From 32ca9f093c25ee543fe23aa9efc790bfc6b12fe8 Mon Sep 17 00:00:00 2001

From: Noriko Hosoi <nhosoi@redhat.com>

Date: Mon, 23 Jun 2014 15:01:34 -0700

Subject: [PATCH] Revert "Ticket #47423 - 7-bit check plugin does not work for

 userpassword attribute"

This reverts commit 4457a30decf6e281986310e705ceb6d5c059232b.

This patch should not be in rhel-6.6 branch.

---

 ldap/servers/plugins/uiduniq/7bit.c | 37 ++++++++++---------------------------

 1 file changed, 10 insertions(+), 27 deletions(-)

diff --git a/ldap/servers/plugins/uiduniq/7bit.c b/ldap/servers/plugins/uiduniq/7bit.c

index c98d660..f690b4e 100644

--- a/ldap/servers/plugins/uiduniq/7bit.c

+++ b/ldap/servers/plugins/uiduniq/7bit.c

@@ -218,8 +218,7 @@ preop_add(Slapi_PBlock *pb)

 {

   int result;

   char *violated = NULL;

-  char *pwd = NULL;

-  char *origpwd = NULL;

+

 #ifdef DEBUG

   slapi_log_error(SLAPI_LOG_PLUGIN, plugin_name, "ADD begin\n");

 #endif

@@ -237,14 +236,12 @@ preop_add(Slapi_PBlock *pb)

     const char *dn;

     Slapi_DN *sdn = NULL;

     Slapi_Entry *e;

+    Slapi_Attr *attr;

     char **firstSubtree;

     char **subtreeDN;

     int subtreeCnt;

     int is_replicated_operation;

-    struct berval *vals[2];

-    struct berval val;

-    vals[0] = &val;

-    vals[1] = NULL;

+

     /*

      * Get the arguments

      */

@@ -291,26 +288,19 @@ preop_add(Slapi_PBlock *pb)

     for (attrName = argv; strcmp(*attrName, ",") != 0; attrName++ )

     {

       /* 

-       * if the attribute is userpassword, check unhashed user password 

+       * if the attribute is userpassword, check unhashed#user#password 

        * instead.  "userpassword" is encoded; it will always pass the 7bit 

        * check.

        */

-      char *attr_name = NULL;

-      Slapi_Attr *attr = NULL; 

+      char *attr_name; 

       if ( strcasecmp(*attrName, "userpassword") == 0 )

       {

-         origpwd = pwd = slapi_get_first_clear_text_pw(e);

-         if (pwd == NULL)

-	 {

-            continue;

-         }

-         val.bv_val = pwd;

-         val.bv_len = strlen(val.bv_val);

+         attr_name = "unhashed#user#password";

       } else {

          attr_name = *attrName;

-	 err = slapi_entry_attr_find(e, attr_name, &attr);

-         if (err) continue; /* break;*/  /* no 7-bit attribute */

       }

+      err = slapi_entry_attr_find(e, attr_name, &attr);

+      if (err) continue; /* break;*/  /* no 7-bit attribute */

       /*

        * For each DN in the managed list, do 7-bit checking if

@@ -333,14 +323,7 @@ preop_add(Slapi_PBlock *pb)

           /*

            * Check if the value is 7-bit clean

            */

-	  if(pwd)

-	  {

-            result = bit_check(attr, vals, &violated);

-	    if(!result)

-	      pwd = NULL;

-	  }

-          else

-            result = bit_check(attr, NULL, &violated);

+          result = bit_check(attr, NULL, &violated);

           if (result) break;

         }

       }

@@ -352,7 +335,7 @@ preop_add(Slapi_PBlock *pb)

   if (result) {

     issue_error(pb, result, "ADD", violated);

   }

-  slapi_ch_free_string(&origpwd);

+

   return (result==LDAP_SUCCESS)?0:-1;

 }

-- 

1.8.1.4