From 1bb2a66640bc9419157ca9f7f4f63d720695d79a Mon Sep 17 00:00:00 2001 From: Noriko Hosoi Date: Tue, 9 Sep 2014 12:45:58 -0700 Subject: [PATCH] Ticket #47748 - Simultaneous adding a user and binding as the user could fail in the password policy check Description: commit 4fc53e1a63222d0ff67c30a59f2cff4b535f90a8 fix for Ticket #47748 introduced a bug: "Simple bind hangs after enabling password policy". In do_bind, slapi_check_account_lock and need_new_pw overwrote the return code from backend bind which is used later. This patch fixes it not to override the return code. https://fedorahosted.org/389/ticket/47748 Reviewed by mreynolds@redhat.com (Thank you, Mark!!) (cherry picked from commit 4f11606b02419c8ccdb319b8040e683af9109d1b) (cherry picked from commit 8c82941c0f2b0b5d7fa698a1ca3e4f26245cf85a) (cherry picked from commit 5b6d60ec4d3d93d1d69f6a071ce135a06f4c8cfd) (cherry picked from commit aa935c9a9297ab22d3c7fc17381e735521d9cd03) --- ldap/servers/slapd/bind.c | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/ldap/servers/slapd/bind.c b/ldap/servers/slapd/bind.c index 92d7965..edb36c4 100644 --- a/ldap/servers/slapd/bind.c +++ b/ldap/servers/slapd/bind.c @@ -769,6 +769,7 @@ do_bind( Slapi_PBlock *pb ) } if ( rc == SLAPI_BIND_SUCCESS ) { + int myrc = 0; if (!auto_bind) { /* * There could be a race that bind_target_entry was not added @@ -779,9 +780,9 @@ do_bind( Slapi_PBlock *pb ) if (!bind_target_entry) { bind_target_entry = get_entry(pb, slapi_sdn_get_ndn(sdn)); if (bind_target_entry) { - rc = slapi_check_account_lock(pb, bind_target_entry, + myrc = slapi_check_account_lock(pb, bind_target_entry, pw_response_requested, 1, 1); - if (1 == rc) { /* account is locked */ + if (1 == myrc) { /* account is locked */ goto account_locked; } } else { @@ -795,8 +796,8 @@ do_bind( Slapi_PBlock *pb ) if (!slapi_be_is_flag_set(be, SLAPI_BE_FLAG_REMOTE_DATA)) { /* check if need new password before sending the bind success result */ - rc = need_new_pw(pb, &t, bind_target_entry, pw_response_requested); - switch (rc) { + myrc = need_new_pw(pb, &t, bind_target_entry, pw_response_requested); + switch (myrc) { case 1: (void)slapi_add_pwd_control(pb, LDAP_CONTROL_PWEXPIRED, 0); break; @@ -811,8 +812,8 @@ do_bind( Slapi_PBlock *pb ) if (auth_response_requested) { slapi_add_auth_response_control(pb, slapi_sdn_get_ndn(sdn)); } - if (-1 == rc) { - /* neeed_new_pw failed; need_new_pw already send_ldap_result in it. */ + if (-1 == myrc) { + /* need_new_pw failed; need_new_pw already send_ldap_result in it. */ goto free_and_return; } } else { /* anonymous */ -- 1.9.3