Attachment #6931 for bug #36255

View | Details | Raw Unified | Return to bug 36255
Collapse All | Expand All




}

/* Retrieve policy 'dn' */
static void univention_policy_merge(LDAP *ld, const char *dn, univention_policy_handle_t *handle, char **object_classes, const char *objectdn)
{
	int		rc;
	LDAPMessage	*res;

				}
				ldap_value_free_len(vals);
			}

			if (apply && (vals = ldap_get_values_len(ld, entry, "ldapFilter")) != NULL) {
				int ldap_filter_rc;
				for (i = 0; (vals[i] != NULL && vals[i]->bv_val != NULL); i++) {
					LDAPMessage *ldap_filter_res;
					char *search_attrs[] = { LDAP_NO_ATTRS, NULL };
					ldap_filter_rc = ldap_search_ext_s(ld, objectdn, LDAP_SCOPE_BASE, vals[i]->bv_val, search_attrs, 0, NULL, NULL, &timeout, 0, &ldap_filter_res);
					if (ldap_filter_rc != LDAP_SUCCESS) {
						univention_debug(UV_DEBUG_LDAP, UV_DEBUG_ERROR, "search filter '%s' caused error: %s: %s", vals[i]->bv_val, objectdn, ldap_err2string(ldap_filter_rc));
					} else {
						if (!ldap_count_entries(ld, ldap_filter_res))
							apply = false;
					}
					ldap_msgfree(ldap_filter_res);
					break;  // single-value
				}
				ldap_value_free_len(vals);
			}

			if (fixed_attributes == NULL && (vals = ldap_get_values_len(ld, entry, "fixedAttributes")) != NULL) {
				i = ldap_count_values_len(vals);
				if ((fixed_attributes = calloc(i + 1, sizeof(char *))) == NULL)

						strcmp(attr, "emptyAttributes") &&
						strcmp(attr, "requiredObjectClasses") &&
						strcmp(attr, "prohibitedObjectClasses") &&
						strcmp(attr, "ldapFilter") &&
						strcmp(attr, "univentionObjectType") &&
						(vals = ldap_get_values_len(ld, entry, attr)) != NULL) {


					univention_debug(UV_DEBUG_POLICY, UV_DEBUG_INFO, "found policies for %s", pdn);
					for (i = 0; (vals[i] != NULL && vals[i]->bv_val != NULL); i++) {
						univention_debug(UV_DEBUG_POLICY, UV_DEBUG_INFO, "   policy: %s", vals[i]->bv_val);
						univention_policy_merge(ld, vals[i]->bv_val, handle, object_classes, dn);
					}
					ldap_value_free_len(vals);
				}

Lines 38-44 def policy_result(dn, binddn="", bindpw=""): Link Here

(-)a/ucs-4.0-2/base/univention-policy/python-lib/policy_result.py (-1 / +1 lines)
38	Return a tuple of hash-lists, mapping attributes to a list of values and	38	Return a tuple of hash-lists, mapping attributes to a list of values and
39	mapping attributes to the matching Policy-DN.	39	mapping attributes to the matching Policy-DN.
40		40
41	>>> (results, policies) = policy_result('dc=opendvdi,dc=local' [, binddn=BINDDN, bindpw=BINDPW])	41	>>> (results, policies) = policy_result('dc=opendvdi,dc=local', [binddn=BINDDN, bindpw=BINDPW])
42	>>> policies['univentionDhcpDomainNameServers']	42	>>> policies['univentionDhcpDomainNameServers']
43	'cn=default-settings,cn=dns,cn=dhcp,cn=policies,dc=opendvdi,dc=local'	43	'cn=default-settings,cn=dns,cn=dhcp,cn=policies,dc=opendvdi,dc=local'
44	results['univentionDhcpDomainNameServers']	44	results['univentionDhcpDomainNameServers']




	EQUALITY caseIgnoreIA5Match
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )

attributetype ( 1.3.6.1.4.1.10176.1000.2.1.5 NAME 'ldapFilter'
	DESC 'ldap filter string'
	EQUALITY caseExactMatch
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )

objectclass ( 1.3.6.1.4.1.10176.1000.2.2.1 NAME 'univentionPolicy'
	SUP 'top' STRUCTURAL
	DESC 'policy object'
	MUST ( cn )
	MAY ( requiredObjectClasses $ prohibitedObjectClasses $ fixedAttributes $ emptyAttributes $ ldapFilter))

attributetype ( 1.3.6.1.4.1.10176.1000.2.1.10 NAME 'univentionRegistry'
	DESC 'registry entry'

Return to bug 36255

Lines 204-210 static void univention_policy_cleanup(univention_policy_handle_t* handle) Link Here

(-)a/ucs-4.0-2/base/univention-policy/lib/policy.c (-2 / +22 lines)
204	}	204	}
205		205
206	/* Retrieve policy 'dn' */	206	/* Retrieve policy 'dn' */
207	static void univention_policy_merge(LDAP ld, const char dn, univention_policy_handle_t handle, char *object_classes)	207	static void univention_policy_merge(LDAP ld, const char dn, univention_policy_handle_t handle, char object_classes, const char objectdn)
208	{	208	{
209	int rc;	209	int rc;
210	LDAPMessage *res;	210	LDAPMessage *res;
Lines 266-271 static void univention_policy_merge(LDAP ld, const char dn, univention_policy_ Link Here
266	}	266	}
267	ldap_value_free_len(vals);	267	ldap_value_free_len(vals);
268	}	268	}
		269
		270	if (apply && (vals = ldap_get_values_len(ld, entry, "ldapFilter")) != NULL) {
		271	int ldap_filter_rc;
		272	for (i = 0; (vals[i] != NULL && vals[i]->bv_val != NULL); i++) {
		273	LDAPMessage *ldap_filter_res;
		274	char *search_attrs[] = { LDAP_NO_ATTRS, NULL };
		275	ldap_filter_rc = ldap_search_ext_s(ld, objectdn, LDAP_SCOPE_BASE, vals[i]->bv_val, search_attrs, 0, NULL, NULL, &timeout, 0, &ldap_filter_res);
		276	if (ldap_filter_rc != LDAP_SUCCESS) {
		277	univention_debug(UV_DEBUG_LDAP, UV_DEBUG_ERROR, "search filter '%s' caused error: %s: %s", vals[i]->bv_val, objectdn, ldap_err2string(ldap_filter_rc));
		278	} else {
		279	if (!ldap_count_entries(ld, ldap_filter_res))
		280	apply = false;
		281	}
		282	ldap_msgfree(ldap_filter_res);
		283	break; // single-value
		284	}
		285	ldap_value_free_len(vals);
		286	}
		287
269	if (fixed_attributes == NULL && (vals = ldap_get_values_len(ld, entry, "fixedAttributes")) != NULL) {	288	if (fixed_attributes == NULL && (vals = ldap_get_values_len(ld, entry, "fixedAttributes")) != NULL) {
270	i = ldap_count_values_len(vals);	289	i = ldap_count_values_len(vals);
271	if ((fixed_attributes = calloc(i + 1, sizeof(char *))) == NULL)	290	if ((fixed_attributes = calloc(i + 1, sizeof(char *))) == NULL)
Lines 327-332 static void univention_policy_merge(LDAP ld, const char dn, univention_policy_ Link Here
327	strcmp(attr, "emptyAttributes") &&	346	strcmp(attr, "emptyAttributes") &&
328	strcmp(attr, "requiredObjectClasses") &&	347	strcmp(attr, "requiredObjectClasses") &&
329	strcmp(attr, "prohibitedObjectClasses") &&	348	strcmp(attr, "prohibitedObjectClasses") &&
		349	strcmp(attr, "ldapFilter") &&
330	strcmp(attr, "univentionObjectType") &&	350	strcmp(attr, "univentionObjectType") &&
331	(vals = ldap_get_values_len(ld, entry, attr)) != NULL) {	351	(vals = ldap_get_values_len(ld, entry, attr)) != NULL) {
332		352
Lines 431-437 univention_policy_handle_t* univention_policy_open(LDAP* ld, const char *base, c Link Here
431	univention_debug(UV_DEBUG_POLICY, UV_DEBUG_INFO, "found policies for %s", pdn);	451	univention_debug(UV_DEBUG_POLICY, UV_DEBUG_INFO, "found policies for %s", pdn);
432	for (i = 0; (vals[i] != NULL && vals[i]->bv_val != NULL); i++) {	452	for (i = 0; (vals[i] != NULL && vals[i]->bv_val != NULL); i++) {
433	univention_debug(UV_DEBUG_POLICY, UV_DEBUG_INFO, " policy: %s", vals[i]->bv_val);	453	univention_debug(UV_DEBUG_POLICY, UV_DEBUG_INFO, " policy: %s", vals[i]->bv_val);
434	univention_policy_merge(ld, vals[i]->bv_val, handle, object_classes);	454	univention_policy_merge(ld, vals[i]->bv_val, handle, object_classes, dn);
435	}	455	}
436	ldap_value_free_len(vals);	456	ldap_value_free_len(vals);
437	}	457	}

Lines 63-73 attributetype ( 1.3.6.1.4.1.10176.1000.2.1.4 NAME 'emptyAttributes' Link Here

(-)a/ucs-4.0-2/management/univention-ldap/schema/policy.schema (-1 / +6 lines)
63	EQUALITY caseIgnoreIA5Match	63	EQUALITY caseIgnoreIA5Match
64	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )	64	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
65		65
		66	attributetype ( 1.3.6.1.4.1.10176.1000.2.1.5 NAME 'ldapFilter'
		67	DESC 'ldap filter string'
		68	EQUALITY caseExactMatch
		69	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
		70
66	objectclass ( 1.3.6.1.4.1.10176.1000.2.2.1 NAME 'univentionPolicy'	71	objectclass ( 1.3.6.1.4.1.10176.1000.2.2.1 NAME 'univentionPolicy'
67	SUP 'top' STRUCTURAL	72	SUP 'top' STRUCTURAL
68	DESC 'policy object'	73	DESC 'policy object'
69	MUST ( cn )	74	MUST ( cn )
70	MAY ( requiredObjectClasses $ prohibitedObjectClasses $ fixedAttributes $ emptyAttributes))	75	MAY ( requiredObjectClasses $ prohibitedObjectClasses $ fixedAttributes $ emptyAttributes $ ldapFilter))
71		76
72	attributetype ( 1.3.6.1.4.1.10176.1000.2.1.10 NAME 'univentionRegistry'	77	attributetype ( 1.3.6.1.4.1.10176.1000.2.1.10 NAME 'univentionRegistry'
73	DESC 'registry entry'	78	DESC 'registry entry'