Delete old password if provided

servers/slapd/passwd.c

@@ -180,11 +180,27 @@ int passwd_extop(
 	ml->sml_values[i].bv_val = NULL;
 	ml->sml_nvalues = NULL;
 	ml->sml_desc = slap_schema.si_ad_userPassword;
-	ml->sml_op = LDAP_MOD_REPLACE;
+	ml->sml_op = qpw->rs_old.bv_val ? LDAP_MOD_ADD : LDAP_MOD_REPLACE;
 	ml->sml_next = qpw->rs_mods;
 	qpw->rs_mods = ml;
-	if ( rsp ) {
-		free( qpw->rs_new.bv_val );
+	if ( qpw->rs_old.bv_val ) {
+		ml = ch_malloc( sizeof(Modifications) );
+		ml->sml_values = ch_malloc( (nhash+1)*sizeof(struct berval) );
+		for ( i=0; hashes[i]; i++ ) {
+			slap_passwd_hash( hashes[i], &qpw->rs_old, &hash, &rs->sr_text );
+			if ( hash.bv_len == 0 ) {
+				if ( !rs->sr_text ) {
+					rs->sr_text = "password hash failed";
+				}
+				break;
+			}
+			ml->sml_values[i] = hash;
+		}
+		ml->sml_values[i].bv_val = NULL;
+		ml->sml_desc = slap_schema.si_ad_userPassword;
+		ml->sml_op = LDAP_MOD_DELETE;
+		ml->sml_next = qpw->rs_mods;
+		qpw->rs_mods = ml;
 	}
 	if ( hashes[i] ) {
 		rs->sr_err = LDAP_OTHER;
@@ -194,6 +210,8 @@ int passwd_extop(
 		op2.o_tag = LDAP_REQ_MODIFY;
 		op2.o_callback = &cb2;
 		op2.orm_modlist = qpw->rs_mods;
+		cb2.sc_private = qpw;	/* let Modify know this was pwdMod,
+					 * if it cares... */
 
 		rs->sr_err = slap_mods_opattrs( &op2, ml, qpw->rs_modtail, &rs->sr_text,
 			NULL, 0 );
@@ -208,6 +226,9 @@ int passwd_extop(
 		}
 	}
 	slap_mods_free( qpw->rs_mods );
+	if ( rsp ) {
+		free( qpw->rs_new.bv_val );
+	}
 
 	return rs->sr_err;
 }
@@ -461,6 +482,15 @@ slap_passwd_hash(
 	new->bv_len = 0;
 	new->bv_val = NULL;
 
+	if ( !hash ) {
+		if ( default_passwd_hash ) {
+			hash = default_passwd_hash[0];
+		}
+		if ( !hash ) {
+			hash = (char *)defhash[0];
+		}
+	}
+
 #if defined( SLAPD_CRYPT ) || defined( SLAPD_SPASSWD )
 	ldap_pvt_thread_mutex_lock( &passwd_mutex );
 #endif