From: Howard Chu Date: Wed, 16 Nov 2005 18:51:56 +0000 (+0000) Subject: Fix Add password_hash to not depend on password quality configuration X-Git-Tag: OPENLDAP_REL_ENG_2_4_BP~797 X-Git-Url: https://git.sur5r.net/?a=commitdiff_plain;h=c5cf54dddf63e55f6c42db3f90508e6c3f635f5e;p=openldap Fix Add password_hash to not depend on password quality configuration --- diff --git a/servers/slapd/overlays/ppolicy.c b/servers/slapd/overlays/ppolicy.c index 93d93c4c58..2a5568add9 100644 --- a/servers/slapd/overlays/ppolicy.c +++ b/servers/slapd/overlays/ppolicy.c @@ -1102,38 +1102,39 @@ ppolicy_add( send_ldap_error( op, rs, rc, "Password fails quality checking policy" ); return rs->sr_err; } - /* - * A controversial bit. We hash cleartext - * passwords provided via add and modify operations - * You're not really supposed to do this, since - * the X.500 model says "store attributes" as they - * get provided. By default, this is what we do - * - * But if the hash_passwords flag is set, we hash - * any cleartext password attribute values via the - * default password hashing scheme. - */ - if ((pi->hash_passwords) && - (password_scheme( &(pa->a_vals[0]), NULL ) != LDAP_SUCCESS)) { - struct berval hpw; - - slap_passwd_hash( &(pa->a_vals[0]), &hpw, &txt ); - if (hpw.bv_val == NULL) { - /* - * hashing didn't work. Emit an error. - */ - rs->sr_err = LDAP_OTHER; - rs->sr_text = txt; - send_ldap_error( op, rs, LDAP_OTHER, "Password hashing failed" ); - return rs->sr_err; - } + } + /* + * A controversial bit. We hash cleartext + * passwords provided via add and modify operations + * You're not really supposed to do this, since + * the X.500 model says "store attributes" as they + * get provided. By default, this is what we do + * + * But if the hash_passwords flag is set, we hash + * any cleartext password attribute values via the + * default password hashing scheme. + */ + if ((pi->hash_passwords) && + (password_scheme( &(pa->a_vals[0]), NULL ) != LDAP_SUCCESS)) { + struct berval hpw; - memset( pa->a_vals[0].bv_val, 0, pa->a_vals[0].bv_len); - ber_memfree( pa->a_vals[0].bv_val ); - pa->a_vals[0].bv_val = hpw.bv_val; - pa->a_vals[0].bv_len = hpw.bv_len; + slap_passwd_hash( &(pa->a_vals[0]), &hpw, &txt ); + if (hpw.bv_val == NULL) { + /* + * hashing didn't work. Emit an error. + */ + rs->sr_err = LDAP_OTHER; + rs->sr_text = txt; + send_ldap_error( op, rs, LDAP_OTHER, "Password hashing failed" ); + return rs->sr_err; } + + memset( pa->a_vals[0].bv_val, 0, pa->a_vals[0].bv_len); + ber_memfree( pa->a_vals[0].bv_val ); + pa->a_vals[0].bv_val = hpw.bv_val; + pa->a_vals[0].bv_len = hpw.bv_len; } + /* If password aging is in effect, set the pwdChangedTime */ if ( pp.pwdMaxAge || pp.pwdMinAge ) { struct berval timestamp;