From ab3db6538862f081f5e0bd0ce6054e8d89d22549 Mon Sep 17 00:00:00 2001 From: Aapo Romu Date: Mon, 29 Mar 2021 16:31:13 +0000 Subject: [PATCH] ITS#9629 back-sql: Add support for ppolicy opattrs So that ppolicy rules are applied --- servers/slapd/back-sql/add.c | 41 +++++++++++++++++++++++++++++++----- 1 file changed, 36 insertions(+), 5 deletions(-) diff --git a/servers/slapd/back-sql/add.c b/servers/slapd/back-sql/add.c index b47e96c1cd..9375827d82 100644 --- a/servers/slapd/back-sql/add.c +++ b/servers/slapd/back-sql/add.c @@ -35,23 +35,50 @@ #include #endif /* BACKSQL_SYNCPROV */ +const char * processable_op_attrs[] = { + "pwdAccountLockedTime", + "pwdChangedTime", + "pwdFailureTime", + "pwdGraceUseTime", + "pwdHistory", + "pwdPolicySubentry", + "pwdReset", + "entryUUID" +}; + +#define processable_op_attrs_length (sizeof (processable_op_attrs) / sizeof (const char *)) + +static int indexOf(const char *array[], int array_size, const char * value) { + for (int i = 0; i < array_size; ++i) { + if(strcmp(array[i], value) == 0) { + return i; + } + } + return -1; +} + +static int is_processable_opattr(const char * attr) { + return indexOf(processable_op_attrs, processable_op_attrs_length, attr) >= 0; +} + +#define backsql_opattr_skip(ad) \ + (is_at_operational( (ad)->ad_type ) && (ad) != slap_schema.si_ad_ref ) + /* * Skip: * - null values (e.g. delete modification) * - single occurrence of objectClass, because it is already used * to determine how to build the SQL entry - * - operational attributes + * - operational attributes (except those in processable_op_attrs) * - empty attributes */ -#define backsql_opattr_skip(ad) \ - (is_at_operational( (ad)->ad_type ) && (ad) != slap_schema.si_ad_ref ) #define backsql_attr_skip(ad, vals) \ ( \ - ( (ad) == slap_schema.si_ad_objectClass \ + ( ( (ad) == slap_schema.si_ad_objectClass \ && (vals) && BER_BVISNULL( &((vals)[ 1 ]) ) ) \ || backsql_opattr_skip( (ad) ) \ || ( (vals) && BER_BVISNULL( &((vals)[ 0 ]) ) ) \ - ) + ) && !is_processable_opattr( ad->ad_cname.bv_val ) ) int backsql_modify_delete_all_values( @@ -302,6 +329,10 @@ backsql_modify_internal( ad->ad_cname.bv_val, sm_ops[ sm_op ], BACKSQL_OC_NAME( oc ) ); if ( backsql_attr_skip( ad, sm_values ) ) { + Debug( LDAP_DEBUG_TRACE, " backsql_modify_internal(): " + "skipping attribute \"%s\"\n", + ad->ad_cname.bv_val, 0, 0 ); + continue; }