[389-commits] ldap/schema ldap/servers

Fri Apr 27 16:42:01 UTC 2012

ldap/schema/01core389.ldif      |    1 +
 ldap/servers/slapd/libglobs.c   |   18 ++++++++++++++++++
 ldap/servers/slapd/proto-slap.h |    1 +
 ldap/servers/slapd/pw.c         |   14 ++++++++++++++
 ldap/servers/slapd/slap.h       |    2 ++
 5 files changed, 36 insertions(+)

New commits:
commit 540b2787be7090e727a174c0faaa0f1b28144295
Author: Mark Reynolds <mareynol at redhat.com>
Date:   Fri Apr 27 12:31:44 2012 -0400

    Ticket #207 - [RFE] enable attribute that tracks when a password was last set
    
    Fix description:  Added a new config setting to cn=config: passwordTrackUpdateTime
                      When this is set, we add an operational attribute: pwdUpdateTime
                      to the entry when we modify the userpassword.
    
    https://fedorahosted.org/389/ticket/207
    
    Reviewed by: Noriko!

diff --git a/ldap/schema/01core389.ldif b/ldap/schema/01core389.ldif
index ebd626f..b3df639 100644
--- a/ldap/schema/01core389.ldif
+++ b/ldap/schema/01core389.ldif
@@ -132,6 +132,7 @@ attributeTypes: ( 2.16.840.1.113730.3.1.2095 NAME 'connection' DESC 'Netscape de
 attributeTypes: ( 2.16.840.1.113730.3.1.2096 NAME 'entryusn' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation X-ORIGIN 'Netscape' )
 attributeTypes: ( 2.16.840.1.113730.3.1.2113 NAME 'internalModifiersName' DESC 'plugin dn' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12  SINGLE-VALUE NO-USER-MODIFICATION  USAGE directoryOperation  X-ORIGIN '389 Directory Server' )
 attributeTypes: ( 2.16.840.1.113730.3.1.2114 NAME 'internalCreatorsName' DESC 'plugin dn' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12  SINGLE-VALUE NO-USER-MODIFICATION  USAGE directoryOperation  X-ORIGIN '389 Directory Server' )
+attributeTypes: ( 2.16.840.1.113730.3.1.2133 NAME 'pwdUpdateTime' DESC 'Last password update time' SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE USAGE directoryOperation  X-ORIGIN '389 Directory Server' )
 attributeTypes: ( 2.16.840.1.113730.3.1.2111 NAME 'tombstoneNumSubordinates'
   DESC 'count of immediate subordinates for tombstone entries'
   EQUALITY integerMatch
diff --git a/ldap/servers/slapd/libglobs.c b/ldap/servers/slapd/libglobs.c
index d5b8faf..6d0db36 100644
--- a/ldap/servers/slapd/libglobs.c
+++ b/ldap/servers/slapd/libglobs.c
@@ -376,6 +376,9 @@ static struct config_get_and_set {
 	{CONFIG_PW_IS_LEGACY, config_set_pw_is_legacy_policy,
 		NULL, 0,
 		(void**)&global_slapdFrontendConfig.pw_policy.pw_is_legacy, CONFIG_ON_OFF, NULL},
+	{CONFIG_PW_TRACK_LAST_UPDATE_TIME, config_set_pw_track_last_update_time,
+		NULL, 0,
+		(void**)&global_slapdFrontendConfig.pw_policy.pw_track_update_time, CONFIG_ON_OFF, NULL},
 	{CONFIG_AUDITLOG_MAXNUMOFLOGSPERDIR_ATTRIBUTE, NULL,
 		log_set_numlogsperdir, SLAPD_AUDIT_LOG,
 		(void**)&global_slapdFrontendConfig.auditlog_maxnumlogs, CONFIG_INT, NULL},
@@ -1021,6 +1024,7 @@ FrontendConfig_init () {
   cfg->pw_policy.pw_resetfailurecount = 600; /* 10 minutes   */ 
   cfg->pw_policy.pw_gracelimit = 0;
   cfg->pw_policy.pw_is_legacy = LDAP_ON;
+  cfg->pw_policy.pw_track_update_time = LDAP_OFF;
   cfg->pw_is_global_policy = LDAP_OFF;
 
   cfg->accesslog_logging_enabled = LDAP_ON;
@@ -2435,6 +2439,20 @@ config_set_pw_is_legacy_policy( const char *attrname, char *value, char *errorbu
 }
 
 int
+config_set_pw_track_last_update_time( const char *attrname, char *value, char *errorbuf, int apply ) {
+  int retVal = LDAP_SUCCESS;
+  slapdFrontendConfig_t *slapdFrontendConfig = getFrontendConfig();
+
+  retVal = config_set_onoff ( attrname,
+							  value,
+							  &(slapdFrontendConfig->pw_policy.pw_track_update_time),
+							  errorbuf,
+							  apply);
+
+  return retVal;
+}
+
+int
 config_set_pw_exp( const char *attrname, char *value, char *errorbuf, int apply ) {
   int retVal = LDAP_SUCCESS;
   slapdFrontendConfig_t *slapdFrontendConfig = getFrontendConfig();
diff --git a/ldap/servers/slapd/proto-slap.h b/ldap/servers/slapd/proto-slap.h
index d291be3..ea6f610 100644
--- a/ldap/servers/slapd/proto-slap.h
+++ b/ldap/servers/slapd/proto-slap.h
@@ -341,6 +341,7 @@ int config_set_pw_lockduration(const char *attrname,  char *value, char *errorbu
 int config_set_pw_resetfailurecount(const char *attrname,  char *value, char *errorbuf, int apply );
 int config_set_pw_is_global_policy(const char *attrname,  char *value, char *errorbuf, int apply );
 int config_set_pw_is_legacy_policy(const char *attrname,  char *value, char *errorbuf, int apply );
+int config_set_pw_track_last_update_time(const char *attrname,  char *value, char *errorbuf, int apply );
 int config_set_pw_gracelimit(const char *attrname,  char *value, char *errorbuf, int apply );
 int config_set_useroc(const char *attrname,  char *value, char *errorbuf, int apply );
 int config_set_return_exact_case(const char *attrname,  char *value, char *errorbuf, int apply );
diff --git a/ldap/servers/slapd/pw.c b/ldap/servers/slapd/pw.c
index a6d6400..8cef61d 100644
--- a/ldap/servers/slapd/pw.c
+++ b/ldap/servers/slapd/pw.c
@@ -611,6 +611,13 @@ update_pw_info ( Slapi_PBlock *pb , char *old_pw) {
 
 	slapi_mods_init(&smods, 0);
 	
+	/* Update the "pwdUpdateTime" attribute */
+	if ( pwpolicy->pw_track_update_time ){
+		timestr = format_genTime(cur_time);
+		slapi_mods_add_string(&smods, LDAP_MOD_REPLACE, "pwdUpdateTime",timestr);
+		slapi_ch_free((void **)&timestr);
+	}
+
 	/* update password allow change time */
 	if ( pwpolicy->pw_minage != 0) {
 		timestr = format_genTime( time_plus_sec( cur_time, 
@@ -1817,6 +1824,13 @@ new_passwdPolicy(Slapi_PBlock *pb, const char *dn)
 						pw_boolean_str2value(slapi_value_get_string(*sval));
 					}
 				}
+				else
+				if (!strcasecmp(attr_name, "passwordTrackUpdateTime")) {
+					if ((sval = attr_get_present_values(attr))) {
+						pwdpolicy->pw_track_update_time =
+						pw_boolean_str2value(slapi_value_get_string(*sval));
+					}
+				}
 			} /* end of for() loop */
 			if (pw_entry) {
 				slapi_entry_free(pw_entry);
diff --git a/ldap/servers/slapd/slap.h b/ldap/servers/slapd/slap.h
index 54a921e..2e4db56 100644
--- a/ldap/servers/slapd/slap.h
+++ b/ldap/servers/slapd/slap.h
@@ -1956,6 +1956,7 @@ typedef struct _slapdEntryPoints {
 #define CONFIG_PW_ISGLOBAL_ATTRIBUTE "passwordIsGlobalPolicy"
 #define CONFIG_PW_GRACELIMIT_ATTRIBUTE "passwordGraceLimit"
 #define CONFIG_PW_IS_LEGACY "passwordLegacyPolicy"
+#define CONFIG_PW_TRACK_LAST_UPDATE_TIME "passwordTrackUpdateTime"
 #define CONFIG_ACCESSLOG_BUFFERING_ATTRIBUTE "nsslapd-accesslog-logbuffering"
 #define CONFIG_CSNLOGGING_ATTRIBUTE "nsslapd-csnlogging"
 #define CONFIG_RETURN_EXACT_CASE_ATTRIBUTE "nsslapd-return-exact-case"
@@ -2044,6 +2045,7 @@ typedef struct passwordpolicyarray {
   long pw_resetfailurecount;
   int pw_gracelimit;
   int pw_is_legacy;
+  int pw_track_update_time;
   struct pw_scheme *pw_storagescheme;
 } passwdPolicy;
 


