From 48f38fb952bf76e0f237d79f23f5a6e01f3f66f9 Mon Sep 17 00:00:00 2001
From: Alexander Sulfrian <alexander@sulfrian.net>
Date: Fri, 11 Nov 2016 19:49:55 +0100
Subject: is_user: Add possibility to check for gold accounts

---
 service_passwords.c | 31 ++++++++++++++++++++++++-------
 1 file changed, 24 insertions(+), 7 deletions(-)

diff --git a/service_passwords.c b/service_passwords.c
index b2cb1d6..8a572e3 100644
--- a/service_passwords.c
+++ b/service_passwords.c
@@ -78,15 +78,24 @@ static int get_entry(const char *dn, char **attrs, Slapi_Entry **entry)
  * accounts have to have the \c splineAccount object class.
  *
  * @param[in] dn DN of the entry.
+ * @param[out] gold_account If not \c NULL, this method will also check, if
+ *                          the entry has the \c splineGoldAccount object
+ *                          class. If the entry is a gold account this will
+ *                          be set to 1, otherwise 0.
+ *
  * @return 0 if the entry is a user account, 1 otherwise
  */
-static int is_user(const char *dn)
+static int is_user(const char *dn, int *gold_account)
 {
     char *attrs[] = { "objectClass", NULL };
     Slapi_Entry *entry = NULL;
 
     int rc = 0;
 
+    if (gold_account != NULL) {
+        *gold_account = 0;
+    }
+
     rc |= get_entry(dn, attrs, &entry);
     if (rc != 0 || entry == NULL) {
         /* dn not found */
@@ -101,6 +110,14 @@ static int is_user(const char *dn)
         goto fail1;
     }
 
+    /* check if this user has a "gold" account */
+    if (gold_account != NULL) {
+        if (slapi_entry_attr_hasvalue(
+            entry, "objectClass", "splineGoldAccount") != 0) {
+            *gold_account = 1;
+        }
+    }
+
 fail1:
     slapi_entry_free(entry);
 
@@ -481,7 +498,7 @@ static int pre_bind(Slapi_PBlock *pb)
     }
 
     parent_dn = slapi_dn_parent(dn);
-    rc |= is_user(parent_dn);
+    rc |= is_user(parent_dn, NULL);
     slapi_ch_free_string(&parent_dn);
 
     if (rc != 0) {
@@ -579,7 +596,7 @@ static int pre_entry(Slapi_PBlock *pb)
 
     if (is_service(bind_dn, &service) != 0) {
         parent_dn = slapi_dn_parent(bind_dn);
-        rc |= is_user(parent_dn);
+        rc |= is_user(parent_dn, NULL);
         slapi_ch_free_string(&parent_dn);
 
         if (rc != 0) {
@@ -593,7 +610,7 @@ static int pre_entry(Slapi_PBlock *pb)
 
     /* ignore service_password entries */
     parent_dn = slapi_dn_parent(result_dn);
-    rc |= is_user(parent_dn);
+    rc |= is_user(parent_dn, NULL);
     slapi_ch_free_string(&parent_dn);
 
     if (rc == 0) {
@@ -602,7 +619,7 @@ static int pre_entry(Slapi_PBlock *pb)
     }
 
     /* modify the dn of the returned entry */
-    if (is_user(result_dn) == 0) {
+    if (is_user(result_dn, NULL) == 0) {
         new_entry = prepend_service_prefix(entry, service);
 
         /* Set the new entry as the new result in the pblock and also set the
@@ -675,7 +692,7 @@ static int pre_search(Slapi_PBlock *pb)
 
     if (is_service(bind_dn, NULL) != 0) {
         parent_dn = slapi_dn_parent(bind_dn);
-        rc |= is_user(parent_dn);
+        rc |= is_user(parent_dn, NULL);
         slapi_ch_free_string(&parent_dn);
 
         if (rc != 0) {
@@ -685,7 +702,7 @@ static int pre_search(Slapi_PBlock *pb)
 
     parent_dn = slapi_dn_parent(base);
 
-    if (is_user(parent_dn) == 0) {
+    if (is_user(parent_dn, NULL) == 0) {
         rc |= slapi_pblock_set(pb, SLAPI_TARGET_DN, parent_dn);
     }
 
-- 
cgit v1.2.3-1-g7c22