ldap/servers/plugins/acl/acl.c | 15 ++++++++-------
ldap/servers/slapd/back-ldbm/index.c | 2 +-
2 files changed, 9 insertions(+), 8 deletions(-)
New commits:
commit 7d8bddd281294b6f2dcdc0ed431680e505ed5e1a
Author: Noriko Hosoi <nhosoi(a)redhat.com>
Date: Mon Jun 17 13:02:10 2013 -0700
Ticket #47391 - deleting and adding userpassword fails to update the password
(additional fix)
Bug description: ldapmodify with changetype "modify" is supposed
to skip checking unhashed password in acl_check_mods. "delete"
and "replace" were being skipped, but not "add".
Fix description: "add" also skips to check unhashed password.
https://fedorahosted.org/389/ticket/47391
Reviewed by Rich (Thank you!!)
(cherry picked from commit 5337dcfa67827ac46df68a2f817eade638eb352d)
diff --git a/ldap/servers/plugins/acl/acl.c b/ldap/servers/plugins/acl/acl.c
index 3389404..0cfeaa7 100644
--- a/ldap/servers/plugins/acl/acl.c
+++ b/ldap/servers/plugins/acl/acl.c
@@ -1358,6 +1358,9 @@ acl_check_mods(
for (mod = slapi_mods_get_first_mod(&smods);
mod != NULL;
mod = slapi_mods_get_next_mod(&smods)) {
+ if (0 == strcmp(mod->mod_type, PSEUDO_ATTR_UNHASHEDUSERPASSWORD)) {
+ continue;
+ }
switch (mod->mod_op & ~LDAP_MOD_BVALUES ) {
case LDAP_MOD_DELETE:
@@ -1382,9 +1385,7 @@ acl_check_mods(
}
if (lastmod &&
(strcmp (mod->mod_type, "modifiersname")== 0 ||
- strcmp (mod->mod_type, "modifytimestamp")== 0 ||
- strcmp (mod->mod_type, PSEUDO_ATTR_UNHASHEDUSERPASSWORD)== 0)
- ) {
+ strcmp (mod->mod_type, "modifytimestamp")== 0)) {
continue;
}
@@ -1396,9 +1397,9 @@ acl_check_mods(
while(k != -1) {
attrVal = slapi_value_get_berval(sval);
rv = slapi_access_allowed (pb, e,
- mod->mod_type,
- (struct berval *)attrVal, /* XXXggood had to cast away const - BAD */
- ACLPB_SLAPI_ACL_WRITE_DEL); /* was SLAPI_ACL_WRITE */
+ mod->mod_type,
+ (struct berval *)attrVal, /* XXXggood had to cast away const - BAD */
+ ACLPB_SLAPI_ACL_WRITE_DEL); /* was SLAPI_ACL_WRITE */
if ( rv != LDAP_SUCCESS) {
acl_gen_err_msg (
SLAPI_ACL_WRITE,
@@ -1430,7 +1431,7 @@ acl_check_mods(
}
break;
- default:
+ default: /* including LDAP_MOD_ADD */
break;
} /* switch */
commit 9d9e9a6f132eb7bcbac3d3d6d39b27e38b6abb6b
Author: Noriko Hosoi <nhosoi(a)redhat.com>
Date: Mon Jun 17 14:33:16 2013 -0700
Ticket #47391 - deleting and adding userpassword fails to update the password
Bug description: Deleting and adding password operation causes
the crash since once an entry is written to and retrieved from
DB, it does not have unhashed#user#password in the entry any
more. The delete userpassword internally invokes delete unhashed
existed in the entry.
Fix description: This patch adds the stricter check for the NULL
reference.
https://fedorahosted.org/389/ticket/47391
Reviewed by Nathan (Thanks!!)
diff --git a/ldap/servers/slapd/back-ldbm/index.c b/ldap/servers/slapd/back-ldbm/index.c
index f90a47c..7769791 100644
--- a/ldap/servers/slapd/back-ldbm/index.c
+++ b/ldap/servers/slapd/back-ldbm/index.c
@@ -693,7 +693,7 @@ index_add_mods(
/* Check if the any values being deleted
* also exist in a subtype.
*/
- for ( j=0; deleted_valueArray[j] != NULL; j++) {
+ for (j = 0; deleted_valueArray &&
deleted_valueArray[j]; j++) {
if ( valuearray_find(curr_attr, evals,
deleted_valueArray[j]) == -1 ) {
/* If the equality flag isn't already set, set it
*/
if (!(flags & BE_INDEX_EQUALITY)) {