amoralej / rpms / 389-ds-base

Forked from rpms/389-ds-base 5 years ago
Clone

Blame SOURCES/0000-Ticket-47748-Simultaneous-adding-a-user-and-binding-.patch

f92ce9
From dc2157e3a4b04b522147a86477bbd974a9c0b63a Mon Sep 17 00:00:00 2001
f92ce9
From: Noriko Hosoi <nhosoi@redhat.com>
f92ce9
Date: Tue, 9 Sep 2014 12:45:58 -0700
f92ce9
Subject: [PATCH 0/7] Ticket #47748 - Simultaneous adding a user and binding as
f92ce9
 the user could fail in the password policy check
f92ce9
f92ce9
Description: commit 4fc53e1a63222d0ff67c30a59f2cff4b535f90a8 fix for
f92ce9
Ticket #47748 introduced a bug: "Simple bind hangs after enabling
f92ce9
password policy".
f92ce9
f92ce9
In do_bind, slapi_check_account_lock and need_new_pw overwrote the
f92ce9
return code from backend bind which is used later. This patch fixes
f92ce9
it not to override the return code.
f92ce9
f92ce9
https://fedorahosted.org/389/ticket/47748
f92ce9
f92ce9
Reviewed by mreynolds@redhat.com (Thank you, Mark!!)
f92ce9
f92ce9
(cherry picked from commit 4f11606b02419c8ccdb319b8040e683af9109d1b)
f92ce9
(cherry picked from commit 8c82941c0f2b0b5d7fa698a1ca3e4f26245cf85a)
f92ce9
---
f92ce9
 ldap/servers/slapd/bind.c | 13 +++++++------
f92ce9
 1 file changed, 7 insertions(+), 6 deletions(-)
f92ce9
f92ce9
diff --git a/ldap/servers/slapd/bind.c b/ldap/servers/slapd/bind.c
f92ce9
index 58a4e13..bc4aa24 100644
f92ce9
--- a/ldap/servers/slapd/bind.c
f92ce9
+++ b/ldap/servers/slapd/bind.c
f92ce9
@@ -769,6 +769,7 @@ do_bind( Slapi_PBlock *pb )
f92ce9
                 }
f92ce9
 
f92ce9
                 if ( rc == SLAPI_BIND_SUCCESS ) {
f92ce9
+                    int myrc = 0;
f92ce9
                     if (!auto_bind) {
f92ce9
                         /* 
f92ce9
                          * There could be a race that bind_target_entry was not added 
f92ce9
@@ -779,9 +780,9 @@ do_bind( Slapi_PBlock *pb )
f92ce9
                         if (!bind_target_entry) {
f92ce9
                             bind_target_entry = get_entry(pb, slapi_sdn_get_ndn(sdn));
f92ce9
                             if (bind_target_entry) {
f92ce9
-                                rc = slapi_check_account_lock(pb, bind_target_entry,
f92ce9
+                                myrc = slapi_check_account_lock(pb, bind_target_entry,
f92ce9
                                                               pw_response_requested, 1, 1);
f92ce9
-                                if (1 == rc) { /* account is locked */
f92ce9
+                                if (1 == myrc) { /* account is locked */
f92ce9
                                     goto account_locked;
f92ce9
                                 }
f92ce9
                             } else {
f92ce9
@@ -795,8 +796,8 @@ do_bind( Slapi_PBlock *pb )
f92ce9
                         if (!slapi_be_is_flag_set(be, SLAPI_BE_FLAG_REMOTE_DATA)) {
f92ce9
                             /* check if need new password before sending 
f92ce9
                                the bind success result */
f92ce9
-                            rc = need_new_pw(pb, &t, bind_target_entry, pw_response_requested);
f92ce9
-                            switch (rc) {
f92ce9
+                            myrc = need_new_pw(pb, &t, bind_target_entry, pw_response_requested);
f92ce9
+                            switch (myrc) {
f92ce9
                             case 1:
f92ce9
                                 (void)slapi_add_pwd_control(pb, LDAP_CONTROL_PWEXPIRED, 0);
f92ce9
                                 break;
f92ce9
@@ -811,8 +812,8 @@ do_bind( Slapi_PBlock *pb )
f92ce9
                     if (auth_response_requested) {
f92ce9
                         slapi_add_auth_response_control(pb, slapi_sdn_get_ndn(sdn));
f92ce9
                     }
f92ce9
-                    if (-1 == rc) {
f92ce9
-                        /* neeed_new_pw failed; need_new_pw already send_ldap_result in it. */
f92ce9
+                    if (-1 == myrc) {
f92ce9
+                        /* need_new_pw failed; need_new_pw already send_ldap_result in it. */
f92ce9
                         goto free_and_return;
f92ce9
                     } 
f92ce9
                 } else {	/* anonymous */
f92ce9
-- 
f92ce9
1.9.3
f92ce9