andykimpe / rpms / 389-ds-base

Forked from rpms/389-ds-base 5 months ago
Clone
dc8c34
From 1e75376f7895d4d2de294ee2ae1343c7e1a08584 Mon Sep 17 00:00:00 2001
dc8c34
From: Noriko Hosoi <nhosoi@redhat.com>
dc8c34
Date: Mon, 17 Jun 2013 13:02:10 -0700
dc8c34
Subject: [PATCH 70/99] Ticket #47391 - deleting and adding userpassword fails
dc8c34
 to update the password (additional fix)
dc8c34
dc8c34
Bug description: ldapmodify with changetype "modify" is supposed
dc8c34
to skip checking unhashed password in acl_check_mods.  "delete"
dc8c34
and "replace" were being skipped, but not "add".
dc8c34
dc8c34
Fix description: "add" also skips to check unhashed password.
dc8c34
dc8c34
https://fedorahosted.org/389/ticket/47391
dc8c34
dc8c34
Reviewed by Rich (Thank you!!)
dc8c34
(cherry picked from commit 5337dcfa67827ac46df68a2f817eade638eb352d)
dc8c34
(cherry picked from commit 7d8bddd281294b6f2dcdc0ed431680e505ed5e1a)
dc8c34
---
dc8c34
 ldap/servers/plugins/acl/acl.c | 15 ++++++++-------
dc8c34
 1 file changed, 8 insertions(+), 7 deletions(-)
dc8c34
dc8c34
diff --git a/ldap/servers/plugins/acl/acl.c b/ldap/servers/plugins/acl/acl.c
dc8c34
index 4516cf8..09f28ee 100644
dc8c34
--- a/ldap/servers/plugins/acl/acl.c
dc8c34
+++ b/ldap/servers/plugins/acl/acl.c
dc8c34
@@ -1358,6 +1358,9 @@ acl_check_mods(
dc8c34
 	for (mod = slapi_mods_get_first_mod(&smods);
dc8c34
 		 mod != NULL;
dc8c34
 		 mod = slapi_mods_get_next_mod(&smods)) {
dc8c34
+		if (0 == strcmp(mod->mod_type, PSEUDO_ATTR_UNHASHEDUSERPASSWORD)) {
dc8c34
+			continue; 
dc8c34
+		}
dc8c34
 		switch (mod->mod_op & ~LDAP_MOD_BVALUES ) {
dc8c34
 
dc8c34
 		   case LDAP_MOD_DELETE:
dc8c34
@@ -1382,9 +1385,7 @@ acl_check_mods(
dc8c34
 			}
dc8c34
 			if (lastmod &&
dc8c34
 			    (strcmp (mod->mod_type, "modifiersname")== 0 ||
dc8c34
-			     strcmp (mod->mod_type, "modifytimestamp")== 0 ||
dc8c34
-			     strcmp (mod->mod_type, PSEUDO_ATTR_UNHASHEDUSERPASSWORD)== 0)
dc8c34
-				) {
dc8c34
+			     strcmp (mod->mod_type, "modifytimestamp")== 0)) {
dc8c34
 				continue; 
dc8c34
 			}
dc8c34
 
dc8c34
@@ -1396,9 +1397,9 @@ acl_check_mods(
dc8c34
 				while(k != -1) {
dc8c34
 					attrVal = slapi_value_get_berval(sval);
dc8c34
 					rv = slapi_access_allowed (pb, e,
dc8c34
-						    	     mod->mod_type, 
dc8c34
-						    	     (struct berval *)attrVal, /* XXXggood had to cast away const - BAD */
dc8c34
-							  		ACLPB_SLAPI_ACL_WRITE_DEL); /* was SLAPI_ACL_WRITE */
dc8c34
+						         mod->mod_type, 
dc8c34
+						         (struct berval *)attrVal, /* XXXggood had to cast away const - BAD */
dc8c34
+						         ACLPB_SLAPI_ACL_WRITE_DEL); /* was SLAPI_ACL_WRITE */
dc8c34
 					if ( rv != LDAP_SUCCESS) {
dc8c34
 						acl_gen_err_msg (
dc8c34
 							SLAPI_ACL_WRITE,
dc8c34
@@ -1430,7 +1431,7 @@ acl_check_mods(
dc8c34
 			}
dc8c34
 			break;
dc8c34
 
dc8c34
-		   default:
dc8c34
+		   default: /* including LDAP_MOD_ADD */
dc8c34
 			break;
dc8c34
 		} /* switch */
dc8c34
 
dc8c34
-- 
dc8c34
1.8.1.4
dc8c34