1 /* slapi_overlay.c - SLAPI overlay */
3 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
5 * Copyright 2001-2005 The OpenLDAP Foundation.
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted only as authorized by the OpenLDAP
12 * A copy of this license is available in the file LICENSE in the
13 * top-level directory of the distribution or, alternatively, at
14 * <http://www.OpenLDAP.org/license.html>.
17 * This work was initially developed by Luke Howard for inclusion
18 * in OpenLDAP Software.
25 #include <ac/string.h>
26 #include <ac/socket.h>
33 static slap_overinst slapi;
36 slapi_over_pblock_new ( Operation *op )
40 pb = slapi_pblock_new();
44 slapi_int_pblock_set_operation( pb, op );
50 slapi_over_compute_output(
51 computed_attr_context *c,
52 Slapi_Attr *attribute,
58 AttributeDescription *desc;
59 Operation *op = c->cac_op;
60 SlapReply *rs = (SlapReply *)c->cac_private;
62 if ( c == NULL || attribute == NULL || entry == NULL ) {
66 assert( rs->sr_entry == entry );
68 desc = attribute->a_desc;
70 if ( rs->sr_attrs == NULL ) {
71 /* All attrs request, skip operational attributes */
72 if ( is_at_operational( desc->ad_type ) ) {
76 /* Specific attributes requested */
77 if ( is_at_operational( desc->ad_type ) ) {
78 if ( !SLAP_OPATTRS( rs->sr_attr_flags ) &&
79 !ad_inlist( desc, rs->sr_attrs ) ) {
83 if ( !SLAP_USERATTRS( rs->sr_attr_flags ) &&
84 !ad_inlist( desc, rs->sr_attrs ) ) {
90 /* XXX perhaps we should check for existing attributes and merge */
91 for ( a = &rs->sr_operational_attrs; *a != NULL; a = &(*a)->a_next )
94 *a = attr_dup( attribute );
100 slapi_over_aux_operational( Operation *op, SlapReply *rs )
102 /* Support for computed attribute plugins */
103 computed_attr_context ctx;
106 ctx.cac_pb = slapi_over_pblock_new( op );
108 ctx.cac_private = rs;
110 if ( rs->sr_entry != NULL ) {
112 * For each client requested attribute, call the plugins.
114 if ( rs->sr_attrs != NULL ) {
115 for ( anp = rs->sr_attrs; anp->an_name.bv_val != NULL; anp++ ) {
116 if ( compute_evaluator( &ctx, anp->an_name.bv_val,
117 rs->sr_entry, slapi_over_compute_output ) == 1 ) {
123 * Technically we shouldn't be returning operational attributes
124 * when the user requested only user attributes. We'll let the
125 * plugin decide whether to be naughty or not.
127 compute_evaluator( &ctx, "*", rs->sr_entry, slapi_over_compute_output );
131 slapi_pblock_destroy( ctx.cac_pb );
133 return SLAP_CB_CONTINUE;
137 slapi_over_search( Operation *op, SlapReply *rs, int type )
142 assert( rs->sr_type == REP_SEARCH || rs->sr_type == REP_SEARCHREF );
144 /* create a new pblock to not trample on result controls */
145 pb = slapi_over_pblock_new( op );
147 slapi_pblock_set( pb, SLAPI_RESCONTROLS, (void *)rs->sr_ctrls );
148 slapi_pblock_set( pb, SLAPI_SEARCH_RESULT_ENTRY, (void *)rs->sr_entry );
150 rc = slapi_int_call_plugins( op->o_bd, type, pb );
151 if ( rc >= 0 ) /* 1 means no plugins called */
152 rc = SLAP_CB_CONTINUE;
154 rc = LDAP_SUCCESS; /* confusing: don't abort, but don't send */
156 slapi_pblock_set( pb, SLAPI_RESCONTROLS, NULL ); /* don't free */
157 slapi_pblock_destroy(pb);
163 slapi_over_count_controls( LDAPControl **controls )
167 if ( controls == NULL )
170 for ( i = 0; controls[i] != NULL; i++ )
177 slapi_over_merge_controls( Operation *op, SlapReply *rs )
179 Slapi_PBlock *pb = SLAPI_OPERATION_PBLOCK( op );
180 LDAPControl **slapiControls = NULL, **mergedControls;
181 int nSlapiControls = 0;
182 int nResControls = 0;
185 slapi_pblock_get( pb, SLAPI_RESCONTROLS, (void **)&slapiControls );
186 nSlapiControls = slapi_over_count_controls( slapiControls );
188 if ( nSlapiControls == 0 ) {
193 nResControls = slapi_over_count_controls( rs->sr_ctrls );
195 /* XXX this is a bit tricky, rs->sr_ctrls may have been allocated on stack */
196 mergedControls = (LDAPControl **)op->o_tmpalloc( ( nResControls + nSlapiControls + 1 ) *
197 sizeof( LDAPControl *), op->o_tmpmemctx );
198 if ( mergedControls == NULL ) {
199 return LDAP_NO_MEMORY;
202 if ( rs->sr_ctrls != NULL ) {
203 for ( i = 0; i < nResControls; i++ )
204 mergedControls[i] = rs->sr_ctrls[i];
206 if ( slapiControls != NULL ) {
207 for ( i = 0; i < nSlapiControls; i++ )
208 mergedControls[nResControls + i] = slapiControls[i];
210 mergedControls[nResControls + nSlapiControls] = NULL;
212 if ( slapiControls != NULL ) {
213 slapi_ch_free( (void **)&slapiControls );
214 slapi_pblock_set( pb, SLAPI_RESCONTROLS, NULL ); /* don't free */
217 rs->sr_ctrls = mergedControls;
223 * Call pre- and post-result plugins
226 slapi_over_result( Operation *op, SlapReply *rs, int type )
229 Slapi_PBlock *pb = SLAPI_OPERATION_PBLOCK( op );
231 assert( rs->sr_type == REP_RESULT );
233 slapi_pblock_set( pb, SLAPI_RESULT_CODE, (void *)rs->sr_err );
234 slapi_pblock_set( pb, SLAPI_RESULT_TEXT, (void *)rs->sr_text );
235 slapi_pblock_set( pb, SLAPI_RESULT_MATCHED, (void *)rs->sr_matched );
237 rc = slapi_int_call_plugins( op->o_bd, type, pb );
239 slapi_pblock_get( pb, SLAPI_RESULT_CODE, (void **)&rs->sr_err );
240 slapi_pblock_get( pb, SLAPI_RESULT_TEXT, (void **)&rs->sr_text );
241 slapi_pblock_get( pb, SLAPI_RESULT_MATCHED, (void **)&rs->sr_matched );
243 if ( type == SLAPI_PLUGIN_PRE_RESULT_FN ) {
244 rc = slapi_over_merge_controls( op, rs );
247 return SLAP_CB_CONTINUE;
251 slapi_op_add_init( Operation *op, SlapReply *rs )
253 Slapi_PBlock *pb = SLAPI_OPERATION_PBLOCK( op );
255 slapi_pblock_set( pb, SLAPI_ADD_ENTRY, (void *)op->ora_e );
261 slapi_op_bind_preop_init( Operation *op, SlapReply *rs )
263 Slapi_PBlock *pb = SLAPI_OPERATION_PBLOCK( op );
265 slapi_pblock_set( pb, SLAPI_BIND_TARGET, (void *)op->o_req_dn.bv_val );
266 slapi_pblock_set( pb, SLAPI_BIND_METHOD, (void *)op->orb_method );
267 slapi_pblock_set( pb, SLAPI_BIND_CREDENTIALS, (void *)&op->orb_cred );
268 slapi_pblock_set( pb, SLAPI_CONN_DN, NULL );
274 slapi_op_bind_postop_init( Operation *op, SlapReply *rs )
276 Slapi_PBlock *pb = SLAPI_OPERATION_PBLOCK( op );
279 if ( rs->sr_err == LDAP_SUCCESS ) {
280 /* fix for ITS#2971 */
281 slapi_pblock_set( pb, SLAPI_CONN_DN, op->o_conn->c_authz.sai_dn.bv_val );
288 slapi_op_bind_callback( Operation *op, SlapReply *rs )
290 Slapi_PBlock *pb = SLAPI_OPERATION_PBLOCK( op );
294 case SLAPI_BIND_SUCCESS:
295 /* Continue with backend processing */
297 case SLAPI_BIND_FAIL:
298 /* Failure, frontend (that's us) sends result */
299 rs->sr_err = LDAP_INVALID_CREDENTIALS;
300 send_ldap_result( op, rs );
303 case SLAPI_BIND_ANONYMOUS: /* undocumented */
304 default: /* plugin sent result or no plugins called */
305 if ( slapi_pblock_get( pb, SLAPI_RESULT_CODE, (void **)&rs->sr_err ) != 0 ) {
306 rs->sr_err = LDAP_OTHER;
309 BER_BVZERO( &op->orb_edn );
311 if ( rs->sr_err == LDAP_SUCCESS ) {
312 slapi_pblock_get( pb, SLAPI_CONN_DN, (void *)&op->orb_edn.bv_val );
313 if ( BER_BVISNULL( &op->orb_edn ) ) {
315 /* No plugins were called; continue processing */
319 op->orb_edn.bv_len = strlen( op->orb_edn.bv_val );
321 rs->sr_err = dnPrettyNormal( NULL, &op->orb_edn,
322 &op->o_req_dn, &op->o_req_ndn, op->o_tmpmemctx );
324 ldap_pvt_thread_mutex_lock( &op->o_conn->c_mutex );
325 ber_dupbv(&op->o_conn->c_dn, &op->o_req_dn);
326 ber_dupbv(&op->o_conn->c_ndn, &op->o_req_ndn);
327 op->o_tmpfree( op->o_req_dn.bv_val, op->o_tmpmemctx );
328 BER_BVZERO( &op->o_req_dn );
329 op->o_tmpfree( op->o_req_ndn.bv_val, op->o_tmpmemctx );
330 BER_BVZERO( &op->o_req_ndn );
331 if ( !BER_BVISEMPTY( &op->o_conn->c_dn ) ) {
332 ber_len_t max = sockbuf_max_incoming_auth;
333 ber_sockbuf_ctrl( op->o_conn->c_sb,
334 LBER_SB_OPT_SET_MAX_INCOMING, &max );
337 /* log authorization identity */
338 Statslog( LDAP_DEBUG_STATS,
339 "%s BIND dn=\"%s\" mech=%s (SLAPI) ssf=0\n",
341 BER_BVISNULL( &op->o_conn->c_dn )
342 ? "<empty>" : op->o_conn->c_dn.bv_val,
343 op->orb_tmp_mech.bv_val, 0, 0 );
345 ldap_pvt_thread_mutex_unlock( &op->o_conn->c_mutex );
355 slapi_op_compare_init( Operation *op, SlapReply *rs )
357 Slapi_PBlock *pb = SLAPI_OPERATION_PBLOCK( op );
359 slapi_pblock_set( pb, SLAPI_COMPARE_TYPE, (void *)op->orc_ava->aa_desc->ad_cname.bv_val );
360 slapi_pblock_set( pb, SLAPI_COMPARE_VALUE, (void *)&op->orc_ava->aa_value );
366 slapi_op_modify_init( Operation *op, SlapReply *rs )
368 Slapi_PBlock *pb = SLAPI_OPERATION_PBLOCK( op );
369 LDAPMod **modv = NULL;
371 modv = slapi_int_modifications2ldapmods( &op->orm_modlist );
372 slapi_pblock_set( pb, SLAPI_MODIFY_MODS, (void *)modv );
378 slapi_op_modify_callback( Operation *op, SlapReply *rs )
380 Slapi_PBlock *pb = SLAPI_OPERATION_PBLOCK( op );
381 LDAPMod **modv = NULL;
383 /* check preoperation result code */
384 if ( rs->sr_err < 0 ) {
385 slapi_pblock_get( pb, SLAPI_RESULT_CODE, (void **)&rs->sr_err );
390 * NB: it is valid for the plugin to return no modifications
391 * (for example, a plugin might store some attributes elsewhere
392 * and remove them from the modification list; if only those
393 * attribute types were included in the modification request,
394 * then slapi_int_ldapmods2modifications() above will return
397 * However, the post-operation plugin should still be
401 slapi_pblock_get( pb, SLAPI_MODIFY_MODS, (void **)&modv );
402 op->orm_modlist = slapi_int_ldapmods2modifications( modv );
408 slapi_op_modify_cleanup( Operation *op, SlapReply *rs )
410 Slapi_PBlock *pb = SLAPI_OPERATION_PBLOCK( op );
411 LDAPMod **modv = NULL;
413 slapi_pblock_get( pb, SLAPI_MODIFY_MODS, (void **)&modv );
416 slapi_int_free_ldapmods( modv );
422 slapi_op_modrdn_init( Operation *op, SlapReply *rs )
424 Slapi_PBlock *pb = SLAPI_OPERATION_PBLOCK( op );
426 slapi_pblock_set( pb, SLAPI_MODRDN_NEWRDN, (void *)op->orr_newrdn.bv_val );
427 slapi_pblock_set( pb, SLAPI_MODRDN_NEWSUPERIOR, (void *)op->orr_newSup->bv_val );
428 slapi_pblock_set( pb, SLAPI_MODRDN_DELOLDRDN, (void *)op->orr_deleteoldrdn );
434 slapi_op_search_init( Operation *op, SlapReply *rs )
436 Slapi_PBlock *pb = SLAPI_OPERATION_PBLOCK( op );
439 attrs = anlist2charray_x( op->ors_attrs, 0, op->o_tmpmemctx );
441 slapi_pblock_set( pb, SLAPI_SEARCH_SCOPE, (void *)op->ors_scope );
442 slapi_pblock_set( pb, SLAPI_SEARCH_DEREF, (void *)op->ors_deref );
443 slapi_pblock_set( pb, SLAPI_SEARCH_SIZELIMIT, (void *)op->ors_slimit );
444 slapi_pblock_set( pb, SLAPI_SEARCH_TIMELIMIT, (void *)op->ors_tlimit );
445 slapi_pblock_set( pb, SLAPI_SEARCH_FILTER, (void *)op->ors_filter );
446 slapi_pblock_set( pb, SLAPI_SEARCH_STRFILTER, (void *)op->ors_filterstr.bv_val );
447 slapi_pblock_set( pb, SLAPI_SEARCH_ATTRS, (void *)attrs );
448 slapi_pblock_set( pb, SLAPI_SEARCH_ATTRSONLY, (void *)op->ors_attrsonly );
454 slapi_op_search_callback( Operation *op, SlapReply *rs )
456 Slapi_PBlock *pb = SLAPI_OPERATION_PBLOCK( op );
458 /* check preoperation result code */
459 if ( rs->sr_err < 0 ) {
460 slapi_pblock_get( pb, SLAPI_RESULT_CODE, (void **)&rs->sr_err );
464 if ( slapi_int_call_plugins( op->o_bd, SLAPI_PLUGIN_COMPUTE_SEARCH_REWRITER_FN, pb ) != 0 ) {
469 * The plugin can set the SLAPI_SEARCH_FILTER.
470 * SLAPI_SEARCH_STRFILER is not normative.
472 slapi_pblock_get( pb, SLAPI_SEARCH_FILTER, (void *)&op->ors_filter );
473 op->o_tmpfree( op->ors_filterstr.bv_val, op->o_tmpmemctx );
474 filter2bv_x( op, op->ors_filter, &op->ors_filterstr );
476 slapi_pblock_get( pb, SLAPI_SEARCH_TARGET, (void **)&op->o_req_dn.bv_val );
477 op->o_req_dn.bv_len = strlen( op->o_req_dn.bv_val );
479 if( !BER_BVISNULL( &op->o_req_ndn ) ) {
480 slap_sl_free( op->o_req_ndn.bv_val, op->o_tmpmemctx );
482 rs->sr_err = dnNormalize( 0, NULL, NULL, &op->o_req_dn, &op->o_req_ndn,
484 if ( rs->sr_err != LDAP_SUCCESS ) {
485 send_ldap_result( op, rs );
489 slapi_pblock_get( pb, SLAPI_SEARCH_SCOPE, (void **)&op->ors_scope );
490 slapi_pblock_get( pb, SLAPI_SEARCH_DEREF, (void **)&op->ors_deref );
496 slapi_op_search_cleanup( Operation *op, SlapReply *rs )
498 Slapi_PBlock *pb = SLAPI_OPERATION_PBLOCK( op );
501 slapi_pblock_get( pb, SLAPI_SEARCH_ATTRS, (void *)&attrs );
504 op->o_tmpfree( attrs, op->o_tmpmemctx );
509 struct slapi_op_info {
510 int soi_preop; /* preoperation plugin parameter */
511 int soi_postop; /* postoperation plugin parameter */
512 slap_response *soi_preop_init; /* preoperation pblock init function */
513 slap_response *soi_callback; /* preoperation result handler */
514 slap_response *soi_postop_init; /* postoperation pblock init function */
515 slap_response *soi_cleanup; /* cleanup function */
516 } slapi_op_dispatch_table[] = {
518 SLAPI_PLUGIN_PRE_BIND_FN,
519 SLAPI_PLUGIN_POST_BIND_FN,
520 slapi_op_bind_preop_init,
521 slapi_op_bind_callback,
522 slapi_op_bind_postop_init,
526 SLAPI_PLUGIN_PRE_UNBIND_FN, /* UNBIND */
527 SLAPI_PLUGIN_POST_UNBIND_FN,
534 SLAPI_PLUGIN_PRE_SEARCH_FN,
535 SLAPI_PLUGIN_POST_SEARCH_FN,
536 slapi_op_search_init,
537 slapi_op_search_callback,
539 slapi_op_search_cleanup
542 SLAPI_PLUGIN_PRE_COMPARE_FN,
543 SLAPI_PLUGIN_POST_COMPARE_FN,
544 slapi_op_compare_init,
550 SLAPI_PLUGIN_PRE_MODIFY_FN,
551 SLAPI_PLUGIN_POST_MODIFY_FN,
552 slapi_op_modify_init,
553 slapi_op_modify_callback,
555 slapi_op_modify_cleanup
558 SLAPI_PLUGIN_PRE_MODRDN_FN,
559 SLAPI_PLUGIN_POST_MODRDN_FN,
560 slapi_op_modrdn_init,
566 SLAPI_PLUGIN_PRE_ADD_FN,
567 SLAPI_PLUGIN_POST_ADD_FN,
574 SLAPI_PLUGIN_PRE_DELETE_FN,
575 SLAPI_PLUGIN_POST_DELETE_FN,
582 SLAPI_PLUGIN_PRE_ABANDON_FN,
583 SLAPI_PLUGIN_POST_ABANDON_FN,
600 slapi_tag2op( ber_tag_t tag )
611 case LDAP_REQ_DELETE:
614 case LDAP_REQ_MODRDN:
617 case LDAP_REQ_MODIFY:
620 case LDAP_REQ_COMPARE:
623 case LDAP_REQ_SEARCH:
626 case LDAP_REQ_UNBIND:
638 slapi_over_response( Operation *op, SlapReply *rs )
642 switch ( rs->sr_type ) {
644 rc = slapi_over_result( op, rs, SLAPI_PLUGIN_PRE_RESULT_FN );
647 rc = slapi_over_search( op, rs, SLAPI_PLUGIN_PRE_ENTRY_FN );
650 rc = slapi_over_search( op, rs, SLAPI_PLUGIN_PRE_REFERRAL_FN );
653 rc = SLAP_CB_CONTINUE;
661 slapi_over_cleanup( Operation *op, SlapReply *rs )
665 switch ( rs->sr_type ) {
667 rc = slapi_over_result( op, rs, SLAPI_PLUGIN_POST_RESULT_FN );
670 rc = slapi_over_search( op, rs, SLAPI_PLUGIN_POST_ENTRY_FN );
673 rc = slapi_over_search( op, rs, SLAPI_PLUGIN_POST_REFERRAL_FN );
676 rc = SLAP_CB_CONTINUE;
684 slapi_op_func( Operation *op, SlapReply *rs )
687 slap_operation_t which;
688 struct slapi_op_info *opinfo;
695 * We check for op->o_extensions to verify that we are not
696 * processing a SLAPI internal operation. XXX
698 if ( op->o_hdr->oh_extensions == NULL ) {
699 return SLAP_CB_CONTINUE;
703 * Find the SLAPI operation information for this LDAP
704 * operation; this will contain the preop and postop
705 * plugin types, as well as optional callbacks for
706 * setting up the SLAPI environment.
708 which = slapi_tag2op( op->o_tag );
709 if ( which >= op_last ) {
710 /* invalid operation, but let someone else deal with it */
711 return SLAP_CB_CONTINUE;
714 opinfo = &slapi_op_dispatch_table[which];
715 if ( opinfo == NULL || opinfo->soi_preop == 0 ) {
716 /* no SLAPI plugin types for this operation */
717 return SLAP_CB_CONTINUE;
720 pb = slapi_over_pblock_new( op );
722 /* XXX we need to fill this out for MMR support */
723 slapi_pblock_set( pb, SLAPI_TARGET_ADDRESS, NULL );
724 slapi_pblock_set( pb, SLAPI_TARGET_UNIQUEID, NULL );
725 slapi_pblock_set( pb, SLAPI_TARGET_DN, (void *)op->o_req_dn.bv_val );
727 cb.sc_response = slapi_over_response; /* call pre-entry/result plugins */
728 cb.sc_cleanup = slapi_over_cleanup; /* call post-entry/result plugins */
730 cb.sc_next = op->o_callback;
731 op->o_callback = &cb;
734 * Call preoperation plugins
736 if ( opinfo->soi_preop_init != NULL ) {
737 rs->sr_err = (opinfo->soi_preop_init)( op, rs );
738 if ( rs->sr_err != LDAP_SUCCESS )
742 rs->sr_err = slapi_int_call_plugins( op->o_bd, opinfo->soi_preop, pb );
745 * soi_callback is responsible for examining the result code
746 * of the preoperation plugin and determining whether to
747 * abort. This is needed because of special SLAPI behaviour
748 * with bind preoperation plugins.
750 * The soi_callback function is also used to reset any values
751 * returned from the preoperation plugin before calling the
752 * backend (for the success case).
754 if ( opinfo->soi_callback == NULL ) {
755 /* default behaviour is preop plugin can abort operation */
756 if ( rs->sr_err < 0 ) {
757 slapi_pblock_get( pb, SLAPI_RESULT_CODE, (void **)&rs->sr_err );
761 rc = (opinfo->soi_callback)( op, rs );
767 * Call actual backend (or next overlay in stack). We need to
768 * do this rather than returning SLAP_CB_CONTINUE and calling
769 * postoperation plugins in a response handler to match the
770 * behaviour of SLAPI in OpenLDAP 2.2, where postoperation
771 * plugins are called after the backend has completely
772 * finished processing the operation.
774 on = (slap_overinst *)op->o_bd->bd_info;
777 rs->sr_err = overlay_op_walk( op, rs, which, oi, on->on_next );
780 * Call postoperation plugins
782 slapi_pblock_set( pb, SLAPI_RESULT_CODE, (void *)rs->sr_err );
784 if ( opinfo->soi_postop_init != NULL ) {
785 (opinfo->soi_postop_init)( op, rs );
788 slapi_int_call_plugins( op->o_bd, opinfo->soi_postop, pb );
791 if ( opinfo->soi_cleanup != NULL ) {
792 (opinfo->soi_cleanup)( op, rs );
795 op->o_callback = cb.sc_next;
796 slapi_pblock_destroy(pb);
802 slapi_over_extended( Operation *op, SlapReply *rs )
808 struct berval reqdata = BER_BVNULL;
810 slapi_int_get_extop_plugin( &op->ore_reqoid, &callback );
811 if ( callback == NULL ) {
812 return SLAP_CB_CONTINUE;
815 pb = slapi_over_pblock_new( op );
817 if ( op->ore_reqdata != NULL ) {
818 reqdata = *op->ore_reqdata;
821 slapi_pblock_set( pb, SLAPI_EXT_OP_REQ_OID, (void *)op->ore_reqoid.bv_val);
822 slapi_pblock_set( pb, SLAPI_EXT_OP_REQ_VALUE, (void *)&reqdata);
824 rc = (*callback)( pb );
825 if ( rc == SLAPI_PLUGIN_EXTENDED_SENT_RESULT ) {
826 slapi_pblock_destroy( pb );
828 } else if ( rc == SLAPI_PLUGIN_EXTENDED_NOT_HANDLED ) {
829 slapi_pblock_destroy( pb );
830 return SLAP_CB_CONTINUE;
833 slapi_pblock_get( pb, SLAPI_EXT_OP_RET_OID, (void **)&rs->sr_rspoid );
834 slapi_pblock_get( pb, SLAPI_EXT_OP_RET_VALUE, (void **)&rs->sr_rspdata );
837 send_ldap_extended( op, rs );
839 if ( rs->sr_rspoid != NULL )
840 slapi_ch_free_string( (char **)&rs->sr_rspoid );
842 if ( rs->sr_rspdata != NULL )
843 ber_bvfree( rs->sr_rspdata );
845 slapi_pblock_destroy( pb );
851 slapi_over_access_allowed(
854 AttributeDescription *desc,
856 slap_access_t access,
857 AccessControlState *state,
864 pb = slapi_over_pblock_new( op );
866 cb.sc_response = NULL;
867 cb.sc_cleanup = NULL;
869 cb.sc_next = op->o_callback;
870 op->o_callback = &cb;
872 rc = slapi_int_access_allowed( op, e, desc, val, access, state );
874 rc = SLAP_CB_CONTINUE;
877 op->o_callback = cb.sc_next;
878 slapi_pblock_destroy( pb );
884 slapi_over_acl_group(
887 struct berval *gr_ndn,
888 struct berval *op_ndn,
889 ObjectClass *group_oc,
890 AttributeDescription *group_at )
895 BackendDB *be = op->o_bd;
898 op->o_bd = select_backend( gr_ndn, 0, 0 );
900 for ( g = op->o_groups; g; g = g->ga_next ) {
901 if ( g->ga_be != op->o_bd || g->ga_oc != group_oc ||
902 g->ga_at != group_at || g->ga_len != gr_ndn->bv_len )
906 if ( strcmp( g->ga_ndn, gr_ndn->bv_val ) == 0 ) {
915 if ( target != NULL && dn_match( &target->e_nname, gr_ndn ) ) {
919 rc = be_entry_get_rw( op, gr_ndn, group_oc, group_at, 0, &e );
922 pb = slapi_over_pblock_new( op );
924 slapi_pblock_set( pb, SLAPI_X_GROUP_ENTRY, (void *)e );
925 slapi_pblock_set( pb, SLAPI_X_GROUP_OPERATION_DN, (void *)op_ndn->bv_val );
926 slapi_pblock_set( pb, SLAPI_X_GROUP_ATTRIBUTE, (void *)group_at->ad_cname.bv_val );
927 slapi_pblock_set( pb, SLAPI_X_GROUP_TARGET_ENTRY, (void *)target );
929 rc = slapi_int_call_plugins( op->o_bd, SLAPI_X_PLUGIN_PRE_GROUP_FN, pb );
930 if ( rc >= 0 ) /* 1 means no plugins called */
931 rc = SLAP_CB_CONTINUE;
933 slapi_pblock_get( pb, SLAPI_RESULT_CODE, (void **)&rc );
935 slapi_pblock_destroy( pb );
938 be_entry_release_r( op, e );
941 rc = LDAP_NO_SUCH_OBJECT; /* return SLAP_CB_CONTINUE for correctness? */
944 if ( op->o_tag != LDAP_REQ_BIND && !op->o_do_not_cache &&
945 rc != SLAP_CB_CONTINUE ) {
946 g = op->o_tmpalloc( sizeof( GroupAssertion ) + gr_ndn->bv_len,
952 g->ga_len = gr_ndn->bv_len;
953 strcpy( g->ga_ndn, gr_ndn->bv_val );
954 g->ga_next = op->o_groups;
958 * XXX don't call POST_GROUP_FN, I have no idea what the point of
959 * that plugin function was anyway
967 slapi_int_overlay_init()
969 memset( &slapi, 0, sizeof(slapi) );
971 slapi.on_bi.bi_type = SLAPI_OVERLAY_NAME;
973 slapi.on_bi.bi_op_bind = slapi_op_func;
974 slapi.on_bi.bi_op_unbind = slapi_op_func;
975 slapi.on_bi.bi_op_search = slapi_op_func;
976 slapi.on_bi.bi_op_compare = slapi_op_func;
977 slapi.on_bi.bi_op_modify = slapi_op_func;
978 slapi.on_bi.bi_op_modrdn = slapi_op_func;
979 slapi.on_bi.bi_op_add = slapi_op_func;
980 slapi.on_bi.bi_op_delete = slapi_op_func;
981 slapi.on_bi.bi_op_abandon = slapi_op_func;
982 slapi.on_bi.bi_op_cancel = slapi_op_func;
984 slapi.on_bi.bi_extended = slapi_over_extended;
985 slapi.on_bi.bi_access_allowed = slapi_over_access_allowed;
986 slapi.on_bi.bi_operational = slapi_over_aux_operational;
987 slapi.on_bi.bi_acl_group = slapi_over_acl_group;
989 return overlay_register( &slapi );
992 #endif /* LDAP_SLAPI */
projects / openldap / blob