Don't manipulate password history if not configured in policy

This commit is contained in:
Howard Chu 2004-04-03 06:21:03 +00:00
parent 6a96ec96bd
commit e1fc5012bd

View File

@ -1325,7 +1325,7 @@ ppolicy_modify( Operation *op, SlapReply *rs )
* We need this, even if the user is root, in order to maintain
* the pwdHistory operational attributes properly.
*/
if (ha = attr_find( e->e_attrs, ad_pwdHistory )) {
if (pp.pwdInHistory > 0 && (ha = attr_find( e->e_attrs, ad_pwdHistory ))) {
struct berval oldpw;
time_t oldtime;
char *oid;
@ -1343,8 +1343,8 @@ ppolicy_modify( Operation *op, SlapReply *rs )
oldpw.bv_len = 0;
}
}
for(p=tl; p; p=p->next, hsize++); /* count history size */
}
for(p=tl, hsize=0; p; p=p->next, hsize++); /* count history size */
if (be_isroot( op->o_bd, &op->o_ndn)) goto do_modify;
@ -1570,9 +1570,10 @@ do_modify:
modtail = mods;
}
if (pp.pwdInHistory > 0) {
if (hsize >= pp.pwdInHistory) {
/*
* We use the >= operator, since we are going to add a
* We use the >= operator, since we are going to add
* the existing password attribute value into the
* history - thus the cardinality of history values is
* about to rise by one.
@ -1640,6 +1641,7 @@ do_modify:
"ppolicy_modify: password attr lookup failed\n", 0, 0, 0 );
#endif
}
}
/*
* Controversial bit here. If the new password isn't hashed