[Freeipa-devel] [PATCH] 1005 fix password history
Rob Crittenden
rcritten at redhat.com
Tue Apr 10 03:54:06 UTC 2012
Password history wasn't working because the qsort comparison function
was comparing pointers, not data. This resulted in a random element
being removed from the history on overflow rather than the oldest.
We sort in reverse so we don't have to move elements inside the list
when removing to make more room. We just pop off the top then shove on
the new password. The history includes a time to make comparisons
straightforward (and LDAP doesn't guarantee order).
I've attached a test script to exercise things. I don't see a way to
easily include this into our current framework at the moment. We'd need
a way to switch users in the middle of a test.
rob
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-rcrit-1005-history.patch
Type: text/x-diff
Size: 1241 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20120409/4b76210a/attachment.bin>
-------------- next part --------------
#!/bin/sh
SLEEP=1
echo password | kinit admin
ipa user-del tuser1
echo "Set password policy"
ipa pwpolicy-mod --history=3 --minlife=0
echo "Create user"
echo password | ipa user-add --first=tim --last=user tuser1 --password
sleep $SLEEP
echo "Password 1"
echo -e 'password\nredhat001\nredhat001\n' | kinit tuser1
sleep $SLEEP
echo "Password 2"
echo -e 'redhat001\nredhat002\nredhat002' | ipa passwd
sleep $SLEEP
echo "Password 3"
echo -e 'redhat002\nredhat003\nredhat003' | ipa passwd
sleep $SLEEP
echo "Try resetting to password 1: it should fail"
echo -e 'redhat003\nredhat001\nredhat001' | ipa passwd
sleep $SLEEP
echo "Password 4"
echo -e 'redhat003\nredhat004\nredhat004' | ipa passwd
sleep $SLEEP
echo "Try resetting to password 1: it should succeed"
echo -e 'redhat004\nredhat001\nredhat001' | ipa passwd
sleep $SLEEP
echo "Try resetting to password 3: it should fail"
echo -e 'redhat001\nredhat003\nredhat003' | ipa passwd
sleep $SLEEP
echo "Try resetting to password 2: it should succeed"
echo -e 'redhat001\nredhat002\nredhat002' | ipa passwd
sleep $SLEEP
echo "Try resetting to password 4: it should fail"
echo -e 'redhat002\nredhat004\nredhat004' | ipa passwd
sleep $SLEEP
echo "Try resetting to password 3: it should succeed"
echo -e 'redhat002\nredhat003\nredhat003' | ipa passwd
sleep $SLEEP
More information about the Freeipa-devel
mailing list