|
|
dc8c34 |
From 4457a30decf6e281986310e705ceb6d5c059232b Mon Sep 17 00:00:00 2001
|
|
|
dc8c34 |
From: Anupam Jain <anjain@localhost.localdomain>
|
|
|
dc8c34 |
Date: Wed, 10 Jul 2013 17:18:03 -0700
|
|
|
dc8c34 |
Subject: [PATCH 221/225] Ticket #47423 - 7-bit check plugin does not work for
|
|
|
dc8c34 |
userpassword attribute
|
|
|
dc8c34 |
|
|
|
dc8c34 |
Bug description: 7-bit check plugin fails to validate userpassword
|
|
|
dc8c34 |
attribute
|
|
|
dc8c34 |
|
|
|
dc8c34 |
Fix description: This patch corrects the validation code for userpassword
|
|
|
dc8c34 |
attribute. It fetches the unhashed userpassword from the extension
|
|
|
dc8c34 |
instead of the entry attribute value
|
|
|
dc8c34 |
|
|
|
dc8c34 |
https://fedorahosted.org/389/ticket/47423
|
|
|
dc8c34 |
|
|
|
dc8c34 |
Reviewed by nhosoi.
|
|
|
dc8c34 |
(cherry picked from commit d804aaf7ee15841ac1aeaf831879fe56da23931d)
|
|
|
dc8c34 |
(cherry picked from commit f5ee5b8babfb7b61db7da3db7ab7c443eda58323)
|
|
|
dc8c34 |
(cherry picked from commit 7e7a85f6fb74547f7d2af191db3b4608b39995ab)
|
|
|
dc8c34 |
---
|
|
|
dc8c34 |
ldap/servers/plugins/uiduniq/7bit.c | 37 +++++++++++++++++++++++++++----------
|
|
|
dc8c34 |
1 file changed, 27 insertions(+), 10 deletions(-)
|
|
|
dc8c34 |
|
|
|
dc8c34 |
diff --git a/ldap/servers/plugins/uiduniq/7bit.c b/ldap/servers/plugins/uiduniq/7bit.c
|
|
|
dc8c34 |
index f690b4e..c98d660 100644
|
|
|
dc8c34 |
--- a/ldap/servers/plugins/uiduniq/7bit.c
|
|
|
dc8c34 |
+++ b/ldap/servers/plugins/uiduniq/7bit.c
|
|
|
dc8c34 |
@@ -218,7 +218,8 @@ preop_add(Slapi_PBlock *pb)
|
|
|
dc8c34 |
{
|
|
|
dc8c34 |
int result;
|
|
|
dc8c34 |
char *violated = NULL;
|
|
|
dc8c34 |
-
|
|
|
dc8c34 |
+ char *pwd = NULL;
|
|
|
dc8c34 |
+ char *origpwd = NULL;
|
|
|
dc8c34 |
#ifdef DEBUG
|
|
|
dc8c34 |
slapi_log_error(SLAPI_LOG_PLUGIN, plugin_name, "ADD begin\n");
|
|
|
dc8c34 |
#endif
|
|
|
dc8c34 |
@@ -236,12 +237,14 @@ preop_add(Slapi_PBlock *pb)
|
|
|
dc8c34 |
const char *dn;
|
|
|
dc8c34 |
Slapi_DN *sdn = NULL;
|
|
|
dc8c34 |
Slapi_Entry *e;
|
|
|
dc8c34 |
- Slapi_Attr *attr;
|
|
|
dc8c34 |
char **firstSubtree;
|
|
|
dc8c34 |
char **subtreeDN;
|
|
|
dc8c34 |
int subtreeCnt;
|
|
|
dc8c34 |
int is_replicated_operation;
|
|
|
dc8c34 |
-
|
|
|
dc8c34 |
+ struct berval *vals[2];
|
|
|
dc8c34 |
+ struct berval val;
|
|
|
dc8c34 |
+ vals[0] = &val;
|
|
|
dc8c34 |
+ vals[1] = NULL;
|
|
|
dc8c34 |
/*
|
|
|
dc8c34 |
* Get the arguments
|
|
|
dc8c34 |
*/
|
|
|
dc8c34 |
@@ -288,19 +291,26 @@ preop_add(Slapi_PBlock *pb)
|
|
|
dc8c34 |
for (attrName = argv; strcmp(*attrName, ",") != 0; attrName++ )
|
|
|
dc8c34 |
{
|
|
|
dc8c34 |
/*
|
|
|
dc8c34 |
- * if the attribute is userpassword, check unhashed#user#password
|
|
|
dc8c34 |
+ * if the attribute is userpassword, check unhashed user password
|
|
|
dc8c34 |
* instead. "userpassword" is encoded; it will always pass the 7bit
|
|
|
dc8c34 |
* check.
|
|
|
dc8c34 |
*/
|
|
|
dc8c34 |
- char *attr_name;
|
|
|
dc8c34 |
+ char *attr_name = NULL;
|
|
|
dc8c34 |
+ Slapi_Attr *attr = NULL;
|
|
|
dc8c34 |
if ( strcasecmp(*attrName, "userpassword") == 0 )
|
|
|
dc8c34 |
{
|
|
|
dc8c34 |
- attr_name = "unhashed#user#password";
|
|
|
dc8c34 |
+ origpwd = pwd = slapi_get_first_clear_text_pw(e);
|
|
|
dc8c34 |
+ if (pwd == NULL)
|
|
|
dc8c34 |
+ {
|
|
|
dc8c34 |
+ continue;
|
|
|
dc8c34 |
+ }
|
|
|
dc8c34 |
+ val.bv_val = pwd;
|
|
|
dc8c34 |
+ val.bv_len = strlen(val.bv_val);
|
|
|
dc8c34 |
} else {
|
|
|
dc8c34 |
attr_name = *attrName;
|
|
|
dc8c34 |
+ err = slapi_entry_attr_find(e, attr_name, &attr);
|
|
|
dc8c34 |
+ if (err) continue; /* break;*/ /* no 7-bit attribute */
|
|
|
dc8c34 |
}
|
|
|
dc8c34 |
- err = slapi_entry_attr_find(e, attr_name, &attr);
|
|
|
dc8c34 |
- if (err) continue; /* break;*/ /* no 7-bit attribute */
|
|
|
dc8c34 |
|
|
|
dc8c34 |
/*
|
|
|
dc8c34 |
* For each DN in the managed list, do 7-bit checking if
|
|
|
dc8c34 |
@@ -323,7 +333,14 @@ preop_add(Slapi_PBlock *pb)
|
|
|
dc8c34 |
/*
|
|
|
dc8c34 |
* Check if the value is 7-bit clean
|
|
|
dc8c34 |
*/
|
|
|
dc8c34 |
- result = bit_check(attr, NULL, &violated);
|
|
|
dc8c34 |
+ if(pwd)
|
|
|
dc8c34 |
+ {
|
|
|
dc8c34 |
+ result = bit_check(attr, vals, &violated);
|
|
|
dc8c34 |
+ if(!result)
|
|
|
dc8c34 |
+ pwd = NULL;
|
|
|
dc8c34 |
+ }
|
|
|
dc8c34 |
+ else
|
|
|
dc8c34 |
+ result = bit_check(attr, NULL, &violated);
|
|
|
dc8c34 |
if (result) break;
|
|
|
dc8c34 |
}
|
|
|
dc8c34 |
}
|
|
|
dc8c34 |
@@ -335,7 +352,7 @@ preop_add(Slapi_PBlock *pb)
|
|
|
dc8c34 |
if (result) {
|
|
|
dc8c34 |
issue_error(pb, result, "ADD", violated);
|
|
|
dc8c34 |
}
|
|
|
dc8c34 |
-
|
|
|
dc8c34 |
+ slapi_ch_free_string(&origpwd);
|
|
|
dc8c34 |
return (result==LDAP_SUCCESS)?0:-1;
|
|
|
dc8c34 |
}
|
|
|
dc8c34 |
|
|
|
dc8c34 |
--
|
|
|
dc8c34 |
1.8.1.4
|
|
|
dc8c34 |
|