Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 7): Bug 1467777
Description of problem: The "pwdhash -D configdir" command uses the default hashing algorithm and neither the current value set in nsslapd-rootpwstoragescheme nor passwordStorageScheme. Version-Release number of selected component (if applicable): DS 10.1.1 How reproducible: Always Steps to Reproduce: 1. Set nsslapd-rootpwstoragescheme to SSHA256 2. Set passwordStorageScheme to SSHA384 3. Run # pwdhash -D /etc/dirsrv/slapd-instance_name/ password Actual results: You get the hash based on the DS default setting (which is SSHA512 for DS 10.1.1) instead of the algorithms set in one of the two attributes. Expected results / Feature request: * If "-D configdir" is used, the command should return the hashed string using the algorithm set in nsslapd-rootpwstoragescheme. The tool is mostly used to generate the hash for the Directory Manager - so this should be default in this case. * Additinally, a "-u" option should be added, which is only used in combination with "-D configdir", and generates the hash using the algorithm set in passwordStorageScheme.
Metadata Update from @firstyear: - Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=1467777
Metadata Update from @firstyear: - Issue assigned to firstyear
Metadata Update from @firstyear: - Custom field type adjusted to defect - Issue set to the milestone: 1.3.7 backlog (was: 0.0 NEEDS_TRIAGE)
<img alt="0001-Ticket-49312-pwdhash-D-used-default-hash-algo.patch" src="/389-ds-base/issue/raw/files/7df9ee2e141074de221c035287a6d411c218f04d7b7a07c19dee924d11098348-0001-Ticket-49312-pwdhash-D-used-default-hash-algo.patch" />
I0> /opt/dirsrv/bin/pwdhash -D /opt/dirsrv/etc/dirsrv/slapd-localhost password {SHA256}XohImNooBHFR0OVvjcYpJ3NgPQ1qq73WKhHvch0VQtg= I0> /opt/dirsrv/bin/pwdhash password {SSHA512}DQNXQZUS0aiwfAOZ2yHm7JUbylWPEU9FW1nQV/9+coomETZyVqLZ1PsQ1zdqoQbPHIvnSR0xKJwVeSBumSNMLfESVSB0J7jR
Metadata Update from @firstyear: - Custom field component adjusted to None - Custom field origin adjusted to None - Custom field reviewstatus adjusted to review - Custom field version adjusted to None
Metadata Update from @mreynolds: - Custom field reviewstatus adjusted to ack (was: review)
commit 43efa0ea7c762de6060ab0aa3fd735defdaf8eb2 To ssh://git@pagure.io/389-ds-base.git f63949d..aa57d4b master -> master
Metadata Update from @firstyear: - Issue close_status updated to: fixed - Issue status updated to: Closed (was: Open)
<img alt="0001-Issue-49312-Added-new-test-case-for-D-configdir.patch" src="/389-ds-base/issue/raw/files/cf014b20e309819a02be4871c819ce3495a05d43c79f97bc289edcd443060d25-0001-Issue-49312-Added-new-test-case-for-D-configdir.patch" />
Metadata Update from @aadhikari: - Custom field reviewstatus adjusted to review (was: ack)
Hey mate,
I don't think you need the dirsrv restart, when you change cn=config, it writes to dse.ldif immediately,
Also, it may be easier to check the output with subprocess.check_output([cmd, args, ...]). Then you can check the password header matches your expectations. :) Hope that helps!
Hi @firstyear ,
I have removed the dirsrv restart code, also used subprocess.check_output(...) for checking the output. The problem is I am able to see result even after providing a wrong password or any random text.
<img alt="0001-Issue-49312-Added-new-test-case-for-D-configdir.patch" src="/389-ds-base/issue/raw/files/35d582c3682d1a65b9e69fd27e18e8f423e620d741f1bf43d464405e43a0224a-0001-Issue-49312-Added-new-test-case-for-D-configdir.patch" />
You can replace this:
72 + if not result: assert result, "Failed to run pwdhash"
with this:
72 + assert result, "Failed to run pwdhash"
" if not result: " is redundant here. Assert already takes care about the check.
And you don't need this too:
73 + if result:
Because you've already has asserted that 'result' is present.
Besides that, looks good. I wait for William to check and we can push.
Your spacing on line 73-74 oof the patch is wrong. In the if case you indent by a single line not by 4 lines.
So I'll wait for an update, but otherwise I think this is correct,
Thanks!
<img alt="0001-Issue-49312-Added-new-test-case-for-D-configdir.patch" src="/389-ds-base/issue/raw/files/691c0d38012a08165cf71a39574e5445322672d35c0837728d194e21a0eae7d3-0001-Issue-49312-Added-new-test-case-for-D-configdir.patch" />
I've fixed the commit message a bit. And I've added 'Reviewed by' line.
commit 6647fba Author: Akshay Adhikari aadhikar@aadhikar.pnq.csb Date: Thu Jan 4 17:14:53 2018 +0530
Metadata Update from @spichugi: - Custom field reviewstatus adjusted to ack (was: review)
389-ds-base is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in 389-ds-base's github repository.
This issue has been cloned to Github and is available here: - https://github.com/389ds/389-ds-base/issues/2371
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Metadata Update from @spichugi: - Issue close_status updated to: wontfix (was: fixed)
Login to comment on this ticket.