首页 发现 帮助
注册 登录
Apq
/
389-ds-base
镜像自地址 https://github.com/389ds/389-ds-base.git
1
0
派生 0
文件 工单管理 0 Wiki
浏览代码

Bug 1199675 - CVE-2014-8112 CVE-2014-8105 389-ds-base: various flaws [fedora-all]

Fix for CVE-2014-8112

	If the unhashed pw switch is set to off this should only
        prevent the generation of the unhashed#user#password
	attribute.
	But encoding of pw values and detiecetion which values have
	to be deleted needs to stay intact.
	So the check if the switch is set has to be placed close to
        the generation of the attribute in different 'if' branches

Reviewed by Noriko, thanks

(cherry picked from commit e5de803f4ab1b097c637c269fcc8b567e664c00d)
Ludwig Krispenz 11 年之前
父节点
c170d9541c
当前提交
84b8bfd7d1
共有 2 个文件被更改,包括 28 次插入17 次删除
分列视图 显示文件统计
  1. 6 0
      ldap/servers/plugins/retrocl/retrocl_po.c
  2. 22 17
      ldap/servers/slapd/modify.c

+ 6 - 0
ldap/servers/plugins/retrocl/retrocl_po.c
查看文件 

@@ -101,6 +101,12 @@ static lenstr *make_changes_string(LDAPMod **ldm, const char **includeattrs)
 
 		continue;
 
 	    }
 
 	}
 
+	if (SLAPD_UNHASHED_PW_NOLOG == slapi_config_get_unhashed_pw_switch()) {
 
+		if (0 == strcasecmp(ldm[ i ]->mod_type, PSEUDO_ATTR_UNHASHEDUSERPASSWORD)) {
 
+			/* If nsslapd-unhashed-pw-switch == nolog, skip writing it to cl. */
 
+			continue;
 
+		}
 
+	}
 
 	switch ( ldm[ i ]->mod_op  & ~LDAP_MOD_BVALUES ) {
 
 	case LDAP_MOD_ADD:
 
 	    addlenstr( l, "add: " );

+ 22 - 17
ldap/servers/slapd/modify.c
查看文件 

@@ -836,8 +836,7 @@ static void op_shared_modify (Slapi_PBlock *pb, int pw_change, char *old_pw)
 
 	 * before calling the preop plugins
 
 	 */
 
 
-	if (pw_change && !repl_op &&
 
-	    (SLAPD_UNHASHED_PW_OFF != config_get_unhashed_pw_switch())) {
 
+	if (pw_change && !repl_op ) {
 
 		Slapi_Value **va = NULL;
 
 
 		unhashed_pw_attr = slapi_attr_syntax_normalize(PSEUDO_ATTR_UNHASHEDUSERPASSWORD);
 
@@ -907,13 +906,15 @@ static void op_shared_modify (Slapi_PBlock *pb, int pw_change, char *old_pw)
 
 						 *  Finally, delete the unhashed userpassword
 
 						 *  (this will update the password entry extension)
 
 						 */
 
-						bval.bv_val = password;
 
-						bval.bv_len = strlen(password);
 
-						bv[0] = &bval;
 
-						bv[1] = NULL;
 
-						valuearray_init_bervalarray(bv, &va);
 
-						slapi_mods_add_mod_values(&smods, pw_mod->mod_op, unhashed_pw_attr, va);
 
-						valuearray_free(&va);
 
+						if (SLAPD_UNHASHED_PW_OFF != config_get_unhashed_pw_switch()) {
 
+							bval.bv_val = password;
 
+							bval.bv_len = strlen(password);
 
+							bv[0] = &bval;
 
+							bv[1] = NULL;
 
+							valuearray_init_bervalarray(bv, &va);
 
+							slapi_mods_add_mod_values(&smods, pw_mod->mod_op, unhashed_pw_attr, va);
 
+							valuearray_free(&va);
 
+						}
 
 					} else {
 
 						/*
 
 						 *  Password is encoded, try and find a matching unhashed_password to delete
 
@@ -945,19 +946,23 @@ static void op_shared_modify (Slapi_PBlock *pb, int pw_change, char *old_pw)
 
 								if(strcmp(unhashed_pwsp->pws_name, "CLEAR") == 0){
 
 									if((*(pwsp->pws_cmp))((char *)unhashed_pwd , valpwd) == 0 ){
 
 										/* match, add the delete mod for this particular unhashed userpassword */
 
-										valuearray_init_bervalarray(bv, &va);
 
-										slapi_mods_add_mod_values(&smods, pw_mod->mod_op, unhashed_pw_attr, va);
 
-										valuearray_free(&va);
 
-										free_pw_scheme( unhashed_pwsp );
 
+										if (SLAPD_UNHASHED_PW_OFF != config_get_unhashed_pw_switch()) {
 
+										    valuearray_init_bervalarray(bv, &va);
 
+										    slapi_mods_add_mod_values(&smods, pw_mod->mod_op, unhashed_pw_attr, va);
 
+										    valuearray_free(&va);
 
+										    free_pw_scheme( unhashed_pwsp );
 
+										}
 
 										break;
 
 									}
 
 								} else {
 
 									/*
 
 									 *  We have a hashed unhashed_userpassword!  We must delete it.
 
 									 */
 
-									valuearray_init_bervalarray(bv, &va);
 
-									slapi_mods_add_mod_values(&smods, pw_mod->mod_op, unhashed_pw_attr, va);
 
-									valuearray_free(&va);
 
+									if (SLAPD_UNHASHED_PW_OFF != config_get_unhashed_pw_switch()) {
 
+										valuearray_init_bervalarray(bv, &va);
 
+										slapi_mods_add_mod_values(&smods, pw_mod->mod_op, unhashed_pw_attr, va);
 
+										valuearray_free(&va);
 
+									}
 
 								}
 
 								free_pw_scheme( unhashed_pwsp );
 
 							}
 
@@ -972,7 +977,7 @@ static void op_shared_modify (Slapi_PBlock *pb, int pw_change, char *old_pw)
 
 				if (remove_unhashed_pw && !slapi_entry_attr_find(e, unhashed_pw_attr, &a)){
 
 					slapi_mods_add_mod_values(&smods, pw_mod->mod_op,unhashed_pw_attr, va);
 
 				}
 
-			} else {
 
+			} else if (SLAPD_UNHASHED_PW_OFF != config_get_unhashed_pw_switch()) {
 
 				/* add pseudo password attribute */
 
 				valuearray_init_bervalarray_unhashed_only(pw_mod->mod_bvalues, &va);
 
 				if(va && va[0]){