From ab0f804c05c5c6e77c254c5d37faaaae919ecd2a Mon Sep 17 00:00:00 2001 From: Quanah Gibson-Mount Date: Thu, 15 Nov 2007 01:22:54 +0000 Subject: [PATCH] ITS#5146 --- CHANGES | 1 + servers/slapd/overlays/ppolicy.c | 10 +++++----- 2 files changed, 6 insertions(+), 5 deletions(-) diff --git a/CHANGES b/CHANGES index 4b5d03fa26..8202dddd5c 100644 --- a/CHANGES +++ b/CHANGES @@ -5,6 +5,7 @@ OpenLDAP 2.4.7 Engineering Fixed slapd sasl-host parsing (ITS#5209) Fixed slapd filter normalization (ITS#5212) Fixed slapd multiple sufix checking (ITS#5186) + Fixed slapo-ppolicy single password check on modify (ITS#5146) Fixed slapo-syncprov refresh and persist cookie sending (ITS#5210) Fixed slapo-syncprov ignore invalid cookies (ITS#5211) Updated contrib addpartial module (ITS#3593) diff --git a/servers/slapd/overlays/ppolicy.c b/servers/slapd/overlays/ppolicy.c index e126598055..cc401aefaa 100644 --- a/servers/slapd/overlays/ppolicy.c +++ b/servers/slapd/overlays/ppolicy.c @@ -1559,8 +1559,6 @@ ppolicy_modify( Operation *op, SlapReply *rs ) if ((ml->sml_op == LDAP_MOD_ADD) || (ml->sml_op == LDAP_MOD_REPLACE)) { - addmod = ml; - /* FIXME: there's no easy way to ensure * that add does not cause multiple * userPassword values; one way (that @@ -1572,13 +1570,15 @@ ppolicy_modify( Operation *op, SlapReply *rs ) * Let's check at least that a single value * is being added */ - assert( addmod->sml_values != NULL ); - assert( !BER_BVISNULL( &addmod->sml_values[ 0 ] ) ); - if ( !BER_BVISNULL( &addmod->sml_values[ 1 ] ) ) { + assert( ml->sml_values != NULL ); + assert( !BER_BVISNULL( &ml->sml_values[ 0 ] ) ); + if ( addmod || !BER_BVISNULL( &ml->sml_values[ 1 ] ) ) { rs->sr_err = LDAP_CONSTRAINT_VIOLATION; rs->sr_text = "Password policy only allows one password value"; goto return_results; } + + addmod = ml; } } else if ( !is_at_operational( ml->sml_desc->ad_type ) ) { -- 2.39.5