1 /* database.c - deals with database subsystem */
3 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
5 * Copyright 2001-2014 The OpenLDAP Foundation.
6 * Portions Copyright 2001-2003 Pierangelo Masarati.
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted only as authorized by the OpenLDAP
13 * A copy of this license is available in file LICENSE in the
14 * top-level directory of the distribution or, alternatively, at
15 * <http://www.OpenLDAP.org/license.html>.
18 * This work was initially developed by Pierangelo Masarati for inclusion
19 * in OpenLDAP Software.
25 #include <ac/string.h>
26 #include <ac/unistd.h>
29 #include "back-monitor.h"
31 #if defined(LDAP_SLAPI)
33 static int monitor_back_add_plugin( monitor_info_t *mi, Backend *be, Entry *e );
34 #endif /* defined(LDAP_SLAPI) */
37 monitor_subsys_database_modify(
42 static struct restricted_ops_t {
45 } restricted_ops[] = {
46 { BER_BVC( "add" ), SLAP_RESTRICT_OP_ADD },
47 { BER_BVC( "bind" ), SLAP_RESTRICT_OP_BIND },
48 { BER_BVC( "compare" ), SLAP_RESTRICT_OP_COMPARE },
49 { BER_BVC( "delete" ), SLAP_RESTRICT_OP_DELETE },
50 { BER_BVC( "extended" ), SLAP_RESTRICT_OP_EXTENDED },
51 { BER_BVC( "modify" ), SLAP_RESTRICT_OP_MODIFY },
52 { BER_BVC( "rename" ), SLAP_RESTRICT_OP_RENAME },
53 { BER_BVC( "search" ), SLAP_RESTRICT_OP_SEARCH },
55 }, restricted_exops[] = {
56 { BER_BVC( LDAP_EXOP_START_TLS ), SLAP_RESTRICT_EXOP_START_TLS },
57 { BER_BVC( LDAP_EXOP_MODIFY_PASSWD ), SLAP_RESTRICT_EXOP_MODIFY_PASSWD },
58 { BER_BVC( LDAP_EXOP_WHO_AM_I ), SLAP_RESTRICT_EXOP_WHOAMI },
59 { BER_BVC( LDAP_EXOP_CANCEL ), SLAP_RESTRICT_EXOP_CANCEL },
64 init_readOnly( monitor_info_t *mi, Entry *e, slap_mask_t restrictops )
66 struct berval *tf = ( ( restrictops & SLAP_RESTRICT_OP_MASK ) == SLAP_RESTRICT_OP_WRITES ) ?
67 (struct berval *)&slap_true_bv : (struct berval *)&slap_false_bv;
69 return attr_merge_one( e, mi->mi_ad_readOnly, tf, NULL );
73 init_restrictedOperation( monitor_info_t *mi, Entry *e, slap_mask_t restrictops )
77 for ( i = 0; restricted_ops[ i ].op.bv_val; i++ ) {
78 if ( restrictops & restricted_ops[ i ].tag ) {
79 rc = attr_merge_one( e, mi->mi_ad_restrictedOperation,
80 &restricted_ops[ i ].op,
81 &restricted_ops[ i ].op );
88 for ( i = 0; restricted_exops[ i ].op.bv_val; i++ ) {
89 if ( restrictops & restricted_exops[ i ].tag ) {
90 rc = attr_merge_one( e, mi->mi_ad_restrictedOperation,
91 &restricted_exops[ i ].op,
92 &restricted_exops[ i ].op );
103 monitor_subsys_overlay_init_one(
106 monitor_subsys_t *ms,
107 monitor_subsys_t *ms_overlay,
112 char buf[ BACKMONITOR_BUFSIZE ];
116 slap_overinfo *oi = NULL;
118 monitor_entry_t *mp_overlay;
121 assert( overlay_is_over( be ) );
123 oi = (slap_overinfo *)be->bd_info->bi_private;
126 /* find the overlay number, o */
127 for ( o = 0, on2 = oi->oi_list; on2 && on2 != on; on2 = on2->on_next, o++ )
134 /* find the overlay type number, j */
135 for ( on2 = overlay_next( NULL ), j = 0; on2; on2 = overlay_next( on2 ), j++ ) {
136 if ( on2->on_bi.bi_type == on->on_bi.bi_type ) {
140 assert( on2 != NULL );
142 bv.bv_len = snprintf( buf, sizeof( buf ), "cn=Overlay %d", o );
145 e_overlay = monitor_entry_stub( &e_database->e_name, &e_database->e_nname, &bv,
146 mi->mi_oc_monitoredObject, NULL, NULL );
148 if ( e_overlay == NULL ) {
149 Debug( LDAP_DEBUG_ANY,
150 "monitor_subsys_overlay_init_one: "
151 "unable to create entry "
152 "\"cn=Overlay %d,%s\"\n",
153 o, e_database->e_name.bv_val, 0 );
156 ber_str2bv( on->on_bi.bi_type, 0, 0, &bv );
157 attr_merge_normalize_one( e_overlay, mi->mi_ad_monitoredInfo, &bv, NULL );
159 bv.bv_len = snprintf( buf, sizeof( buf ), "cn=Overlay %d,%s",
160 j, ms_overlay->mss_dn.bv_val );
162 attr_merge_normalize_one( e_overlay, slap_schema.si_ad_seeAlso,
165 if ( SLAP_MONITOR( be ) ) {
166 attr_merge( e_overlay, slap_schema.si_ad_monitorContext,
167 be->be_suffix, be->be_nsuffix );
170 attr_merge( e_overlay, slap_schema.si_ad_namingContexts,
171 be->be_suffix, NULL );
174 mp_overlay = monitor_entrypriv_create();
175 if ( mp_overlay == NULL ) {
178 e_overlay->e_private = ( void * )mp_overlay;
179 mp_overlay->mp_info = ms;
180 mp_overlay->mp_flags = ms->mss_flags | MONITOR_F_SUB;
182 if ( monitor_cache_add( mi, e_overlay ) ) {
183 Debug( LDAP_DEBUG_ANY,
184 "monitor_subsys_overlay_init_one: "
185 "unable to add entry "
186 "\"cn=Overlay %d,%s\"\n",
187 o, e_database->e_name.bv_val, 0 );
191 *ep_overlay = e_overlay;
192 ep_overlay = &mp_overlay->mp_next;
198 monitor_subsys_database_init_one(
201 monitor_subsys_t *ms,
202 monitor_subsys_t *ms_backend,
203 monitor_subsys_t *ms_overlay,
208 char buf[ BACKMONITOR_BUFSIZE ];
210 slap_overinfo *oi = NULL;
211 BackendInfo *bi, *bi2;
214 char *rdnval = strchr( rdn->bv_val, '=' ) + 1;
219 if ( be->be_suffix == NULL ) {
220 Debug( LDAP_DEBUG_ANY,
221 "monitor_subsys_database_init_one: "
222 "missing suffix for %s\n",
227 if ( overlay_is_over( be ) ) {
228 oi = (slap_overinfo *)be->bd_info->bi_private;
232 e = monitor_entry_stub( &ms->mss_dn, &ms->mss_ndn, rdn,
233 mi->mi_oc_monitoredObject, NULL, NULL );
236 Debug( LDAP_DEBUG_ANY,
237 "monitor_subsys_database_init_one: "
238 "unable to create entry \"%s,%s\"\n",
239 rdn->bv_val, ms->mss_dn.bv_val, 0 );
243 ber_str2bv( bi->bi_type, 0, 0, &bv );
244 attr_merge_normalize_one( e, mi->mi_ad_monitoredInfo, &bv, NULL );
245 attr_merge_one( e, mi->mi_ad_monitorIsShadow,
246 SLAP_SHADOW( be ) ? (struct berval *)&slap_true_bv :
247 (struct berval *)&slap_false_bv, NULL );
249 if ( SLAP_MONITOR( be ) ) {
250 attr_merge( e, slap_schema.si_ad_monitorContext,
251 be->be_suffix, be->be_nsuffix );
252 attr_merge( e_database, slap_schema.si_ad_monitorContext,
253 be->be_suffix, be->be_nsuffix );
256 attr_merge( e, slap_schema.si_ad_namingContexts,
257 be->be_suffix, NULL );
258 attr_merge( e_database, slap_schema.si_ad_namingContexts,
259 be->be_suffix, NULL );
261 if ( SLAP_GLUE_SUBORDINATE( be ) ) {
262 BackendDB *sup_be = select_backend( &be->be_nsuffix[ 0 ], 1 );
263 if ( sup_be == NULL ) {
264 Debug( LDAP_DEBUG_ANY,
265 "monitor_subsys_database_init: "
266 "unable to get superior for %s\n",
267 be->be_suffix[ 0 ].bv_val, 0, 0 );
270 attr_merge( e, mi->mi_ad_monitorSuperiorDN,
271 sup_be->be_suffix, sup_be->be_nsuffix );
276 (void)init_readOnly( mi, e, be->be_restrictops );
277 (void)init_restrictedOperation( mi, e, be->be_restrictops );
279 if ( SLAP_SHADOW( be ) && be->be_update_refs ) {
280 attr_merge_normalize( e, mi->mi_ad_monitorUpdateRef,
281 be->be_update_refs, NULL );
285 slap_overinst *on = oi->oi_list,
288 for ( ; on; on = on->on_next ) {
291 for ( on2 = on1; on2 != on; on2 = on2->on_next ) {
292 if ( on2->on_bi.bi_type == on->on_bi.bi_type ) {
301 ber_str2bv( on->on_bi.bi_type, 0, 0, &bv );
302 attr_merge_normalize_one( e, mi->mi_ad_monitorOverlay,
305 /* find the overlay number, j */
306 for ( on2 = overlay_next( NULL ), j = 0; on2; on2 = overlay_next( on2 ), j++ ) {
307 if ( on2->on_bi.bi_type == on->on_bi.bi_type ) {
311 assert( on2 != NULL );
313 snprintf( buf, sizeof( buf ),
315 j, ms_overlay->mss_dn.bv_val );
316 ber_str2bv( buf, 0, 0, &bv );
317 attr_merge_normalize_one( e,
318 slap_schema.si_ad_seeAlso,
324 LDAP_STAILQ_FOREACH( bi2, &backendInfo, bi_next ) {
326 if ( bi2->bi_type == bi->bi_type ) {
327 snprintf( buf, sizeof( buf ),
329 j, ms_backend->mss_dn.bv_val );
331 bv.bv_len = strlen( buf );
332 attr_merge_normalize_one( e,
333 slap_schema.si_ad_seeAlso,
338 /* we must find it! */
341 mp = monitor_entrypriv_create();
345 e->e_private = ( void * )mp;
347 mp->mp_flags = ms->mss_flags
350 if ( monitor_cache_add( mi, e ) ) {
351 Debug( LDAP_DEBUG_ANY,
352 "monitor_subsys_database_init_one: "
353 "unable to add entry \"%s,%s\"\n",
354 rdn->bv_val, ms->mss_dn.bv_val, 0 );
358 #if defined(LDAP_SLAPI)
359 monitor_back_add_plugin( mi, be, e );
360 #endif /* defined(LDAP_SLAPI) */
363 Entry **ep_overlay = &mp->mp_children;
364 slap_overinst *on = oi->oi_list;
366 for ( ; on; on = on->on_next ) {
367 monitor_subsys_overlay_init_one( mi, be,
368 ms, ms_overlay, on, e, ep_overlay );
379 monitor_back_register_database_and_overlay(
381 struct slap_overinst *on,
382 struct berval *ndn_out )
385 Entry *e_database, **ep;
388 monitor_subsys_t *ms_backend,
392 char buf[ BACKMONITOR_BUFSIZE ];
394 assert( be_monitor != NULL );
396 if ( !monitor_subsys_is_opened() ) {
398 return monitor_back_register_overlay_limbo( be, on, ndn_out );
401 return monitor_back_register_database_limbo( be, ndn_out );
405 mi = ( monitor_info_t * )be_monitor->be_private;
407 ms_backend = monitor_back_get_subsys( SLAPD_MONITOR_BACKEND_NAME );
408 if ( ms_backend == NULL ) {
409 Debug( LDAP_DEBUG_ANY,
410 "monitor_back_register_database: "
412 "\"" SLAPD_MONITOR_BACKEND_NAME "\" "
418 ms_database = monitor_back_get_subsys( SLAPD_MONITOR_DATABASE_NAME );
419 if ( ms_database == NULL ) {
420 Debug( LDAP_DEBUG_ANY,
421 "monitor_back_register_database: "
423 "\"" SLAPD_MONITOR_DATABASE_NAME "\" "
429 ms_overlay = monitor_back_get_subsys( SLAPD_MONITOR_OVERLAY_NAME );
430 if ( ms_overlay == NULL ) {
431 Debug( LDAP_DEBUG_ANY,
432 "monitor_back_register_database: "
434 "\"" SLAPD_MONITOR_OVERLAY_NAME "\" "
440 if ( monitor_cache_get( mi, &ms_database->mss_ndn, &e_database ) ) {
441 Debug( LDAP_DEBUG_ANY,
442 "monitor_subsys_database_init: "
443 "unable to get entry \"%s\"\n",
444 ms_database->mss_ndn.bv_val, 0, 0 );
448 mp = ( monitor_entry_t * )e_database->e_private;
449 for ( i = -1, ep = &mp->mp_children; *ep; i++ ) {
452 a = attr_find( (*ep)->e_attrs, slap_schema.si_ad_namingContexts );
456 /* FIXME: RFC 4512 defines namingContexts without an
457 * equality matching rule, making comparisons
458 * like this one tricky. We use a_vals and
459 * be_suffix instead for now.
461 for ( j = 0; !BER_BVISNULL( &a->a_vals[ j ] ); j++ ) {
462 for ( k = 0; !BER_BVISNULL( &be->be_suffix[ k ] ); k++ ) {
463 if ( dn_match( &a->a_vals[ j ],
464 &be->be_suffix[ k ] ) ) {
472 mp = ( monitor_entry_t * )(*ep)->e_private;
474 assert( mp != NULL );
479 bv.bv_len = snprintf( buf, sizeof( buf ), "cn=Database %d", i );
480 if ( bv.bv_len >= sizeof( buf ) ) {
485 rc = monitor_subsys_database_init_one( mi, be,
486 ms_database, ms_backend, ms_overlay, &bv, e_database, &ep );
490 /* database_init_one advanced ep past where we want.
491 * But it stored the entry we want in mp->mp_next.
496 monitor_cache_release( mi, e_database );
497 if ( rc == 0 && ndn_out && ep && *ep ) {
500 struct berval ov_type;
502 ber_str2bv( on->on_bi.bi_type, 0, 0, &ov_type );
504 mp = ( monitor_entry_t * ) (*ep)->e_private;
505 for ( e_ov = mp->mp_children; e_ov; ) {
506 Attribute *a = attr_find( e_ov->e_attrs, mi->mi_ad_monitoredInfo );
508 if ( a != NULL && bvmatch( &a->a_nvals[ 0 ], &ov_type ) ) {
509 *ndn_out = e_ov->e_nname;
513 mp = ( monitor_entry_t * ) e_ov->e_private;
518 *ndn_out = (*ep)->e_nname;
526 monitor_back_register_database(
528 struct berval *ndn_out )
530 return monitor_back_register_database_and_overlay( be, NULL, ndn_out );
534 monitor_back_register_overlay(
536 struct slap_overinst *on,
537 struct berval *ndn_out )
539 return monitor_back_register_database_and_overlay( be, on, ndn_out );
543 monitor_subsys_database_init(
545 monitor_subsys_t *ms )
548 Entry *e_database, **ep;
551 monitor_subsys_t *ms_backend,
555 assert( be != NULL );
557 ms->mss_modify = monitor_subsys_database_modify;
559 mi = ( monitor_info_t * )be->be_private;
561 ms_backend = monitor_back_get_subsys( SLAPD_MONITOR_BACKEND_NAME );
562 if ( ms_backend == NULL ) {
563 Debug( LDAP_DEBUG_ANY,
564 "monitor_subsys_database_init: "
566 "\"" SLAPD_MONITOR_BACKEND_NAME "\" "
572 ms_overlay = monitor_back_get_subsys( SLAPD_MONITOR_OVERLAY_NAME );
573 if ( ms_overlay == NULL ) {
574 Debug( LDAP_DEBUG_ANY,
575 "monitor_subsys_database_init: "
577 "\"" SLAPD_MONITOR_OVERLAY_NAME "\" "
583 if ( monitor_cache_get( mi, &ms->mss_ndn, &e_database ) ) {
584 Debug( LDAP_DEBUG_ANY,
585 "monitor_subsys_database_init: "
586 "unable to get entry \"%s\"\n",
587 ms->mss_ndn.bv_val, 0, 0 );
591 (void)init_readOnly( mi, e_database, frontendDB->be_restrictops );
592 (void)init_restrictedOperation( mi, e_database, frontendDB->be_restrictops );
594 mp = ( monitor_entry_t * )e_database->e_private;
595 mp->mp_children = NULL;
596 ep = &mp->mp_children;
598 BER_BVSTR( &bv, "cn=Frontend" );
599 rc = monitor_subsys_database_init_one( mi, frontendDB,
600 ms, ms_backend, ms_overlay, &bv, e_database, &ep );
606 LDAP_STAILQ_FOREACH( be, &backendDB, be_next ) {
607 char buf[ BACKMONITOR_BUFSIZE ];
610 bv.bv_len = snprintf( buf, sizeof( buf ), "cn=Database %d", ++i );
611 if ( bv.bv_len >= sizeof( buf ) ) {
615 rc = monitor_subsys_database_init_one( mi, be,
616 ms, ms_backend, ms_overlay, &bv, e_database, &ep );
622 monitor_cache_release( mi, e_database );
629 * cur: must not contain the tags corresponding to the values in v
630 * delta: will contain the tags corresponding to the values in v
633 value_mask( BerVarray v, slap_mask_t cur, slap_mask_t *delta )
635 for ( ; !BER_BVISNULL( v ); v++ ) {
636 struct restricted_ops_t *rops;
639 if ( OID_LEADCHAR( v->bv_val[ 0 ] ) ) {
640 rops = restricted_exops;
643 rops = restricted_ops;
646 for ( i = 0; !BER_BVISNULL( &rops[ i ].op ); i++ ) {
647 if ( ber_bvstrcasecmp( v, &rops[ i ].op ) != 0 ) {
651 if ( rops[ i ].tag & *delta ) {
655 if ( rops[ i ].tag & cur ) {
659 cur |= rops[ i ].tag;
660 *delta |= rops[ i ].tag;
665 if ( BER_BVISNULL( &rops[ i ].op ) ) {
666 return LDAP_INVALID_SYNTAX;
674 monitor_subsys_database_modify(
679 monitor_info_t *mi = (monitor_info_t *)op->o_bd->be_private;
681 Attribute *save_attrs, *a;
684 int ro_gotval = 1, i, n;
685 slap_mask_t rp_add = 0, rp_delete = 0, rp_cur;
688 i = sscanf( e->e_nname.bv_val, "cn=database %d,", &n );
690 return SLAP_CB_CONTINUE;
693 if ( n < 0 || n >= nBackendDB ) {
694 rs->sr_text = "invalid database index";
695 return ( rs->sr_err = LDAP_NO_SUCH_OBJECT );
698 LDAP_STAILQ_FOREACH( be, &backendDB, be_next ) {
704 /* do not allow some changes on back-monitor (needs work)... */
705 if ( SLAP_MONITOR( be ) ) {
706 rs->sr_text = "no modifications allowed to monitor database entry";
707 return ( rs->sr_err = LDAP_UNWILLING_TO_PERFORM );
710 rp_cur = be->be_restrictops;
712 save_attrs = e->e_attrs;
713 e->e_attrs = attrs_dup( e->e_attrs );
715 for ( ml = op->orm_modlist; ml; ml = ml->sml_next ) {
716 Modification *mod = &ml->sml_mod;
718 if ( mod->sm_desc == mi->mi_ad_readOnly ) {
721 if ( mod->sm_values ) {
722 if ( !BER_BVISNULL( &mod->sm_values[ 1 ] ) ) {
723 rs->sr_text = "attempting to modify multiple values of single-valued attribute";
724 rc = rs->sr_err = LDAP_CONSTRAINT_VIOLATION;
728 if ( bvmatch( &slap_true_bv, mod->sm_values )) {
731 } else if ( bvmatch( &slap_false_bv, mod->sm_values )) {
736 rc = rs->sr_err = LDAP_INVALID_SYNTAX;
741 switch ( mod->sm_op ) {
742 case LDAP_MOD_DELETE:
743 if ( ro_gotval < 1 ) {
744 rc = rs->sr_err = LDAP_CONSTRAINT_VIOLATION;
749 if ( val == 0 && ( rp_cur & SLAP_RESTRICT_OP_WRITES ) == SLAP_RESTRICT_OP_WRITES ) {
750 rc = rs->sr_err = LDAP_NO_SUCH_ATTRIBUTE;
754 if ( val == 1 && ( rp_cur & SLAP_RESTRICT_OP_WRITES ) != SLAP_RESTRICT_OP_WRITES ) {
755 rc = rs->sr_err = LDAP_NO_SUCH_ATTRIBUTE;
761 case LDAP_MOD_REPLACE:
766 if ( ro_gotval > 0 ) {
767 rc = rs->sr_err = LDAP_CONSTRAINT_VIOLATION;
773 rp_add |= (~rp_cur) & SLAP_RESTRICT_OP_WRITES;
774 rp_cur |= SLAP_RESTRICT_OP_WRITES;
775 rp_delete &= ~SLAP_RESTRICT_OP_WRITES;
777 } else if ( val == 0 ) {
778 rp_delete |= rp_cur & SLAP_RESTRICT_OP_WRITES;
779 rp_cur &= ~SLAP_RESTRICT_OP_WRITES;
780 rp_add &= ~SLAP_RESTRICT_OP_WRITES;
785 rc = rs->sr_err = LDAP_OTHER;
789 } else if ( mod->sm_desc == mi->mi_ad_restrictedOperation ) {
790 slap_mask_t mask = 0;
792 switch ( mod->sm_op ) {
793 case LDAP_MOD_DELETE:
794 if ( mod->sm_values == NULL ) {
800 rc = value_mask( mod->sm_values, ~rp_cur, &mask );
801 if ( rc == LDAP_SUCCESS ) {
806 } else if ( rc == LDAP_OTHER ) {
807 rc = LDAP_NO_SUCH_ATTRIBUTE;
811 case LDAP_MOD_REPLACE:
818 rc = value_mask( mod->sm_values, rp_cur, &mask );
819 if ( rc == LDAP_SUCCESS ) {
824 } else if ( rc == LDAP_OTHER ) {
825 rc = rs->sr_err = LDAP_TYPE_OR_VALUE_EXISTS;
830 rc = rs->sr_err = LDAP_OTHER;
834 if ( rc != LDAP_SUCCESS ) {
838 } else if ( is_at_operational( mod->sm_desc->ad_type )) {
839 /* accept all operational attributes */
840 attr_delete( &e->e_attrs, mod->sm_desc );
841 rc = attr_merge( e, mod->sm_desc, mod->sm_values,
844 rc = rs->sr_err = LDAP_OTHER;
849 rc = rs->sr_err = LDAP_UNWILLING_TO_PERFORM;
855 if ( ro_gotval < 1 ) {
856 rc = rs->sr_err = LDAP_CONSTRAINT_VIOLATION;
860 if ( ( rp_cur & SLAP_RESTRICT_OP_EXTENDED ) && ( rp_cur & SLAP_RESTRICT_EXOP_MASK ) ) {
861 rc = rs->sr_err = LDAP_CONSTRAINT_VIOLATION;
865 if ( rp_delete & rp_add ) {
866 rc = rs->sr_err = LDAP_OTHER;
870 /* check current value of readOnly */
871 if ( ( rp_cur & SLAP_RESTRICT_OP_WRITES ) == SLAP_RESTRICT_OP_WRITES ) {
872 tf = (struct berval *)&slap_true_bv;
875 tf = (struct berval *)&slap_false_bv;
878 a = attr_find( e->e_attrs, mi->mi_ad_readOnly );
884 if ( !bvmatch( &a->a_vals[ 0 ], tf ) ) {
885 attr_delete( &e->e_attrs, mi->mi_ad_readOnly );
886 rc = attr_merge_one( e, mi->mi_ad_readOnly, tf, tf );
889 if ( rc == LDAP_SUCCESS ) {
891 if ( rp_delete == be->be_restrictops ) {
892 attr_delete( &e->e_attrs, mi->mi_ad_restrictedOperation );
895 a = attr_find( e->e_attrs, mi->mi_ad_restrictedOperation );
897 rc = rs->sr_err = LDAP_OTHER;
901 for ( i = 0; !BER_BVISNULL( &restricted_ops[ i ].op ); i++ ) {
902 if ( rp_delete & restricted_ops[ i ].tag ) {
905 for ( j = 0; !BER_BVISNULL( &a->a_nvals[ j ] ); j++ ) {
908 if ( !bvmatch( &a->a_nvals[ j ], &restricted_ops[ i ].op ) ) {
912 ch_free( a->a_vals[ j ].bv_val );
913 ch_free( a->a_nvals[ j ].bv_val );
915 for ( k = j + 1; !BER_BVISNULL( &a->a_nvals[ k ] ); k++ ) {
916 a->a_vals[ k - 1 ] = a->a_vals[ k ];
917 a->a_nvals[ k - 1 ] = a->a_nvals[ k ];
920 BER_BVZERO( &a->a_vals[ k - 1 ] );
921 BER_BVZERO( &a->a_nvals[ k - 1 ] );
927 for ( i = 0; !BER_BVISNULL( &restricted_exops[ i ].op ); i++ ) {
928 if ( rp_delete & restricted_exops[ i ].tag ) {
931 for ( j = 0; !BER_BVISNULL( &a->a_nvals[ j ] ); j++ ) {
934 if ( !bvmatch( &a->a_nvals[ j ], &restricted_exops[ i ].op ) ) {
938 ch_free( a->a_vals[ j ].bv_val );
939 ch_free( a->a_nvals[ j ].bv_val );
941 for ( k = j + 1; !BER_BVISNULL( &a->a_nvals[ k ] ); k++ ) {
942 a->a_vals[ k - 1 ] = a->a_vals[ k ];
943 a->a_nvals[ k - 1 ] = a->a_nvals[ k ];
946 BER_BVZERO( &a->a_vals[ k - 1 ] );
947 BER_BVZERO( &a->a_nvals[ k - 1 ] );
953 if ( a->a_vals == NULL ) {
954 assert( a->a_numvals == 0 );
956 attr_delete( &e->e_attrs, mi->mi_ad_restrictedOperation );
962 for ( i = 0; !BER_BVISNULL( &restricted_ops[ i ].op ); i++ ) {
963 if ( rp_add & restricted_ops[ i ].tag ) {
964 attr_merge_one( e, mi->mi_ad_restrictedOperation,
965 &restricted_ops[ i ].op,
966 &restricted_ops[ i ].op );
970 for ( i = 0; !BER_BVISNULL( &restricted_exops[ i ].op ); i++ ) {
971 if ( rp_add & restricted_exops[ i ].tag ) {
972 attr_merge_one( e, mi->mi_ad_restrictedOperation,
973 &restricted_exops[ i ].op,
974 &restricted_exops[ i ].op );
980 be->be_restrictops = rp_cur;
983 if ( rc == LDAP_SUCCESS ) {
984 attrs_free( save_attrs );
985 rc = SLAP_CB_CONTINUE;
988 Attribute *tmp = e->e_attrs;
989 e->e_attrs = save_attrs;
995 #if defined(LDAP_SLAPI)
997 monitor_back_add_plugin( monitor_info_t *mi, Backend *be, Entry *e_database )
999 Slapi_PBlock *pCurrentPB;
1000 int i, rc = LDAP_SUCCESS;
1002 if ( slapi_int_pblock_get_first( be, &pCurrentPB ) != LDAP_SUCCESS ) {
1004 * LDAP_OTHER is returned if no plugins are installed
1012 Slapi_PluginDesc *srchdesc;
1013 char buf[ BACKMONITOR_BUFSIZE ];
1016 rc = slapi_pblock_get( pCurrentPB, SLAPI_PLUGIN_DESCRIPTION,
1018 if ( rc != LDAP_SUCCESS ) {
1022 snprintf( buf, sizeof(buf),
1023 "plugin %d name: %s; "
1029 srchdesc->spd_vendor,
1030 srchdesc->spd_version,
1031 srchdesc->spd_description );
1033 snprintf( buf, sizeof(buf),
1034 "plugin %d name: <no description available>", i );
1037 ber_str2bv( buf, 0, 0, &bv );
1038 attr_merge_normalize_one( e_database,
1039 mi->mi_ad_monitoredInfo, &bv, NULL );
1043 } while ( ( slapi_int_pblock_get_next( &pCurrentPB ) == LDAP_SUCCESS )
1044 && ( pCurrentPB != NULL ) );
1049 #endif /* defined(LDAP_SLAPI) */