This patch properly roatets the password history so the oldest entry is pushed out when we reach the max entries limit.
Fixes bz#527879/trac#256 Simo. -- Simo Sorce * Red Hat, Inc * New York
>From 176ee45d4acd31c6cbee8e70e56f66009515e354 Mon Sep 17 00:00:00 2001 From: Simo Sorce <[email protected]> Date: Mon, 4 Oct 2010 16:25:26 -0400 Subject: [PATCH] pwd-plugin: Remove the correct password from the history We were mistakenly removeing the latest password from the passwordHistory once the max history values were reached. Make sure we remove the oldest one instead. --- .../ipa-pwd-extop/ipapwd_common.c | 7 ++++++- 1 files changed, 6 insertions(+), 1 deletions(-) diff --git a/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd_common.c b/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd_common.c index 42a4abe..a2b11e4 100644 --- a/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd_common.c +++ b/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd_common.c @@ -1293,7 +1293,7 @@ Slapi_Value **ipapwd_setPasswordHistory(Slapi_Mods *smods, ret = slapi_entry_attr_find(data->target, "passwordHistory", &passwordHistory); if (ret == 0) { - int ret, hint, count, i; + int ret, hint, count, i, j; const char *pwstr; Slapi_Value *pw; @@ -1327,6 +1327,11 @@ Slapi_Value **ipapwd_setPasswordHistory(Slapi_Mods *smods, qsort(pH, i, sizeof(Slapi_Value *), ipapwd_sv_pw_cmp); if (i >= data->pwHistoryLen) { + /* need to rotate out the first entry */ + for (j = 0; j < data->pwHistoryLen; j++) { + pH[j] = pH[j + 1]; + } + i = data->pwHistoryLen; pH[i] = NULL; i--; -- 1.7.2.3
_______________________________________________ Freeipa-devel mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-devel
