|
 |
dc8c34 |
From 1e75376f7895d4d2de294ee2ae1343c7e1a08584 Mon Sep 17 00:00:00 2001
|
|
|
dc8c34 |
From: Noriko Hosoi <nhosoi@redhat.com>
|
|
|
dc8c34 |
Date: Mon, 17 Jun 2013 13:02:10 -0700
|
|
|
dc8c34 |
Subject: [PATCH 70/99] Ticket #47391 - deleting and adding userpassword fails
|
|
|
dc8c34 |
to update the password (additional fix)
|
|
|
dc8c34 |
|
|
|
dc8c34 |
Bug description: ldapmodify with changetype "modify" is supposed
|
|
|
dc8c34 |
to skip checking unhashed password in acl_check_mods. "delete"
|
|
|
dc8c34 |
and "replace" were being skipped, but not "add".
|
|
|
dc8c34 |
|
|
|
dc8c34 |
Fix description: "add" also skips to check unhashed password.
|
|
|
dc8c34 |
|
|
|
dc8c34 |
https://fedorahosted.org/389/ticket/47391
|
|
|
dc8c34 |
|
|
|
dc8c34 |
Reviewed by Rich (Thank you!!)
|
|
|
dc8c34 |
(cherry picked from commit 5337dcfa67827ac46df68a2f817eade638eb352d)
|
|
|
dc8c34 |
(cherry picked from commit 7d8bddd281294b6f2dcdc0ed431680e505ed5e1a)
|
|
|
dc8c34 |
---
|
|
|
dc8c34 |
ldap/servers/plugins/acl/acl.c | 15 ++++++++-------
|
|
|
dc8c34 |
1 file changed, 8 insertions(+), 7 deletions(-)
|
|
|
dc8c34 |
|
|
|
dc8c34 |
diff --git a/ldap/servers/plugins/acl/acl.c b/ldap/servers/plugins/acl/acl.c
|
|
|
dc8c34 |
index 4516cf8..09f28ee 100644
|
|
|
dc8c34 |
--- a/ldap/servers/plugins/acl/acl.c
|
|
|
dc8c34 |
+++ b/ldap/servers/plugins/acl/acl.c
|
|
|
dc8c34 |
@@ -1358,6 +1358,9 @@ acl_check_mods(
|
|
|
dc8c34 |
for (mod = slapi_mods_get_first_mod(&smods);
|
|
|
dc8c34 |
mod != NULL;
|
|
|
dc8c34 |
mod = slapi_mods_get_next_mod(&smods)) {
|
|
|
dc8c34 |
+ if (0 == strcmp(mod->mod_type, PSEUDO_ATTR_UNHASHEDUSERPASSWORD)) {
|
|
|
dc8c34 |
+ continue;
|
|
|
dc8c34 |
+ }
|
|
|
dc8c34 |
switch (mod->mod_op & ~LDAP_MOD_BVALUES ) {
|
|
|
dc8c34 |
|
|
|
dc8c34 |
case LDAP_MOD_DELETE:
|
|
|
dc8c34 |
@@ -1382,9 +1385,7 @@ acl_check_mods(
|
|
|
dc8c34 |
}
|
|
|
dc8c34 |
if (lastmod &&
|
|
|
dc8c34 |
(strcmp (mod->mod_type, "modifiersname")== 0 ||
|
|
|
dc8c34 |
- strcmp (mod->mod_type, "modifytimestamp")== 0 ||
|
|
|
dc8c34 |
- strcmp (mod->mod_type, PSEUDO_ATTR_UNHASHEDUSERPASSWORD)== 0)
|
|
|
dc8c34 |
- ) {
|
|
|
dc8c34 |
+ strcmp (mod->mod_type, "modifytimestamp")== 0)) {
|
|
|
dc8c34 |
continue;
|
|
|
dc8c34 |
}
|
|
|
dc8c34 |
|
|
|
dc8c34 |
@@ -1396,9 +1397,9 @@ acl_check_mods(
|
|
|
dc8c34 |
while(k != -1) {
|
|
|
dc8c34 |
attrVal = slapi_value_get_berval(sval);
|
|
|
dc8c34 |
rv = slapi_access_allowed (pb, e,
|
|
|
dc8c34 |
- mod->mod_type,
|
|
|
dc8c34 |
- (struct berval *)attrVal, /* XXXggood had to cast away const - BAD */
|
|
|
dc8c34 |
- ACLPB_SLAPI_ACL_WRITE_DEL); /* was SLAPI_ACL_WRITE */
|
|
|
dc8c34 |
+ mod->mod_type,
|
|
|
dc8c34 |
+ (struct berval *)attrVal, /* XXXggood had to cast away const - BAD */
|
|
|
dc8c34 |
+ ACLPB_SLAPI_ACL_WRITE_DEL); /* was SLAPI_ACL_WRITE */
|
|
|
dc8c34 |
if ( rv != LDAP_SUCCESS) {
|
|
|
dc8c34 |
acl_gen_err_msg (
|
|
|
dc8c34 |
SLAPI_ACL_WRITE,
|
|
|
dc8c34 |
@@ -1430,7 +1431,7 @@ acl_check_mods(
|
|
|
dc8c34 |
}
|
|
|
dc8c34 |
break;
|
|
|
dc8c34 |
|
|
|
dc8c34 |
- default:
|
|
|
dc8c34 |
+ default: /* including LDAP_MOD_ADD */
|
|
|
dc8c34 |
break;
|
|
|
dc8c34 |
} /* switch */
|
|
|
dc8c34 |
|
|
|
dc8c34 |
--
|
|
|
dc8c34 |
1.8.1.4
|
|
|
dc8c34 |
|