[389-ds-base] branch 389-ds-base-1.3.5 updated (3ec54f8 -> ca10ec7)

List overview All Threads
Download

newer

older

[389-ds-base] branch...

[389-ds-base] branch master...

git repository hosting

28 Mar 2017 28 Mar '17

7:01 p.m.

This is an automated email from the git hooks/post-receive script.

mreynolds pushed a change to branch 389-ds-base-1.3.5 in repository 389-ds-base.

from 3ec54f8 Bump version to 1.3.5.16 new ca10ec7 Issue 49039 - password min age should be ignored if password needs to be reset

The 1 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "adds" were already present in the repository and have only been added to this reference.

Summary of changes: dirsrvtests/tests/tickets/ticket49039_test.py | 79 +++++++++++++++++++++++++++ ldap/servers/slapd/modify.c | 4 +- 2 files changed, 81 insertions(+), 2 deletions(-) create mode 100644 dirsrvtests/tests/tickets/ticket49039_test.py

-- To stop receiving notification emails like this one, please contact the administrator of this repository.

Show replies by date

git repository hosting

28 Mar 28 Mar

7:01 p.m.

New subject: [389-ds-base] 01/01: Issue 49039 - password min age should be ignored if password needs to be reset

This is an automated email from the git hooks/post-receive script.

mreynolds pushed a commit to branch 389-ds-base-1.3.5 in repository 389-ds-base.

commit ca10ec79a203ccc56ae85a180426045003fa393e Author: Mark Reynolds mreynolds@redhat.com Date: Tue Mar 28 14:21:47 2017 -0400

Issue 49039 - password min age should be ignored if password needs to be reset

Description: Do not check the password minimum age when changing a password if the password "must" be reset.

https://pagure.io/389-ds-base/issue/49039

Reviewed by: firstyear(Thanks!)

(cherry picked from commit 3129a94eed17f7dbc70793cd12407608a69bcd8d) --- dirsrvtests/tests/tickets/ticket49039_test.py | 79 +++++++++++++++++++++++++++ ldap/servers/slapd/modify.c | 4 +- 2 files changed, 81 insertions(+), 2 deletions(-)

diff --git a/dirsrvtests/tests/tickets/ticket49039_test.py b/dirsrvtests/tests/tickets/ticket49039_test.py new file mode 100644 index 0000000..e6d4c03 --- /dev/null +++ b/dirsrvtests/tests/tickets/ticket49039_test.py @@ -0,0 +1,79 @@ +import time +import ldap +import logging +import pytest +from lib389 import Entry +from lib389._constants import * +from lib389.properties import * +from lib389.tasks import * +from lib389.utils import * +from lib389.topologies import topology_st as topo + +DEBUGGING = os.getenv("DEBUGGING", default=False) +if DEBUGGING: + logging.getLogger(__name__).setLevel(logging.DEBUG) +else: + logging.getLogger(__name__).setLevel(logging.INFO) +log = logging.getLogger(__name__) + +USER_DN = 'uid=user,dc=example,dc=com' + + +def test_ticket49039(topo): + """Test "password must change" verses "password min age". Min age should not + block password update if the password was reset. + """ + + # Configure password policy + try: + topo.standalone.modify_s("cn=config", [(ldap.MOD_REPLACE, 'nsslapd-pwpolicy-local', 'on'), + (ldap.MOD_REPLACE, 'passwordMustChange', 'on'), + (ldap.MOD_REPLACE, 'passwordExp', 'on'), + (ldap.MOD_REPLACE, 'passwordMaxAge', '86400000'), + (ldap.MOD_REPLACE, 'passwordMinAge', '8640000'), + (ldap.MOD_REPLACE, 'passwordChange', 'on')]) + except ldap.LDAPError as e: + log.fatal('Failed to set password policy: ' + str(e)) + + # Add user, bind, and set password + try: + topo.standalone.add_s(Entry((USER_DN, { + 'objectclass': 'top extensibleObject'.split(), + 'uid': 'user1', + 'userpassword': PASSWORD + }))) + except ldap.LDAPError as e: + log.fatal('Failed to add user: error ' + e.message['desc']) + assert False + + # Reset password as RootDN + try: + topo.standalone.modify_s(USER_DN, [(ldap.MOD_REPLACE, 'userpassword', PASSWORD)]) + except ldap.LDAPError as e: + log.fatal('Failed to bind: error ' + e.message['desc']) + assert False + + time.sleep(1) + + # Reset password as user + try: + topo.standalone.simple_bind_s(USER_DN, PASSWORD) + except ldap.LDAPError as e: + log.fatal('Failed to bind: error ' + e.message['desc']) + assert False + + try: + topo.standalone.modify_s(USER_DN, [(ldap.MOD_REPLACE, 'userpassword', PASSWORD)]) + except ldap.LDAPError as e: + log.fatal('Failed to change password: error ' + e.message['desc']) + assert False + + log.info('Test Passed') + + +if __name__ == '__main__': + # Run isolated + # -s for DEBUG mode + CURRENT_FILE = os.path.realpath(__file__) + pytest.main("-s %s" % CURRENT_FILE) + diff --git a/ldap/servers/slapd/modify.c b/ldap/servers/slapd/modify.c index 72f2db4..def0270 100644 --- a/ldap/servers/slapd/modify.c +++ b/ldap/servers/slapd/modify.c @@ -1322,8 +1322,8 @@ static int op_shared_allow_pw_change (Slapi_PBlock *pb, LDAPMod *mod, char **old /* check if password is within password minimum age; error result is sent directly from check_pw_minage */ - if ((internal_op || !pb->pb_conn->c_needpw) && - check_pw_minage(pb, &sdn, mod->mod_bvalues) == 1) + if (!pb->pb_conn->c_needpw && + check_pw_minage(pb, &sdn, mod->mod_bvalues) == 1) { if (operation_is_flag_set(operation,OP_FLAG_ACTION_LOG_ACCESS)) {

-- To stop receiving notification emails like this one, please contact the administrator of this repository.

3304

Age (days ago)

3304

Last active (days ago)

389-commits@lists.fedoraproject.org

1 comments

1 participants

tags (0)

participants (1)

git repository hosting