Thursday, June 5, 2014

[389-commits] ldap/servers

ldap/servers/slapd/modify.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)

New commits:
commit ccc61a3a589a47844a7e6eeb13f87e1351637618
Author: Nathan Kinder <nkinder@redhat.com>
Date: Mon Mar 17 19:34:45 2014 -0700

Ticket 47752 - Don't add unhashed password mod if we don't have an unhashed value

When performing a modify operation to replace the userpassword with a pre-hashed
value, the modify code adds a LDAPMod that replaces the "unhashed#user#password"
attribute with no values. While this doesn't cause any harm inside DS itself, it
is not the correct behavior. We should only add a LDAPMod for the unhashed password
if we actually have an unhashed value available.

https://fedorahosted.org/389/ticket/47752

Reviewed by mreynold@redhat.com

diff --git a/ldap/servers/slapd/modify.c b/ldap/servers/slapd/modify.c
index 34fc326..fb0fdde 100644
--- a/ldap/servers/slapd/modify.c
+++ b/ldap/servers/slapd/modify.c
@@ -975,10 +975,10 @@ static void op_shared_modify (Slapi_PBlock *pb, int pw_change, char *old_pw)
} else {
/* add pseudo password attribute */
valuearray_init_bervalarray_unhashed_only(pw_mod->mod_bvalues, &va);
- if(va){
+ if(va && va[0]){
slapi_mods_add_mod_values(&smods, pw_mod->mod_op, unhashed_pw_attr, va);
- valuearray_free(&va);
}
+ valuearray_free(&va);
}

/* Init new value array for hashed value */


--
389 commits mailing list
389-commits@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-commits

No comments:

Post a Comment