|
 |
dc8c34 |
From 1bb2a66640bc9419157ca9f7f4f63d720695d79a Mon Sep 17 00:00:00 2001
|
|
|
dc8c34 |
From: Noriko Hosoi <nhosoi@redhat.com>
|
|
|
dc8c34 |
Date: Tue, 9 Sep 2014 12:45:58 -0700
|
|
|
dc8c34 |
Subject: [PATCH] Ticket #47748 - Simultaneous adding a user and binding as the
|
|
|
dc8c34 |
user could fail in the password policy check
|
|
|
dc8c34 |
|
|
|
dc8c34 |
Description: commit 4fc53e1a63222d0ff67c30a59f2cff4b535f90a8 fix for
|
|
|
dc8c34 |
Ticket #47748 introduced a bug: "Simple bind hangs after enabling
|
|
|
dc8c34 |
password policy".
|
|
|
dc8c34 |
|
|
|
dc8c34 |
In do_bind, slapi_check_account_lock and need_new_pw overwrote the
|
|
|
dc8c34 |
return code from backend bind which is used later. This patch fixes
|
|
|
dc8c34 |
it not to override the return code.
|
|
|
dc8c34 |
|
|
|
dc8c34 |
https://fedorahosted.org/389/ticket/47748
|
|
|
dc8c34 |
|
|
|
dc8c34 |
Reviewed by mreynolds@redhat.com (Thank you, Mark!!)
|
|
|
dc8c34 |
|
|
|
dc8c34 |
(cherry picked from commit 4f11606b02419c8ccdb319b8040e683af9109d1b)
|
|
|
dc8c34 |
(cherry picked from commit 8c82941c0f2b0b5d7fa698a1ca3e4f26245cf85a)
|
|
|
dc8c34 |
(cherry picked from commit 5b6d60ec4d3d93d1d69f6a071ce135a06f4c8cfd)
|
|
|
dc8c34 |
(cherry picked from commit aa935c9a9297ab22d3c7fc17381e735521d9cd03)
|
|
|
dc8c34 |
---
|
|
|
dc8c34 |
ldap/servers/slapd/bind.c | 13 +++++++------
|
|
|
dc8c34 |
1 file changed, 7 insertions(+), 6 deletions(-)
|
|
|
dc8c34 |
|
|
|
dc8c34 |
diff --git a/ldap/servers/slapd/bind.c b/ldap/servers/slapd/bind.c
|
|
|
dc8c34 |
index 92d7965..edb36c4 100644
|
|
|
dc8c34 |
--- a/ldap/servers/slapd/bind.c
|
|
|
dc8c34 |
+++ b/ldap/servers/slapd/bind.c
|
|
|
dc8c34 |
@@ -769,6 +769,7 @@ do_bind( Slapi_PBlock *pb )
|
|
|
dc8c34 |
}
|
|
|
dc8c34 |
|
|
|
dc8c34 |
if ( rc == SLAPI_BIND_SUCCESS ) {
|
|
|
dc8c34 |
+ int myrc = 0;
|
|
|
dc8c34 |
if (!auto_bind) {
|
|
|
dc8c34 |
/*
|
|
|
dc8c34 |
* There could be a race that bind_target_entry was not added
|
|
|
dc8c34 |
@@ -779,9 +780,9 @@ do_bind( Slapi_PBlock *pb )
|
|
|
dc8c34 |
if (!bind_target_entry) {
|
|
|
dc8c34 |
bind_target_entry = get_entry(pb, slapi_sdn_get_ndn(sdn));
|
|
|
dc8c34 |
if (bind_target_entry) {
|
|
|
dc8c34 |
- rc = slapi_check_account_lock(pb, bind_target_entry,
|
|
|
dc8c34 |
+ myrc = slapi_check_account_lock(pb, bind_target_entry,
|
|
|
dc8c34 |
pw_response_requested, 1, 1);
|
|
|
dc8c34 |
- if (1 == rc) { /* account is locked */
|
|
|
dc8c34 |
+ if (1 == myrc) { /* account is locked */
|
|
|
dc8c34 |
goto account_locked;
|
|
|
dc8c34 |
}
|
|
|
dc8c34 |
} else {
|
|
|
dc8c34 |
@@ -795,8 +796,8 @@ do_bind( Slapi_PBlock *pb )
|
|
|
dc8c34 |
if (!slapi_be_is_flag_set(be, SLAPI_BE_FLAG_REMOTE_DATA)) {
|
|
|
dc8c34 |
/* check if need new password before sending
|
|
|
dc8c34 |
the bind success result */
|
|
|
dc8c34 |
- rc = need_new_pw(pb, &t, bind_target_entry, pw_response_requested);
|
|
|
dc8c34 |
- switch (rc) {
|
|
|
dc8c34 |
+ myrc = need_new_pw(pb, &t, bind_target_entry, pw_response_requested);
|
|
|
dc8c34 |
+ switch (myrc) {
|
|
|
dc8c34 |
case 1:
|
|
|
dc8c34 |
(void)slapi_add_pwd_control(pb, LDAP_CONTROL_PWEXPIRED, 0);
|
|
|
dc8c34 |
break;
|
|
|
dc8c34 |
@@ -811,8 +812,8 @@ do_bind( Slapi_PBlock *pb )
|
|
|
dc8c34 |
if (auth_response_requested) {
|
|
|
dc8c34 |
slapi_add_auth_response_control(pb, slapi_sdn_get_ndn(sdn));
|
|
|
dc8c34 |
}
|
|
|
dc8c34 |
- if (-1 == rc) {
|
|
|
dc8c34 |
- /* neeed_new_pw failed; need_new_pw already send_ldap_result in it. */
|
|
|
dc8c34 |
+ if (-1 == myrc) {
|
|
|
dc8c34 |
+ /* need_new_pw failed; need_new_pw already send_ldap_result in it. */
|
|
|
dc8c34 |
goto free_and_return;
|
|
|
dc8c34 |
}
|
|
|
dc8c34 |
} else { /* anonymous */
|
|
|
dc8c34 |
--
|
|
|
dc8c34 |
1.9.3
|
|
|
dc8c34 |
|