On Wed, 2011-10-05 at 16:41 +0200, Jan Cholasta wrote: > On 5.10.2011 16:36, Sumit Bose wrote: > > On Wed, Oct 05, 2011 at 03:06:19PM +0200, Jan Cholasta wrote: > >> On 5.10.2011 11:58, Sumit Bose wrote: > >>> On Tue, Oct 04, 2011 at 11:15:04AM +0200, Jan Cholasta wrote: > >>>> On 27.9.2011 10:15, Sumit Bose wrote: > >>>>> Hi, > >>>>> > >>>>> currently the change password plugin does not check if the connection is > >>>>> coming from a local LDAPI socket and denies password change requests via > >>>>> LDAPI. This patch changes the check to just look at the overall SSF of > >>>>> the connection which covers all types of connection. > >>>>> > >>>>> There is a similar check in ipa_enrollment.c. But I think enrollments > >>>>> via > >>>>> LDAPI does not make much sense so it does not need to be changed. > >>>> > >>>> IMHO it should be changed anyway, for the sake of consistency. > >>>> > >>>>> > >>>>> This patch should fix https://fedorahosted.org/freeipa/ticket/1877. > >>>>> > >>>>> bye, > >>>>> Sumit > >>>>> > >>>> > >>>> The patch has trailing whitespace on lines 20 and 32-35 and needs to > >>>> be rebased. > >>>> > >>>> Tested the patch with ldappasswd over ldap/ldaps/ldapi - works as > >>>> expected. > >>> > >>> Thank you for the review. I have changed ipa_enrollment.c accordingly > >>> and checked that the patch applies against master as well as against > >>> ipa-2-1 and that git does not complain about trailing whitespace. New > >>> version attached. > >>> > >>> bye, > >>> Sumit > >> > >> "git apply" still complains about the patch: > >> > >> $ git status -sb > >> ## ipa-2-1 > >> > >> $ git apply > >> freeipa-sbose-0007-2-ipa-pwd-extop-allow-password-change-on-all-connectio.patch > >> > >> ../../patch/freeipa-sbose-0007-2-ipa-pwd-extop-allow-password-change-on-all-connectio.patch:23: > >> trailing whitespace. > >> int ssf; > >> ../../patch/freeipa-sbose-0007-2-ipa-pwd-extop-allow-password-change-on-all-connectio.patch:39: > >> trailing whitespace. > >> /* Allow password modify on all connections with a Security Strength > >> ../../patch/freeipa-sbose-0007-2-ipa-pwd-extop-allow-password-change-on-all-connectio.patch:40: > >> trailing whitespace. > >> * Factor (SSF) higher than 1 */ > >> ../../patch/freeipa-sbose-0007-2-ipa-pwd-extop-allow-password-change-on-all-connectio.patch:41: > >> trailing whitespace. > >> if (slapi_pblock_get(pb, SLAPI_OPERATION_SSF,&ssf) != 0) { > >> ../../patch/freeipa-sbose-0007-2-ipa-pwd-extop-allow-password-change-on-all-connectio.patch:42: > >> trailing whitespace. > >> LOG_TRACE("Could not get SSF from connection\n"); > >> error: patch failed: > >> daemons/ipa-slapi-plugins/ipa-enrollment/ipa_enrollment.c:80 > >> error: daemons/ipa-slapi-plugins/ipa-enrollment/ipa_enrollment.c: > >> patch does not apply > >> error: patch failed: > >> daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd_common.c:615 > >> error: daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd_common.c: > >> patch does not apply > >> > >> > >> It can be applied with "patch", but it complains too: > >> > >> $ patch -p1 > >> --no-backup-if-mismatch<freeipa-sbose-0007-2-ipa-pwd-extop-allow-password-change-on-all-connectio.patch > >> > >> (Stripping trailing CRs from patch.) > >> patching file daemons/ipa-slapi-plugins/ipa-enrollment/ipa_enrollment.c > >> (Stripping trailing CRs from patch.) > >> patching file daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd_common.c > >> > >> > >> The comment in ipa-enrollment.c should be changed from "Allow > >> password modify on ..." to "Allow enrollment on ...". > > > > I changed the comment and send the patch not in base64. > > > > bye, > > Sumit > > Thank you, ACK. > > Honza
Added missing trac ticket reference to Sumit's patch. Pushed to master, ipa-2-1. Martin _______________________________________________ Freeipa-devel mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-devel
