diff options
author | Guilhem Moulin <guilhem.moulin@fripost.org> | 2013-01-30 03:20:08 +0100 |
---|---|---|
committer | Guilhem Moulin <guilhem.moulin@fripost.org> | 2013-01-30 03:20:08 +0100 |
commit | 73c7ba4d856553706528bf2a3ae91a82fa121c10 (patch) | |
tree | 5b2e61019f198bd9290d69cb9298ac78840801ce /ldap/test-user-acl.sh | |
parent | 76b3e15f27cb2c3710e06f8cc74f95809d2a45ad (diff) |
Prevent the WebApp from modifying the user passwords.
Diffstat (limited to 'ldap/test-user-acl.sh')
-rwxr-xr-x | ldap/test-user-acl.sh | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/ldap/test-user-acl.sh b/ldap/test-user-acl.sh index 5e92a3c..544c667 100755 --- a/ldap/test-user-acl.sh +++ b/ldap/test-user-acl.sh @@ -1617,6 +1617,16 @@ for U in ${USERS}; do DN=$(echo "dn:${U},${SUFFIXV}" | tr [A-Z] [a-z]) slapauth -U "${PANEL}" -X "${DN}" 2>&1 | grep '^authorization ' done | isOK '^authorization failed$' +[ $? -eq 0 ] || exit $? + +msg "Have =0 access on passwords" +for U in ${USERS}; do + DN=$(echo "dn:${U},${SUFFIXV}" | tr [A-Z] [a-z]) + for U2 in ${USERS}; do + slapacl -U "${PANEL}" -X "${DN}" -b "${U2},${SUFFIXV}" userPassword 2>&1 | grep '^userPassword: ' + done +done | isOK '=0$' +[ $? -eq 0 ] || exit $? # TODO: is that needed? if test -x /usr/bin/sudo && sudo -u fpanel klist >/dev/null; then |