andykimpe / rpms / 389-ds-base

Forked from rpms/389-ds-base 5 months ago
Clone

Blame SOURCES/0019-Ticket-50053-Subtree-password-policy-overrides-a-use.patch

26521d
From f6e1acdefc97aa0f808b622c6f6a3dc0a683d457 Mon Sep 17 00:00:00 2001
26521d
From: Mark Reynolds <mreynolds@redhat.com>
26521d
Date: Mon, 15 Apr 2019 11:23:46 -0400
26521d
Subject: [PATCH] Ticket 50053 - Subtree password policy overrides a
26521d
 user-defined password policy
26521d
26521d
Bug Description:
26521d
26521d
When an entry contains an attribute that is also defined by a cos definition
26521d
a specifier defines which values win: the real values that are in the entry or the
26521d
virtual values that are cos defined.
26521d
The specifier 'default' means that the real values are the winners (returned).
26521d
'operational-default' has the same behavior but just specify that the attribute
26521d
is operational.
26521d
The bug is that when real values exists, the 'operational-default' specifier
26521d
drops the real values in favor of the virtual ones.
26521d
26521d
Fix Description:
26521d
26521d
Change the test, so that real values are not kept for 'operation-default'
26521d
Note: the full routine cos_cache_query_attr looks quite messy and error prone
26521d
It would be nice to rewrite it when we have time
26521d
26521d
https://pagure.io/389-ds-base/issue/50053
26521d
---
26521d
 ldap/servers/plugins/cos/cos_cache.c | 2 +-
26521d
 1 file changed, 1 insertion(+), 1 deletion(-)
26521d
26521d
diff --git a/ldap/servers/plugins/cos/cos_cache.c b/ldap/servers/plugins/cos/cos_cache.c
26521d
index 5e0cf1725..64c0441c4 100644
26521d
--- a/ldap/servers/plugins/cos/cos_cache.c
26521d
+++ b/ldap/servers/plugins/cos/cos_cache.c
26521d
@@ -2279,7 +2279,7 @@ cos_cache_query_attr(cos_cache *ptheCache, vattr_context *context, Slapi_Entry *
26521d
         /* now for the tests */
26521d
 
26521d
         /* would we be allowed to supply this attribute if we had one? */
26521d
-        if (entry_has_value && !pAttr->attr_override && !pAttr->attr_operational && !pAttr->attr_operational_default) {
26521d
+        if (entry_has_value && !pAttr->attr_override && !pAttr->attr_operational) {
26521d
             /* answer: no, move on to the next attribute */
26521d
             attr_index++;
26521d
             continue;
26521d
-- 
26521d
2.17.2
26521d