From 037623905acf1379c964821dbb00f82f2ef1ac95 Mon Sep 17 00:00:00 2001
From: Rich Megginson <rmeggins@redhat.com>
Date: Wed, 29 Sep 2010 14:15:08 -0600
Subject: add support for global inactivity limit

if the attribute accountInactivityLimit is specified in the global
config entry cn=config,cn=Account Policy Plugin,cn=plugins,cn=config,
it will be the default inactivity limit - if there is an account policy
specified by acctPolicySubentry, that one will take precedence over the
global policy
---
 ldap/servers/plugins/acctpolicy/acct_config.c | 32 ++++++++++++++++++++++-----
 ldap/servers/plugins/acctpolicy/acct_util.c   | 16 ++++++++++++--
 ldap/servers/plugins/acctpolicy/acctpolicy.h  |  2 ++
 3 files changed, 42 insertions(+), 8 deletions(-)

(limited to 'ldap')

diff --git a/ldap/servers/plugins/acctpolicy/acct_config.c b/ldap/servers/plugins/acctpolicy/acct_config.c
index 11473208..5d462a37 100644
--- a/ldap/servers/plugins/acctpolicy/acct_config.c
+++ b/ldap/servers/plugins/acctpolicy/acct_config.c
@@ -68,7 +68,8 @@ acct_policy_load_config_startup( Slapi_PBlock* pb, void* plugin_id ) {
 */
 static int
 acct_policy_entry2config( Slapi_Entry *e, acctPluginCfg *newcfg ) {
-	const char *config_val;
+	char *config_val;
+	int rc = 0;
 
 	if( newcfg == NULL ) {
 		slapi_log_error( SLAPI_LOG_FATAL, PLUGIN_NAME,
@@ -99,17 +100,36 @@ acct_policy_entry2config( Slapi_Entry *e, acctPluginCfg *newcfg ) {
 	}
 
 	config_val = get_attr_string_val( e, CFG_RECORD_LOGIN );
-	if(     strcasecmp( config_val, "true" ) == 0 ||
-		strcasecmp( config_val, "yes" ) == 0 ||
-		strcasecmp( config_val, "on" ) == 0 ||
-		strcasecmp( config_val, "1" ) == 0 ) {
+	if( config_val &&
+		( strcasecmp( config_val, "true" ) == 0 ||
+		  strcasecmp( config_val, "yes" ) == 0 ||
+		  strcasecmp( config_val, "on" ) == 0 ||
+		  strcasecmp( config_val, "1" ) == 0 ) ) {
 		newcfg->always_record_login = 1;
 	} else {
 		newcfg->always_record_login = 0;
 	}
 	slapi_ch_free_string(&config_val);
 
-	return( 0 );
+	/* the default limit if not set in the acctPolicySubentry */
+	config_val = get_attr_string_val( e, newcfg->limit_attr_name );
+	if( config_val ) {
+		char *endptr = NULL;
+		newcfg->inactivitylimit = strtoul(config_val, &endptr, 10);
+		if (endptr && (*endptr != '\0')) {
+			slapi_log_error( SLAPI_LOG_FATAL, PLUGIN_NAME,
+							 "Failed to parse [%s] from the config entry: [%s] is not a valid unsigned long value\n",
+							 newcfg->limit_attr_name, config_val );
+
+			rc = -1;
+			newcfg->inactivitylimit = ULONG_MAX;
+		}
+	} else {
+		newcfg->inactivitylimit = ULONG_MAX;
+	}
+	slapi_ch_free_string(&config_val);
+
+	return( rc );
 }
 
 /*
diff --git a/ldap/servers/plugins/acctpolicy/acct_util.c b/ldap/servers/plugins/acctpolicy/acct_util.c
index 0f5eb5a6..8e220c3b 100644
--- a/ldap/servers/plugins/acctpolicy/acct_util.c
+++ b/ldap/servers/plugins/acctpolicy/acct_util.c
@@ -103,8 +103,14 @@ get_acctpolicy( Slapi_PBlock *pb, Slapi_Entry *target_entry, void *plugin_id,
 	if( policy_dn == NULL ) {
 		slapi_log_error( SLAPI_LOG_PLUGIN, PLUGIN_NAME,
 				"\"%s\" is not governed by an account inactivity "
-				" policy\n", slapi_entry_get_ndn( target_entry ) );
-		return( rc );
+				"policy subentry\n", slapi_entry_get_ndn( target_entry ) );
+        if (cfg->inactivitylimit != ULONG_MAX) {
+            goto dopolicy;
+        }
+		slapi_log_error( SLAPI_LOG_PLUGIN, PLUGIN_NAME,
+				"\"%s\" is not governed by an account inactivity "
+				"global policy\n", slapi_entry_get_ndn( target_entry ) );
+        return rc;
 	}
 
 	sdn = slapi_sdn_new_dn_byref( policy_dn );
@@ -125,8 +131,14 @@ get_acctpolicy( Slapi_PBlock *pb, Slapi_Entry *target_entry, void *plugin_id,
         goto done;
 	}
 
+dopolicy:
 	*policy = (acctPolicy *)slapi_ch_calloc( 1, sizeof( acctPolicy ) );
 
+	if ( !policy_entry ) { /* global policy */
+		(*policy)->inactivitylimit = cfg->inactivitylimit;
+		goto done;
+	}
+
 	for( slapi_entry_first_attr( policy_entry, &attr ); attr != NULL;
 			slapi_entry_next_attr( policy_entry, attr, &attr ) ) {
 		slapi_attr_get_type(attr, &attr_name);
diff --git a/ldap/servers/plugins/acctpolicy/acctpolicy.h b/ldap/servers/plugins/acctpolicy/acctpolicy.h
index bc8ecb3a..e6f14979 100644
--- a/ldap/servers/plugins/acctpolicy/acctpolicy.h
+++ b/ldap/servers/plugins/acctpolicy/acctpolicy.h
@@ -18,6 +18,7 @@ Contributors:
 Hewlett-Packard Development Company, L.P.
 ******************************************************************************/
 
+#include <limits.h> /* ULONG_MAX */
 #include "nspr.h"
 
 #define SLAPI_OP_FLAG_BYPASS_REFERRALS  0x40000
@@ -55,6 +56,7 @@ typedef struct acct_plugin_cfg {
 	char* spec_attr_name;
 	char* limit_attr_name;
 	int always_record_login;
+	unsigned long inactivitylimit;
 } acctPluginCfg;
 
 typedef struct accountpolicy {
-- 
cgit