Commit 109d967f authored by Ondřej Kuzník's avatar Ondřej Kuzník Committed by Quanah Gibson-Mount
Browse files

ITS#7788 Hashing should be independent of a useable policy

parent 9d594a11
Pipeline #2241 canceled with stage
in 4 minutes and 52 seconds
...@@ -2182,9 +2182,7 @@ ppolicy_add( ...@@ -2182,9 +2182,7 @@ ppolicy_add(
return rs->sr_err; return rs->sr_err;
} }
if ( ppolicy_get( op, op->ora_e, &pp ) != LDAP_SUCCESS ) { ppolicy_get( op, op->ora_e, &pp );
return SLAP_CB_CONTINUE;
}
/* /*
* new entry contains a password - if we're not the root user * new entry contains a password - if we're not the root user
...@@ -2306,6 +2304,7 @@ ppolicy_modify( Operation *op, SlapReply *rs ) ...@@ -2306,6 +2304,7 @@ ppolicy_modify( Operation *op, SlapReply *rs )
int got_del_grace = 0, got_del_lock = 0, got_pw = 0, got_del_fail = 0, int got_del_grace = 0, got_del_lock = 0, got_pw = 0, got_del_fail = 0,
got_del_success = 0; got_del_success = 0;
int got_changed = 0, got_history = 0; int got_changed = 0, got_history = 0;
int have_policy = 0;
op->o_bd->bd_info = (BackendInfo *)on->on_info; op->o_bd->bd_info = (BackendInfo *)on->on_info;
rc = be_entry_get_rw( op, &op->o_req_ndn, NULL, NULL, 0, &e ); rc = be_entry_get_rw( op, &op->o_req_ndn, NULL, NULL, 0, &e );
...@@ -2458,8 +2457,9 @@ ppolicy_modify( Operation *op, SlapReply *rs ) ...@@ -2458,8 +2457,9 @@ ppolicy_modify( Operation *op, SlapReply *rs )
} }
} }
if ( ppolicy_get( op, e, &pp ) != LDAP_SUCCESS ) { /* ppolicy_hash_cleartext depends on pwmod being determined first */
goto do_modify; if ( ppolicy_get( op, e, &pp ) == LDAP_SUCCESS ) {
have_policy = 1;
} }
if ( access_allowed( op, e, pp.ad, NULL, ACL_MANAGE, NULL ) ) { if ( access_allowed( op, e, pp.ad, NULL, ACL_MANAGE, NULL ) ) {
...@@ -2575,7 +2575,7 @@ ppolicy_modify( Operation *op, SlapReply *rs ) ...@@ -2575,7 +2575,7 @@ ppolicy_modify( Operation *op, SlapReply *rs )
* the root user is bound. Root can do anything, including avoid the policies. * the root user is bound. Root can do anything, including avoid the policies.
*/ */
if (!pwmod) goto do_modify; if (!have_policy || !pwmod) goto do_modify;
/* /*
* Build the password history list in ascending time order * Build the password history list in ascending time order
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment