diff options
author | Alexander Sulfrian <alexander@sulfrian.net> | 2016-11-11 21:10:08 +0100 |
---|---|---|
committer | Alexander Sulfrian <alexander@sulfrian.net> | 2016-11-11 21:57:40 +0100 |
commit | 559e1f6f122dee37887df88660ff7dafd60d63fa (patch) | |
tree | 249875e582fb9ac5f522992c70f4eb85d3c3f79f | |
parent | efc23a7e63ccaca4146ff26ee09b322b2f0d96e5 (diff) | |
download | ldap-plugin-559e1f6f122dee37887df88660ff7dafd60d63fa.tar.gz ldap-plugin-559e1f6f122dee37887df88660ff7dafd60d63fa.tar.bz2 ldap-plugin-559e1f6f122dee37887df88660ff7dafd60d63fa.zip |
pre_entry: Check for gold service even if a user is authed
If a user was authed for a gold service and is searching for other users,
only gold users should be returned. So we need to get the service entry
from the service rdn of the authenticated user.
-rw-r--r-- | service_passwords.c | 13 |
1 files changed, 13 insertions, 0 deletions
diff --git a/service_passwords.c b/service_passwords.c index b0ed330..656a9c6 100644 --- a/service_passwords.c +++ b/service_passwords.c @@ -617,6 +617,7 @@ static int pre_entry(Slapi_PBlock *pb) int gold_service = 0; int gold_account = 0; char *service = NULL; + char *service_dn = NULL; char *parent_dn = NULL; const char *result_dn = NULL; Slapi_Entry *new_entry; @@ -664,6 +665,18 @@ static int pre_entry(Slapi_PBlock *pb) } service = get_virtual_service(bind_dn); + + service_dn = get_service_dn(service); + rc |= is_service(service_dn, NULL, &gold_service); + slapi_ch_free_string(&service_dn); + + if (rc != 0) { + slapi_log_error( + SLAPI_LOG_PLUGIN, fn, + "Invalid service '%s' in bind dn '%s'.\n", + service, bind_dn); + goto fail1; + } } result_dn = slapi_entry_get_dn(entry); |