Blame SOURCES/0024-Ticket-48943-When-fine-grained-policy-is-applied-a-s.patch

7c7f29
From c9561cbb81fe1504a5741df44dd8c1103134c065 Mon Sep 17 00:00:00 2001
7c7f29
From: Noriko Hosoi <nhosoi@redhat.com>
7c7f29
Date: Sat, 30 Jul 2016 16:56:57 -0700
7c7f29
Subject: [PATCH 24/29] Ticket #48943 - When fine-grained policy is applied, a
7c7f29
 sub-tree has a priority over a user while changing password
7c7f29
7c7f29
Description: If the user entry has a pwdpolicysubentry, the configuration
7c7f29
in the pwpolicy should be the strongest and respected.  If the entry does
7c7f29
not have it, it retrieves the pwpolicy from the CoS Cache, which is the
7c7f29
current behaviour.
7c7f29
7c7f29
https://fedorahosted.org/389/ticket/48943
7c7f29
7c7f29
Reviewed by wibrown@redhat.com (Thank you, William!!)
7c7f29
7c7f29
(cherry picked from commit 802224f2846900c870a780fe7608782792806d85)
7c7f29
---
7c7f29
 ldap/servers/slapd/pw.c | 14 +++++++++++---
7c7f29
 1 file changed, 11 insertions(+), 3 deletions(-)
7c7f29
7c7f29
diff --git a/ldap/servers/slapd/pw.c b/ldap/servers/slapd/pw.c
7c7f29
index 498afd4..6b865ec 100644
7c7f29
--- a/ldap/servers/slapd/pw.c
7c7f29
+++ b/ldap/servers/slapd/pw.c
7c7f29
@@ -1777,9 +1777,17 @@ new_passwdPolicy(Slapi_PBlock *pb, const char *dn)
7c7f29
 			attribute in the target entry itself. */
7c7f29
 		} else {
7c7f29
 			if ( (e = get_entry( pb, dn )) != NULL ) {
7c7f29
-				rc = slapi_vattr_values_get(e, "pwdpolicysubentry", &values,
7c7f29
-					&type_name_disposition, &actual_type_name, 
7c7f29
-					SLAPI_VIRTUALATTRS_REQUEST_POINTERS, &attr_free_flags);
7c7f29
+				Slapi_Attr* attr = NULL;
7c7f29
+				rc = slapi_entry_attr_find(e, "pwdpolicysubentry", &attr);
7c7f29
+				if (attr && (0 == rc)) {
7c7f29
+					/* If the entry has pwdpolicysubentry, use the PwPolicy. */
7c7f29
+					values = valueset_dup(&attr->a_present_values);
7c7f29
+				} else {
7c7f29
+					/* Otherwise, retrieve the policy from CoS Cache */
7c7f29
+					rc = slapi_vattr_values_get(e, "pwdpolicysubentry", &values,
7c7f29
+						&type_name_disposition, &actual_type_name,
7c7f29
+						SLAPI_VIRTUALATTRS_REQUEST_POINTERS, &attr_free_flags);
7c7f29
+				}
7c7f29
 				if (rc) {
7c7f29
 					values = NULL;
7c7f29
 				}
7c7f29
-- 
7c7f29
2.4.11
7c7f29