andykimpe / rpms / 389-ds-base

Forked from rpms/389-ds-base 5 months ago
Clone
dc8c34
From 4457a30decf6e281986310e705ceb6d5c059232b Mon Sep 17 00:00:00 2001
dc8c34
From: Anupam Jain <anjain@localhost.localdomain>
dc8c34
Date: Wed, 10 Jul 2013 17:18:03 -0700
dc8c34
Subject: [PATCH 221/225] Ticket #47423 - 7-bit check plugin does not work for
dc8c34
 userpassword attribute
dc8c34
dc8c34
Bug description: 7-bit check plugin fails to validate userpassword
dc8c34
attribute
dc8c34
dc8c34
Fix description: This patch corrects the validation code for userpassword
dc8c34
attribute. It fetches the unhashed userpassword from the extension
dc8c34
instead of the entry attribute value
dc8c34
dc8c34
https://fedorahosted.org/389/ticket/47423
dc8c34
dc8c34
Reviewed by nhosoi.
dc8c34
(cherry picked from commit d804aaf7ee15841ac1aeaf831879fe56da23931d)
dc8c34
(cherry picked from commit f5ee5b8babfb7b61db7da3db7ab7c443eda58323)
dc8c34
(cherry picked from commit 7e7a85f6fb74547f7d2af191db3b4608b39995ab)
dc8c34
---
dc8c34
 ldap/servers/plugins/uiduniq/7bit.c | 37 +++++++++++++++++++++++++++----------
dc8c34
 1 file changed, 27 insertions(+), 10 deletions(-)
dc8c34
dc8c34
diff --git a/ldap/servers/plugins/uiduniq/7bit.c b/ldap/servers/plugins/uiduniq/7bit.c
dc8c34
index f690b4e..c98d660 100644
dc8c34
--- a/ldap/servers/plugins/uiduniq/7bit.c
dc8c34
+++ b/ldap/servers/plugins/uiduniq/7bit.c
dc8c34
@@ -218,7 +218,8 @@ preop_add(Slapi_PBlock *pb)
dc8c34
 {
dc8c34
   int result;
dc8c34
   char *violated = NULL;
dc8c34
-
dc8c34
+  char *pwd = NULL;
dc8c34
+  char *origpwd = NULL;
dc8c34
 #ifdef DEBUG
dc8c34
   slapi_log_error(SLAPI_LOG_PLUGIN, plugin_name, "ADD begin\n");
dc8c34
 #endif
dc8c34
@@ -236,12 +237,14 @@ preop_add(Slapi_PBlock *pb)
dc8c34
     const char *dn;
dc8c34
     Slapi_DN *sdn = NULL;
dc8c34
     Slapi_Entry *e;
dc8c34
-    Slapi_Attr *attr;
dc8c34
     char **firstSubtree;
dc8c34
     char **subtreeDN;
dc8c34
     int subtreeCnt;
dc8c34
     int is_replicated_operation;
dc8c34
-
dc8c34
+    struct berval *vals[2];
dc8c34
+    struct berval val;
dc8c34
+    vals[0] = &val;
dc8c34
+    vals[1] = NULL;
dc8c34
     /*
dc8c34
      * Get the arguments
dc8c34
      */
dc8c34
@@ -288,19 +291,26 @@ preop_add(Slapi_PBlock *pb)
dc8c34
     for (attrName = argv; strcmp(*attrName, ",") != 0; attrName++ )
dc8c34
     {
dc8c34
       /* 
dc8c34
-       * if the attribute is userpassword, check unhashed#user#password 
dc8c34
+       * if the attribute is userpassword, check unhashed user password 
dc8c34
        * instead.  "userpassword" is encoded; it will always pass the 7bit 
dc8c34
        * check.
dc8c34
        */
dc8c34
-      char *attr_name; 
dc8c34
+      char *attr_name = NULL;
dc8c34
+      Slapi_Attr *attr = NULL; 
dc8c34
       if ( strcasecmp(*attrName, "userpassword") == 0 )
dc8c34
       {
dc8c34
-         attr_name = "unhashed#user#password";
dc8c34
+         origpwd = pwd = slapi_get_first_clear_text_pw(e);
dc8c34
+         if (pwd == NULL)
dc8c34
+	 {
dc8c34
+            continue;
dc8c34
+         }
dc8c34
+         val.bv_val = pwd;
dc8c34
+         val.bv_len = strlen(val.bv_val);
dc8c34
       } else {
dc8c34
          attr_name = *attrName;
dc8c34
+	 err = slapi_entry_attr_find(e, attr_name, &attr);
dc8c34
+         if (err) continue; /* break;*/  /* no 7-bit attribute */
dc8c34
       }
dc8c34
-      err = slapi_entry_attr_find(e, attr_name, &attr);
dc8c34
-      if (err) continue; /* break;*/  /* no 7-bit attribute */
dc8c34
 
dc8c34
       /*
dc8c34
        * For each DN in the managed list, do 7-bit checking if
dc8c34
@@ -323,7 +333,14 @@ preop_add(Slapi_PBlock *pb)
dc8c34
           /*
dc8c34
            * Check if the value is 7-bit clean
dc8c34
            */
dc8c34
-          result = bit_check(attr, NULL, &violated);
dc8c34
+	  if(pwd)
dc8c34
+	  {
dc8c34
+            result = bit_check(attr, vals, &violated);
dc8c34
+	    if(!result)
dc8c34
+	      pwd = NULL;
dc8c34
+	  }
dc8c34
+          else
dc8c34
+            result = bit_check(attr, NULL, &violated);
dc8c34
           if (result) break;
dc8c34
         }
dc8c34
       }
dc8c34
@@ -335,7 +352,7 @@ preop_add(Slapi_PBlock *pb)
dc8c34
   if (result) {
dc8c34
     issue_error(pb, result, "ADD", violated);
dc8c34
   }
dc8c34
-
dc8c34
+  slapi_ch_free_string(&origpwd);
dc8c34
   return (result==LDAP_SUCCESS)?0:-1;
dc8c34
 }
dc8c34
 
dc8c34
-- 
dc8c34
1.8.1.4
dc8c34