Commit eae2dfde authored by Ondřej Kuzník's avatar Ondřej Kuzník Committed by Quanah Gibson-Mount
Browse files

ITS#9280 Add ppolicy_disable_write

parent 42d72389
Pipeline #502 passed with stage
in 30 minutes and 16 seconds
...@@ -55,6 +55,7 @@ typedef struct pp_info { ...@@ -55,6 +55,7 @@ typedef struct pp_info {
int use_lockout; /* send AccountLocked result? */ int use_lockout; /* send AccountLocked result? */
int hash_passwords; /* transparently hash cleartext pwds */ int hash_passwords; /* transparently hash cleartext pwds */
int forward_updates; /* use frontend for policy state updates */ int forward_updates; /* use frontend for policy state updates */
int disable_write;
} pp_info; } pp_info;
/* Our per-connection info - note, it is not per-instance, it is /* Our per-connection info - note, it is not per-instance, it is
...@@ -415,7 +416,8 @@ static ldap_pvt_thread_mutex_t chk_syntax_mutex; ...@@ -415,7 +416,8 @@ static ldap_pvt_thread_mutex_t chk_syntax_mutex;
enum { enum {
PPOLICY_DEFAULT = 1, PPOLICY_DEFAULT = 1,
PPOLICY_HASH_CLEARTEXT, PPOLICY_HASH_CLEARTEXT,
PPOLICY_USE_LOCKOUT PPOLICY_USE_LOCKOUT,
PPOLICY_DISABLE_WRITE,
}; };
static ConfigDriver ppolicy_cf_default; static ConfigDriver ppolicy_cf_default;
...@@ -448,6 +450,12 @@ static ConfigTable ppolicycfg[] = { ...@@ -448,6 +450,12 @@ static ConfigTable ppolicycfg[] = {
"DESC 'Warn clients with AccountLocked' " "DESC 'Warn clients with AccountLocked' "
"EQUALITY booleanMatch " "EQUALITY booleanMatch "
"SYNTAX OMsBoolean SINGLE-VALUE )", NULL, NULL }, "SYNTAX OMsBoolean SINGLE-VALUE )", NULL, NULL },
{ "ppolicy_disable_write", "on|off", 1, 2, 0,
ARG_ON_OFF|ARG_OFFSET|PPOLICY_DISABLE_WRITE,
(void *)offsetof(pp_info,disable_write),
"( OLcfgOvAt:12.5 NAME 'olcPPolicyDisableWrite' "
"DESC 'Prevent all policy overlay writes' "
"SYNTAX OMsBoolean SINGLE-VALUE )", NULL, NULL },
{ NULL, NULL, 0, 0, 0, ARG_IGNORED } { NULL, NULL, 0, 0, 0, ARG_IGNORED }
}; };
...@@ -1571,7 +1579,7 @@ done: ...@@ -1571,7 +1579,7 @@ done:
be_entry_release_r( op, e ); be_entry_release_r( op, e );
locked: locked:
if ( mod ) { if ( mod && !pi->disable_write ) {
Operation op2 = *op; Operation op2 = *op;
SlapReply r2 = { REP_RESULT }; SlapReply r2 = { REP_RESULT };
slap_callback cb = { NULL, slap_null_cb, NULL, NULL }; slap_callback cb = { NULL, slap_null_cb, NULL, NULL };
...@@ -1610,6 +1618,8 @@ locked: ...@@ -1610,6 +1618,8 @@ locked:
op2.o_bd->bd_info = (BackendInfo *)on->on_info; op2.o_bd->bd_info = (BackendInfo *)on->on_info;
} }
rc = op2.o_bd->be_modify( &op2, &r2 ); rc = op2.o_bd->be_modify( &op2, &r2 );
}
if ( mod ) {
slap_mods_free( mod, 1 ); slap_mods_free( mod, 1 );
} }
...@@ -1984,6 +1994,7 @@ ppolicy_modify( Operation *op, SlapReply *rs ) ...@@ -1984,6 +1994,7 @@ ppolicy_modify( Operation *op, SlapReply *rs )
op->o_bd->bd_info = (BackendInfo *)on; op->o_bd->bd_info = (BackendInfo *)on;
if ( rc != LDAP_SUCCESS ) return SLAP_CB_CONTINUE; if ( rc != LDAP_SUCCESS ) return SLAP_CB_CONTINUE;
if ( pi->disable_write ) return SLAP_CB_CONTINUE;
/* If this is a replica, we may need to tweak some of the /* If this is a replica, we may need to tweak some of the
* master's modifications. Otherwise, just pass it through. * master's modifications. Otherwise, just pass it through.
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment