On 5.10.2011 11:58, Sumit Bose wrote:
On Tue, Oct 04, 2011 at 11:15:04AM +0200, Jan Cholasta wrote:
On 27.9.2011 10:15, Sumit Bose wrote:
Hi,
currently the change password plugin does not check if the connection is
coming from a local LDAPI socket and denies password change requests via
LDAPI. This patch changes the check to just look at the overall SSF of
the connection which covers all types of connection.
There is a similar check in ipa_enrollment.c. But I think enrollments via
LDAPI does not make much sense so it does not need to be changed.
IMHO it should be changed anyway, for the sake of consistency.
This patch should fix https://fedorahosted.org/freeipa/ticket/1877.
bye,
Sumit
The patch has trailing whitespace on lines 20 and 32-35 and needs to
be rebased.
Tested the patch with ldappasswd over ldap/ldaps/ldapi - works as expected.
Thank you for the review. I have changed ipa_enrollment.c accordingly
and checked that the patch applies against master as well as against
ipa-2-1 and that git does not complain about trailing whitespace. New
version attached.
bye,
Sumit
"git apply" still complains about the patch:
$ git status -sb
## ipa-2-1
$ git apply
freeipa-sbose-0007-2-ipa-pwd-extop-allow-password-change-on-all-connectio.patch
../../patch/freeipa-sbose-0007-2-ipa-pwd-extop-allow-password-change-on-all-connectio.patch:23:
trailing whitespace.
int ssf;
../../patch/freeipa-sbose-0007-2-ipa-pwd-extop-allow-password-change-on-all-connectio.patch:39:
trailing whitespace.
/* Allow password modify on all connections with a Security Strength
../../patch/freeipa-sbose-0007-2-ipa-pwd-extop-allow-password-change-on-all-connectio.patch:40:
trailing whitespace.
* Factor (SSF) higher than 1 */
../../patch/freeipa-sbose-0007-2-ipa-pwd-extop-allow-password-change-on-all-connectio.patch:41:
trailing whitespace.
if (slapi_pblock_get(pb, SLAPI_OPERATION_SSF, &ssf) != 0) {
../../patch/freeipa-sbose-0007-2-ipa-pwd-extop-allow-password-change-on-all-connectio.patch:42:
trailing whitespace.
LOG_TRACE("Could not get SSF from connection\n");
error: patch failed:
daemons/ipa-slapi-plugins/ipa-enrollment/ipa_enrollment.c:80
error: daemons/ipa-slapi-plugins/ipa-enrollment/ipa_enrollment.c: patch
does not apply
error: patch failed:
daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd_common.c:615
error: daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd_common.c: patch
does not apply
It can be applied with "patch", but it complains too:
$ patch -p1 --no-backup-if-mismatch
<freeipa-sbose-0007-2-ipa-pwd-extop-allow-password-change-on-all-connectio.patch
(Stripping trailing CRs from patch.)
patching file daemons/ipa-slapi-plugins/ipa-enrollment/ipa_enrollment.c
(Stripping trailing CRs from patch.)
patching file daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd_common.c
The comment in ipa-enrollment.c should be changed from "Allow password
modify on ..." to "Allow enrollment on ...".
Honza
Honza
--
Jan Cholasta
_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
--
Jan Cholasta
_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
