Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 6): Bug 973583
Steps 1. Add a user entry with userPassword. 2. Restart the server to evict the entry from the entry cache. 3. ldapmodify dn: <The user entry> changetype: modify delete: userpassword - add: userpassword userpassword: newpassword
This delete/add operation causes the crash since once an entry is written to and retrieved from DB, it does not have unhashed#user#password in the entry any more. The delete userpassword internally invokes delete unhashed#user#password, which blindly expected unhashed#user#password existed in the entry.
Bug description: Deleting and adding password operation causes the crash since once an entry is written to and retrieved from DB, it does not have unhashed#user#password in the entry any more. The delete userpassword internally invokes delete unhashed
existed in the entry.
Fix description: Once the internal attribute value pair is stored in an entry extension, the mod for the attribute is changed to the "disabled" mode. Also, this patch adds the stricter check for the NULL reference.
git patch file (master) 0002-Ticket-47391-deleting-and-adding-userpassword-fails-.patch
Nathan Kinder wrote:
ack. The fix makes sense to me.
Thanks to Nathan for his prompt review!
Bug description: Deleting and adding password operation causes the crash since once an entry is written to and retrieved from DB, it does not have unhashed#user#password in the entry any more. The delete userpassword internally invokes delete unhashed existed in the entry.
Reviewed by Nathan (Thank you!!)
Pushed to master: commit 4305dee
Pushed to 389-ds-base-1.3.1: commit ed09682
To Do: back port to 1.3.0 and 1.2.11, as well.
Bug description: ldapmodify with changetype "modify" is supposed to skip checking unhashed password in acl_check_mods. "delete" and "replace" were being skipped, but not "add".
Fix description: "add" also skips to check unhashed password.
git patch file (master) 0001-Ticket-47391-deleting-and-adding-userpassword-fails-.patch
Steps: {{{ Add a user entry userA with userPassword. Give ACI to userA to update its own password. Restart the server to evict the entry from the entry cache. ldapmodify ... -D "<userA's DN>" -w "<userA's password>" dn: <userA's DN> changetype: modify delete: userpassword - add: userpassword userpassword: newpassword }}}
Reviewed by Rich (Thank you!!)
Pushed to master: commit 5337dcf
Pushed to 389-ds-base-1.3.1: commit d3300a9
Pushed to 389-ds-base-1.3.0: commit bf1f532, commit ff13a9c
Pushed to 389-ds-base-1.2.11: commit 7d8bddd, commit 9d9e9a6
Metadata Update from @nhosoi: - Issue assigned to nhosoi - Issue set to the milestone: 1.2.11.22
389-ds-base is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in 389-ds-base's github repository.
This issue has been cloned to Github and is available here: - https://github.com/389ds/389-ds-base/issues/728
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Metadata Update from @spichugi: - Issue close_status updated to: wontfix (was: Fixed)
Login to comment on this ticket.