[Freeipa-devel] [freeipa PR#345][opened] ipa-kdb: search for password policies globally

Thu, 15 Dec 2016 06:37:35 -0800 

   URL: https://github.com/freeipa/freeipa/pull/345
Author: abbra
 Title: #345: ipa-kdb: search for password policies globally
Action: opened

PR body:
"""
With the CoS templates now used to create additional password policies
per object type that are placed under the object subtrees, DAL driver
needs to search for the policies in the whole tree.

Individual policies referenced by the krbPwdPolicyReference attribute
are always searched by their full DN and with the base scope. However,
when KDC asks a DAL driver to return a password policy by name, we don't
have any specific base to search. The original code did search by the
realm subtree.

Fixes https://bugzilla.redhat.com/show_bug.cgi?id=1404910
"""

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/345/head:pr345
git checkout pr345

From cc61f062a1f504c88794cb8709afdae7e44369a9 Mon Sep 17 00:00:00 2001
From: Alexander Bokovoy <aboko...@redhat.com>
Date: Thu, 15 Dec 2016 16:30:00 +0200
Subject: [PATCH] ipa-kdb: search for password policies globally

With the CoS templates now used to create additional password policies
per object type that are placed under the object subtrees, DAL driver
needs to search for the policies in the whole tree.

Individual policies referenced by the krbPwdPolicyReference attribute
are always searched by their full DN and with the base scope. However,
when KDC asks a DAL driver to return a password policy by name, we don't
have any specific base to search. The original code did search by the
realm subtree.

Fixes https://bugzilla.redhat.com/show_bug.cgi?id=1404910
---
 daemons/ipa-kdb/ipa_kdb_pwdpolicy.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/daemons/ipa-kdb/ipa_kdb_pwdpolicy.c b/daemons/ipa-kdb/ipa_kdb_pwdpolicy.c
index 076314a..0c810af 100644
--- a/daemons/ipa-kdb/ipa_kdb_pwdpolicy.c
+++ b/daemons/ipa-kdb/ipa_kdb_pwdpolicy.c
@@ -163,7 +163,7 @@ krb5_error_code ipadb_get_pwd_policy(krb5_context kcontext, char *name,
     }
 
     kerr = ipadb_simple_search(ipactx,
-                               ipactx->realm_base, LDAP_SCOPE_SUBTREE,
+                               ipactx->base, LDAP_SCOPE_SUBTREE,
                                src_filter, std_pwdpolicy_attrs, &res);
     if (kerr) {
         goto done;

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to