 
+	if ( !hash ) {
+		if ( default_passwd_hash ) {
+			hash = default_passwd_hash[0];
+		}
+		if ( !hash ) {
+			hash = (char *)defhash[0];
+		}
+	}
+
 #if defined( SLAPD_CRYPT ) || defined( SLAPD_SPASSWD )
 	ldap_pvt_thread_mutex_lock( &passwd_mutex );
 #endif