On 09/16/2014 07:25 PM, Nathaniel McCallum wrote:
On Tue, 2014-09-16 at 19:24 +0200, thierry bordaz wrote:
On 09/15/2014 09:05 PM, Nathaniel McCallum wrote:
This plugin ensures that all counter/watermark operations are atomic
and never decrement. Also, deletion is not permitted.
https://fedorahosted.org/freeipa/ticket/4494
_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
Hello Nathaniel,
Starting looking at it, I have just a question about
sanitize_input.
If the modification (replace) is related to counter/watermark,
it triggers an internal search on the target entry itself.
The original/modified entry is also present in the pblock. The
internal search will check the filter but except that what is
the benefit vs
taking the entry directly in the pblock.
I didn't know the entry was already in the pblock. What loads it? And
when? How do I access it?
Nathaniel
Hello Nathaniel,
You may retrieve the entry with slapi_pblock_get(pb,
SLAPI_ENTRY_PRE_OP, &e) [Slapi_Entry *e;].
This is the original entry, before the other be-preop plugin are
called and modifications occured.
If you need to check that the entry match a filter you may also do:
filter_str =
slapi_ch_strdup("(|(objectClass=ipatokenHOTP)(objectClass=ipatokenTOTP))");
filter = slapi_str2filter(filter_str);
if (slapi_filter_test_simple(e, filter) != 0) {
/* do not match */
}
or directly checking the objectclass values
slapi_entry_attr_find/slapi_attr_value_find
thanks
thierry
_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
