From 79e54ca5e94df3e7de69d461901b06a2039fc208 Mon Sep 17 00:00:00 2001
From: neil_a_wilson <neil_a_wilson@localhost>
Date: Thu, 10 Aug 2006 20:39:49 +0000
Subject: [PATCH] Fix a problem in which the "must change password" flag in the client connection session was not cleared when a user changed their password.  In addition, the state attribute in the user's entry was not being cleared for modify operations.

---
 opendj-sdk/opends/src/server/org/opends/server/extensions/PasswordModifyExtendedOperation.java |   11 +++++++++++
 opendj-sdk/opends/src/server/org/opends/server/core/ModifyOperation.java                       |   22 ++++++++++++++++++++--
 2 files changed, 31 insertions(+), 2 deletions(-)

diff --git a/opendj-sdk/opends/src/server/org/opends/server/core/ModifyOperation.java b/opendj-sdk/opends/src/server/org/opends/server/core/ModifyOperation.java
index f0de197..2c8196c 100644
--- a/opendj-sdk/opends/src/server/org/opends/server/core/ModifyOperation.java
+++ b/opendj-sdk/opends/src/server/org/opends/server/core/ModifyOperation.java
@@ -61,6 +61,7 @@
 import org.opends.server.types.Attribute;
 import org.opends.server.types.AttributeType;
 import org.opends.server.types.AttributeValue;
+import org.opends.server.types.AuthenticationInfo;
 import org.opends.server.types.ByteString;
 import org.opends.server.types.Control;
 import org.opends.server.types.DN;
@@ -1290,9 +1291,9 @@
             pwPolicyState.clearGraceLoginTimes();
             pwPolicyState.clearWarnedTime();
 
-            if ((! selfChange) && pwPolicyState.forceChangeOnReset())
+            if (pwPolicyState.forceChangeOnReset())
             {
-              pwPolicyState.setMustChangePassword(true);
+              pwPolicyState.setMustChangePassword(! selfChange);
             }
 
             if (pwPolicyState.getRequiredChangeTime() > 0)
@@ -2358,6 +2359,23 @@
             }
 
             backend.replaceEntry(modifiedEntry, this);
+
+
+            // If the update was successful and included a self password change,
+            // then clear the "must change" flag in the client connection.
+            if ((getResultCode() == ResultCode.SUCCESS) && passwordChanged &&
+                selfChange)
+            {
+              // We really only want to do this if the authentication DN from
+              // the client connection is equal to the entry that was updated to
+              // avoid clearing the flag for the wrong user.
+              AuthenticationInfo authInfo =
+                   clientConnection.getAuthenticationInfo();
+              if (authInfo.getAuthenticationDN().equals(entryDN))
+              {
+                clientConnection.setMustChangePassword(false);
+              }
+            }
           }
 
           if (preReadRequest != null)
diff --git a/opendj-sdk/opends/src/server/org/opends/server/extensions/PasswordModifyExtendedOperation.java b/opendj-sdk/opends/src/server/org/opends/server/extensions/PasswordModifyExtendedOperation.java
index eedeaa2..59e8eb5 100644
--- a/opendj-sdk/opends/src/server/org/opends/server/extensions/PasswordModifyExtendedOperation.java
+++ b/opendj-sdk/opends/src/server/org/opends/server/extensions/PasswordModifyExtendedOperation.java
@@ -928,6 +928,17 @@
         ASN1Sequence valueSequence = new ASN1Sequence(valueElements);
         operation.setResponseValue(new ASN1OctetString(valueSequence.encode()));
       }
+
+
+      // If this was a self password change, and the client is authenticated as
+      // the user whose password was changed, then clear the "must change
+      // password" flag in the client connection.  Note that we're using the
+      // authentication DN rather than the authorization DN in this case to
+      // avoid mistakenly clearing the flag for the wrong user.
+      if (selfChange && (authInfo.getAuthenticationDN().equals(userDN)))
+      {
+        operation.getClientConnection().setMustChangePassword(false);
+      }
     }
     finally
     {

--
Gitblit v1.10.0