Tree - rpms/ipa - CentOS Git server

rpms / ipa

Blame SOURCES/0004-Only-calculate-LDAP-password-grace-when-the-password_rhbz#782917.patch

Blob History Raw

		d4adbd	`From 3675bd1d7aca443832bb9bb2f521cc4d3a088aec Mon Sep 17 00:00:00 2001`
		d4adbd	`From: Rob Crittenden <rcritten@redhat.com>`
		d4adbd	`Date: Wed, 29 Jun 2022 13:25:55 +0000`
		d4adbd	`Subject: [PATCH] Only calculate LDAP password grace when the password is`
		d4adbd	`expired`
		d4adbd
		d4adbd	`The user's pwd expiration was retrieved but inadvertently was never`
		d4adbd	`compared to current time. So any LDAP bind, including from the`
		d4adbd	`IPA API, counted against the grace period. There is no need to go`
		d4adbd	`through the graceperiod code for non-expired passwords.`
		d4adbd
		d4adbd	`https://pagure.io/freeipa/issue/1539`
		d4adbd
		d4adbd	`Signed-off-by: Rob Crittenden <rcritten@redhat.com>`
		d4adbd	`Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>`
		d4adbd	`---`
		d4adbd	`.../ipa-graceperiod/ipa_graceperiod.c \| 12 +++++++++---`
		d4adbd	`1 file changed, 9 insertions(+), 3 deletions(-)`
		d4adbd
		d4adbd	`diff --git a/daemons/ipa-slapi-plugins/ipa-graceperiod/ipa_graceperiod.c b/daemons/ipa-slapi-plugins/ipa-graceperiod/ipa_graceperiod.c`
		d4adbd	`index 0860b5c20..a3f57cb4b 100644`
		d4adbd	`--- a/daemons/ipa-slapi-plugins/ipa-graceperiod/ipa_graceperiod.c`
		d4adbd	`+++ b/daemons/ipa-slapi-plugins/ipa-graceperiod/ipa_graceperiod.c`
		d4adbd	`@@ -359,7 +359,8 @@ static int ipagraceperiod_preop(Slapi_PBlock *pb)`
		d4adbd	`Slapi_ValueSet *values = NULL;`
		d4adbd	`long grace_limit = 0;`
		d4adbd	`int grace_user_time;`
		d4adbd	`- char *pwd_expiration = NULL;`
		d4adbd	`+ char *tmpstr = NULL;`
		d4adbd	`+ time_t pwd_expiration;`
		d4adbd	`int pwresponse_requested = 0;`
		d4adbd	`Slapi_PBlock *pbtm = NULL;`
		d4adbd	`Slapi_Mods *smods = NULL;`
		d4adbd	`@@ -414,12 +415,17 @@ static int ipagraceperiod_preop(Slapi_PBlock *pb)`
		d4adbd	`}`
		d4adbd	`slapi_value_free(&objectclass);`
		d4adbd
		d4adbd	`- pwd_expiration = slapi_entry_attr_get_charptr(target_entry, "krbPasswordExpiration");`
		d4adbd	`- if (pwd_expiration == NULL) {`
		d4adbd	`+ tmpstr = slapi_entry_attr_get_charptr(target_entry, "krbPasswordExpiration");`
		d4adbd	`+ if (tmpstr == NULL) {`
		d4adbd	`/* No expiration means nothing to do */`
		d4adbd	`LOG_TRACE("No krbPasswordExpiration for %s, nothing to do\n", dn);`
		d4adbd	`goto done;`
		d4adbd	`}`
		d4adbd	`+ pwd_expiration = ipapwd_gentime_to_time_t(tmpstr);`
		d4adbd	`+ if (pwd_expiration > time(NULL)) {`
		d4adbd	`+ /* Not expired, nothing to see here */`
		d4adbd	`+ goto done;`
		d4adbd	`+ }`
		d4adbd
		d4adbd	`ldrc = ipagraceperiod_getpolicy(target_entry, &policy_entry,`
		d4adbd	`&values, &actual_type_name,`
		d4adbd	`--`
		d4adbd	`2.36.1`
		d4adbd

rpms / ipa

Source Code

Blame SOURCES/0004-Only-calculate-LDAP-password-grace-when-the-password_rhbz#782917.patch