[Freeipa-devel] [PATCH] ipa-pwd-extop: allow password change on all connections with SSF>1

Jan Cholasta jcholast at redhat.com
Wed Oct 5 13:06:19 UTC 2011 

On 5.10.2011 11:58, Sumit Bose wrote:
> On Tue, Oct 04, 2011 at 11:15:04AM +0200, Jan Cholasta wrote:
>> On 27.9.2011 10:15, Sumit Bose wrote:
>>> Hi,
>>>
>>> currently the change password plugin does not check if the connection is
>>> coming from a local LDAPI socket and denies password change requests via
>>> LDAPI. This patch changes the check to just look at the overall SSF of
>>> the connection which covers all types of connection.
>>>
>>> There is a similar check in ipa_enrollment.c. But I think enrollments via
>>> LDAPI does not make much sense so it does not need to be changed.
>>
>> IMHO it should be changed anyway, for the sake of consistency.
>>
>>>
>>> This patch should fix https://fedorahosted.org/freeipa/ticket/1877.
>>>
>>> bye,
>>> Sumit
>>>
>>
>> The patch has trailing whitespace on lines 20 and 32-35 and needs to
>> be rebased.
>>
>> Tested the patch with ldappasswd over ldap/ldaps/ldapi - works as expected.
>
> Thank you for the review. I have changed ipa_enrollment.c accordingly
> and checked that the patch applies against master as well as against
> ipa-2-1 and that git does not complain about trailing whitespace. New
> version attached.
>
> bye,
> Sumit

"git apply" still complains about the patch:

$ git status -sb
## ipa-2-1

$ git apply 
freeipa-sbose-0007-2-ipa-pwd-extop-allow-password-change-on-all-connectio.patch 

../../patch/freeipa-sbose-0007-2-ipa-pwd-extop-allow-password-change-on-all-connectio.patch:23: 
trailing whitespace.
     int ssf;
../../patch/freeipa-sbose-0007-2-ipa-pwd-extop-allow-password-change-on-all-connectio.patch:39: 
trailing whitespace.
     /* Allow password modify on all connections with a Security Strength
../../patch/freeipa-sbose-0007-2-ipa-pwd-extop-allow-password-change-on-all-connectio.patch:40: 
trailing whitespace.
      * Factor (SSF) higher than 1 */
../../patch/freeipa-sbose-0007-2-ipa-pwd-extop-allow-password-change-on-all-connectio.patch:41: 
trailing whitespace.
     if (slapi_pblock_get(pb, SLAPI_OPERATION_SSF, &ssf) != 0) {
../../patch/freeipa-sbose-0007-2-ipa-pwd-extop-allow-password-change-on-all-connectio.patch:42: 
trailing whitespace.
         LOG_TRACE("Could not get SSF from connection\n");
error: patch failed: 
daemons/ipa-slapi-plugins/ipa-enrollment/ipa_enrollment.c:80
error: daemons/ipa-slapi-plugins/ipa-enrollment/ipa_enrollment.c: patch 
does not apply
error: patch failed: 
daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd_common.c:615
error: daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd_common.c: patch 
does not apply


It can be applied with "patch", but it complains too:

$ patch -p1 --no-backup-if-mismatch 
<freeipa-sbose-0007-2-ipa-pwd-extop-allow-password-change-on-all-connectio.patch 

(Stripping trailing CRs from patch.)
patching file daemons/ipa-slapi-plugins/ipa-enrollment/ipa_enrollment.c
(Stripping trailing CRs from patch.)
patching file daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd_common.c


The comment in ipa-enrollment.c should be changed from "Allow password 
modify on ..." to "Allow enrollment on ...".

Honza

>
>>
>> Honza
>>
>> --
>> Jan Cholasta
>>
>>
>> _______________________________________________
>> Freeipa-devel mailing list
>> Freeipa-devel at redhat.com
>> https://www.redhat.com/mailman/listinfo/freeipa-devel


-- 
Jan Cholasta

More information about the Freeipa-devel mailing list