This patch properly roatets the password history so the oldest entry is
pushed out when we reach the max entries limit.

Fixes bz#527879/trac#256

Simo.

-- 
Simo Sorce * Red Hat, Inc * New York
>From 176ee45d4acd31c6cbee8e70e56f66009515e354 Mon Sep 17 00:00:00 2001
From: Simo Sorce <sso...@redhat.com>
Date: Mon, 4 Oct 2010 16:25:26 -0400
Subject: [PATCH] pwd-plugin: Remove the correct password from the history

We were mistakenly removeing the latest password from the passwordHistory
once the max history values were reached. Make sure we remove the oldest one
instead.
---
 .../ipa-pwd-extop/ipapwd_common.c                  |    7 ++++++-
 1 files changed, 6 insertions(+), 1 deletions(-)

diff --git a/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd_common.c b/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd_common.c
index 42a4abe..a2b11e4 100644
--- a/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd_common.c
+++ b/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd_common.c
@@ -1293,7 +1293,7 @@ Slapi_Value **ipapwd_setPasswordHistory(Slapi_Mods *smods,
     ret = slapi_entry_attr_find(data->target,
                                 "passwordHistory", &passwordHistory);
     if (ret == 0) {
-        int ret, hint, count, i;
+        int ret, hint, count, i, j;
         const char *pwstr;
         Slapi_Value *pw;
 
@@ -1327,6 +1327,11 @@ Slapi_Value **ipapwd_setPasswordHistory(Slapi_Mods *smods,
             qsort(pH, i, sizeof(Slapi_Value *), ipapwd_sv_pw_cmp);
 
             if (i >= data->pwHistoryLen) {
+                /* need to rotate out the first entry */
+                for (j = 0; j < data->pwHistoryLen; j++) {
+                    pH[j] = pH[j + 1];
+                }
+
                 i = data->pwHistoryLen;
                 pH[i] = NULL;
                 i--;
-- 
1.7.2.3

_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to