From 3daaf52ea7b5e3b188b2d2376d10d880864a0619 Mon Sep 17 00:00:00 2001
From: neil_a_wilson <neil_a_wilson@localhost>
Date: Mon, 14 Aug 2006 23:49:03 +0000
Subject: [PATCH] Update the modify processing code to ensure that attempts to add a new password value will check to ensure the new password doesn't match any password already in the user's entry.

---
 opendj-sdk/opends/src/server/org/opends/server/messages/CoreMessages.java |   12 ++++++++++++
 opendj-sdk/opends/src/server/org/opends/server/core/ModifyOperation.java  |   16 ++++++++++++++++
 2 files changed, 28 insertions(+), 0 deletions(-)

diff --git a/opendj-sdk/opends/src/server/org/opends/server/core/ModifyOperation.java b/opendj-sdk/opends/src/server/org/opends/server/core/ModifyOperation.java
index 5218672..556f7a3 100644
--- a/opendj-sdk/opends/src/server/org/opends/server/core/ModifyOperation.java
+++ b/opendj-sdk/opends/src/server/org/opends/server/core/ModifyOperation.java
@@ -1409,6 +1409,7 @@
             // password values (increment doesn't make any sense for passwords).
             // Then perform the appropriate type of processing for that kind of
             // modification.
+            boolean isAdd = false;
             LinkedHashSet<AttributeValue> pwValues = a.getValues();
             LinkedHashSet<AttributeValue> encodedValues =
                  new LinkedHashSet<AttributeValue>();
@@ -1421,6 +1422,7 @@
                 if (m.getModificationType() == ModificationType.ADD)
                 {
                   numPasswords += passwordsToAdd;
+                  isAdd = true;
                 }
                 else
                 {
@@ -1462,6 +1464,20 @@
                   }
                   else
                   {
+                    if (isAdd)
+                    {
+                      // Make sure that the password value doesn't already
+                      // exist.
+                      if (pwPolicyState.passwordMatches(v.getValue()))
+                      {
+                        setResultCode(ResultCode.ATTRIBUTE_OR_VALUE_EXISTS);
+
+                        int msgID = MSGID_MODIFY_PASSWORD_EXISTS;
+                        appendErrorMessage(getMessage(msgID));
+                        break modifyProcessing;
+                      }
+                    }
+
                     if (newPasswords == null)
                     {
                       newPasswords = new LinkedList<AttributeValue>();
diff --git a/opendj-sdk/opends/src/server/org/opends/server/messages/CoreMessages.java b/opendj-sdk/opends/src/server/org/opends/server/messages/CoreMessages.java
index e102a1e..521ac73 100644
--- a/opendj-sdk/opends/src/server/org/opends/server/messages/CoreMessages.java
+++ b/opendj-sdk/opends/src/server/org/opends/server/messages/CoreMessages.java
@@ -5817,6 +5817,15 @@
 
 
   /**
+   * The message ID for the message that will be used if an attempt is made to
+   * add a password that already exists.  This does not take any arguments.
+   */
+  public static final int MSGID_MODIFY_PASSWORD_EXISTS =
+       CATEGORY_MASK_CORE | SEVERITY_MASK_MILD_ERROR | 556;
+
+
+
+  /**
    * Associates a set of generic messages with the message IDs defined
    * in this class.
    */
@@ -6916,6 +6925,9 @@
                     "entries.");
     registerMessage(MSGID_MODIFY_NO_PREENCODED_PASSWORDS,
                     "User passwords may not be provided in pre-encoded form.");
+    registerMessage(MSGID_MODIFY_PASSWORD_EXISTS,
+                    "The specified password value already exists in the " +
+                    "user entry.");
     registerMessage(MSGID_MODIFY_NO_EXISTING_VALUES,
                     "The user entry does not have any existing passwords to " +
                     "remove.");

--
Gitblit v1.10.0