ldap/servers/plugins/acl/acl.c | 15 ++++++++-------
ldap/servers/slapd/back-ldbm/index.c | 2 +-
ldap/servers/slapd/entry.c | 1 +
3 files changed, 10 insertions(+), 8 deletions(-)
New commits:
commit bf1f5323c4f529bd307f424c60e29c5bfa3ceaa7
Author: Noriko Hosoi <nhosoi(a)redhat.com>
Date: Mon Jun 17 13:02:10 2013 -0700
Ticket #47391 - deleting and adding userpassword fails to update the password
(additional fix)
Bug description: ldapmodify with changetype "modify" is supposed
to skip checking unhashed password in acl_check_mods. "delete"
and "replace" were being skipped, but not "add".
Fix description: "add" also skips to check unhashed password.
https://fedorahosted.org/389/ticket/47391
Reviewed by Rich (Thank you!!)
(cherry picked from commit 5337dcfa67827ac46df68a2f817eade638eb352d)
diff --git a/ldap/servers/plugins/acl/acl.c b/ldap/servers/plugins/acl/acl.c
index a5884fb..61750fc 100644
--- a/ldap/servers/plugins/acl/acl.c
+++ b/ldap/servers/plugins/acl/acl.c
@@ -1358,6 +1358,9 @@ acl_check_mods(
for (mod = slapi_mods_get_first_mod(&smods);
mod != NULL;
mod = slapi_mods_get_next_mod(&smods)) {
+ if (0 == strcmp(mod->mod_type, PSEUDO_ATTR_UNHASHEDUSERPASSWORD)) {
+ continue;
+ }
switch (mod->mod_op & ~LDAP_MOD_BVALUES ) {
case LDAP_MOD_DELETE:
@@ -1386,9 +1389,7 @@ acl_check_mods(
}
if (lastmod &&
(strcmp (mod->mod_type, "modifiersname")== 0 ||
- strcmp (mod->mod_type, "modifytimestamp")== 0 ||
- strcmp (mod->mod_type, PSEUDO_ATTR_UNHASHEDUSERPASSWORD)== 0)
- ) {
+ strcmp (mod->mod_type, "modifytimestamp")== 0)) {
/* skip pseudo attr(s) */
continue;
}
@@ -1401,9 +1402,9 @@ acl_check_mods(
while(k != -1) {
attrVal = slapi_value_get_berval(sval);
rv = slapi_access_allowed (pb, e,
- mod->mod_type,
- (struct berval *)attrVal, /* XXXggood had to cast away const - BAD */
- ACLPB_SLAPI_ACL_WRITE_DEL); /* was SLAPI_ACL_WRITE */
+ mod->mod_type,
+ (struct berval *)attrVal, /* XXXggood had to cast away const - BAD */
+ ACLPB_SLAPI_ACL_WRITE_DEL); /* was SLAPI_ACL_WRITE */
if ( rv != LDAP_SUCCESS) {
acl_gen_err_msg (
SLAPI_ACL_WRITE,
@@ -1435,7 +1436,7 @@ acl_check_mods(
}
break;
- default:
+ default: /* including LDAP_MOD_ADD */
break;
} /* switch */
commit ff13a9c7a0ff1ad5e5796f9b4afbe829cda19212
Author: Noriko Hosoi <nhosoi(a)redhat.com>
Date: Sat Jun 15 15:57:27 2013 -0700
Ticket #47391 - deleting and adding userpassword fails to update the password
Bug description: Deleting and adding password operation causes
the crash since once an entry is written to and retrieved from
DB, it does not have unhashed#user#password in the entry any
more. The delete userpassword internally invokes delete unhashed
existed in the entry.
Fix description: Once the internal attribute value pair is
stored in an entry extension, the mod for the attribute is
changed to the "disabled" mode. Also, this patch adds the
stricter check for the NULL reference.
https://fedorahosted.org/389/ticket/47391
Reviewed by Nathan (Thank you!!)
(cherry picked from commit 4305deeaa41ea8703ebb9ea6529790dd609b3060)
diff --git a/ldap/servers/slapd/back-ldbm/index.c b/ldap/servers/slapd/back-ldbm/index.c
index f90a47c..7769791 100644
--- a/ldap/servers/slapd/back-ldbm/index.c
+++ b/ldap/servers/slapd/back-ldbm/index.c
@@ -693,7 +693,7 @@ index_add_mods(
/* Check if the any values being deleted
* also exist in a subtype.
*/
- for ( j=0; deleted_valueArray[j] != NULL; j++) {
+ for (j = 0; deleted_valueArray &&
deleted_valueArray[j]; j++) {
if ( valuearray_find(curr_attr, evals,
deleted_valueArray[j]) == -1 ) {
/* If the equality flag isn't already set, set it
*/
if (!(flags & BE_INDEX_EQUALITY)) {
diff --git a/ldap/servers/slapd/entry.c b/ldap/servers/slapd/entry.c
index 8e184a6..7bfe5b1 100644
--- a/ldap/servers/slapd/entry.c
+++ b/ldap/servers/slapd/entry.c
@@ -3450,6 +3450,7 @@ slapi_entry_apply_mod_extension(Slapi_Entry *e, const LDAPMod *mod,
int modcnt)
rc = 0;
break;
}
+ ((LDAPMod *)mod)->mod_op = LDAP_MOD_IGNORE; /* we don't need it any
more */
}
}
bail: