From 559e1f6f122dee37887df88660ff7dafd60d63fa Mon Sep 17 00:00:00 2001
From: Alexander Sulfrian <alexander@sulfrian.net>
Date: Fri, 11 Nov 2016 21:10:08 +0100
Subject: pre_entry: Check for gold service even if a user is authed

If a user was authed for a gold service and is searching for other users,
only gold users should be returned. So we need to get the service entry
from the service rdn of the authenticated user.
---
 service_passwords.c | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/service_passwords.c b/service_passwords.c
index b0ed330..656a9c6 100644
--- a/service_passwords.c
+++ b/service_passwords.c
@@ -617,6 +617,7 @@ static int pre_entry(Slapi_PBlock *pb)
     int gold_service = 0;
     int gold_account = 0;
     char *service = NULL;
+    char *service_dn = NULL;
     char *parent_dn = NULL;
     const char *result_dn = NULL;
     Slapi_Entry *new_entry;
@@ -664,6 +665,18 @@ static int pre_entry(Slapi_PBlock *pb)
         }
 
         service = get_virtual_service(bind_dn);
+
+        service_dn = get_service_dn(service);
+        rc |= is_service(service_dn, NULL, &gold_service);
+        slapi_ch_free_string(&service_dn);
+
+        if (rc != 0) {
+            slapi_log_error(
+                SLAPI_LOG_PLUGIN, fn,
+                "Invalid service '%s' in bind dn '%s'.\n",
+                service, bind_dn);
+            goto fail1;
+        }
     }
 
     result_dn = slapi_entry_get_dn(entry);
-- 
cgit v1.2.3-1-g7c22