From f40527ef49dc18f46c513595369199b942a2b78e Mon Sep 17 00:00:00 2001
From: Pierangelo Masarati <ando@openldap.org>
Date: Fri, 7 Jan 2005 13:57:16 +0000
Subject: [PATCH] fix ACL value checking for bind (ITS#3446)

---
 servers/slapd/overlays/ppolicy.c | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/servers/slapd/overlays/ppolicy.c b/servers/slapd/overlays/ppolicy.c
index d1e69e6fe0..8e1558cdde 100644
--- a/servers/slapd/overlays/ppolicy.c
+++ b/servers/slapd/overlays/ppolicy.c
@@ -1376,7 +1376,8 @@ ppolicy_modify( Operation *op, SlapReply *rs )
 		const char *txt;
 		
 		bv = oldpw.bv_val ? &oldpw : delmod->sml_values;
-		rc = slap_passwd_check( op->o_conn, pa, bv, &txt );
+		/* FIXME: no access checking? */
+		rc = slap_passwd_check( op, NULL, pa, bv, &txt );
 		if (rc != LDAP_SUCCESS) {
 			Debug( LDAP_DEBUG_TRACE,
 				"old password check failed: %s\n", txt, 0, 0 );
@@ -1420,7 +1421,8 @@ ppolicy_modify( Operation *op, SlapReply *rs )
 		/*
 		 * Last check - the password history.
 		 */
-		if (slap_passwd_check( op->o_conn, pa, bv, &txt ) == LDAP_SUCCESS) {
+		/* FIXME: no access checking? */
+		if (slap_passwd_check( op, NULL, pa, bv, &txt ) == LDAP_SUCCESS) {
 			/*
 			 * This is bad - it means that the user is attempting
 			 * to set the password to the same as the old one.
@@ -1442,7 +1444,8 @@ ppolicy_modify( Operation *op, SlapReply *rs )
 		cr[1].bv_val = NULL;
 		for(p=tl; p; p=p->next) {
 			cr[0] = p->pw;
-			rc = slap_passwd_check( op->o_conn, &at, bv, &txt );
+			/* FIXME: no access checking? */
+			rc = slap_passwd_check( op, NULL, &at, bv, &txt );
 			
 			if (rc != LDAP_SUCCESS) continue;
 			
-- 
2.39.5