Update the modify operation to fix two problems:

neil_a_wilson

31.14.2006 ca68a5303b6890cc4d8f6136132bde1dc1a0e6df

Update the modify operation to fix two problems:

- When the "force change on add" or "force change on reset" was enabled in the
  password policy and the user's password had been administratively reset, it
  was still possible for that user to perform modify operations against entries
  other than their own.  Issue #904.
  
- When the "force change on add" feature was enabled but "force change on 
  reset" was not, the server would not clear the reset flag when a user changed
  his or her password via a modify operation.  Issue #905.

 opends/src/server/org/opends/server/core/ModifyOperation.java

@@ -836,6 +836,25 @@
      }


      // If the user must change their password before doing anything else, and
      // if the target of the modify operation isn't the user's own entry, then
      // reject the request.
      if (clientConnection.mustChangePassword())
      {
        DN authzDN = getAuthorizationDN();
        if ((authzDN != null) && (! authzDN.equals(entryDN)))
        {
          // The user will not be allowed to do anything else before
          // the password gets changed.
          setResultCode(ResultCode.UNWILLING_TO_PERFORM);

          int msgID = MSGID_MODIFY_MUST_CHANGE_PASSWORD;
          appendErrorMessage(getMessage(msgID));
          break modifyProcessing;
        }
      }


      // Check for and handle a request to cancel this operation.
      if (cancelRequest != null)
      {
@@ -1283,7 +1302,8 @@
            pwPolicyState.clearGraceLoginTimes();
            pwPolicyState.clearWarnedTime();

            if (pwPolicyState.forceChangeOnReset())
            if (pwPolicyState.forceChangeOnAdd() ||
                pwPolicyState.forceChangeOnReset())
            {
              pwPolicyState.setMustChangePassword(! selfChange);
            }