[Freeipa-devel] [PATCH] 1005 fix password history

Rob Crittenden rcritten at redhat.com
Tue Apr 10 03:54:06 UTC 2012 

Password history wasn't working because the qsort comparison function 
was comparing pointers, not data. This resulted in a random element 
being removed from the history on overflow rather than the oldest.

We sort in reverse so we don't have to move elements inside the list 
when removing to make more room. We just pop off the top then shove on 
the new password. The history includes a time to make comparisons 
straightforward (and LDAP doesn't guarantee order).

I've attached a test script to exercise things. I don't see a way to 
easily include this into our current framework at the moment. We'd need 
a way to switch users in the middle of a test.

rob
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-rcrit-1005-history.patch
Type: text/x-diff
Size: 1241 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20120409/4b76210a/attachment.bin>
-------------- next part --------------
#!/bin/sh

SLEEP=1

echo password | kinit admin
ipa user-del tuser1

echo "Set password policy"
ipa pwpolicy-mod --history=3 --minlife=0

echo "Create user"
echo password | ipa user-add --first=tim --last=user tuser1 --password
sleep $SLEEP

echo "Password 1"
echo -e 'password\nredhat001\nredhat001\n' | kinit tuser1
sleep $SLEEP

echo "Password 2"
echo -e 'redhat001\nredhat002\nredhat002' | ipa passwd
sleep $SLEEP

echo "Password 3"
echo -e 'redhat002\nredhat003\nredhat003' | ipa passwd
sleep $SLEEP

echo "Try resetting to password 1: it should fail"
echo -e 'redhat003\nredhat001\nredhat001' | ipa passwd
sleep $SLEEP

echo "Password 4"
echo -e 'redhat003\nredhat004\nredhat004' | ipa passwd
sleep $SLEEP

echo "Try resetting to password 1: it should succeed"
echo -e 'redhat004\nredhat001\nredhat001' | ipa passwd
sleep $SLEEP

echo "Try resetting to password 3: it should fail"
echo -e 'redhat001\nredhat003\nredhat003' | ipa passwd
sleep $SLEEP

echo "Try resetting to password 2: it should succeed"
echo -e 'redhat001\nredhat002\nredhat002' | ipa passwd
sleep $SLEEP

echo "Try resetting to password 4: it should fail"
echo -e 'redhat002\nredhat004\nredhat004' | ipa passwd
sleep $SLEEP

echo "Try resetting to password 3: it should succeed"
echo -e 'redhat002\nredhat003\nredhat003' | ipa passwd
sleep $SLEEP

More information about the Freeipa-devel mailing list