#47391 deleting and adding userpassword fails to update the password
Closed: Fixed None Opened 6 years ago by nhosoi.

Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 6): Bug 973583

Steps
1. Add a user entry with userPassword.
2. Restart the server to evict the entry from the entry cache.
3. ldapmodify
dn: <the user="" entry="">
changetype: modify
delete: userpassword
-
add: userpassword
userpassword: newpassword

This delete/add operation causes the crash since once an entry is written to and retrieved from DB, it does not have unhashed#user#password in the entry any more. The delete userpassword internally invokes delete unhashed#user#password, which blindly expected unhashed#user#password existed in the entry.


Bug description: Deleting and adding password operation causes
the crash since once an entry is written to and retrieved from
DB, it does not have unhashed#user#password in the entry any
more. The delete userpassword internally invokes delete unhashed

user#password, which blindly expected unhashed#user#password

existed in the entry.

Fix description: Once the internal attribute value pair is
stored in an entry extension, the mod for the attribute is
changed to the "disabled" mode. Also, this patch adds the
stricter check for the NULL reference.

Nathan Kinder wrote:

ack. The fix makes sense to me.

Thanks to Nathan for his prompt review!

Bug description: Deleting and adding password operation causes
the crash since once an entry is written to and retrieved from
DB, it does not have unhashed#user#password in the entry any
more. The delete userpassword internally invokes delete unhashed
existed in the entry.

Fix description: Once the internal attribute value pair is
stored in an entry extension, the mod for the attribute is
changed to the "disabled" mode. Also, this patch adds the
stricter check for the NULL reference.

Reviewed by Nathan (Thank you!!)

Pushed to master: commit 4305dee

Pushed to 389-ds-base-1.3.1: commit ed09682

To Do: back port to 1.3.0 and 1.2.11, as well.

Bug description: ldapmodify with changetype "modify" is supposed
to skip checking unhashed password in acl_check_mods. "delete"
and "replace" were being skipped, but not "add".

Fix description: "add" also skips to check unhashed password.

Steps:
{{{
Add a user entry userA with userPassword.
Give ACI to userA to update its own password.
Restart the server to evict the entry from the entry cache.
ldapmodify ... -D "<usera's dn="">" -w "<usera's password="">"
dn: <usera's dn="">
changetype: modify
delete: userpassword
-
add: userpassword userpassword: newpassword
}}}

Reviewed by Rich (Thank you!!)

Pushed to master: commit 5337dcf

Pushed to 389-ds-base-1.3.1: commit d3300a9

Pushed to 389-ds-base-1.3.0: commit bf1f532, commit ff13a9c

Pushed to 389-ds-base-1.2.11: commit 7d8bddd, commit 9d9e9a6

Metadata Update from @nhosoi:
- Issue assigned to nhosoi
- Issue set to the milestone: 1.2.11.22

2 years ago

Login to comment on this ticket.

Metadata