bab9bb6b69
Create new directories:
ceph
config
config-files
filesystem
kernel
kernel/kernel-modules
ldap
logging
strorage-drivers
tools
utilities
virt
Retire directories:
connectivity
core
devtools
support
extended
Delete two packages:
tgt
irqbalance
Relocated packages:
base/
dhcp
initscripts
libevent
lighttpd
linuxptp
memcached
net-snmp
novnc
ntp
openssh
pam
procps
sanlock
shadow
sudo
systemd
util-linux
vim
watchdog
ceph/
python-cephclient
config/
facter
puppet-4.8.2
puppet-modules
filesystem/
e2fsprogs
nfs-utils
nfscheck
kernel/
kernel-std
kernel-rt
kernel/kernel-modules/
mlnx-ofa_kernel
ldap/
nss-pam-ldapd
openldap
logging/
syslog-ng
logrotate
networking/
lldpd
iproute
mellanox
python-ryu
mlx4-config
python/
python-2.7.5
python-django
python-gunicorn
python-setuptools
python-smartpm
python-voluptuous
security/
shim-signed
shim-unsigned
tboot
strorage-drivers/
python-3parclient
python-lefthandclient
virt/
cloud-init
libvirt
libvirt-python
qemu
tools/
storage-topology
vm-topology
utilities/
tis-extensions
namespace-utils
nova-utils
update-motd
Change-Id: I37ade764d873c701b35eac5881eb40412ba64a86
Story: 2002801
Task: 22687
Signed-off-by: Scott Little <scott.little@windriver.com>
44 lines
1.4 KiB
Diff
44 lines
1.4 KiB
Diff
From 9456b0eee753d9fd368347b6974a2f6f8d941d4f Mon Sep 17 00:00:00 2001
|
|
From: Kam Nasim <kam.nasim@windriver.com>
|
|
Date: Tue, 11 Apr 2017 17:23:03 -0400
|
|
Subject: [PATCH] rootdn should not bypass ppolicy
|
|
|
|
---
|
|
servers/slapd/overlays/ppolicy.c | 13 ++++++++++---
|
|
1 file changed, 10 insertions(+), 3 deletions(-)
|
|
|
|
diff --git a/servers/slapd/overlays/ppolicy.c b/servers/slapd/overlays/ppolicy.c
|
|
index b446deb..fa79872 100644
|
|
--- a/servers/slapd/overlays/ppolicy.c
|
|
+++ b/servers/slapd/overlays/ppolicy.c
|
|
@@ -1904,8 +1904,9 @@ ppolicy_modify( Operation *op, SlapReply *rs )
|
|
}
|
|
for(p=tl; p; p=p->next, hsize++); /* count history size */
|
|
}
|
|
-
|
|
- if (be_isroot( op )) goto do_modify;
|
|
+
|
|
+ /* WRS UPDATE: Run ppolicy for all user password modify ops */
|
|
+ //if (be_isroot( op )) goto do_modify;
|
|
|
|
/* NOTE: according to draft-behera-ldap-password-policy
|
|
* pwdAllowUserChange == FALSE must only prevent pwd changes
|
|
@@ -2009,7 +2010,13 @@ ppolicy_modify( Operation *op, SlapReply *rs )
|
|
}
|
|
|
|
bv = newpw.bv_val ? &newpw : &addmod->sml_values[0];
|
|
- if (pp.pwdCheckQuality > 0) {
|
|
+
|
|
+ /* WRS UPDATE:
|
|
+ * If this is a rootDN op and this is the first password
|
|
+ * then bypass password policies as this is a new account
|
|
+ * creation
|
|
+ */
|
|
+ if (pp.pwdCheckQuality > 0 && !(be_isroot( op ) && !pa)) {
|
|
|
|
rc = check_password_quality( bv, &pp, &pErr, e, (char **)&txt );
|
|
if (rc != LDAP_SUCCESS) {
|
|
--
|
|
1.9.1
|
|
|