From 139c42b760fcda10a027e97af9ef27ec80fbf6ba Mon Sep 17 00:00:00 2001
From: Noriko Hosoi <nhosoi@totoro.usersys.redhat.com>
Date: Tue, 12 Jun 2012 16:41:39 -0700
Subject: [PATCH 3/4] Bug 829213 - unhashed#user#password visible after
 changing password
 https://bugzilla.redhat.com/show_bug.cgi?id=829213

Bug 830001 - unhashed#user#password visible after changing password [rhel-6.3]
https://bugzilla.redhat.com/show_bug.cgi?id=830001

Bug Description: unhashed#user#password is skipped to check acl
in acl_check_mod.

Fix Description: Set SLAPI_ATTR_FLAG_NOUSERMOD to unhashed#user#
password schema.  It makes clients' modifying the unhashed password
fail by UNWILLING TO PERFORM.
(cherry picked from commit 1629311d7201a6a7842db15865e02042a2894383)
---
 ldap/servers/slapd/pw_mgmt.c |    5 ++++-
 1 files changed, 4 insertions(+), 1 deletions(-)

diff --git a/ldap/servers/slapd/pw_mgmt.c b/ldap/servers/slapd/pw_mgmt.c
index 8d99879..f6f3cf3 100644
--- a/ldap/servers/slapd/pw_mgmt.c
+++ b/ldap/servers/slapd/pw_mgmt.c
@@ -306,7 +306,10 @@ pw_init ( void ) {
 
 	slapi_add_internal_attr_syntax( PSEUDO_ATTR_UNHASHEDUSERPASSWORD,
 	                                PSEUDO_ATTR_UNHASHEDUSERPASSWORD_OID,
-	                                OCTETSTRING_SYNTAX_OID, 0, 0 );
+	                                OCTETSTRING_SYNTAX_OID, 0, 
+	                                /* Clients don't need to directly modify
+	                                 * PSEUDO_ATTR_UNHASHEDUSERPASSWORD */
+	                                SLAPI_ATTR_FLAG_NOUSERMOD );
 }
 
 
-- 
1.7.7.6