From 4cd36fe80cea997780c2d6d9f4afbbcaa3b5cff3 Mon Sep 17 00:00:00 2001 From: Noriko Hosoi Date: Jun 26 2012 23:30:27 +0000 Subject: Bug 835238 - Account Usability Control Not Working https://bugzilla.redhat.com/show_bug.cgi?id=835238 Fix Description: Commit 003812911f56619f0db58ba627037644fb0f68fb broke the feature. This patch is backing off the change so that get_entry accepts NULL pblock, which is necessary for the Account Usability plugin. --- diff --git a/ldap/servers/slapd/pw.c b/ldap/servers/slapd/pw.c index 2a7b29b..b3843b8 100644 --- a/ldap/servers/slapd/pw.c +++ b/ldap/servers/slapd/pw.c @@ -1533,23 +1533,20 @@ new_passwdPolicy(Slapi_PBlock *pb, const char *dn) char ebuf[ BUFSIZ ]; int optype = -1; - /* RFE - is there a way to make this work for non-existent entries - * when we don't pass in pb? We'll need to do this if we add support - * for password policy plug-ins. */ - if (NULL == pb) { - LDAPDebug0Args(LDAP_DEBUG_ANY, - "new_passwdPolicy: NULL pblock was passed.\n"); - return NULL; - } slapdFrontendConfig = getFrontendConfig(); pwdpolicy = (passwdPolicy *)slapi_ch_calloc(1, sizeof(passwdPolicy)); - slapi_pblock_get( pb, SLAPI_OPERATION_TYPE, &optype ); + if (pb) { + slapi_pblock_get( pb, SLAPI_OPERATION_TYPE, &optype ); + } if (dn && (slapdFrontendConfig->pwpolicy_local == 1)) { /* If we're doing an add, COS does not apply yet so we check parents for the pwdpolicysubentry. We look only for virtual attributes, because real ones are for single-target policy. */ + /* RFE - is there a way to make this work for non-existent entries + * when we don't pass in pb? We'll need to do this if we add support + * for password policy plug-ins. */ if (optype == SLAPI_OPERATION_ADD) { char *parentdn = slapi_ch_strdup(dn); char *nextdn = NULL; diff --git a/ldap/servers/slapd/pw_retry.c b/ldap/servers/slapd/pw_retry.c index 48849fb..da3e6f4 100644 --- a/ldap/servers/slapd/pw_retry.c +++ b/ldap/servers/slapd/pw_retry.c @@ -206,45 +206,52 @@ void set_retry_cnt ( Slapi_PBlock *pb, int count) } +/* + * If "dn" is passed, get_entry returns an entry which dn is "dn". + * If "dn" is not passed, it returns an entry which dn is set in + * SLAPI_TARGET_SDN in pblock. + * Note: pblock is not mandatory for get_entry (e.g., new_passwdPolicy). + */ Slapi_Entry *get_entry ( Slapi_PBlock *pb, const char *dn) { int search_result = 0; Slapi_Entry *retentry = NULL; Slapi_DN *target_sdn = NULL; + char *target_dn = (char *)dn; Slapi_DN sdn; void *txn = NULL; - if (NULL == pb) { - LDAPDebug(LDAP_DEBUG_ANY, "get_entry - no pblock specified.\n", - 0, 0, 0); - goto bail; - } - - slapi_pblock_get( pb, SLAPI_TARGET_SDN, &target_sdn ); - slapi_pblock_get( pb, SLAPI_TXN, &txn ); - - if (dn == NULL) { - dn = slapi_sdn_get_dn(target_sdn); + if (pb) { + slapi_pblock_get( pb, SLAPI_TARGET_SDN, &target_sdn ); + slapi_pblock_get( pb, SLAPI_TXN, &txn ); + if (target_dn == NULL) { + target_dn = slapi_sdn_get_dn(target_sdn); + } } - if (dn == NULL) { - LDAPDebug (LDAP_DEBUG_TRACE, "WARNING: 'get_entry' - no dn specified.\n", 0, 0, 0); + if (target_dn == NULL) { + LDAPDebug0Args(LDAP_DEBUG_TRACE, + "WARNING: 'get_entry' - no dn specified.\n"); goto bail; } - slapi_sdn_init_dn_byref(&sdn, dn); - - if (slapi_sdn_compare(&sdn, target_sdn)) { /* does not match */ - target_sdn = &sdn; + if (target_dn == dn) { /* target_dn is NOT from target_sdn */ + slapi_sdn_init_dn_byref(&sdn, target_dn); + target_sdn = &sdn; } search_result = slapi_search_internal_get_entry_ext(target_sdn, NULL, - &retentry, - pw_get_componentID(), txn); + &retentry, + pw_get_componentID(), + txn); if (search_result != LDAP_SUCCESS) { - LDAPDebug (LDAP_DEBUG_TRACE, "WARNING: 'get_entry' can't find entry '%s', err %d\n", dn, search_result, 0); + LDAPDebug2Args(LDAP_DEBUG_TRACE, + "WARNING: 'get_entry' can't find entry '%s', err %d\n", + target_dn, search_result); + } + if (target_dn == dn) { /* target_dn is NOT from target_sdn */ + slapi_sdn_done(&sdn); } - slapi_sdn_done(&sdn); bail: return retentry; }