Simplify date manipulation in pwd plugin

Use a helper function to perform operations on dates in LDAP attributes.

Related to #2795

Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: David Kupka <dkupka@redhat.com>

3 files changed, 51 insertions, 50 deletions

diff --git a/daemons/ipa-slapi-plugins/ipa-pwd-extop/common.c b/daemons/ipa-slapi-plugins/ipa-pwd-extop/common.c
index 0bb50fc31..cab7b7c7b 100644
--- a/daemons/ipa-slapi-plugins/ipa-pwd-extop/common.c
+++ b/daemons/ipa-slapi-plugins/ipa-pwd-extop/common.c
@@ -702,6 +702,33 @@ next:
     return kvno;
 }
 
+int ipapwd_setdate(Slapi_Entry *source, Slapi_Mods *smods, const char *attr,
+                   time_t date, bool remove)
+{
+    char timestr[GENERALIZED_TIME_LENGTH+1];
+    struct tm utctime;
+    Slapi_Attr *t;
+    bool exists;
+
+    exists = (slapi_entry_attr_find(source, attr, &t) == 0);
+
+    if (remove) {
+        if (exists) {
+             slapi_mods_add_mod_values(smods, LDAP_MOD_DELETE, attr, NULL);
+        }
+        return LDAP_SUCCESS;
+    }
+
+    if (!gmtime_r(&date, &utctime)) {
+        LOG_FATAL("failed to convert %s date\n", attr);
+        return LDAP_OPERATIONS_ERROR;
+    }
+    strftime(timestr, GENERALIZED_TIME_LENGTH + 1, "%Y%m%d%H%M%SZ", &utctime);
+    slapi_mods_add_string(smods, exists ?  LDAP_MOD_REPLACE : LDAP_MOD_ADD,
+                          attr, timestr);
+    return LDAP_SUCCESS;
+}
+
 /* Modify the Password attributes of the entry */
 int ipapwd_SetPassword(struct ipapwd_krbcfg *krbcfg,
                        struct ipapwd_data *data, int is_krb)
@@ -711,8 +738,6 @@ int ipapwd_SetPassword(struct ipapwd_krbcfg *krbcfg,
     Slapi_Value **svals = NULL;
     Slapi_Value **ntvals = NULL;
     Slapi_Value **pwvals = NULL;
-    struct tm utctime;
-    char timestr[GENERALIZED_TIME_LENGTH+1];
     char *nt = NULL;
     int is_smb = 0;
     int is_ipant = 0;
@@ -764,34 +789,19 @@ int ipapwd_SetPassword(struct ipapwd_krbcfg *krbcfg,
 		 * keytab so don't set it on hosts.
 		 */
         if (!is_host) {
-	        /* change Last Password Change field with the current date */
-			if (!gmtime_r(&(data->timeNow), &utctime)) {
-				LOG_FATAL("failed to retrieve current date (buggy gmtime_r ?)\n");
-				ret = LDAP_OPERATIONS_ERROR;
-				goto free_and_return;
-			}
-			strftime(timestr, GENERALIZED_TIME_LENGTH + 1,
-                 "%Y%m%d%H%M%SZ", &utctime);
-			slapi_mods_add_string(smods, LDAP_MOD_REPLACE,
-                              "krbLastPwdChange", timestr);
-
-			/* set Password Expiration date */
-			if (!gmtime_r(&(data->expireTime), &utctime)) {
-				LOG_FATAL("failed to convert expiration date\n");
-				ret = LDAP_OPERATIONS_ERROR;
-				goto free_and_return;
-			}
-			strftime(timestr, GENERALIZED_TIME_LENGTH + 1,
-                 "%Y%m%d%H%M%SZ", &utctime);
-			slapi_mods_add_string(smods, LDAP_MOD_REPLACE,
-                              "krbPasswordExpiration", timestr);
-			if (data->expireTime == 0) {
-			    slapi_mods_add_string(smods, LDAP_MOD_DELETE,
-			                          "krbPasswordExpiration", timestr);
-			}
-
-		}
+	    /* change Last Password Change field with the current date */
+            ret = ipapwd_setdate(data->target, smods, "krbLastPwdChange",
+                                 data->timeNow, false);
+            if (ret != LDAP_SUCCESS)
+                goto free_and_return;
+
+	    /* set Password Expiration date */
+            ret = ipapwd_setdate(data->target, smods, "krbPasswordExpiration",
+                                 data->expireTime, (data->expireTime == 0));
+            if (ret != LDAP_SUCCESS)
+                goto free_and_return;
 	}
+    }
 
     if (nt && is_smb) {
         slapi_mods_add_string(smods, LDAP_MOD_REPLACE,
diff --git a/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd.h b/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd.h
index 83c022263..e96aa44d2 100644
--- a/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd.h
+++ b/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd.h
@@ -119,6 +119,8 @@ int ipapwd_gen_checks(Slapi_PBlock *pb, char **errMesg,
 int ipapwd_CheckPolicy(struct ipapwd_data *data);
 int ipapwd_getEntry(const char *dn, Slapi_Entry **e2, char **attrlist);
 int ipapwd_get_cur_kvno(Slapi_Entry *target);
+int ipapwd_setdate(Slapi_Entry *source, Slapi_Mods *smods, const char *attr,
+                   time_t date, bool remove);
 int ipapwd_SetPassword(struct ipapwd_krbcfg *krbcfg,
                        struct ipapwd_data *data, int is_krb);
 Slapi_Value **ipapwd_setPasswordHistory(Slapi_Mods *smods,
diff --git a/daemons/ipa-slapi-plugins/ipa-pwd-extop/prepost.c b/daemons/ipa-slapi-plugins/ipa-pwd-extop/prepost.c
index 9d923d6fb..c62eae334 100644
--- a/daemons/ipa-slapi-plugins/ipa-pwd-extop/prepost.c
+++ b/daemons/ipa-slapi-plugins/ipa-pwd-extop/prepost.c
@@ -1028,8 +1028,6 @@ static int ipapwd_post_modadd(Slapi_PBlock *pb)
     struct ipapwd_operation *pwdop = NULL;
     Slapi_Mods *smods;
     Slapi_Value **pwvals;
-    struct tm utctime;
-    char timestr[GENERALIZED_TIME_LENGTH+1];
     int ret;
     char *errMsg = "Internal operations error\n";
     struct ipapwd_krbcfg *krbcfg = NULL;
@@ -1115,29 +1113,19 @@ static int ipapwd_post_modadd(Slapi_PBlock *pb)
             (slapi_entry_attr_has_syntax_value(pwdop->pwdata.target,
                                     SLAPI_ATTR_OBJECTCLASS, ipahost)) == 0) {
             /* set Password Expiration date */
-            if (!gmtime_r(&(pwdop->pwdata.expireTime), &utctime)) {
-                LOG_FATAL("failed to parse expiration date (buggy gmtime_r ?)\n");
+            ret = ipapwd_setdate(pwdop->pwdata.target, smods,
+                                 "krbPasswordExpiration",
+                                 pwdop->pwdata.expireTime,
+                                 (pwdop->pwdata.expireTime == 0));
+            if (ret != LDAP_SUCCESS)
                 goto done;
-            }
-            strftime(timestr, GENERALIZED_TIME_LENGTH+1,
-                     "%Y%m%d%H%M%SZ", &utctime);
-            slapi_mods_add_string(smods, LDAP_MOD_REPLACE,
-                                  "krbPasswordExpiration", timestr);
-			if (pwdop->pwdata.expireTime == 0) {
-			    slapi_mods_add_string(smods, LDAP_MOD_DELETE,
-			                          "krbPasswordExpiration", timestr);
-			}
 
             /* change Last Password Change field with the current date */
-            if (!gmtime_r(&(pwdop->pwdata.timeNow), &utctime)) {
-                LOG_FATAL("failed to parse current date (buggy gmtime_r ?)\n");
-                slapi_value_free(&ipahost);
+            ret = ipapwd_setdate(pwdop->pwdata.target, smods,
+                                 "krbLastPwdChange",
+                                 pwdop->pwdata.timeNow, false);
+            if (ret != LDAP_SUCCESS)
                 goto done;
-            }
-            strftime(timestr, GENERALIZED_TIME_LENGTH+1,
-                     "%Y%m%d%H%M%SZ", &utctime);
-            slapi_mods_add_string(smods, LDAP_MOD_REPLACE,
-                                  "krbLastPwdChange", timestr);
         }
         slapi_value_free(&ipahost);
     }
@@ -1391,6 +1379,7 @@ static int ipapwd_pre_bind(Slapi_PBlock *pb)
         SLAPI_USERPWD_ATTR, "ipaUserAuthType", "krbprincipalkey", "uid",
         "krbprincipalname", "objectclass", "passwordexpirationtime",
         "passwordhistory", "krbprincipalexpiration", "krbcanonicalname",
+        "krbPasswordExpiration", "krblastpwchange",
         NULL
     };
     struct berval *credentials = NULL;