|
 |
dc8c34 |
From bcf43fb4346547f92f6d5748942bedf54307cc2e Mon Sep 17 00:00:00 2001
|
|
|
dc8c34 |
From: Mark Reynolds <mreynolds@redhat.com>
|
|
|
dc8c34 |
Date: Tue, 30 Sep 2014 15:18:37 -0400
|
|
|
dc8c34 |
Subject: [PATCH 270/305] Ticket 47900 - Adding an entry with an invalid
|
|
|
dc8c34 |
password as rootDN is incorrectly rejected
|
|
|
dc8c34 |
|
|
|
dc8c34 |
Bug Description: Root DN and password administrators should bypass all password
|
|
|
dc8c34 |
restrictions and syntax checks, but on ADD operations the password
|
|
|
dc8c34 |
checks were still be applied to root/password admins.
|
|
|
dc8c34 |
|
|
|
dc8c34 |
Fix Description: Do not check the password syntax if the bind DN is a rootDN/password admin.
|
|
|
dc8c34 |
|
|
|
dc8c34 |
https://fedorahosted.org/389/ticket/47900
|
|
|
dc8c34 |
|
|
|
dc8c34 |
Reviewed by: nhosoi(Thanks!)
|
|
|
dc8c34 |
|
|
|
dc8c34 |
(cherry picked from commit 950390bb09512a033a25f40e4f61f7346321a19a)
|
|
|
dc8c34 |
---
|
|
|
dc8c34 |
ldap/servers/slapd/add.c | 5 ++++-
|
|
|
dc8c34 |
1 file changed, 4 insertions(+), 1 deletion(-)
|
|
|
dc8c34 |
|
|
|
dc8c34 |
diff --git a/ldap/servers/slapd/add.c b/ldap/servers/slapd/add.c
|
|
|
dc8c34 |
index 1ce975a..9b549c3 100644
|
|
|
dc8c34 |
--- a/ldap/servers/slapd/add.c
|
|
|
dc8c34 |
+++ b/ldap/servers/slapd/add.c
|
|
|
dc8c34 |
@@ -457,12 +457,14 @@ static void op_shared_add (Slapi_PBlock *pb)
|
|
|
dc8c34 |
int proxy_err = LDAP_SUCCESS;
|
|
|
dc8c34 |
char *errtext = NULL;
|
|
|
dc8c34 |
Slapi_DN *sdn = NULL;
|
|
|
dc8c34 |
+ passwdPolicy *pwpolicy;
|
|
|
dc8c34 |
|
|
|
dc8c34 |
slapi_pblock_get (pb, SLAPI_OPERATION, &operation);
|
|
|
dc8c34 |
slapi_pblock_get (pb, SLAPI_ADD_ENTRY, &e);
|
|
|
dc8c34 |
slapi_pblock_get (pb, SLAPI_IS_REPLICATED_OPERATION, &repl_op);
|
|
|
dc8c34 |
slapi_pblock_get (pb, SLAPI_IS_LEGACY_REPLICATED_OPERATION, &legacy_op);
|
|
|
dc8c34 |
internal_op= operation_is_flag_set(operation, OP_FLAG_INTERNAL);
|
|
|
dc8c34 |
+ pwpolicy = new_passwdPolicy(pb, slapi_entry_get_dn(e));
|
|
|
dc8c34 |
|
|
|
dc8c34 |
/* target spec is used to decide which plugins are applicable for the operation */
|
|
|
dc8c34 |
operation_set_target_spec (operation, slapi_entry_get_sdn (e));
|
|
|
dc8c34 |
@@ -559,7 +561,8 @@ static void op_shared_add (Slapi_PBlock *pb)
|
|
|
dc8c34 |
}
|
|
|
dc8c34 |
|
|
|
dc8c34 |
/* check password syntax */
|
|
|
dc8c34 |
- if (check_pw_syntax(pb, slapi_entry_get_sdn_const(e), present_values, NULL, e, 0) == 0)
|
|
|
dc8c34 |
+ if (!pw_is_pwp_admin(pb, pwpolicy) &&
|
|
|
dc8c34 |
+ check_pw_syntax(pb, slapi_entry_get_sdn_const(e), present_values, NULL, e, 0) == 0)
|
|
|
dc8c34 |
{
|
|
|
dc8c34 |
Slapi_Value **vals= NULL;
|
|
|
dc8c34 |
valuearray_add_valuearray(&unhashed_password_vals, present_values, 0);
|
|
|
dc8c34 |
--
|
|
|
dc8c34 |
1.9.3
|
|
|
dc8c34 |
|