diff options
Diffstat (limited to 'daemons/ipa-slapi-plugins')
-rw-r--r-- | daemons/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c | 17 |
1 files changed, 10 insertions, 7 deletions
diff --git a/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c b/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c index 1b90b9f8d..a18222f44 100644 --- a/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c +++ b/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c @@ -3467,7 +3467,8 @@ static int ipapwd_pre_add(Slapi_PBlock *pb) struct ipapwd_operation *pwdop = NULL; void *op; int is_repl_op, is_root, is_krb, is_smb; - int ret, rc; + int ret; + int rc = LDAP_SUCCESS; slapi_log_error(SLAPI_LOG_TRACE, IPAPWD_PLUGIN_NAME, "=> ipapwd_pre_add\n"); @@ -3516,14 +3517,16 @@ static int ipapwd_pre_add(Slapi_PBlock *pb) /* unhashed#user#password doesn't always contain the clear text * password, therefore we need to check if its value isn't the same * as userPassword to make sure */ - if (!userpw || (0 == strcmp(userpw, userpw_clear))) { + if (!userpw_clear || (0 == strcmp(userpw, userpw_clear))) { rc = LDAP_CONSTRAINT_VIOLATION; + slapi_ch_free_string(&userpw); + } else { + userpw = slapi_ch_strdup(userpw_clear); } - slapi_ch_free_string(&userpw); slapi_ch_free_string(&userpw_clear); - if (rc) { + if (rc != LDAP_SUCCESS) { /* we don't have access to the clear text password; * let it slide if migration is enabled, but don't * generate kerberos keys */ @@ -3547,12 +3550,12 @@ static int ipapwd_pre_add(Slapi_PBlock *pb) rc = ipapwd_entry_checks(pb, e, &is_root, &is_krb, &is_smb, NULL, SLAPI_ACL_ADD); - if (rc) { + if (rc != LDAP_SUCCESS) { goto done; } rc = ipapwd_gen_checks(pb, &errMesg, &krbcfg, IPAPWD_CHECK_DN); - if (rc) { + if (rc != LDAP_SUCCESS) { goto done; } @@ -3623,7 +3626,7 @@ static int ipapwd_pre_add(Slapi_PBlock *pb) pwdop, userpw, is_krb, is_smb, &svals, &nt, &lm); - if (rc) { + if (rc != LDAP_SUCCESS) { goto done; } |