Fix overlay aux_operational, add contextCSN as operational attribute

[openldap] / servers / slapd / overlays / ppolicy.c

diff --git a/servers/slapd/overlays/ppolicy.c b/servers/slapd/overlays/ppolicy.c
index 845aee641f760aec9bb0de5999c964e55ea17fa2..c22b295072bd277ea0f696be2ed2cc20e8e0e8b8 100644 (file)
--- a/servers/slapd/overlays/ppolicy.c
+++ b/servers/slapd/overlays/ppolicy.c
@@ -35,7 +35,9 @@
 #include <ldap.h>
 #include "lutil.h"
 #include "slap.h"
+#if SLAPD_MODULES
 #include <ltdl.h>
+#endif
 #include <ac/errno.h>
 #include <ac/time.h>
 #include <ac/string.h>
@@ -60,6 +62,7 @@ typedef struct pw_conn {
 } pw_conn;
 
 static pw_conn *pwcons;
+static int ppolicy_cid;
 
 typedef struct pass_policy {
        AttributeDescription *ad; /* attribute to which the policy applies */
@@ -486,8 +489,9 @@ check_password_quality( struct berval *cred, PassPolicy *pp, LDAPPasswordPolicyE
        }
 
        rc = LDAP_SUCCESS;
-    
+
        if (pp->pwdCheckModule[0]) {
+#if SLAPD_MODULES
                lt_dlhandle mod;
                const char *err;
                
@@ -525,6 +529,10 @@ check_password_quality( struct berval *cred, PassPolicy *pp, LDAPPasswordPolicyE
                            
                        lt_dlclose( mod );
                }
+#else
+       Debug(LDAP_DEBUG_ANY, "check_password_quality: external modules not "
+               "supported. pwdCheckModule ignored.\n", 0, 0, 0);
+#endif /* SLAPD_MODULES */
        }
                
                    
@@ -993,13 +1001,8 @@ ppolicy_bind( Operation *op, SlapReply *rs )
                op->o_callback->sc_next = cb;
 
                /* Did we receive a password policy request control? */
-               for ( i=0; op->o_ctrls && op->o_ctrls[i]; i++ ) {
-                       if ( !strcmp( op->o_ctrls[i]->ldctl_oid,
-                               LDAP_CONTROL_PASSWORDPOLICYREQUEST ) )
-                       {
-                               ppb->send_ctrl = 1;
-                               break;
-                       }
+               if ( op->o_ctrlflag[ppolicy_cid] ) {
+                       ppb->send_ctrl = 1;
                }
 
                op->o_bd->bd_info = (BackendInfo *)on;
@@ -1040,12 +1043,8 @@ ppolicy_restrict(
        int i, send_ctrl = 0;
 
        /* Did we receive a password policy request control? */
-       for ( i=0; op->o_ctrls && op->o_ctrls[i]; i++ ) {
-               if ( !strcmp( op->o_ctrls[i]->ldctl_oid,
-                       LDAP_CONTROL_PASSWORDPOLICYREQUEST ) ) {
-                       send_ctrl = 1;
-                       break;
-               }
+       if ( op->o_ctrlflag[ppolicy_cid] ) {
+               send_ctrl = 1;
        }
 
        if ( op->o_conn && pwcons[op->o_conn->c_conn_idx].restrict ) {
@@ -1099,12 +1098,8 @@ ppolicy_add(
                        LDAPPasswordPolicyError pErr = PP_noError;
 
                        /* Did we receive a password policy request control? */
-                       for ( i=0; op->o_ctrls && op->o_ctrls[i]; i++ ) {
-                               if ( !strcmp( op->o_ctrls[i]->ldctl_oid,
-                                       LDAP_CONTROL_PASSWORDPOLICYREQUEST ) ) {
-                                       send_ctrl = 1;
-                                       break;
-                               }
+                       if ( op->o_ctrlflag[ppolicy_cid] ) {
+                               send_ctrl = 1;
                        }
                        rc = check_password_quality( bv, &pp, &pErr, op->ora_e );
                        if (rc != LDAP_SUCCESS) {
@@ -1199,12 +1194,8 @@ ppolicy_modify( Operation *op, SlapReply *rs )
        if ( rc != LDAP_SUCCESS ) return SLAP_CB_CONTINUE;
 
        /* Did we receive a password policy request control? */
-       for ( i=0; op->o_ctrls && op->o_ctrls[i]; i++ ) {
-               if ( !strcmp( op->o_ctrls[i]->ldctl_oid,
-                       LDAP_CONTROL_PASSWORDPOLICYREQUEST ) ) {
-                       send_ctrl = 1;
-                       break;
-               }
+       if ( op->o_ctrlflag[ppolicy_cid] ) {
+               send_ctrl = 1;
        }
 
        /* See if this is a pwdModify exop. If so, we can
@@ -1684,6 +1675,7 @@ ppolicy_parseCtrl(
                rs->sr_text = "passwordPolicyRequest control invalid criticality";
                return LDAP_PROTOCOL_ERROR;
        }
+       op->o_ctrlflag[ppolicy_cid] = SLAP_CONTROL_NONCRITICAL;
 
        return LDAP_SUCCESS;
 }
@@ -1814,7 +1806,7 @@ int ppolicy_init()
 
        code = register_supported_control( LDAP_CONTROL_PASSWORDPOLICYREQUEST,
                SLAP_CTRL_ADD|SLAP_CTRL_BIND|SLAP_CTRL_MODIFY, extops,
-               ppolicy_parseCtrl );
+               ppolicy_parseCtrl, &ppolicy_cid );
        if ( code != LDAP_SUCCESS ) {
                fprintf( stderr, "Failed to register control %d\n", code );
                return code;