From: Howard Chu <hyc@openldap.org>
Date: Sat, 1 Oct 2005 15:12:39 +0000 (+0000)
Subject: ITS#4049,4051 - verify oldPassword when provided.
X-Git-Tag: OPENLDAP_REL_ENG_2_2_MP~342
X-Git-Url: https://git.sur5r.net/?a=commitdiff_plain;h=d878abf48f1da4b90e02a838c7086b92869391c9;p=openldap

ITS#4049,4051 - verify oldPassword when provided.
---

diff --git a/servers/slapd/passwd.c b/servers/slapd/passwd.c
index 41ff367134..c8f8ce75b5 100644
--- a/servers/slapd/passwd.c
+++ b/servers/slapd/passwd.c
@@ -209,11 +209,27 @@ int passwd_extop(
 	}
 
 	if ( qpw->rs_old.bv_val != NULL ) {
+		Entry *e = NULL;
+
+		rc = be_entry_get_rw( op, &op->o_req_ndn, NULL,
+			slap_schema.si_ad_userPassword, 0, &e );
+		if ( rc == LDAP_SUCCESS && e ) {
+			Attribute *a = attr_find( e->e_attrs,
+				slap_schema.si_ad_userPassword );
+			if ( a )
+				rc = slap_passwd_check( op, e, a, &qpw->rs_old, &rs->sr_text );
+			else
+				rc = 1;
+			be_entry_release_r( op, e );
+			if ( rc == LDAP_SUCCESS )
+				goto old_good;
+		}
 		rs->sr_text = "unwilling to verify old password";
 		rc = LDAP_UNWILLING_TO_PERFORM;
 		goto error_return;
 	}
 
+old_good:
 	ml = ch_malloc( sizeof(Modifications) );
 	if ( !qpw->rs_modtail ) qpw->rs_modtail = &ml->sml_next;