From cf945db520266991fccd2ff2c352b4f08040d6bd Mon Sep 17 00:00:00 2001
From: david_page <david_page@localhost>
Date: Thu, 03 May 2007 19:10:51 +0000
Subject: [PATCH] Issue [1347] PwP: Administrative reset sets pwdReset:TRUE when ds-cfg-force-change-on-reset:FALSE if ds-cfg-force-change-on-add:TRUE

---
 opends/src/server/org/opends/server/core/ModifyOperation.java |   79 ++++++++++++++++++++-------------------
 1 files changed, 41 insertions(+), 38 deletions(-)

diff --git a/opends/src/server/org/opends/server/core/ModifyOperation.java b/opends/src/server/org/opends/server/core/ModifyOperation.java
index 2882fb7..87b7190 100644
--- a/opends/src/server/org/opends/server/core/ModifyOperation.java
+++ b/opends/src/server/org/opends/server/core/ModifyOperation.java
@@ -2344,8 +2344,8 @@
 
         // FIXME: earlier checks to see if the entry already exists may
         // have already exposed sensitive information to the client.
-        if (AccessControlConfigManager.getInstance()
-            .getAccessControlHandler().isAllowed(this) == false) {
+        if (!AccessControlConfigManager.getInstance()
+             .getAccessControlHandler().isAllowed(this)) {
           setResultCode(ResultCode.INSUFFICIENT_ACCESS_RIGHTS);
 
           int msgID = MSGID_MODIFY_AUTHZ_INSUFFICIENT_ACCESS_RIGHTS;
@@ -2358,51 +2358,54 @@
         boolean wasLocked = false;
         if (passwordChanged)
         {
-            // See if the account was locked for any reason.
-            wasLocked = pwPolicyState.lockedDueToIdleInterval() ||
-                    pwPolicyState.lockedDueToMaximumResetAge() ||
-                    pwPolicyState.lockedDueToFailures();
+          // See if the account was locked for any reason.
+          wasLocked = pwPolicyState.lockedDueToIdleInterval() ||
+               pwPolicyState.lockedDueToMaximumResetAge() ||
+               pwPolicyState.lockedDueToFailures();
 
-            // Update the password policy state attributes in the user's entry.
-            // If the modification fails, then these changes won't be applied.
-            pwPolicyState.setPasswordChangedTime();
-            pwPolicyState.clearFailureLockout();
-            pwPolicyState.clearGraceLoginTimes();
-           pwPolicyState.clearWarnedTime();
+          // Update the password policy state attributes in the user's entry.
+          // If the modification fails, then these changes won't be applied.
+          pwPolicyState.setPasswordChangedTime();
+          pwPolicyState.clearFailureLockout();
+          pwPolicyState.clearGraceLoginTimes();
+          pwPolicyState.clearWarnedTime();
 
-            if (pwPolicyState.getPolicy().forceChangeOnAdd() ||
-                    pwPolicyState.getPolicy().forceChangeOnReset())
+          if (selfChange && pwPolicyState.getPolicy().forceChangeOnAdd())
+          {
+            pwPolicyState.setMustChangePassword(false);
+          }
+          else if( pwPolicyState.getPolicy().forceChangeOnReset())
+          {
+            pwPolicyState.setMustChangePassword(! selfChange);
+          }
+
+          if (pwPolicyState.getPolicy().getRequireChangeByTime() > 0)
+          {
+            pwPolicyState.setRequiredChangeTime();
+          }
+          modifications.addAll(pwPolicyState.getModifications());
+          //Apply pwd Policy modifications to modified entry.
+          try {
+            modifiedEntry.applyModifications(pwPolicyState.getModifications());
+          } catch (DirectoryException e) {
+            if (debugEnabled())
             {
-                pwPolicyState.setMustChangePassword(! selfChange);
+              debugCaught(DebugLogLevel.ERROR, e);
             }
 
-            if (pwPolicyState.getPolicy().getRequireChangeByTime() > 0)
-            {
-                pwPolicyState.setRequiredChangeTime();
-            }
-             modifications.addAll(pwPolicyState.getModifications());
-            //Apply pwd Policy modifications to modified entry.
-            try {
-             modifiedEntry.applyModifications(pwPolicyState.getModifications());
-            } catch (DirectoryException e) {
-                if (debugEnabled())
-                {
-                  debugCaught(DebugLogLevel.ERROR, e);
-                }
-
-                setResponseData(e);
-                break modifyProcessing;
-              }
+            setResponseData(e);
+            break modifyProcessing;
+          }
         }
         else if(pwPolicyState.mustChangePassword())
         {
-            // The user will not be allowed to do anything else before
-            // the password gets changed.
-            setResultCode(ResultCode.UNWILLING_TO_PERFORM);
+          // The user will not be allowed to do anything else before
+          // the password gets changed.
+          setResultCode(ResultCode.UNWILLING_TO_PERFORM);
 
-            int msgID = MSGID_MODIFY_MUST_CHANGE_PASSWORD;
-            appendErrorMessage(getMessage(msgID));
-            break modifyProcessing;
+          int msgID = MSGID_MODIFY_MUST_CHANGE_PASSWORD;
+          appendErrorMessage(getMessage(msgID));
+          break modifyProcessing;
         }
 
         // Make sure that the new entry is valid per the server schema.

--
Gitblit v1.10.0