Monday, June 13, 2016

[389-commits] ldap/servers

ldap/servers/slapd/libglobs.c | 40 +++++++++++++------
ldap/servers/slapd/proto-slap.h | 6 +-
ldap/servers/slapd/pw.c | 59 ++++++++++++++++++-----------
ldap/servers/slapd/slap.h | 8 ++-
ldap/servers/slapd/slapi-plugin.h | 18 ++++++++
ldap/servers/slapd/slapi-private.h | 1
ldap/servers/slapd/time.c | 75 ++++++++++++++++++++++++++++++++++++-
ldap/servers/slapd/value.c | 16 +++++++
8 files changed, 183 insertions(+), 40 deletions(-)

New commits:
commit 78f730ac363761c159423543767e7cc4bc34d4ed
Author: Noriko Hosoi <nhosoi@redhat.com>
Date: Fri Jun 3 16:22:32 2016 -0700

Ticket #48833 - 389 showing inconsistent values for shadowMax and shadowWarning in 1.3.5.1

Description: Current passwordMaxAge, passwordMinAge, and passwordWarning
internally have the integer type which is too small to hold the maximum
shadowMax value 99999 days (== 8,639,913,600 secs > INT_MAX 2,147,483,647).
To allow shadowMax and its friends in sync with the values in the password
policy, this patch changes the type of the pw_maxage, pw_minage, and pw_
warning from long to long long.

If password policy is enabled, and the value of passwordMaxAge is greater
than 8639913600:
passwordMaxAge: 8639913600
then the search returns shadowMax 99999.
$ ldapsearch [...] -b "uid=tuser,ou=People,dc=example,dc=com" shadowMax
dn: uid=tuser,ou=People,dc=example,dc=com
shadowMax: 99999

Note: This patch is setting the initial value of passwordMaxAge to 99999 days.
cfg->pw_policy.pw_maxage = 8639913600; /* 99999 days */

Requires: This change requires the Doc and the DS Console updates.

https://fedorahosted.org/389/ticket/48833

Reviewed by mreynolds@redhat.com (Thank you soooooo much, Mark!)

diff --git a/ldap/servers/slapd/libglobs.c b/ldap/servers/slapd/libglobs.c
index a9334e4..aa77783 100644
--- a/ldap/servers/slapd/libglobs.c
+++ b/ldap/servers/slapd/libglobs.c
@@ -1546,7 +1546,11 @@ FrontendConfig_init () {
cfg->pw_policy.pw_maxrepeats = 0;
cfg->pw_policy.pw_mincategories = 3;
cfg->pw_policy.pw_mintokenlength = 3;
+#if defined(CPU_x86_64)
+ cfg->pw_policy.pw_maxage = 8639913600; /* 99999 days */
+#else
cfg->pw_policy.pw_maxage = 8640000; /* 100 days */
+

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)