From 1e75376f7895d4d2de294ee2ae1343c7e1a08584 Mon Sep 17 00:00:00 2001 From: Noriko Hosoi Date: Mon, 17 Jun 2013 13:02:10 -0700 Subject: [PATCH 70/99] Ticket #47391 - deleting and adding userpassword fails to update the password (additional fix) Bug description: ldapmodify with changetype "modify" is supposed to skip checking unhashed password in acl_check_mods. "delete" and "replace" were being skipped, but not "add". Fix description: "add" also skips to check unhashed password. https://fedorahosted.org/389/ticket/47391 Reviewed by Rich (Thank you!!) (cherry picked from commit 5337dcfa67827ac46df68a2f817eade638eb352d) (cherry picked from commit 7d8bddd281294b6f2dcdc0ed431680e505ed5e1a) --- ldap/servers/plugins/acl/acl.c | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/ldap/servers/plugins/acl/acl.c b/ldap/servers/plugins/acl/acl.c index 4516cf8..09f28ee 100644 --- a/ldap/servers/plugins/acl/acl.c +++ b/ldap/servers/plugins/acl/acl.c @@ -1358,6 +1358,9 @@ acl_check_mods( for (mod = slapi_mods_get_first_mod(&smods); mod != NULL; mod = slapi_mods_get_next_mod(&smods)) { + if (0 == strcmp(mod->mod_type, PSEUDO_ATTR_UNHASHEDUSERPASSWORD)) { + continue; + } switch (mod->mod_op & ~LDAP_MOD_BVALUES ) { case LDAP_MOD_DELETE: @@ -1382,9 +1385,7 @@ acl_check_mods( } if (lastmod && (strcmp (mod->mod_type, "modifiersname")== 0 || - strcmp (mod->mod_type, "modifytimestamp")== 0 || - strcmp (mod->mod_type, PSEUDO_ATTR_UNHASHEDUSERPASSWORD)== 0) - ) { + strcmp (mod->mod_type, "modifytimestamp")== 0)) { continue; } @@ -1396,9 +1397,9 @@ acl_check_mods( while(k != -1) { attrVal = slapi_value_get_berval(sval); rv = slapi_access_allowed (pb, e, - mod->mod_type, - (struct berval *)attrVal, /* XXXggood had to cast away const - BAD */ - ACLPB_SLAPI_ACL_WRITE_DEL); /* was SLAPI_ACL_WRITE */ + mod->mod_type, + (struct berval *)attrVal, /* XXXggood had to cast away const - BAD */ + ACLPB_SLAPI_ACL_WRITE_DEL); /* was SLAPI_ACL_WRITE */ if ( rv != LDAP_SUCCESS) { acl_gen_err_msg ( SLAPI_ACL_WRITE, @@ -1430,7 +1431,7 @@ acl_check_mods( } break; - default: + default: /* including LDAP_MOD_ADD */ break; } /* switch */ -- 1.8.1.4