From 68ae7408dcb525fbcc99aae649d2d099676934ed Mon Sep 17 00:00:00 2001 From: Kurt Zeilenga Date: Thu, 29 Sep 2005 08:00:33 +0000 Subject: [PATCH] ITS#4049: oldPassword cannot be ignored, error for now Add tests to confirm proper behavior --- servers/slapd/passwd.c | 10 ++++++++-- tests/scripts/test010-passwd | 30 ++++++++++++++++++++++++++++++ 2 files changed, 38 insertions(+), 2 deletions(-) diff --git a/servers/slapd/passwd.c b/servers/slapd/passwd.c index e803148d5d..f4ac394cd8 100644 --- a/servers/slapd/passwd.c +++ b/servers/slapd/passwd.c @@ -73,8 +73,8 @@ int passwd_extop( qpw->rs_mods = NULL; qpw->rs_modtail = NULL; - rs->sr_err = slap_passwd_parse( op->ore_reqdata, &id, &qpw->rs_old, - &qpw->rs_new, &rs->sr_text ); + rs->sr_err = slap_passwd_parse( op->ore_reqdata, &id, + &qpw->rs_old, &qpw->rs_new, &rs->sr_text ); if ( rs->sr_err == LDAP_SUCCESS && !BER_BVISEMPTY( &id ) ) { Statslog( LDAP_DEBUG_STATS, "%s PASSMOD id=\"%s\"%s%s\n", @@ -200,6 +200,12 @@ int passwd_extop( goto error_return; } + if ( qpw->rs_old.bv_val != NULL ) { + rs->sr_text = "unwilling to verify old password"; + rc = LDAP_UNWILLING_TO_PERFORM; + goto error_return; + } + ml = ch_malloc( sizeof(Modifications) ); if ( !qpw->rs_modtail ) qpw->rs_modtail = &ml->sml_next; diff --git a/tests/scripts/test010-passwd b/tests/scripts/test010-passwd index 636d0cece4..8de9baaaf8 100755 --- a/tests/scripts/test010-passwd +++ b/tests/scripts/test010-passwd @@ -60,6 +60,36 @@ $LDAPSEARCH -h $LOCALHOST -p $PORT1 \ -b "$BASEDN" \ 'objectclass=*' >> $SEARCHOUT 2>&1 +echo "Using ldappasswd to test a few error conditions ..." +echo "Pass 0" >> $TESTOUT +$LDAPPASSWD -h $LOCALHOST -p $PORT1 \ + -w secret -a "" -s newsecret \ + -D "cn=md5, $BASEDN" >> $TESTOUT 2>&1 +RC=$? +if test $RC = 0 ; then + echo "ldappasswd unexpectantly passed ($RC)! old empty" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi +$LDAPPASSWD -h $LOCALHOST -p $PORT1 \ + -w secret -a oldsecret -s "" \ + -D "cn=md5, $BASEDN" >> $TESTOUT 2>&1 +RC=$? +if test $RC = 0 ; then + echo "ldappasswd unexpectantly passed ($RC)! new empty" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi +$LDAPPASSWD -h $LOCALHOST -p $PORT1 \ + -w secret -a oldsecret -s newsecret \ + -D "cn=md5, $BASEDN" >> $TESTOUT 2>&1 +RC=$? +if test $RC = 0 ; then + echo "ldappasswd unexpectantly passed ($RC)! wrong old" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + echo "Using ldappasswd (PASS 1) ..." echo "Pass 1" >> $TESTOUT $LDAPPASSWD -h $LOCALHOST -p $PORT1 \ -- 2.39.5