On 06/13/2016 05:06 PM, Alexander Bokovoy wrote:
On Mon, 13 Jun 2016, thierry bordaz wrote:
From fff11869d8cf3dfe98471e018c10926fc23b13da Mon Sep 17 00:00:00 2001
From: Thierry Bordaz <tbor...@redhat.com>
Date: Fri, 10 Jun 2016 15:34:40 +0200
Subject: [PATCH] ipapwd_extop should use TARGET_DN defined by a pre-extop
plugin

ipapwd_extop allows to update the password on a specific entry, identified by its DN. It can be usefull to support virtual DN in the extop so that update of a virtual entry
would land into the proper real entry.

If a pre-extop sets the TARGET_DN, ipapwd_extop sets ORIGINAL_DN with the value
of TARGET_DN, instead of using the original one (in the ber req)

https://fedorahosted.org/freeipa/ticket/5946
---
.../ipa-pwd-extop/ipa_pwd_extop.c | 33 ++++++++++++++++------
1 file changed, 25 insertions(+), 8 deletions(-)

diff --git a/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c b/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c
index 440e221..10fff30 100644
--- a/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c
+++ b/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c
@@ -207,8 +207,10 @@ static int ipapwd_chpwop(Slapi_PBlock *pb, struct ipapwd_krbcfg *krbcfg)
    char *attrlist[] = {"*", "passwordHistory", NULL };
    struct ipapwd_data pwdata;
    int is_krb, is_smb, is_ipant;
-    char *principal = NULL;
+    char *principal = NULL;
    Slapi_PBlock *chpwop_pb = NULL;
+    Slapi_DN     *target_sdn = NULL;
+    char         *target_dn = NULL;

    /* Get the ber value of the extended operation */
    slapi_pblock_get(pb, SLAPI_EXT_OP_REQ_VALUE, &extop_value);
@@ -327,13 +329,28 @@ parse_req_done:
        }
    }

-     /* Determine the target DN for this operation */
-     /* Did they give us a DN ? */
-    if (dn == NULL || *dn == '\0') {
-         /* Get the DN from the bind identity on this connection */
-        dn = slapi_ch_strdup(bindDN);
-        LOG_TRACE("Missing userIdentity in request, "
-                          "using the bind DN instead.\n");
+    /* Determine the target DN for this operation */
+    slapi_pblock_get(pb, SLAPI_TARGET_SDN, &target_sdn);
+    target_dn = slapi_sdn_get_ndn(target_sdn);
+    if (target_dn) {
can you please use the same style for writing comparisons as the file using already?
 if (!(target_dn == NULL || *target_dn == '\0')) { ... }

+        /* At this point if SLAPI_TARGET_SDN was set that means
+         * that a SLAPI_PLUGIN_PRE_EXTOP_FN plugin sets it
+         * So take this one rather that the raw one that is in the ber
+         */
+ LOG_TRACE("extop dn %s was translated to %s\n", dn ? dn : "<empty>", target_dn);
+        slapi_ch_free_string(&dn);
+        dn = slapi_ch_strdup(target_dn);
+        slapi_sdn_free(&target_sdn);
+        slapi_pblock_set(pb, SLAPI_TARGET_SDN, NULL);
+    } else {
+        /* Did they give us a DN ? */
+        if (dn == NULL || *dn == '\0') {
+            /* Get the DN from the bind identity on this connection */
+            dn = slapi_ch_strdup(bindDN);
+            LOG_TRACE("Missing userIdentity in request, "
+                "using the bind DN instead.\n");
+        }
+        LOG_TRACE("extop dn %s (from ber)\n", dn ? dn : "<empty>");
    }

     if (slapi_pblock_set( pb, SLAPI_ORIGINAL_TARGET, dn )) {
--
2.5.0



Changing the comparison style

>From ac6c0617f618fc609df93dc18ec25255484b533d Mon Sep 17 00:00:00 2001
From: Thierry Bordaz <tbor...@redhat.com>
Date: Fri, 10 Jun 2016 15:34:40 +0200
Subject: [PATCH] ipapwd_extop should use TARGET_DN defined by a pre-extop
 plugin

ipapwd_extop allows to update the password on a specific entry, identified by its DN.
It can be usefull to support virtual DN in the extop so that update of a virtual entry
would land into the proper real entry.

If a pre-extop sets the TARGET_DN, ipapwd_extop sets ORIGINAL_DN with the value
of TARGET_DN, instead of using the original one (in the ber req)

https://fedorahosted.org/freeipa/ticket/5946
---
 .../ipa-pwd-extop/ipa_pwd_extop.c                  | 36 +++++++++++++++++-----
 1 file changed, 28 insertions(+), 8 deletions(-)

diff --git a/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c b/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c
index 440e221..3c2c44f 100644
--- a/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c
+++ b/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c
@@ -207,8 +207,10 @@ static int ipapwd_chpwop(Slapi_PBlock *pb, struct ipapwd_krbcfg *krbcfg)
 	char *attrlist[] = {"*", "passwordHistory", NULL };
 	struct ipapwd_data pwdata;
 	int is_krb, is_smb, is_ipant;
-    char *principal = NULL;
+	char *principal = NULL;
 	Slapi_PBlock *chpwop_pb = NULL;
+	Slapi_DN     *target_sdn = NULL;
+	char         *target_dn = NULL;
 
 	/* Get the ber value of the extended operation */
 	slapi_pblock_get(pb, SLAPI_EXT_OP_REQ_VALUE, &extop_value);
@@ -327,14 +329,32 @@ parse_req_done:
 		}
 	}
 
-	 /* Determine the target DN for this operation */
-	 /* Did they give us a DN ? */
-	if (dn == NULL || *dn == '\0') {
-	 	/* Get the DN from the bind identity on this connection */
-		dn = slapi_ch_strdup(bindDN);
-		LOG_TRACE("Missing userIdentity in request, "
-                          "using the bind DN instead.\n");
+	/* Determine the target DN for this operation */
+	slapi_pblock_get(pb, SLAPI_TARGET_SDN, &target_sdn);
+	if (target_sdn != NULL) {
+		/* If there is a TARGET_DN we are consuming it */
+		slapi_pblock_set(pb, SLAPI_TARGET_SDN, NULL);
+		target_dn = slapi_sdn_get_ndn(target_sdn);
 	}
+	if (target_dn == NULL || *target_dn == '\0') {
+		/* Did they give us a DN ? */
+		if (dn == NULL || *dn == '\0') {
+			/* Get the DN from the bind identity on this connection */
+			dn = slapi_ch_strdup(bindDN);
+			LOG_TRACE("Missing userIdentity in request, "
+				"using the bind DN instead.\n");
+		}
+		LOG_TRACE("extop dn %s (from ber)\n", dn ? dn : "<empty>");
+	} else {
+		/* At this point if SLAPI_TARGET_SDN was set that means
+		 * that a SLAPI_PLUGIN_PRE_EXTOP_FN plugin sets it
+		 * So take this one rather that the raw one that is in the ber
+		 */
+		LOG_TRACE("extop dn %s was translated to %s\n", dn ? dn : "<empty>", target_dn);
+		slapi_ch_free_string(&dn);
+		dn = slapi_ch_strdup(target_dn);
+	}
+	slapi_sdn_free(&target_sdn);
 
 	 if (slapi_pblock_set( pb, SLAPI_ORIGINAL_TARGET, dn )) {
 		LOG_FATAL("slapi_pblock_set failed!\n");
-- 
2.5.0

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to