389-ds-base

Clone
Source Code
GIT

#47391 deleting and adding userpassword fails to update the password
Closed: wontfix None Opened 10 years ago by nhosoi.

Closed: wontfix
Reopen Issue

Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 6): Bug 973583

Steps
1. Add a user entry with userPassword.
2. Restart the server to evict the entry from the entry cache.
3. ldapmodify
dn: <The user entry>
changetype: modify
delete: userpassword
-
add: userpassword
userpassword: newpassword

This delete/add operation causes the crash since once an entry is written to and retrieved from DB, it does not have unhashed#user#password in the entry any more. The delete userpassword internally invokes delete unhashed#user#password, which blindly expected unhashed#user#password existed in the entry.

Bug description: Deleting and adding password operation causes
the crash since once an entry is written to and retrieved from
DB, it does not have unhashed#user#password in the entry any
more. The delete userpassword internally invokes delete unhashed

user#password, which blindly expected unhashed#user#password

existed in the entry.

Fix description: Once the internal attribute value pair is
stored in an entry extension, the mod for the attribute is
changed to the "disabled" mode. Also, this patch adds the
stricter check for the NULL reference.

Nathan Kinder wrote:

ack. The fix makes sense to me.

Thanks to Nathan for his prompt review!

Bug description: Deleting and adding password operation causes
the crash since once an entry is written to and retrieved from
DB, it does not have unhashed#user#password in the entry any
more. The delete userpassword internally invokes delete unhashed
existed in the entry.

Fix description: Once the internal attribute value pair is
stored in an entry extension, the mod for the attribute is
changed to the "disabled" mode. Also, this patch adds the
stricter check for the NULL reference.

Reviewed by Nathan (Thank you!!)

Pushed to master: commit 4305dee

Pushed to 389-ds-base-1.3.1: commit ed09682

To Do: back port to 1.3.0 and 1.2.11, as well.

Bug description: ldapmodify with changetype "modify" is supposed
to skip checking unhashed password in acl_check_mods. "delete"
and "replace" were being skipped, but not "add".

Fix description: "add" also skips to check unhashed password.

Steps:
{{{
Add a user entry userA with userPassword.
Give ACI to userA to update its own password.
Restart the server to evict the entry from the entry cache.
ldapmodify ... -D "<userA's DN>" -w "<userA's password>"
dn: <userA's DN>
changetype: modify
delete: userpassword
-
add: userpassword userpassword: newpassword
}}}

Reviewed by Rich (Thank you!!)

Pushed to master: commit 5337dcf

Pushed to 389-ds-base-1.3.1: commit d3300a9

Pushed to 389-ds-base-1.3.0: commit bf1f532, commit ff13a9c

Pushed to 389-ds-base-1.2.11: commit 7d8bddd, commit 9d9e9a6

Metadata Update from @nhosoi:
- Issue assigned to nhosoi
- Issue set to the milestone: 1.2.11.22
7 years ago

389-ds-base is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in 389-ds-base's github repository.

This issue has been cloned to Github and is available here:
- https://github.com/389ds/389-ds-base/issues/728

If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.

Thank you for understanding. We apologize for all inconvenience.

Metadata Update from @spichugi:
- Issue close_status updated to: wontfix (was: Fixed)
3 years ago

Login to comment on this ticket.

Metadata
None
None
None
major
ack
RHCust
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.