From db9da05171b782a98bf4df467032b4d7b1d6c727 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Ond=C5=99ej=20Kuzn=C3=ADk?= Date: Tue, 1 Mar 2022 14:00:56 +0000 Subject: [PATCH] ITS#9343 Provide effective value of pwdPolicySubentry --- servers/slapd/overlays/ppolicy.c | 51 ++++++++++++++++++++++++++++++++ 1 file changed, 51 insertions(+) diff --git a/servers/slapd/overlays/ppolicy.c b/servers/slapd/overlays/ppolicy.c index 66b2ec0bae..17a1b95383 100644 --- a/servers/slapd/overlays/ppolicy.c +++ b/servers/slapd/overlays/ppolicy.c @@ -1072,6 +1072,56 @@ fail: (void)ber_free_buf(ber); } +static int +ppolicy_operational( Operation *op, SlapReply *rs ) +{ + slap_overinst *on = (slap_overinst *)op->o_bd->bd_info; + pp_info *pi = on->on_bi.bi_private; + Entry *e = rs->sr_entry; + + /* This allows clients to find out if there's a value stored directly in + * the DB (and syncrepl clients not to commit our generated copy), callers + * need to make sure they don't copy the control from their op if they need + * it resolved anyway */ + if ( op->o_managedsait != SLAP_CONTROL_NONE ) + return SLAP_CB_CONTINUE; + + /* No entry or attribute already set? Nothing to do */ + if ( !e || attr_find( e->e_attrs, ad_pwdPolicySubentry ) ) + return SLAP_CB_CONTINUE; + + if ( SLAP_OPATTRS( rs->sr_attr_flags ) || + ad_inlist( ad_pwdPolicySubentry, rs->sr_attrs )) { + Attribute *a, **ap = NULL; + policy_rule *pr; + BerVarray vals; + + for ( pr = pi->policy_rules; pr; pr = pr->next ) { + if ( !dnIsSuffixScope( &e->e_nname, &pr->base, pr->scope ) ) continue; + if ( pr->filter && test_filter( op, e, pr->filter ) != LDAP_COMPARE_TRUE ) continue; + + /* We found a match */ + break; + } + + if ( pr ) { + vals = &pr->policy_dn; + } else if ( !BER_BVISNULL( &pi->def_policy ) ) { + vals = &pi->def_policy; + } else { + return SLAP_CB_CONTINUE; + } + + a = attr_alloc( ad_pwdPolicySubentry ); + attr_valadd( a, vals, vals, 1 ); + + for ( ap = &rs->sr_operational_attrs; *ap; ap=&(*ap)->a_next ); + *ap = a; + } + + return SLAP_CB_CONTINUE; +} + static void ppolicy_get_default( PassPolicy *pp ) { @@ -3626,6 +3676,7 @@ int ppolicy_initialize() ppolicy.on_bi.bi_op_delete = ppolicy_restrict; ppolicy.on_bi.bi_op_modify = ppolicy_modify; ppolicy.on_bi.bi_op_search = ppolicy_search; + ppolicy.on_bi.bi_operational = ppolicy_operational; ppolicy.on_bi.bi_connection_destroy = ppolicy_connection_destroy; ppolicy.on_bi.bi_cf_ocs = ppolicyocs; -- 2.47.3