From ab3db6538862f081f5e0bd0ce6054e8d89d22549 Mon Sep 17 00:00:00 2001
From: Aapo Romu <aapo.romu@eficode.com>
Date: Mon, 29 Mar 2021 16:31:13 +0000
Subject: [PATCH] ITS#9629 back-sql: Add support for ppolicy opattrs

So that ppolicy rules are applied
---
 servers/slapd/back-sql/add.c | 41 +++++++++++++++++++++++++++++++-----
 1 file changed, 36 insertions(+), 5 deletions(-)

diff --git a/servers/slapd/back-sql/add.c b/servers/slapd/back-sql/add.c
index b47e96c1cd..9375827d82 100644
--- a/servers/slapd/back-sql/add.c
+++ b/servers/slapd/back-sql/add.c
@@ -35,23 +35,50 @@
 #include <lutil.h>
 #endif /* BACKSQL_SYNCPROV */
 
+const char * processable_op_attrs[] = {
+		"pwdAccountLockedTime",
+		"pwdChangedTime",
+		"pwdFailureTime",
+		"pwdGraceUseTime",
+		"pwdHistory",
+		"pwdPolicySubentry",
+		"pwdReset",
+		"entryUUID"
+};
+
+#define processable_op_attrs_length (sizeof (processable_op_attrs) / sizeof (const char *))
+
+static int indexOf(const char *array[], int array_size, const char * value) {
+	for (int i = 0; i < array_size; ++i) {
+		if(strcmp(array[i], value) == 0) {
+			return i;
+		}
+	}
+	return -1;
+}
+
+static int is_processable_opattr(const char * attr) {
+	return indexOf(processable_op_attrs, processable_op_attrs_length, attr) >= 0;
+}
+
+#define backsql_opattr_skip(ad) \
+	(is_at_operational( (ad)->ad_type ) && (ad) != slap_schema.si_ad_ref )
+
 /*
  * Skip:
  * - null values (e.g. delete modification)
  * - single occurrence of objectClass, because it is already used
  *   to determine how to build the SQL entry
- * - operational attributes
+ * - operational attributes (except those in processable_op_attrs)
  * - empty attributes
  */
-#define backsql_opattr_skip(ad) \
-	(is_at_operational( (ad)->ad_type ) && (ad) != slap_schema.si_ad_ref )
 #define	backsql_attr_skip(ad, vals) \
 	( \
-		( (ad) == slap_schema.si_ad_objectClass \
+		( ( (ad) == slap_schema.si_ad_objectClass \
 				&& (vals) && BER_BVISNULL( &((vals)[ 1 ]) ) ) \
 		|| backsql_opattr_skip( (ad) ) \
 		|| ( (vals) && BER_BVISNULL( &((vals)[ 0 ]) ) ) \
-	)
+	) && !is_processable_opattr( ad->ad_cname.bv_val ) )
 
 int
 backsql_modify_delete_all_values(
@@ -302,6 +329,10 @@ backsql_modify_internal(
 			ad->ad_cname.bv_val, sm_ops[ sm_op ], BACKSQL_OC_NAME( oc ) );
 
 		if ( backsql_attr_skip( ad, sm_values ) ) {
+			Debug( LDAP_DEBUG_TRACE, "   backsql_modify_internal(): "
+				"skipping attribute \"%s\"\n",
+				ad->ad_cname.bv_val, 0, 0 );
+
 			continue;
 		}