From: Ondřej Kuzník Date: Thu, 3 Mar 2022 10:54:34 +0000 (+0000) Subject: ITS#9343 Allow Compare to check pwdPolicySubentry X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=fbfb5454cd39588ebdc9fa36e50751f50e17c934;p=thirdparty%2Fopenldap.git ITS#9343 Allow Compare to check pwdPolicySubentry --- diff --git a/servers/slapd/overlays/ppolicy.c b/servers/slapd/overlays/ppolicy.c index 60dde82ee3..1815837aa7 100644 --- a/servers/slapd/overlays/ppolicy.c +++ b/servers/slapd/overlays/ppolicy.c @@ -2453,6 +2453,36 @@ ppolicy_compare( return rs->sr_err; } } + + if ( op->orc_ava->aa_desc == ad_pwdPolicySubentry ) { + BerVarray vals = NULL; + int rc; + + rc = backend_attribute( op, NULL, &op->o_req_ndn, + ad_pwdPolicySubentry, &vals, ACL_COMPARE ); + + if ( rc != LDAP_SUCCESS ) { + /* Defer to the DB */ + return SLAP_CB_CONTINUE; + } + + if ( value_find_ex( ad_pwdPolicySubentry, + SLAP_MR_ATTRIBUTE_VALUE_NORMALIZED_MATCH | + SLAP_MR_ASSERTED_VALUE_NORMALIZED_MATCH, + vals, &op->orc_ava->aa_value, op->o_tmpmemctx ) == 0 ) + { + rc = LDAP_COMPARE_TRUE; + } else { + rc = LDAP_COMPARE_FALSE; + } + + if ( vals ) { + ber_bvarray_free_x( vals, op->o_tmpmemctx ); + } + send_ldap_error( op, rs, rc, NULL ); + return rs->sr_err; + } + return SLAP_CB_CONTINUE; } diff --git a/tests/scripts/test022-ppolicy b/tests/scripts/test022-ppolicy index 2b2c8887de..7ed9c7683a 100755 --- a/tests/scripts/test022-ppolicy +++ b/tests/scripts/test022-ppolicy @@ -496,6 +496,16 @@ if test $RC != 0 ; then exit $RC fi +$LDAPCOMPARE -D "$MANAGERDN" -H $URI1 -w $PASSWD \ + "$USER" "pwdPolicySubentry:cn=Idle Expiration Policy, ou=Policies, dc=example, dc=com" \ + >> $TESTOUT 2>&1 +RC=$? +if test $RC != 6 ; then + echo "ldapcompare failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit 1 +fi + $LDAPSEARCH -e ppolicy -H $URI1 -D "$USER" -w $PASS \ -b "$BASEDN" -s base > $SEARCHOUT 2>&1 @@ -532,6 +542,16 @@ if test $RC != 0 ; then exit $RC fi +$LDAPCOMPARE -D "$MANAGERDN" -H $URI1 -w $PASSWD \ + "$USER" "pwdPolicySubentry:cn=Standard Policy, ou=Policies, dc=example, dc=com" \ + >> $TESTOUT 2>&1 +RC=$? +if test $RC != 6 ; then + echo "ldapcompare failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit 1 +fi + if test "$BACKLDAP" != "ldapno" && test "$SYNCPROV" != "syncprovno" ; then echo "" echo "Setting up policy state forwarding test..." @@ -720,6 +740,16 @@ if test $RC != 0 ; then exit $RC fi +$LDAPCOMPARE -D "$MANAGERDN" -H $URI1 -w $PASSWD \ + "$USER" "pwdPolicySubentry:cn=Stricter Policy, ou=Policies, dc=example, dc=com" \ + >> $TESTOUT 2>&1 +RC=$? +if test $RC != 6 ; then + echo "ldapcompare failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit 1 +fi + $LDAPMODIFY -v -D cn=config -H $URI2 -y $CONFIGPWF >> \ $TESTOUT 2>&1 << EOMODS dn: olcOverlay={0}ppolicy,olcDatabase={1}$BACKEND,cn=config @@ -736,6 +766,16 @@ if test $RC != 0 ; then exit $RC fi +$LDAPCOMPARE -D "$MANAGERDN" -H $URI2 -w $PASSWD \ + "$USER" "pwdPolicySubentry:cn=Stricter Policy, ou=Policies, dc=example, dc=com" \ + >> $TESTOUT 2>&1 +RC=$? +if test $RC != 6 ; then + echo "ldapcompare failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit 1 +fi + OLDPASS=$PASS PASS=newpass $LDAPPASSWD -H $URI1 \