ITS#7100 Update entryTtl behaviour to match RFC 2589

diff --git a/servers/slapd/overlays/dds.c b/servers/slapd/overlays/dds.c
index bb292a710958a5dca7379b5ae6b9a2aa3380150c..242fe15d71695a5e57c1434537fb960ba70f165e 100644 (file)
--- a/servers/slapd/overlays/dds.c
+++ b/servers/slapd/overlays/dds.c
@@ -879,6 +879,72 @@ dds_op_rename( Operation *op, SlapReply *rs )
        return SLAP_CB_CONTINUE;
 }
 
+/* entryTtl update for client */
+static int
+dds_response( Operation *op, SlapReply *rs )
+{
+       slap_overinst   *on = (slap_overinst *)op->o_bd->bd_info;
+       dds_info_t      *di = on->on_bi.bi_private;
+       int             rc;
+
+       if ( !DDS_OFF( di )
+            && rs->sr_type == REP_SEARCH
+            && attr_find( rs->sr_entry->e_attrs, slap_schema.si_ad_entryTtl ) )
+       {
+               BerVarray               vals = NULL;
+               struct lutil_tm         tm;
+               struct lutil_timet      tt;
+               char                    ttlbuf[STRLENOF("31557600") + 1];
+               struct berval           ttlvalue;
+               time_t                  ttl;
+               int                     len;
+
+               /* User already has access to entryTtl, skip ACL checks on
+                * entryExpireTimestamp */
+               rc = backend_attribute( op, NULL, &rs->sr_entry->e_nname,
+                       ad_entryExpireTimestamp, &vals, ACL_NONE );
+               if ( rc != LDAP_SUCCESS ) {
+                       return rc;
+               }
+
+               assert( vals[0].bv_val[vals[0].bv_len] == '\0' );
+               if ( lutil_parsetime( vals[0].bv_val, &tm ) ) {
+                       goto done;
+               }
+
+               lutil_tm2time( &tm, &tt );
+               ttl = tt.tt_sec - op->o_time;
+               ttl = (ttl < 0) ? 0 : ttl;
+               assert( ttl <= DDS_RF2589_MAX_TTL );
+
+               len = snprintf( ttlbuf, sizeof(ttlbuf), "%ld", ttl );
+               if ( len < 0 )
+               {
+                       goto done;
+               }
+               ttlvalue.bv_val = ttlbuf;
+               ttlvalue.bv_len = len;
+
+               rs_entry2modifiable( op, rs, on );
+
+               if ( attr_delete( &rs->sr_entry->e_attrs,
+                               slap_schema.si_ad_entryTtl ) )
+               {
+                       goto done;
+               }
+               if ( attr_merge_normalize_one( rs->sr_entry,
+                               slap_schema.si_ad_entryTtl,
+                               &ttlvalue, op->o_tmpmemctx ) )
+               {
+                       goto done;
+               }
+
+done:;
+               ber_bvarray_free_x( vals, op->o_tmpmemctx );
+       }
+       return SLAP_CB_CONTINUE;
+}
+
 static int
 slap_parse_refresh(
        struct berval   *in,
@@ -1929,6 +1995,7 @@ dds_initialize()
        dds.on_bi.bi_op_modify = dds_op_modify;
        dds.on_bi.bi_op_modrdn = dds_op_rename;
        dds.on_bi.bi_extended = dds_op_extended;
+       dds.on_response = dds_response;
 
        dds.on_bi.bi_cf_ocs = dds_ocs;
 

diff --git a/tests/scripts/defines.sh b/tests/scripts/defines.sh
index 0750f88688ba5f2770f5421586d03113afa6706c..c328a60a8cd91d59061b154fe181395fc7a47879 100755 (executable)
--- a/tests/scripts/defines.sh
+++ b/tests/scripts/defines.sh
@@ -291,6 +291,7 @@ SEARCHOUT2=$TESTDIR/ldapsearch2.out
 SEARCHFLT=$TESTDIR/ldapsearch.flt
 SEARCHFLT2=$TESTDIR/ldapsearch2.flt
 LDIFFLT=$TESTDIR/ldif.flt
+LDIFFLT2=$TESTDIR/ldif2.flt
 TESTOUT=$TESTDIR/test.out
 INITOUT=$TESTDIR/init.out
 VALSORTOUT1=$DATADIR/valsort1.out