Re: [Freeipa-devel] [PATCH] 0020 Enable password change extop to apply on virtual entry like the entry in compat tree
On 22.06.2016 19:02, Alexander Bokovoy wrote:
On Wed, 22 Jun 2016, thierry bordaz wrote:
I think FreeIPA also needs to raise dependency to slapi-nis >= 0.56.0
for this.
Testing with slapi-nis 0.56.0-2, successful update of password from
compat tree users.
Great, ACK!
Pushed to master: 1ce8d32fd6c09b0bfcb1593e2e5ad8e47eef3670
From 034a07211de4d11c6cb998676cc5f7439af981c6 Mon Sep 17 00:00:00 2001
From: Thierry Bordaz
Date: Fri, 10 Jun 2016 15:34:40 +0200
Subject: [PATCH] ipapwd_extop should use TARGET_DN defined by a
pre-extop
plugin
ipapwd_extop allows to update the password on a specific entry,
identified by its DN.
It can be usefull to support virtual DN in the extop so that update
of a virtual entry
would land into the proper real entry.
If a pre-extop sets the TARGET_DN, ipapwd_extop sets ORIGINAL_DN with
the value
of TARGET_DN, instead of using the original one (in the ber req)
There is a dependency on slapi-nis >= 0.56-0.1
(https://fedorahosted.org/freeipa/ticket/5955)
https://fedorahosted.org/freeipa/ticket/5946
---
.../ipa-pwd-extop/ipa_pwd_extop.c | 36
+-
freeipa.spec.in| 2 +-
2 files changed, 29 insertions(+), 9 deletions(-)
diff --git a/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c
b/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c
index 440e221..3c2c44f 100644
--- a/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c
+++ b/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c
@@ -207,8 +207,10 @@ static int ipapwd_chpwop(Slapi_PBlock *pb,
struct ipapwd_krbcfg *krbcfg)
char *attrlist[] = {"*", "passwordHistory", NULL };
struct ipapwd_data pwdata;
int is_krb, is_smb, is_ipant;
-char *principal = NULL;
+char *principal = NULL;
Slapi_PBlock *chpwop_pb = NULL;
+Slapi_DN *target_sdn = NULL;
+char *target_dn = NULL;
/* Get the ber value of the extended operation */
slapi_pblock_get(pb, SLAPI_EXT_OP_REQ_VALUE, &extop_value);
@@ -327,14 +329,32 @@ parse_req_done:
}
}
- /* Determine the target DN for this operation */
- /* Did they give us a DN ? */
-if (dn == NULL || *dn == '\0') {
- /* Get the DN from the bind identity on this connection */
-dn = slapi_ch_strdup(bindDN);
-LOG_TRACE("Missing userIdentity in request, "
- "using the bind DN instead.\n");
+/* Determine the target DN for this operation */
+slapi_pblock_get(pb, SLAPI_TARGET_SDN, &target_sdn);
+if (target_sdn != NULL) {
+/* If there is a TARGET_DN we are consuming it */
+slapi_pblock_set(pb, SLAPI_TARGET_SDN, NULL);
+target_dn = slapi_sdn_get_ndn(target_sdn);
}
+if (target_dn == NULL || *target_dn == '\0') {
+/* Did they give us a DN ? */
+if (dn == NULL || *dn == '\0') {
+/* Get the DN from the bind identity on this connection */
+dn = slapi_ch_strdup(bindDN);
+LOG_TRACE("Missing userIdentity in request, "
+"using the bind DN instead.\n");
+}
+LOG_TRACE("extop dn %s (from ber)\n", dn ? dn : "");
+} else {
+/* At this point if SLAPI_TARGET_SDN was set that means
+ * that a SLAPI_PLUGIN_PRE_EXTOP_FN plugin sets it
+ * So take this one rather that the raw one that is in the ber
+ */
+LOG_TRACE("extop dn %s was translated to %s\n", dn ? dn :
"", target_dn);
+slapi_ch_free_string(&dn);
+dn = slapi_ch_strdup(target_dn);
+}
+slapi_sdn_free(&target_sdn);
if (slapi_pblock_set( pb, SLAPI_ORIGINAL_TARGET, dn )) {
LOG_FATAL("slapi_pblock_set failed!\n");
diff --git a/freeipa.spec.in b/freeipa.spec.in
index 0d5c745..84a1d65 100644
--- a/freeipa.spec.in
+++ b/freeipa.spec.in
@@ -154,7 +154,7 @@ Requires(pre): systemd-units
Requires(post): systemd-units
Requires: selinux-policy >= %{selinux_policy_version}
Requires(post): selinux-policy-base >= %{selinux_policy_version}
-Requires: slapi-nis >= 0.55-1
+Requires: slapi-nis >= 0.56.0
Requires: pki-ca >= 10.3.2
Requires: pki-kra >= 10.3.2
Requires(preun): python systemd-units
--
2.5.0
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
Re: [Freeipa-devel] [PATCH] 0020 Enable password change extop to apply on virtual entry like the entry in compat tree
On Wed, 22 Jun 2016, thierry bordaz wrote:
I think FreeIPA also needs to raise dependency to slapi-nis >= 0.56.0
for this.
Testing with slapi-nis 0.56.0-2, successful update of password from
compat tree users.
Great, ACK!
From 034a07211de4d11c6cb998676cc5f7439af981c6 Mon Sep 17 00:00:00 2001
From: Thierry Bordaz
Date: Fri, 10 Jun 2016 15:34:40 +0200
Subject: [PATCH] ipapwd_extop should use TARGET_DN defined by a pre-extop
plugin
ipapwd_extop allows to update the password on a specific entry, identified by
its DN.
It can be usefull to support virtual DN in the extop so that update of a
virtual entry
would land into the proper real entry.
If a pre-extop sets the TARGET_DN, ipapwd_extop sets ORIGINAL_DN with the value
of TARGET_DN, instead of using the original one (in the ber req)
There is a dependency on slapi-nis >= 0.56-0.1
(https://fedorahosted.org/freeipa/ticket/5955)
https://fedorahosted.org/freeipa/ticket/5946
---
.../ipa-pwd-extop/ipa_pwd_extop.c | 36 +-
freeipa.spec.in| 2 +-
2 files changed, 29 insertions(+), 9 deletions(-)
diff --git a/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c
b/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c
index 440e221..3c2c44f 100644
--- a/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c
+++ b/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c
@@ -207,8 +207,10 @@ static int ipapwd_chpwop(Slapi_PBlock *pb, struct
ipapwd_krbcfg *krbcfg)
char *attrlist[] = {"*", "passwordHistory", NULL };
struct ipapwd_data pwdata;
int is_krb, is_smb, is_ipant;
-char *principal = NULL;
+ char *principal = NULL;
Slapi_PBlock *chpwop_pb = NULL;
+ Slapi_DN *target_sdn = NULL;
+ char *target_dn = NULL;
/* Get the ber value of the extended operation */
slapi_pblock_get(pb, SLAPI_EXT_OP_REQ_VALUE, &extop_value);
@@ -327,14 +329,32 @@ parse_req_done:
}
}
-/* Determine the target DN for this operation */
-/* Did they give us a DN ? */
- if (dn == NULL || *dn == '\0') {
- /* Get the DN from the bind identity on this connection */
- dn = slapi_ch_strdup(bindDN);
- LOG_TRACE("Missing userIdentity in request, "
- "using the bind DN instead.\n");
+ /* Determine the target DN for this operation */
+ slapi_pblock_get(pb, SLAPI_TARGET_SDN, &target_sdn);
+ if (target_sdn != NULL) {
+ /* If there is a TARGET_DN we are consuming it */
+ slapi_pblock_set(pb, SLAPI_TARGET_SDN, NULL);
+ target_dn = slapi_sdn_get_ndn(target_sdn);
}
+ if (target_dn == NULL || *target_dn == '\0') {
+ /* Did they give us a DN ? */
+ if (dn == NULL || *dn == '\0') {
+ /* Get the DN from the bind identity on this connection
*/
+ dn = slapi_ch_strdup(bindDN);
+ LOG_TRACE("Missing userIdentity in request, "
+ "using the bind DN instead.\n");
+ }
+ LOG_TRACE("extop dn %s (from ber)\n", dn ? dn : "");
+ } else {
+ /* At this point if SLAPI_TARGET_SDN was set that means
+* that a SLAPI_PLUGIN_PRE_EXTOP_FN plugin sets it
+* So take this one rather that the raw one that is in the ber
+*/
+ LOG_TRACE("extop dn %s was translated to %s\n", dn ? dn :
"", target_dn);
+ slapi_ch_free_string(&dn);
+ dn = slapi_ch_strdup(target_dn);
+ }
+ slapi_sdn_free(&target_sdn);
if (slapi_pblock_set( pb, SLAPI_ORIGINAL_TARGET, dn )) {
LOG_FATAL("slapi_pblock_set failed!\n");
diff --git a/freeipa.spec.in b/freeipa.spec.in
index 0d5c745..84a1d65 100644
--- a/freeipa.spec.in
+++ b/freeipa.spec.in
@@ -154,7 +154,7 @@ Requires(pre): systemd-units
Requires(post): systemd-units
Requires: selinux-policy >= %{selinux_policy_version}
Requires(post): selinux-policy-base >= %{selinux_policy_version}
-Requires: slapi-nis >= 0.55-1
+Requires: slapi-nis >= 0.56.0
Requires: pki-ca >= 10.3.2
Requires: pki-kra >= 10.3.2
Requires(preun): python systemd-units
--
2.5.0
--
/ Alexander Bokovoy
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
Re: [Freeipa-devel] [PATCH] 0020 Enable password change extop to apply on virtual entry like the entry in compat tree
On 06/20/2016 08:27 PM, Alexander Bokovoy wrote:
On Tue, 14 Jun 2016, thierry bordaz wrote:
From ac6c0617f618fc609df93dc18ec25255484b533d Mon Sep 17 00:00:00 2001
From: Thierry Bordaz
Date: Fri, 10 Jun 2016 15:34:40 +0200
Subject: [PATCH] ipapwd_extop should use TARGET_DN defined by a
pre-extop
plugin
ipapwd_extop allows to update the password on a specific entry,
identified by its DN.
It can be usefull to support virtual DN in the extop so that update
of a virtual entry
would land into the proper real entry.
If a pre-extop sets the TARGET_DN, ipapwd_extop sets ORIGINAL_DN with
the value
of TARGET_DN, instead of using the original one (in the ber req)
https://fedorahosted.org/freeipa/ticket/5946
---
.../ipa-pwd-extop/ipa_pwd_extop.c | 36
+-
1 file changed, 28 insertions(+), 8 deletions(-)
diff --git a/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c
b/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c
index 440e221..3c2c44f 100644
--- a/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c
+++ b/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c
@@ -207,8 +207,10 @@ static int ipapwd_chpwop(Slapi_PBlock *pb,
struct ipapwd_krbcfg *krbcfg)
char *attrlist[] = {"*", "passwordHistory", NULL };
struct ipapwd_data pwdata;
int is_krb, is_smb, is_ipant;
-char *principal = NULL;
+char *principal = NULL;
Slapi_PBlock *chpwop_pb = NULL;
+Slapi_DN *target_sdn = NULL;
+char *target_dn = NULL;
/* Get the ber value of the extended operation */
slapi_pblock_get(pb, SLAPI_EXT_OP_REQ_VALUE, &extop_value);
@@ -327,14 +329,32 @@ parse_req_done:
}
}
- /* Determine the target DN for this operation */
- /* Did they give us a DN ? */
-if (dn == NULL || *dn == '\0') {
- /* Get the DN from the bind identity on this connection */
-dn = slapi_ch_strdup(bindDN);
-LOG_TRACE("Missing userIdentity in request, "
- "using the bind DN instead.\n");
+/* Determine the target DN for this operation */
+slapi_pblock_get(pb, SLAPI_TARGET_SDN, &target_sdn);
+if (target_sdn != NULL) {
+/* If there is a TARGET_DN we are consuming it */
+slapi_pblock_set(pb, SLAPI_TARGET_SDN, NULL);
+target_dn = slapi_sdn_get_ndn(target_sdn);
}
+if (target_dn == NULL || *target_dn == '\0') {
+/* Did they give us a DN ? */
+if (dn == NULL || *dn == '\0') {
+/* Get the DN from the bind identity on this connection */
+dn = slapi_ch_strdup(bindDN);
+LOG_TRACE("Missing userIdentity in request, "
+"using the bind DN instead.\n");
+}
+LOG_TRACE("extop dn %s (from ber)\n", dn ? dn : "");
+} else {
+/* At this point if SLAPI_TARGET_SDN was set that means
+ * that a SLAPI_PLUGIN_PRE_EXTOP_FN plugin sets it
+ * So take this one rather that the raw one that is in the ber
+ */
+LOG_TRACE("extop dn %s was translated to %s\n", dn ? dn :
"", target_dn);
+slapi_ch_free_string(&dn);
+dn = slapi_ch_strdup(target_dn);
+}
+slapi_sdn_free(&target_sdn);
if (slapi_pblock_set( pb, SLAPI_ORIGINAL_TARGET, dn )) {
LOG_FATAL("slapi_pblock_set failed!\n");
--
2.5.0
ACK. A build with slapi-nis 0.56.0-2.fc24 that includes pre-extop
callback is available in Fedora --
https://bodhi.fedoraproject.org/updates/slapi-nis-0.56.0-2.fc24 so you
can test against it.
I think FreeIPA also needs to raise dependency to slapi-nis >= 0.56.0
for this.
Testing with slapi-nis 0.56.0-2, successful update of password from
compat tree users.
>From 034a07211de4d11c6cb998676cc5f7439af981c6 Mon Sep 17 00:00:00 2001
From: Thierry Bordaz
Date: Fri, 10 Jun 2016 15:34:40 +0200
Subject: [PATCH] ipapwd_extop should use TARGET_DN defined by a pre-extop
plugin
ipapwd_extop allows to update the password on a specific entry, identified by its DN.
It can be usefull to support virtual DN in the extop so that update of a virtual entry
would land into the proper real entry.
If a pre-extop sets the TARGET_DN, ipapwd_extop sets ORIGINAL_DN with the value
of TARGET_DN, instead of using the original one (in the ber req)
There is a dependency on slapi-nis >= 0.56-0.1 (https://fedorahosted.org/freeipa/ticket/5955)
https://fedorahosted.org/freeipa/ticket/5946
---
.../ipa-pwd-extop/ipa_pwd_extop.c | 36 +-
freeipa.spec.in| 2 +-
2 files changed, 29 insertions(+), 9 deletions(-)
diff --git a/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c b/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c
index 440e221..3c2c44f 100644
--- a/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c
+++ b/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c
@@ -207,8 +207,10 @@ static int ipapwd_chpwop(Slapi_PBlock *pb, struct ipapwd_krbcfg *krbcfg)
Re: [Freeipa-devel] [PATCH] 0020 Enable password change extop to apply on virtual entry like the entry in compat tree
On Tue, 14 Jun 2016, thierry bordaz wrote:
From ac6c0617f618fc609df93dc18ec25255484b533d Mon Sep 17 00:00:00 2001
From: Thierry Bordaz
Date: Fri, 10 Jun 2016 15:34:40 +0200
Subject: [PATCH] ipapwd_extop should use TARGET_DN defined by a pre-extop
plugin
ipapwd_extop allows to update the password on a specific entry, identified by
its DN.
It can be usefull to support virtual DN in the extop so that update of a
virtual entry
would land into the proper real entry.
If a pre-extop sets the TARGET_DN, ipapwd_extop sets ORIGINAL_DN with the value
of TARGET_DN, instead of using the original one (in the ber req)
https://fedorahosted.org/freeipa/ticket/5946
---
.../ipa-pwd-extop/ipa_pwd_extop.c | 36 +-
1 file changed, 28 insertions(+), 8 deletions(-)
diff --git a/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c
b/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c
index 440e221..3c2c44f 100644
--- a/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c
+++ b/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c
@@ -207,8 +207,10 @@ static int ipapwd_chpwop(Slapi_PBlock *pb, struct
ipapwd_krbcfg *krbcfg)
char *attrlist[] = {"*", "passwordHistory", NULL };
struct ipapwd_data pwdata;
int is_krb, is_smb, is_ipant;
-char *principal = NULL;
+ char *principal = NULL;
Slapi_PBlock *chpwop_pb = NULL;
+ Slapi_DN *target_sdn = NULL;
+ char *target_dn = NULL;
/* Get the ber value of the extended operation */
slapi_pblock_get(pb, SLAPI_EXT_OP_REQ_VALUE, &extop_value);
@@ -327,14 +329,32 @@ parse_req_done:
}
}
-/* Determine the target DN for this operation */
-/* Did they give us a DN ? */
- if (dn == NULL || *dn == '\0') {
- /* Get the DN from the bind identity on this connection */
- dn = slapi_ch_strdup(bindDN);
- LOG_TRACE("Missing userIdentity in request, "
- "using the bind DN instead.\n");
+ /* Determine the target DN for this operation */
+ slapi_pblock_get(pb, SLAPI_TARGET_SDN, &target_sdn);
+ if (target_sdn != NULL) {
+ /* If there is a TARGET_DN we are consuming it */
+ slapi_pblock_set(pb, SLAPI_TARGET_SDN, NULL);
+ target_dn = slapi_sdn_get_ndn(target_sdn);
}
+ if (target_dn == NULL || *target_dn == '\0') {
+ /* Did they give us a DN ? */
+ if (dn == NULL || *dn == '\0') {
+ /* Get the DN from the bind identity on this connection
*/
+ dn = slapi_ch_strdup(bindDN);
+ LOG_TRACE("Missing userIdentity in request, "
+ "using the bind DN instead.\n");
+ }
+ LOG_TRACE("extop dn %s (from ber)\n", dn ? dn : "");
+ } else {
+ /* At this point if SLAPI_TARGET_SDN was set that means
+* that a SLAPI_PLUGIN_PRE_EXTOP_FN plugin sets it
+* So take this one rather that the raw one that is in the ber
+*/
+ LOG_TRACE("extop dn %s was translated to %s\n", dn ? dn :
"", target_dn);
+ slapi_ch_free_string(&dn);
+ dn = slapi_ch_strdup(target_dn);
+ }
+ slapi_sdn_free(&target_sdn);
if (slapi_pblock_set( pb, SLAPI_ORIGINAL_TARGET, dn )) {
LOG_FATAL("slapi_pblock_set failed!\n");
--
2.5.0
ACK. A build with slapi-nis 0.56.0-2.fc24 that includes pre-extop
callback is available in Fedora --
https://bodhi.fedoraproject.org/updates/slapi-nis-0.56.0-2.fc24 so you
can test against it.
I think FreeIPA also needs to raise dependency to slapi-nis >= 0.56.0
for this.
--
/ Alexander Bokovoy
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
Re: [Freeipa-devel] [PATCH] 0020 Enable password change extop to apply on virtual entry like the entry in compat tree
On Tue, 14 Jun 2016, thierry bordaz wrote:
From ac6c0617f618fc609df93dc18ec25255484b533d Mon Sep 17 00:00:00 2001
From: Thierry Bordaz
Date: Fri, 10 Jun 2016 15:34:40 +0200
Subject: [PATCH] ipapwd_extop should use TARGET_DN defined by a pre-extop
plugin
ipapwd_extop allows to update the password on a specific entry, identified by
its DN.
It can be usefull to support virtual DN in the extop so that update of a
virtual entry
would land into the proper real entry.
If a pre-extop sets the TARGET_DN, ipapwd_extop sets ORIGINAL_DN with the value
of TARGET_DN, instead of using the original one (in the ber req)
https://fedorahosted.org/freeipa/ticket/5946
---
.../ipa-pwd-extop/ipa_pwd_extop.c | 36 +-
1 file changed, 28 insertions(+), 8 deletions(-)
diff --git a/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c
b/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c
index 440e221..3c2c44f 100644
--- a/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c
+++ b/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c
@@ -207,8 +207,10 @@ static int ipapwd_chpwop(Slapi_PBlock *pb, struct
ipapwd_krbcfg *krbcfg)
char *attrlist[] = {"*", "passwordHistory", NULL };
struct ipapwd_data pwdata;
int is_krb, is_smb, is_ipant;
-char *principal = NULL;
+ char *principal = NULL;
Slapi_PBlock *chpwop_pb = NULL;
+ Slapi_DN *target_sdn = NULL;
+ char *target_dn = NULL;
/* Get the ber value of the extended operation */
slapi_pblock_get(pb, SLAPI_EXT_OP_REQ_VALUE, &extop_value);
@@ -327,14 +329,32 @@ parse_req_done:
}
}
-/* Determine the target DN for this operation */
-/* Did they give us a DN ? */
- if (dn == NULL || *dn == '\0') {
- /* Get the DN from the bind identity on this connection */
- dn = slapi_ch_strdup(bindDN);
- LOG_TRACE("Missing userIdentity in request, "
- "using the bind DN instead.\n");
+ /* Determine the target DN for this operation */
+ slapi_pblock_get(pb, SLAPI_TARGET_SDN, &target_sdn);
+ if (target_sdn != NULL) {
+ /* If there is a TARGET_DN we are consuming it */
+ slapi_pblock_set(pb, SLAPI_TARGET_SDN, NULL);
+ target_dn = slapi_sdn_get_ndn(target_sdn);
}
+ if (target_dn == NULL || *target_dn == '\0') {
+ /* Did they give us a DN ? */
+ if (dn == NULL || *dn == '\0') {
+ /* Get the DN from the bind identity on this connection
*/
+ dn = slapi_ch_strdup(bindDN);
+ LOG_TRACE("Missing userIdentity in request, "
+ "using the bind DN instead.\n");
+ }
+ LOG_TRACE("extop dn %s (from ber)\n", dn ? dn : "");
+ } else {
+ /* At this point if SLAPI_TARGET_SDN was set that means
+* that a SLAPI_PLUGIN_PRE_EXTOP_FN plugin sets it
+* So take this one rather that the raw one that is in the ber
+*/
+ LOG_TRACE("extop dn %s was translated to %s\n", dn ? dn :
"", target_dn);
+ slapi_ch_free_string(&dn);
+ dn = slapi_ch_strdup(target_dn);
+ }
+ slapi_sdn_free(&target_sdn);
Looks good now.
ACK for the patch, the testing will come once slapi-nis patches will be
available.
Thanks.
--
/ Alexander Bokovoy
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
Re: [Freeipa-devel] [PATCH] 0020 Enable password change extop to apply on virtual entry like the entry in compat tree
On 06/13/2016 05:06 PM, Alexander Bokovoy wrote:
On Mon, 13 Jun 2016, thierry bordaz wrote:
From fff11869d8cf3dfe98471e018c10926fc23b13da Mon Sep 17 00:00:00 2001
From: Thierry Bordaz
Date: Fri, 10 Jun 2016 15:34:40 +0200
Subject: [PATCH] ipapwd_extop should use TARGET_DN defined by a
pre-extop
plugin
ipapwd_extop allows to update the password on a specific entry,
identified by its DN.
It can be usefull to support virtual DN in the extop so that update
of a virtual entry
would land into the proper real entry.
If a pre-extop sets the TARGET_DN, ipapwd_extop sets ORIGINAL_DN with
the value
of TARGET_DN, instead of using the original one (in the ber req)
https://fedorahosted.org/freeipa/ticket/5946
---
.../ipa-pwd-extop/ipa_pwd_extop.c | 33
--
1 file changed, 25 insertions(+), 8 deletions(-)
diff --git a/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c
b/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c
index 440e221..10fff30 100644
--- a/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c
+++ b/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c
@@ -207,8 +207,10 @@ static int ipapwd_chpwop(Slapi_PBlock *pb,
struct ipapwd_krbcfg *krbcfg)
char *attrlist[] = {"*", "passwordHistory", NULL };
struct ipapwd_data pwdata;
int is_krb, is_smb, is_ipant;
-char *principal = NULL;
+char *principal = NULL;
Slapi_PBlock *chpwop_pb = NULL;
+Slapi_DN *target_sdn = NULL;
+char *target_dn = NULL;
/* Get the ber value of the extended operation */
slapi_pblock_get(pb, SLAPI_EXT_OP_REQ_VALUE, &extop_value);
@@ -327,13 +329,28 @@ parse_req_done:
}
}
- /* Determine the target DN for this operation */
- /* Did they give us a DN ? */
-if (dn == NULL || *dn == '\0') {
- /* Get the DN from the bind identity on this connection */
-dn = slapi_ch_strdup(bindDN);
-LOG_TRACE("Missing userIdentity in request, "
- "using the bind DN instead.\n");
+/* Determine the target DN for this operation */
+slapi_pblock_get(pb, SLAPI_TARGET_SDN, &target_sdn);
+target_dn = slapi_sdn_get_ndn(target_sdn);
+if (target_dn) {
can you please use the same style for writing comparisons as the file
using already?
if (!(target_dn == NULL || *target_dn == '\0')) { ... }
+/* At this point if SLAPI_TARGET_SDN was set that means
+ * that a SLAPI_PLUGIN_PRE_EXTOP_FN plugin sets it
+ * So take this one rather that the raw one that is in the ber
+ */
+LOG_TRACE("extop dn %s was translated to %s\n", dn ? dn :
"", target_dn);
+slapi_ch_free_string(&dn);
+dn = slapi_ch_strdup(target_dn);
+slapi_sdn_free(&target_sdn);
+slapi_pblock_set(pb, SLAPI_TARGET_SDN, NULL);
+} else {
+/* Did they give us a DN ? */
+if (dn == NULL || *dn == '\0') {
+/* Get the DN from the bind identity on this connection */
+dn = slapi_ch_strdup(bindDN);
+LOG_TRACE("Missing userIdentity in request, "
+"using the bind DN instead.\n");
+}
+LOG_TRACE("extop dn %s (from ber)\n", dn ? dn : "");
}
if (slapi_pblock_set( pb, SLAPI_ORIGINAL_TARGET, dn )) {
--
2.5.0
Changing the comparison style
>From ac6c0617f618fc609df93dc18ec25255484b533d Mon Sep 17 00:00:00 2001
From: Thierry Bordaz
Date: Fri, 10 Jun 2016 15:34:40 +0200
Subject: [PATCH] ipapwd_extop should use TARGET_DN defined by a pre-extop
plugin
ipapwd_extop allows to update the password on a specific entry, identified by its DN.
It can be usefull to support virtual DN in the extop so that update of a virtual entry
would land into the proper real entry.
If a pre-extop sets the TARGET_DN, ipapwd_extop sets ORIGINAL_DN with the value
of TARGET_DN, instead of using the original one (in the ber req)
https://fedorahosted.org/freeipa/ticket/5946
---
.../ipa-pwd-extop/ipa_pwd_extop.c | 36 +-
1 file changed, 28 insertions(+), 8 deletions(-)
diff --git a/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c b/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c
index 440e221..3c2c44f 100644
--- a/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c
+++ b/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c
@@ -207,8 +207,10 @@ static int ipapwd_chpwop(Slapi_PBlock *pb, struct ipapwd_krbcfg *krbcfg)
char *attrlist[] = {"*", "passwordHistory", NULL };
struct ipapwd_data pwdata;
int is_krb, is_smb, is_ipant;
-char *principal = NULL;
+ char *principal = NULL;
Slapi_PBlock *chpwop_pb = NULL;
+ Slapi_DN *target_sdn = NULL;
+ char *target_dn = NULL;
/* Get the ber value of the extended operation */
slapi_pblock_get(pb, SLAPI_EXT_OP_REQ_VALUE, &extop_value);
@@ -327,14 +329,32 @@ parse_req_done:
}
}
- /* Determine the target DN for this operation */
- /* Did they give us a DN
Re: [Freeipa-devel] [PATCH] 0020 Enable password change extop to apply on virtual entry like the entry in compat tree
On Mon, 13 Jun 2016, thierry bordaz wrote:
From fff11869d8cf3dfe98471e018c10926fc23b13da Mon Sep 17 00:00:00 2001
From: Thierry Bordaz
Date: Fri, 10 Jun 2016 15:34:40 +0200
Subject: [PATCH] ipapwd_extop should use TARGET_DN defined by a pre-extop
plugin
ipapwd_extop allows to update the password on a specific entry, identified by
its DN.
It can be usefull to support virtual DN in the extop so that update of a
virtual entry
would land into the proper real entry.
If a pre-extop sets the TARGET_DN, ipapwd_extop sets ORIGINAL_DN with the value
of TARGET_DN, instead of using the original one (in the ber req)
https://fedorahosted.org/freeipa/ticket/5946
---
.../ipa-pwd-extop/ipa_pwd_extop.c | 33 --
1 file changed, 25 insertions(+), 8 deletions(-)
diff --git a/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c
b/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c
index 440e221..10fff30 100644
--- a/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c
+++ b/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c
@@ -207,8 +207,10 @@ static int ipapwd_chpwop(Slapi_PBlock *pb, struct
ipapwd_krbcfg *krbcfg)
char *attrlist[] = {"*", "passwordHistory", NULL };
struct ipapwd_data pwdata;
int is_krb, is_smb, is_ipant;
-char *principal = NULL;
+ char *principal = NULL;
Slapi_PBlock *chpwop_pb = NULL;
+ Slapi_DN *target_sdn = NULL;
+ char *target_dn = NULL;
/* Get the ber value of the extended operation */
slapi_pblock_get(pb, SLAPI_EXT_OP_REQ_VALUE, &extop_value);
@@ -327,13 +329,28 @@ parse_req_done:
}
}
-/* Determine the target DN for this operation */
-/* Did they give us a DN ? */
- if (dn == NULL || *dn == '\0') {
- /* Get the DN from the bind identity on this connection */
- dn = slapi_ch_strdup(bindDN);
- LOG_TRACE("Missing userIdentity in request, "
- "using the bind DN instead.\n");
+ /* Determine the target DN for this operation */
+ slapi_pblock_get(pb, SLAPI_TARGET_SDN, &target_sdn);
+ target_dn = slapi_sdn_get_ndn(target_sdn);
+ if (target_dn) {
can you please use the same style for writing comparisons as the file using
already?
if (!(target_dn == NULL || *target_dn == '\0')) { ... }
+ /* At this point if SLAPI_TARGET_SDN was set that means
+* that a SLAPI_PLUGIN_PRE_EXTOP_FN plugin sets it
+* So take this one rather that the raw one that is in the ber
+*/
+ LOG_TRACE("extop dn %s was translated to %s\n", dn ? dn :
"", target_dn);
+ slapi_ch_free_string(&dn);
+ dn = slapi_ch_strdup(target_dn);
+ slapi_sdn_free(&target_sdn);
+ slapi_pblock_set(pb, SLAPI_TARGET_SDN, NULL);
+ } else {
+ /* Did they give us a DN ? */
+ if (dn == NULL || *dn == '\0') {
+ /* Get the DN from the bind identity on this connection
*/
+ dn = slapi_ch_strdup(bindDN);
+ LOG_TRACE("Missing userIdentity in request, "
+ "using the bind DN instead.\n");
+ }
+ LOG_TRACE("extop dn %s (from ber)\n", dn ? dn : "");
}
if (slapi_pblock_set( pb, SLAPI_ORIGINAL_TARGET, dn )) {
--
2.5.0
--
/ Alexander Bokovoy
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
