Skip to content
GitLab
Projects
Groups
Snippets
/
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Sign in / Register
Toggle navigation
Menu
Open sidebar
Joe Martin
OpenLDAP
Commits
1b22c04c
Commit
1b22c04c
authored
Nov 16, 2005
by
Kurt Zeilenga
Browse files
ppolicy fix
parent
368fd041
Changes
2
Hide whitespace changes
Inline
Side-by-side
CHANGES
View file @
1b22c04c
...
...
@@ -27,6 +27,7 @@ OpenLDAP 2.3.12 Release
Fixed slapd-meta per-target retry (ITS#4150)
Fixed slapd-meta size/time limit handling (ITS#4145)
Fixed slapo-ppolicy pwdFailureTIme after bind success issue (ITS#4134)
Fixed slapo-ppolicy add passord_hash quality config dependency
Fixed slapo-syncprov LDAP response types (ITS#4183)
Fixed slapd spurious defer message (ITS#3850)
Fixed slapd attribute SYNTAX OIDM issue (ITS#4116)
...
...
servers/slapd/overlays/ppolicy.c
View file @
1b22c04c
...
...
@@ -1102,38 +1102,39 @@ ppolicy_add(
send_ldap_error
(
op
,
rs
,
rc
,
"Password fails quality checking policy"
);
return
rs
->
sr_err
;
}
/*
* A controversial bit. We hash cleartext
* passwords provided via add and modify operations
* You're not really supposed to do this, since
* the X.500 model says "store attributes" as they
* get provided. By default, this is what we do
*
* But if the hash_passwords flag is set, we hash
* any cleartext password attribute values via the
* default password hashing scheme.
*/
if
((
pi
->
hash_passwords
)
&&
(
password_scheme
(
&
(
pa
->
a_vals
[
0
]),
NULL
)
!=
LDAP_SUCCESS
))
{
struct
berval
hpw
;
slap_passwd_hash
(
&
(
pa
->
a_vals
[
0
]),
&
hpw
,
&
txt
);
if
(
hpw
.
bv_val
==
NULL
)
{
/*
* hashing didn't work. Emit an error.
*/
rs
->
sr_err
=
LDAP_OTHER
;
rs
->
sr_text
=
txt
;
send_ldap_error
(
op
,
rs
,
LDAP_OTHER
,
"Password hashing failed"
);
return
rs
->
sr_err
;
}
}
/*
* A controversial bit. We hash cleartext
* passwords provided via add and modify operations
* You're not really supposed to do this, since
* the X.500 model says "store attributes" as they
* get provided. By default, this is what we do
*
* But if the hash_passwords flag is set, we hash
* any cleartext password attribute values via the
* default password hashing scheme.
*/
if
((
pi
->
hash_passwords
)
&&
(
password_scheme
(
&
(
pa
->
a_vals
[
0
]),
NULL
)
!=
LDAP_SUCCESS
))
{
struct
berval
hpw
;
memset
(
pa
->
a_vals
[
0
].
bv_val
,
0
,
pa
->
a_vals
[
0
].
bv_len
);
ber_memfree
(
pa
->
a_vals
[
0
].
bv_val
);
pa
->
a_vals
[
0
].
bv_val
=
hpw
.
bv_val
;
pa
->
a_vals
[
0
].
bv_len
=
hpw
.
bv_len
;
slap_passwd_hash
(
&
(
pa
->
a_vals
[
0
]),
&
hpw
,
&
txt
);
if
(
hpw
.
bv_val
==
NULL
)
{
/*
* hashing didn't work. Emit an error.
*/
rs
->
sr_err
=
LDAP_OTHER
;
rs
->
sr_text
=
txt
;
send_ldap_error
(
op
,
rs
,
LDAP_OTHER
,
"Password hashing failed"
);
return
rs
->
sr_err
;
}
memset
(
pa
->
a_vals
[
0
].
bv_val
,
0
,
pa
->
a_vals
[
0
].
bv_len
);
ber_memfree
(
pa
->
a_vals
[
0
].
bv_val
);
pa
->
a_vals
[
0
].
bv_val
=
hpw
.
bv_val
;
pa
->
a_vals
[
0
].
bv_len
=
hpw
.
bv_len
;
}
/* If password aging is in effect, set the pwdChangedTime */
if
(
pp
.
pwdMaxAge
||
pp
.
pwdMinAge
)
{
struct
berval
timestamp
;
...
...
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment
