From 81fae820815a5f4c217b950ae4fb989f51e5180b Mon Sep 17 00:00:00 2001
From: Alexander Sulfrian <alexander@sulfrian.net>
Date: Fri, 11 Nov 2016 19:50:16 +0100
Subject: is_service: Add possibility to check for gold services

---
 service_passwords.c | 19 ++++++++++++++++---
 1 file changed, 16 insertions(+), 3 deletions(-)

diff --git a/service_passwords.c b/service_passwords.c
index 8a572e3..522b468 100644
--- a/service_passwords.c
+++ b/service_passwords.c
@@ -139,9 +139,11 @@ fail1:
  *                     If this is NULL, the function will only check if the DN
  *                     is a service account and will not allocate memory for the
  *                     service name.
+ * @param[out] gold_service If not \c NULL, this method will also check, if
+ *                          the service requires a \c splineGoldAccount.
  * @return 0 if the entry is a service account, 1 otherwise.
  */
-static int is_service(const char *dn, char **service)
+static int is_service(const char *dn, char **service, int *gold_service)
 {
     Slapi_Entry *entry = NULL;
     char *attrs[] = { "objectClass", "cn", NULL };
@@ -149,6 +151,10 @@ static int is_service(const char *dn, char **service)
     struct berval **cn = NULL;
     int rc = 0;
 
+    if (gold_service != NULL) {
+        *gold_service = 0;
+    }
+
     rc |= get_entry(dn, attrs, &entry);
     if (rc != 0 || entry == NULL) {
         /* dn not found */
@@ -163,6 +169,13 @@ static int is_service(const char *dn, char **service)
         goto fail1;
     }
 
+    if (gold_service != NULL) {
+        if (slapi_entry_attr_hasvalue(
+            entry, "objectClass", "goldServiceAccount") != 0) {
+            *gold_service = 1;
+        }
+    }
+
     rc |= slapi_entry_attr_find(entry, "cn", &attr);
     if (rc != 0 || attr == NULL) {
         /* no cn attribute */
@@ -594,7 +607,7 @@ static int pre_entry(Slapi_PBlock *pb)
         return 0;
     }
 
-    if (is_service(bind_dn, &service) != 0) {
+    if (is_service(bind_dn, &service, NULL) != 0) {
         parent_dn = slapi_dn_parent(bind_dn);
         rc |= is_user(parent_dn, NULL);
         slapi_ch_free_string(&parent_dn);
@@ -690,7 +703,7 @@ static int pre_search(Slapi_PBlock *pb)
         return 0;
     }
 
-    if (is_service(bind_dn, NULL) != 0) {
+    if (is_service(bind_dn, NULL, NULL) != 0) {
         parent_dn = slapi_dn_parent(bind_dn);
         rc |= is_user(parent_dn, NULL);
         slapi_ch_free_string(&parent_dn);
-- 
cgit v1.2.3-1-g7c22