Commit eae2dfde authored by Ondřej Kuzník's avatar Ondřej Kuzník Committed by Quanah Gibson-Mount
Browse files

ITS#9280 Add ppolicy_disable_write

parent 42d72389
Pipeline #502 passed with stage
in 30 minutes and 16 seconds
......@@ -55,6 +55,7 @@ typedef struct pp_info {
int use_lockout; /* send AccountLocked result? */
int hash_passwords; /* transparently hash cleartext pwds */
int forward_updates; /* use frontend for policy state updates */
int disable_write;
} pp_info;
/* Our per-connection info - note, it is not per-instance, it is
......@@ -415,7 +416,8 @@ static ldap_pvt_thread_mutex_t chk_syntax_mutex;
enum {
PPOLICY_DEFAULT = 1,
PPOLICY_HASH_CLEARTEXT,
PPOLICY_USE_LOCKOUT
PPOLICY_USE_LOCKOUT,
PPOLICY_DISABLE_WRITE,
};
static ConfigDriver ppolicy_cf_default;
......@@ -448,6 +450,12 @@ static ConfigTable ppolicycfg[] = {
"DESC 'Warn clients with AccountLocked' "
"EQUALITY booleanMatch "
"SYNTAX OMsBoolean SINGLE-VALUE )", NULL, NULL },
{ "ppolicy_disable_write", "on|off", 1, 2, 0,
ARG_ON_OFF|ARG_OFFSET|PPOLICY_DISABLE_WRITE,
(void *)offsetof(pp_info,disable_write),
"( OLcfgOvAt:12.5 NAME 'olcPPolicyDisableWrite' "
"DESC 'Prevent all policy overlay writes' "
"SYNTAX OMsBoolean SINGLE-VALUE )", NULL, NULL },
{ NULL, NULL, 0, 0, 0, ARG_IGNORED }
};
......@@ -1571,7 +1579,7 @@ done:
be_entry_release_r( op, e );
locked:
if ( mod ) {
if ( mod && !pi->disable_write ) {
Operation op2 = *op;
SlapReply r2 = { REP_RESULT };
slap_callback cb = { NULL, slap_null_cb, NULL, NULL };
......@@ -1610,6 +1618,8 @@ locked:
op2.o_bd->bd_info = (BackendInfo *)on->on_info;
}
rc = op2.o_bd->be_modify( &op2, &r2 );
}
if ( mod ) {
slap_mods_free( mod, 1 );
}
......@@ -1984,6 +1994,7 @@ ppolicy_modify( Operation *op, SlapReply *rs )
op->o_bd->bd_info = (BackendInfo *)on;
if ( rc != LDAP_SUCCESS ) return SLAP_CB_CONTINUE;
if ( pi->disable_write ) return SLAP_CB_CONTINUE;
/* If this is a replica, we may need to tweak some of the
* master's modifications. Otherwise, just pass it through.
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment