[389-commits] Branch '389-ds-base-1.3.1' - ldap/servers
Noriko Hosoi
nhosoi at fedoraproject.org
Thu Jun 12 22:28:38 UTC 2014
ldap/servers/plugins/uiduniq/7bit.c | 37 ++++++++++++++++++++++++++----------
1 file changed, 27 insertions(+), 10 deletions(-)
New commits:
commit f5ee5b8babfb7b61db7da3db7ab7c443eda58323
Author: Anupam Jain <anjain at localhost.localdomain>
Date: Wed Jul 10 17:18:03 2013 -0700
Ticket #47423 - 7-bit check plugin does not work for userpassword attribute
Bug description: 7-bit check plugin fails to validate userpassword
attribute
Fix description: This patch corrects the validation code for userpassword
attribute. It fetches the unhashed userpassword from the extension
instead of the entry attribute value
https://fedorahosted.org/389/ticket/47423
Reviewed by nhosoi.
(cherry picked from commit d804aaf7ee15841ac1aeaf831879fe56da23931d)
diff --git a/ldap/servers/plugins/uiduniq/7bit.c b/ldap/servers/plugins/uiduniq/7bit.c
index f690b4e..c98d660 100644
--- a/ldap/servers/plugins/uiduniq/7bit.c
+++ b/ldap/servers/plugins/uiduniq/7bit.c
@@ -218,7 +218,8 @@ preop_add(Slapi_PBlock *pb)
{
int result;
char *violated = NULL;
-
+ char *pwd = NULL;
+ char *origpwd = NULL;
#ifdef DEBUG
slapi_log_error(SLAPI_LOG_PLUGIN, plugin_name, "ADD begin\n");
#endif
@@ -236,12 +237,14 @@ preop_add(Slapi_PBlock *pb)
const char *dn;
Slapi_DN *sdn = NULL;
Slapi_Entry *e;
- Slapi_Attr *attr;
char **firstSubtree;
char **subtreeDN;
int subtreeCnt;
int is_replicated_operation;
-
+ struct berval *vals[2];
+ struct berval val;
+ vals[0] = &val;
+ vals[1] = NULL;
/*
* Get the arguments
*/
@@ -288,19 +291,26 @@ preop_add(Slapi_PBlock *pb)
for (attrName = argv; strcmp(*attrName, ",") != 0; attrName++ )
{
/*
- * if the attribute is userpassword, check unhashed#user#password
+ * if the attribute is userpassword, check unhashed user password
* instead. "userpassword" is encoded; it will always pass the 7bit
* check.
*/
- char *attr_name;
+ char *attr_name = NULL;
+ Slapi_Attr *attr = NULL;
if ( strcasecmp(*attrName, "userpassword") == 0 )
{
- attr_name = "unhashed#user#password";
+ origpwd = pwd = slapi_get_first_clear_text_pw(e);
+ if (pwd == NULL)
+ {
+ continue;
+ }
+ val.bv_val = pwd;
+ val.bv_len = strlen(val.bv_val);
} else {
attr_name = *attrName;
+ err = slapi_entry_attr_find(e, attr_name, &attr);
+ if (err) continue; /* break;*/ /* no 7-bit attribute */
}
- err = slapi_entry_attr_find(e, attr_name, &attr);
- if (err) continue; /* break;*/ /* no 7-bit attribute */
/*
* For each DN in the managed list, do 7-bit checking if
@@ -323,7 +333,14 @@ preop_add(Slapi_PBlock *pb)
/*
* Check if the value is 7-bit clean
*/
- result = bit_check(attr, NULL, &violated);
+ if(pwd)
+ {
+ result = bit_check(attr, vals, &violated);
+ if(!result)
+ pwd = NULL;
+ }
+ else
+ result = bit_check(attr, NULL, &violated);
if (result) break;
}
}
@@ -335,7 +352,7 @@ preop_add(Slapi_PBlock *pb)
if (result) {
issue_error(pb, result, "ADD", violated);
}
-
+ slapi_ch_free_string(&origpwd);
return (result==LDAP_SUCCESS)?0:-1;
}
More information about the 389-commits
mailing list