From: Kurt Zeilenga Date: Thu, 29 Sep 2005 08:00:33 +0000 (+0000) Subject: ITS#4049: oldPassword cannot be ignored, error for now X-Git-Tag: OPENLDAP_REL_ENG_2_2_MP~358 X-Git-Url: https://git.sur5r.net/?a=commitdiff_plain;h=68ae7408dcb525fbcc99aae649d2d099676934ed;p=openldap ITS#4049: oldPassword cannot be ignored, error for now Add tests to confirm proper behavior --- diff --git a/servers/slapd/passwd.c b/servers/slapd/passwd.c index e803148d5d..f4ac394cd8 100644 --- a/servers/slapd/passwd.c +++ b/servers/slapd/passwd.c @@ -73,8 +73,8 @@ int passwd_extop( qpw->rs_mods = NULL; qpw->rs_modtail = NULL; - rs->sr_err = slap_passwd_parse( op->ore_reqdata, &id, &qpw->rs_old, - &qpw->rs_new, &rs->sr_text ); + rs->sr_err = slap_passwd_parse( op->ore_reqdata, &id, + &qpw->rs_old, &qpw->rs_new, &rs->sr_text ); if ( rs->sr_err == LDAP_SUCCESS && !BER_BVISEMPTY( &id ) ) { Statslog( LDAP_DEBUG_STATS, "%s PASSMOD id=\"%s\"%s%s\n", @@ -200,6 +200,12 @@ int passwd_extop( goto error_return; } + if ( qpw->rs_old.bv_val != NULL ) { + rs->sr_text = "unwilling to verify old password"; + rc = LDAP_UNWILLING_TO_PERFORM; + goto error_return; + } + ml = ch_malloc( sizeof(Modifications) ); if ( !qpw->rs_modtail ) qpw->rs_modtail = &ml->sml_next; diff --git a/tests/scripts/test010-passwd b/tests/scripts/test010-passwd index 636d0cece4..8de9baaaf8 100755 --- a/tests/scripts/test010-passwd +++ b/tests/scripts/test010-passwd @@ -60,6 +60,36 @@ $LDAPSEARCH -h $LOCALHOST -p $PORT1 \ -b "$BASEDN" \ 'objectclass=*' >> $SEARCHOUT 2>&1 +echo "Using ldappasswd to test a few error conditions ..." +echo "Pass 0" >> $TESTOUT +$LDAPPASSWD -h $LOCALHOST -p $PORT1 \ + -w secret -a "" -s newsecret \ + -D "cn=md5, $BASEDN" >> $TESTOUT 2>&1 +RC=$? +if test $RC = 0 ; then + echo "ldappasswd unexpectantly passed ($RC)! old empty" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi +$LDAPPASSWD -h $LOCALHOST -p $PORT1 \ + -w secret -a oldsecret -s "" \ + -D "cn=md5, $BASEDN" >> $TESTOUT 2>&1 +RC=$? +if test $RC = 0 ; then + echo "ldappasswd unexpectantly passed ($RC)! new empty" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi +$LDAPPASSWD -h $LOCALHOST -p $PORT1 \ + -w secret -a oldsecret -s newsecret \ + -D "cn=md5, $BASEDN" >> $TESTOUT 2>&1 +RC=$? +if test $RC = 0 ; then + echo "ldappasswd unexpectantly passed ($RC)! wrong old" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + echo "Using ldappasswd (PASS 1) ..." echo "Pass 1" >> $TESTOUT $LDAPPASSWD -h $LOCALHOST -p $PORT1 \