andykimpe / rpms / 389-ds-base

Forked from rpms/389-ds-base 5 months ago
Clone

Blame 0272-Ticket-47900-Fix-backport-issue-to-1.2.11.patch

dc8c34
From 07ecc139cf0332469fb27f69fe624db4160bcdf9 Mon Sep 17 00:00:00 2001
dc8c34
From: Mark Reynolds <mreynolds@redhat.com>
dc8c34
Date: Tue, 7 Oct 2014 14:24:17 -0400
dc8c34
Subject: [PATCH 272/305] Ticket 47900 - Fix backport issue to 1.2.11
dc8c34
dc8c34
Bug Description:  The backport to 1.2.11 was incorrect, and caused valid adds to
dc8c34
                  to fail, but not return an error.
dc8c34
dc8c34
Fix Description:  Fix login when checking for password admins and password syntax.
dc8c34
dc8c34
https://fedorahosted.org/389/ticket/47900
dc8c34
dc8c34
Reviewed by: nhosoi(Thanks!)
dc8c34
dc8c34
(cherry picked from commit 851240569e1759589e1d40ad3caf3da5726e263b)
dc8c34
---
dc8c34
 ldap/servers/slapd/add.c | 10 ++++++----
dc8c34
 ldap/servers/slapd/pw.c  |  5 -----
dc8c34
 2 files changed, 6 insertions(+), 9 deletions(-)
dc8c34
dc8c34
diff --git a/ldap/servers/slapd/add.c b/ldap/servers/slapd/add.c
dc8c34
index 9b549c3..5b3b5ee 100644
dc8c34
--- a/ldap/servers/slapd/add.c
dc8c34
+++ b/ldap/servers/slapd/add.c
dc8c34
@@ -562,7 +562,12 @@ static void op_shared_add (Slapi_PBlock *pb)
dc8c34
 
dc8c34
 			/* check password syntax */
dc8c34
 			if (!pw_is_pwp_admin(pb, pwpolicy) &&
dc8c34
-			    check_pw_syntax(pb, slapi_entry_get_sdn_const(e), present_values, NULL, e, 0) == 0)
dc8c34
+			    check_pw_syntax(pb, slapi_entry_get_sdn_const(e), present_values, NULL, e, 0) != 0)
dc8c34
+			{
dc8c34
+				/* error result is sent from check_pw_syntax */
dc8c34
+				goto done;
dc8c34
+			}
dc8c34
+			else
dc8c34
 			{
dc8c34
 				Slapi_Value **vals= NULL;
dc8c34
 				valuearray_add_valuearray(&unhashed_password_vals, present_values, 0);
dc8c34
@@ -575,9 +580,6 @@ static void op_shared_add (Slapi_PBlock *pb)
dc8c34
 				/* Add the unhashed password pseudo-attribute to the entry */
dc8c34
 				pwdtype = slapi_attr_syntax_normalize(PSEUDO_ATTR_UNHASHEDUSERPASSWORD);
dc8c34
 				slapi_entry_add_values_sv(e, pwdtype, unhashed_password_vals);
dc8c34
-			} else {
dc8c34
-				/* error result is sent from check_pw_syntax */
dc8c34
-				goto done;
dc8c34
 			}
dc8c34
 		}
dc8c34
 
dc8c34
diff --git a/ldap/servers/slapd/pw.c b/ldap/servers/slapd/pw.c
dc8c34
index eb9eacb..d32afd8 100644
dc8c34
--- a/ldap/servers/slapd/pw.c
dc8c34
+++ b/ldap/servers/slapd/pw.c
dc8c34
@@ -1643,11 +1643,6 @@ new_passwdPolicy(Slapi_PBlock *pb, const char *dn)
dc8c34
 	slapdFrontendConfig_t *slapdFrontendConfig;
dc8c34
 	int optype = -1;
dc8c34
 
dc8c34
-	/* If we already allocated a pw policy, return it */
dc8c34
-	if(pb && pb->pwdpolicy){
dc8c34
-		return pb->pwdpolicy;
dc8c34
-	}
dc8c34
-
dc8c34
 	if (g_get_active_threadcnt() == 0){
dc8c34
 		/*
dc8c34
 		 * If the server is starting up the thread count will be zero, so
dc8c34
-- 
dc8c34
1.9.3
dc8c34