From: Howard Chu Date: Thu, 6 Nov 2008 16:58:03 +0000 (+0000) Subject: ITS#5794 move prev fix X-Git-Tag: ACLCHECK_0~1147 X-Git-Url: https://git.sur5r.net/?a=commitdiff_plain;h=bda294f5c1c19b7aec7f586d253f582a5a492c50;p=openldap ITS#5794 move prev fix --- diff --git a/servers/slapd/passwd.c b/servers/slapd/passwd.c index 26a58a8782..f711871a6e 100644 --- a/servers/slapd/passwd.c +++ b/servers/slapd/passwd.c @@ -228,12 +228,8 @@ int passwd_extop( if ( rc == LDAP_SUCCESS && e ) { Attribute *a = attr_find( e->e_attrs, slap_schema.si_ad_userPassword ); - if ( a ) { - char oldNul = qpw->rs_old.bv_val[qpw->rs_old.bv_len]; - qpw->rs_old.bv_val[qpw->rs_old.bv_len] = 0; + if ( a ) rc = slap_passwd_check( op, e, a, &qpw->rs_old, &rs->sr_text ); - qpw->rs_old.bv_val[qpw->rs_old.bv_len] = oldNul; - } else rc = 1; be_entry_release_r( op, e ); @@ -507,6 +503,7 @@ slap_passwd_check( int result = 1; struct berval *bv; AccessControlState acl_state = ACL_STATE_INIT; + char credNul = cred->bv_val[cred->bv_len]; #ifdef SLAPD_SPASSWD void *old_authctx = NULL; @@ -515,6 +512,8 @@ slap_passwd_check( op->o_conn->c_sasl_authctx, 0, &old_authctx, NULL ); #endif + if ( credNul ) cred->bv_val[cred->bv_len] = 0; + for ( bv = a->a_vals; bv->bv_val != NULL; bv++ ) { /* if e is provided, check access */ if ( e && access_allowed( op, e, a->a_desc, bv, @@ -529,6 +528,8 @@ slap_passwd_check( } } + if ( credNul ) cred->bv_val[cred->bv_len] = credNul; + #ifdef SLAPD_SPASSWD ldap_pvt_thread_pool_setkey( op->o_threadctx, (void *)slap_sasl_bind, old_authctx, 0, NULL, NULL );