On 5.10.2011 11:58, Sumit Bose wrote:
On Tue, Oct 04, 2011 at 11:15:04AM +0200, Jan Cholasta wrote:
On 27.9.2011 10:15, Sumit Bose wrote:
Hi,

currently the change password plugin does not check if the connection is
coming from a local LDAPI socket and denies password change requests via
LDAPI. This patch changes the check to just look at the overall SSF of
the connection which covers all types of connection.

There is a similar check in ipa_enrollment.c. But I think enrollments via
LDAPI does not make much sense so it does not need to be changed.

IMHO it should be changed anyway, for the sake of consistency.


This patch should fix https://fedorahosted.org/freeipa/ticket/1877.

bye,
Sumit


The patch has trailing whitespace on lines 20 and 32-35 and needs to
be rebased.

Tested the patch with ldappasswd over ldap/ldaps/ldapi - works as expected.

Thank you for the review. I have changed ipa_enrollment.c accordingly
and checked that the patch applies against master as well as against
ipa-2-1 and that git does not complain about trailing whitespace. New
version attached.

bye,
Sumit

"git apply" still complains about the patch:

$ git status -sb
## ipa-2-1

$ git apply freeipa-sbose-0007-2-ipa-pwd-extop-allow-password-change-on-all-connectio.patch ../../patch/freeipa-sbose-0007-2-ipa-pwd-extop-allow-password-change-on-all-connectio.patch:23: trailing whitespace.
    int ssf;
../../patch/freeipa-sbose-0007-2-ipa-pwd-extop-allow-password-change-on-all-connectio.patch:39: trailing whitespace.
    /* Allow password modify on all connections with a Security Strength
../../patch/freeipa-sbose-0007-2-ipa-pwd-extop-allow-password-change-on-all-connectio.patch:40: trailing whitespace.
     * Factor (SSF) higher than 1 */
../../patch/freeipa-sbose-0007-2-ipa-pwd-extop-allow-password-change-on-all-connectio.patch:41: trailing whitespace.
    if (slapi_pblock_get(pb, SLAPI_OPERATION_SSF, &ssf) != 0) {
../../patch/freeipa-sbose-0007-2-ipa-pwd-extop-allow-password-change-on-all-connectio.patch:42: trailing whitespace.
        LOG_TRACE("Could not get SSF from connection\n");
error: patch failed: daemons/ipa-slapi-plugins/ipa-enrollment/ipa_enrollment.c:80 error: daemons/ipa-slapi-plugins/ipa-enrollment/ipa_enrollment.c: patch does not apply error: patch failed: daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd_common.c:615 error: daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd_common.c: patch does not apply


It can be applied with "patch", but it complains too:

$ patch -p1 --no-backup-if-mismatch <freeipa-sbose-0007-2-ipa-pwd-extop-allow-password-change-on-all-connectio.patch
(Stripping trailing CRs from patch.)
patching file daemons/ipa-slapi-plugins/ipa-enrollment/ipa_enrollment.c
(Stripping trailing CRs from patch.)
patching file daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd_common.c


The comment in ipa-enrollment.c should be changed from "Allow password modify on ..." to "Allow enrollment on ...".

Honza



Honza

--
Jan Cholasta


_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel


--
Jan Cholasta

_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to