From 187b3cf38ce88550c89e693d532a07efc45e2017 Mon Sep 17 00:00:00 2001
From: neil_a_wilson <neil_a_wilson@localhost>
Date: Thu, 10 Aug 2006 20:39:49 +0000
Subject: [PATCH] Fix a problem in which the "must change password" flag in the client connection session was not cleared when a user changed their password.  In addition, the state attribute in the user's entry was not being cleared for modify operations.

---
 opends/src/server/org/opends/server/core/ModifyOperation.java |   22 ++++++++++++++++++++--
 1 files changed, 20 insertions(+), 2 deletions(-)

diff --git a/opends/src/server/org/opends/server/core/ModifyOperation.java b/opends/src/server/org/opends/server/core/ModifyOperation.java
index f0de197..2c8196c 100644
--- a/opends/src/server/org/opends/server/core/ModifyOperation.java
+++ b/opends/src/server/org/opends/server/core/ModifyOperation.java
@@ -61,6 +61,7 @@
 import org.opends.server.types.Attribute;
 import org.opends.server.types.AttributeType;
 import org.opends.server.types.AttributeValue;
+import org.opends.server.types.AuthenticationInfo;
 import org.opends.server.types.ByteString;
 import org.opends.server.types.Control;
 import org.opends.server.types.DN;
@@ -1290,9 +1291,9 @@
             pwPolicyState.clearGraceLoginTimes();
             pwPolicyState.clearWarnedTime();
 
-            if ((! selfChange) && pwPolicyState.forceChangeOnReset())
+            if (pwPolicyState.forceChangeOnReset())
             {
-              pwPolicyState.setMustChangePassword(true);
+              pwPolicyState.setMustChangePassword(! selfChange);
             }
 
             if (pwPolicyState.getRequiredChangeTime() > 0)
@@ -2358,6 +2359,23 @@
             }
 
             backend.replaceEntry(modifiedEntry, this);
+
+
+            // If the update was successful and included a self password change,
+            // then clear the "must change" flag in the client connection.
+            if ((getResultCode() == ResultCode.SUCCESS) && passwordChanged &&
+                selfChange)
+            {
+              // We really only want to do this if the authentication DN from
+              // the client connection is equal to the entry that was updated to
+              // avoid clearing the flag for the wrong user.
+              AuthenticationInfo authInfo =
+                   clientConnection.getAuthenticationInfo();
+              if (authInfo.getAuthenticationDN().equals(entryDN))
+              {
+                clientConnection.setMustChangePassword(false);
+              }
+            }
           }
 
           if (preReadRequest != null)

--
Gitblit v1.10.0