ldap/servers/slapd/add.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-)
New commits: commit 950390bb09512a033a25f40e4f61f7346321a19a Author: Mark Reynolds mreynolds@redhat.com Date: Tue Sep 30 15:18:37 2014 -0400
Ticket 47900 - Adding an entry with an invalid password as rootDN is incorrectly rejected
Bug Description: Root DN and password administrators should bypass all password restrictions and syntax checks, but on ADD operations the password checks were still be applied to root/password admins.
Fix Description: Do not check the password syntax if the bind DN is a rootDN/password admin.
https://fedorahosted.org/389/ticket/47900
Reviewed by: nhosoi(Thanks!)
diff --git a/ldap/servers/slapd/add.c b/ldap/servers/slapd/add.c index 1ce975a..9b549c3 100644 --- a/ldap/servers/slapd/add.c +++ b/ldap/servers/slapd/add.c @@ -457,12 +457,14 @@ static void op_shared_add (Slapi_PBlock *pb) int proxy_err = LDAP_SUCCESS; char *errtext = NULL; Slapi_DN *sdn = NULL; + passwdPolicy *pwpolicy;
slapi_pblock_get (pb, SLAPI_OPERATION, &operation); slapi_pblock_get (pb, SLAPI_ADD_ENTRY, &e); slapi_pblock_get (pb, SLAPI_IS_REPLICATED_OPERATION, &repl_op); slapi_pblock_get (pb, SLAPI_IS_LEGACY_REPLICATED_OPERATION, &legacy_op); internal_op= operation_is_flag_set(operation, OP_FLAG_INTERNAL); + pwpolicy = new_passwdPolicy(pb, slapi_entry_get_dn(e));
/* target spec is used to decide which plugins are applicable for the operation */ operation_set_target_spec (operation, slapi_entry_get_sdn (e)); @@ -559,7 +561,8 @@ static void op_shared_add (Slapi_PBlock *pb) }
/* check password syntax */ - if (check_pw_syntax(pb, slapi_entry_get_sdn_const(e), present_values, NULL, e, 0) == 0) + if (!pw_is_pwp_admin(pb, pwpolicy) && + check_pw_syntax(pb, slapi_entry_get_sdn_const(e), present_values, NULL, e, 0) == 0) { Slapi_Value **vals= NULL; valuearray_add_valuearray(&unhashed_password_vals, present_values, 0);
389-commits@lists.fedoraproject.org