1 /* slapi_overlay.c - SLAPI overlay */
3 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
5 * Copyright 2001-2005 The OpenLDAP Foundation.
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted only as authorized by the OpenLDAP
12 * A copy of this license is available in the file LICENSE in the
13 * top-level directory of the distribution or, alternatively, at
14 * <http://www.OpenLDAP.org/license.html>.
17 * This work was initially developed by Luke Howard for inclusion
18 * in OpenLDAP Software.
25 #include <ac/string.h>
26 #include <ac/socket.h>
33 static slap_overinst slapi;
36 slapi_over_pblock_new ( Operation *op )
40 pb = slapi_pblock_new();
44 slapi_int_pblock_set_operation( pb, op );
50 slapi_over_compute_output(
51 computed_attr_context *c,
52 Slapi_Attr *attribute,
58 AttributeDescription *desc;
59 Operation *op = c->cac_op;
60 SlapReply *rs = (SlapReply *)c->cac_private;
62 if ( c == NULL || attribute == NULL || entry == NULL ) {
66 assert( rs->sr_entry == entry );
68 desc = attribute->a_desc;
70 if ( rs->sr_attrs == NULL ) {
71 /* All attrs request, skip operational attributes */
72 if ( is_at_operational( desc->ad_type ) ) {
76 /* Specific attributes requested */
77 if ( is_at_operational( desc->ad_type ) ) {
78 if ( !SLAP_OPATTRS( rs->sr_attr_flags ) &&
79 !ad_inlist( desc, rs->sr_attrs ) ) {
83 if ( !SLAP_USERATTRS( rs->sr_attr_flags ) &&
84 !ad_inlist( desc, rs->sr_attrs ) ) {
90 if ( !access_allowed( op, entry, desc, NULL, ACL_READ, c->cac_acl_state) ) {
91 slapi_log_error( SLAPI_LOG_ACL, "slapi_over_compute_output",
92 "acl: access to attribute %s not allowed\n",
93 desc->ad_cname.bv_val );
97 /* XXX perhaps we should check for existing attributes and merge */
98 for ( a = &rs->sr_operational_attrs; *a != NULL; a = &(*a)->a_next )
101 *a = attr_dup( attribute );
107 slapi_over_aux_operational( Operation *op, SlapReply *rs )
109 /* Support for computed attribute plugins */
110 computed_attr_context ctx;
112 AccessControlState acl_state = ACL_STATE_INIT;
114 ctx.cac_pb = slapi_over_pblock_new( op );
116 ctx.cac_private = rs;
117 ctx.cac_acl_state = &acl_state;
119 if ( rs->sr_entry != NULL ) {
121 * For each client requested attribute, call the plugins.
123 if ( rs->sr_attrs != NULL ) {
124 for ( anp = rs->sr_attrs; anp->an_name.bv_val != NULL; anp++ ) {
125 if ( compute_evaluator( &ctx, anp->an_name.bv_val,
126 rs->sr_entry, slapi_over_compute_output ) == 1 ) {
132 * Technically we shouldn't be returning operational attributes
133 * when the user requested only user attributes. We'll let the
134 * plugin decide whether to be naughty or not.
136 compute_evaluator( &ctx, "*", rs->sr_entry, slapi_over_compute_output );
140 slapi_pblock_destroy( ctx.cac_pb );
142 return SLAP_CB_CONTINUE;
146 slapi_over_search( Operation *op, SlapReply *rs, int type )
151 assert( rs->sr_type == REP_SEARCH || rs->sr_type == REP_SEARCHREF );
153 /* create a new pblock to not trample on result controls */
154 pb = slapi_over_pblock_new( op );
156 slapi_pblock_set( pb, SLAPI_RESCONTROLS, (void *)rs->sr_ctrls );
157 slapi_pblock_set( pb, SLAPI_SEARCH_RESULT_ENTRY, (void *)rs->sr_entry );
159 rc = slapi_int_call_plugins( op->o_bd, type, pb );
160 if ( rc >= 0 ) /* 1 means no plugins called */
161 rc = SLAP_CB_CONTINUE;
163 rc = LDAP_SUCCESS; /* confusing: don't abort, but don't send */
165 slapi_pblock_set( pb, SLAPI_RESCONTROLS, NULL ); /* don't free */
166 slapi_pblock_destroy(pb);
172 slapi_over_count_controls( LDAPControl **controls )
176 if ( controls == NULL )
179 for ( i = 0; controls[i] != NULL; i++ )
186 slapi_over_merge_controls( Operation *op, SlapReply *rs )
188 Slapi_PBlock *pb = SLAPI_OPERATION_PBLOCK( op );
189 LDAPControl **slapiControls = NULL, **mergedControls;
190 int nSlapiControls = 0;
191 int nResControls = 0;
194 nResControls = slapi_over_count_controls( rs->sr_ctrls );
196 slapi_pblock_get( pb, SLAPI_RESCONTROLS, (void **)&slapiControls );
197 nSlapiControls = slapi_over_count_controls( slapiControls );
199 if ( nResControls + nSlapiControls == 0 ) {
204 /* XXX this is a bit tricky, rs->sr_ctrls may have been allocated on stack */
205 mergedControls = (LDAPControl **)op->o_tmpalloc( ( nResControls + nSlapiControls + 1 ) *
206 sizeof( LDAPControl *), op->o_tmpmemctx );
207 if ( mergedControls == NULL ) {
208 return LDAP_NO_MEMORY;
211 if ( rs->sr_ctrls != NULL ) {
212 for ( i = 0; i < nResControls; i++ )
213 mergedControls[i] = rs->sr_ctrls[i];
215 if ( slapiControls != NULL ) {
216 for ( i = 0; i < nSlapiControls; i++ )
217 mergedControls[nResControls + i] = slapiControls[i];
219 mergedControls[nResControls + nSlapiControls] = NULL;
221 if ( slapiControls != NULL ) {
222 slapi_ch_free( (void **)&slapiControls );
223 slapi_pblock_set( pb, SLAPI_RESCONTROLS, NULL ); /* don't free */
226 rs->sr_ctrls = mergedControls;
232 * Call pre- and post-result plugins
235 slapi_over_result( Operation *op, SlapReply *rs, int type )
238 Slapi_PBlock *pb = SLAPI_OPERATION_PBLOCK( op );
240 assert( rs->sr_type == REP_RESULT );
242 slapi_pblock_set( pb, SLAPI_RESULT_CODE, (void *)rs->sr_err );
243 slapi_pblock_set( pb, SLAPI_RESULT_TEXT, (void *)rs->sr_text );
244 slapi_pblock_set( pb, SLAPI_RESULT_MATCHED, (void *)rs->sr_matched );
246 rc = slapi_int_call_plugins( op->o_bd, type, pb );
248 slapi_pblock_get( pb, SLAPI_RESULT_CODE, (void **)&rs->sr_err );
249 slapi_pblock_get( pb, SLAPI_RESULT_TEXT, (void **)&rs->sr_text );
250 slapi_pblock_get( pb, SLAPI_RESULT_MATCHED, (void **)&rs->sr_matched );
252 if ( type == SLAPI_PLUGIN_PRE_RESULT_FN ) {
253 rc = slapi_over_merge_controls( op, rs );
256 return SLAP_CB_CONTINUE;
260 slapi_op_add_init( Operation *op, SlapReply *rs )
262 Slapi_PBlock *pb = SLAPI_OPERATION_PBLOCK( op );
264 slapi_pblock_set( pb, SLAPI_ADD_ENTRY, (void *)op->ora_e );
270 slapi_op_bind_preop_init( Operation *op, SlapReply *rs )
272 Slapi_PBlock *pb = SLAPI_OPERATION_PBLOCK( op );
274 slapi_pblock_set( pb, SLAPI_BIND_TARGET, (void *)op->o_req_dn.bv_val );
275 slapi_pblock_set( pb, SLAPI_BIND_METHOD, (void *)op->orb_method );
276 slapi_pblock_set( pb, SLAPI_BIND_CREDENTIALS, (void *)&op->orb_cred );
277 slapi_pblock_set( pb, SLAPI_CONN_DN, NULL );
283 slapi_op_bind_postop_init( Operation *op, SlapReply *rs )
285 Slapi_PBlock *pb = SLAPI_OPERATION_PBLOCK( op );
288 if ( rs->sr_err == LDAP_SUCCESS ) {
289 /* fix for ITS#2971 */
290 slapi_pblock_set( pb, SLAPI_CONN_DN, op->o_conn->c_authz.sai_dn.bv_val );
297 slapi_op_bind_callback( Operation *op, SlapReply *rs )
299 Slapi_PBlock *pb = SLAPI_OPERATION_PBLOCK( op );
303 case SLAPI_BIND_SUCCESS:
304 /* Continue with backend processing */
306 case SLAPI_BIND_FAIL:
307 /* Failure, frontend (that's us) sends result */
308 rs->sr_err = LDAP_INVALID_CREDENTIALS;
309 send_ldap_result( op, rs );
312 case SLAPI_BIND_ANONYMOUS: /* undocumented */
313 default: /* plugin sent result or no plugins called */
314 if ( slapi_pblock_get( pb, SLAPI_RESULT_CODE, (void **)&rs->sr_err ) != 0 ) {
315 rs->sr_err = LDAP_OTHER;
318 BER_BVZERO( &op->orb_edn );
320 if ( rs->sr_err == LDAP_SUCCESS ) {
321 slapi_pblock_get( pb, SLAPI_CONN_DN, (void *)&op->orb_edn.bv_val );
322 if ( BER_BVISNULL( &op->orb_edn ) ) {
324 /* No plugins were called; continue processing */
328 op->orb_edn.bv_len = strlen( op->orb_edn.bv_val );
330 rs->sr_err = dnPrettyNormal( NULL, &op->orb_edn,
331 &op->o_req_dn, &op->o_req_ndn, op->o_tmpmemctx );
333 ldap_pvt_thread_mutex_lock( &op->o_conn->c_mutex );
334 ber_dupbv(&op->o_conn->c_dn, &op->o_req_dn);
335 ber_dupbv(&op->o_conn->c_ndn, &op->o_req_ndn);
336 op->o_tmpfree( op->o_req_dn.bv_val, op->o_tmpmemctx );
337 BER_BVZERO( &op->o_req_dn );
338 op->o_tmpfree( op->o_req_ndn.bv_val, op->o_tmpmemctx );
339 BER_BVZERO( &op->o_req_ndn );
340 if ( !BER_BVISEMPTY( &op->o_conn->c_dn ) ) {
341 ber_len_t max = sockbuf_max_incoming_auth;
342 ber_sockbuf_ctrl( op->o_conn->c_sb,
343 LBER_SB_OPT_SET_MAX_INCOMING, &max );
346 /* log authorization identity */
347 Statslog( LDAP_DEBUG_STATS,
348 "%s BIND dn=\"%s\" mech=%s (SLAPI) ssf=0\n",
350 BER_BVISNULL( &op->o_conn->c_dn )
351 ? "<empty>" : op->o_conn->c_dn.bv_val,
352 op->orb_tmp_mech.bv_val, 0, 0 );
354 ldap_pvt_thread_mutex_unlock( &op->o_conn->c_mutex );
364 slapi_op_compare_init( Operation *op, SlapReply *rs )
366 Slapi_PBlock *pb = SLAPI_OPERATION_PBLOCK( op );
368 slapi_pblock_set( pb, SLAPI_COMPARE_TYPE, (void *)op->orc_ava->aa_desc->ad_cname.bv_val );
369 slapi_pblock_set( pb, SLAPI_COMPARE_VALUE, (void *)&op->orc_ava->aa_value );
375 slapi_op_modify_init( Operation *op, SlapReply *rs )
377 Slapi_PBlock *pb = SLAPI_OPERATION_PBLOCK( op );
378 LDAPMod **modv = NULL;
380 modv = slapi_int_modifications2ldapmods( &op->orm_modlist );
381 slapi_pblock_set( pb, SLAPI_MODIFY_MODS, (void *)modv );
387 slapi_op_modify_callback( Operation *op, SlapReply *rs )
389 Slapi_PBlock *pb = SLAPI_OPERATION_PBLOCK( op );
390 LDAPMod **modv = NULL;
392 /* check preoperation result code */
393 if ( rs->sr_err < 0 ) {
394 slapi_pblock_get( pb, SLAPI_RESULT_CODE, (void **)&rs->sr_err );
399 * NB: it is valid for the plugin to return no modifications
400 * (for example, a plugin might store some attributes elsewhere
401 * and remove them from the modification list; if only those
402 * attribute types were included in the modification request,
403 * then slapi_int_ldapmods2modifications() above will return
406 * However, the post-operation plugin should still be
410 slapi_pblock_get( pb, SLAPI_MODIFY_MODS, (void **)&modv );
411 op->orm_modlist = slapi_int_ldapmods2modifications( modv );
417 slapi_op_modify_cleanup( Operation *op, SlapReply *rs )
419 Slapi_PBlock *pb = SLAPI_OPERATION_PBLOCK( op );
420 LDAPMod **modv = NULL;
422 slapi_pblock_get( pb, SLAPI_MODIFY_MODS, (void **)&modv );
425 slapi_int_free_ldapmods( modv );
431 slapi_op_modrdn_init( Operation *op, SlapReply *rs )
433 Slapi_PBlock *pb = SLAPI_OPERATION_PBLOCK( op );
435 slapi_pblock_set( pb, SLAPI_MODRDN_NEWRDN, (void *)op->orr_newrdn.bv_val );
436 slapi_pblock_set( pb, SLAPI_MODRDN_NEWSUPERIOR, (void *)op->orr_newSup->bv_val );
437 slapi_pblock_set( pb, SLAPI_MODRDN_DELOLDRDN, (void *)op->orr_deleteoldrdn );
443 slapi_op_search_init( Operation *op, SlapReply *rs )
445 Slapi_PBlock *pb = SLAPI_OPERATION_PBLOCK( op );
448 attrs = anlist2charray_x( op->ors_attrs, 0, op->o_tmpmemctx );
450 slapi_pblock_set( pb, SLAPI_SEARCH_SCOPE, (void *)op->ors_scope );
451 slapi_pblock_set( pb, SLAPI_SEARCH_DEREF, (void *)op->ors_deref );
452 slapi_pblock_set( pb, SLAPI_SEARCH_SIZELIMIT, (void *)op->ors_slimit );
453 slapi_pblock_set( pb, SLAPI_SEARCH_TIMELIMIT, (void *)op->ors_tlimit );
454 slapi_pblock_set( pb, SLAPI_SEARCH_FILTER, (void *)op->ors_filter );
455 slapi_pblock_set( pb, SLAPI_SEARCH_STRFILTER, (void *)op->ors_filterstr.bv_val );
456 slapi_pblock_set( pb, SLAPI_SEARCH_ATTRS, (void *)attrs );
457 slapi_pblock_set( pb, SLAPI_SEARCH_ATTRSONLY, (void *)op->ors_attrsonly );
463 slapi_op_search_callback( Operation *op, SlapReply *rs )
465 Slapi_PBlock *pb = SLAPI_OPERATION_PBLOCK( op );
467 /* check preoperation result code */
468 if ( rs->sr_err < 0 ) {
469 slapi_pblock_get( pb, SLAPI_RESULT_CODE, (void **)&rs->sr_err );
473 if ( slapi_int_call_plugins( op->o_bd, SLAPI_PLUGIN_COMPUTE_SEARCH_REWRITER_FN, pb ) != 0 ) {
478 * The plugin can set the SLAPI_SEARCH_FILTER.
479 * SLAPI_SEARCH_STRFILER is not normative.
481 slapi_pblock_get( pb, SLAPI_SEARCH_FILTER, (void *)&op->ors_filter );
482 op->o_tmpfree( op->ors_filterstr.bv_val, op->o_tmpmemctx );
483 filter2bv_x( op, op->ors_filter, &op->ors_filterstr );
485 slapi_pblock_get( pb, SLAPI_SEARCH_TARGET, (void **)&op->o_req_dn.bv_val );
486 op->o_req_dn.bv_len = strlen( op->o_req_dn.bv_val );
488 if( !BER_BVISNULL( &op->o_req_ndn ) ) {
489 slap_sl_free( op->o_req_ndn.bv_val, op->o_tmpmemctx );
491 rs->sr_err = dnNormalize( 0, NULL, NULL, &op->o_req_dn, &op->o_req_ndn,
493 if ( rs->sr_err != LDAP_SUCCESS ) {
494 send_ldap_result( op, rs );
498 slapi_pblock_get( pb, SLAPI_SEARCH_SCOPE, (void **)&op->ors_scope );
499 slapi_pblock_get( pb, SLAPI_SEARCH_DEREF, (void **)&op->ors_deref );
505 slapi_op_search_cleanup( Operation *op, SlapReply *rs )
507 Slapi_PBlock *pb = SLAPI_OPERATION_PBLOCK( op );
510 slapi_pblock_get( pb, SLAPI_SEARCH_ATTRS, (void *)&attrs );
513 op->o_tmpfree( attrs, op->o_tmpmemctx );
518 struct slapi_op_info {
519 int soi_preop; /* preoperation plugin parameter */
520 int soi_postop; /* postoperation plugin parameter */
521 slap_response *soi_preop_init; /* preoperation pblock init function */
522 slap_response *soi_callback; /* preoperation result handler */
523 slap_response *soi_postop_init; /* postoperation pblock init function */
524 slap_response *soi_cleanup; /* cleanup function */
525 } slapi_op_dispatch_table[] = {
527 SLAPI_PLUGIN_PRE_BIND_FN,
528 SLAPI_PLUGIN_POST_BIND_FN,
529 slapi_op_bind_preop_init,
530 slapi_op_bind_callback,
531 slapi_op_bind_postop_init,
535 SLAPI_PLUGIN_PRE_UNBIND_FN, /* UNBIND */
536 SLAPI_PLUGIN_POST_UNBIND_FN,
543 SLAPI_PLUGIN_PRE_SEARCH_FN,
544 SLAPI_PLUGIN_POST_SEARCH_FN,
545 slapi_op_search_init,
546 slapi_op_search_callback,
548 slapi_op_search_cleanup
551 SLAPI_PLUGIN_PRE_COMPARE_FN,
552 SLAPI_PLUGIN_POST_COMPARE_FN,
553 slapi_op_compare_init,
559 SLAPI_PLUGIN_PRE_MODIFY_FN,
560 SLAPI_PLUGIN_POST_MODIFY_FN,
561 slapi_op_modify_init,
562 slapi_op_modify_callback,
564 slapi_op_modify_cleanup
567 SLAPI_PLUGIN_PRE_MODRDN_FN,
568 SLAPI_PLUGIN_POST_MODRDN_FN,
569 slapi_op_modrdn_init,
575 SLAPI_PLUGIN_PRE_ADD_FN,
576 SLAPI_PLUGIN_POST_ADD_FN,
583 SLAPI_PLUGIN_PRE_DELETE_FN,
584 SLAPI_PLUGIN_POST_DELETE_FN,
591 SLAPI_PLUGIN_PRE_ABANDON_FN,
592 SLAPI_PLUGIN_POST_ABANDON_FN,
609 slapi_tag2op( ber_tag_t tag )
620 case LDAP_REQ_DELETE:
623 case LDAP_REQ_MODRDN:
626 case LDAP_REQ_MODIFY:
629 case LDAP_REQ_COMPARE:
632 case LDAP_REQ_SEARCH:
635 case LDAP_REQ_UNBIND:
647 slapi_over_response( Operation *op, SlapReply *rs )
651 switch ( rs->sr_type ) {
653 rc = slapi_over_result( op, rs, SLAPI_PLUGIN_PRE_RESULT_FN );
656 rc = slapi_over_search( op, rs, SLAPI_PLUGIN_PRE_ENTRY_FN );
659 rc = slapi_over_search( op, rs, SLAPI_PLUGIN_PRE_REFERRAL_FN );
662 rc = SLAP_CB_CONTINUE;
670 slapi_over_cleanup( Operation *op, SlapReply *rs )
674 switch ( rs->sr_type ) {
676 rc = slapi_over_result( op, rs, SLAPI_PLUGIN_POST_RESULT_FN );
679 rc = slapi_over_search( op, rs, SLAPI_PLUGIN_POST_ENTRY_FN );
682 rc = slapi_over_search( op, rs, SLAPI_PLUGIN_POST_REFERRAL_FN );
685 rc = SLAP_CB_CONTINUE;
693 slapi_op_func( Operation *op, SlapReply *rs )
696 slap_operation_t which;
697 struct slapi_op_info *opinfo;
704 * We check for op->o_extensions to verify that we are not
705 * processing a SLAPI internal operation. XXX
707 if ( op->o_hdr->oh_extensions == NULL ) {
708 return SLAP_CB_CONTINUE;
712 * Find the SLAPI operation information for this LDAP
713 * operation; this will contain the preop and postop
714 * plugin types, as well as optional callbacks for
715 * setting up the SLAPI environment.
717 which = slapi_tag2op( op->o_tag );
718 if ( which >= op_last ) {
719 /* invalid operation, but let someone else deal with it */
720 return SLAP_CB_CONTINUE;
723 opinfo = &slapi_op_dispatch_table[which];
724 if ( opinfo == NULL || opinfo->soi_preop == 0 ) {
725 /* no SLAPI plugin types for this operation */
726 return SLAP_CB_CONTINUE;
729 pb = slapi_over_pblock_new( op );
731 /* XXX we need to fill this out for MMR support */
732 slapi_pblock_set( pb, SLAPI_TARGET_ADDRESS, NULL );
733 slapi_pblock_set( pb, SLAPI_TARGET_UNIQUEID, NULL );
734 slapi_pblock_set( pb, SLAPI_TARGET_DN, (void *)op->o_req_dn.bv_val );
736 cb.sc_response = slapi_over_response; /* call pre-entry/result plugins */
737 cb.sc_cleanup = slapi_over_cleanup; /* call post-entry/result plugins */
739 cb.sc_next = op->o_callback;
740 op->o_callback = &cb;
743 * Call preoperation plugins
745 if ( opinfo->soi_preop_init != NULL ) {
746 rs->sr_err = (opinfo->soi_preop_init)( op, rs );
747 if ( rs->sr_err != LDAP_SUCCESS )
751 rs->sr_err = slapi_int_call_plugins( op->o_bd, opinfo->soi_preop, pb );
754 * soi_callback is responsible for examining the result code
755 * of the preoperation plugin and determining whether to
756 * abort. This is needed because of special SLAPI behaviour
757 * with bind preoperation plugins.
759 * The soi_callback function is also used to reset any values
760 * returned from the preoperation plugin before calling the
761 * backend (for the success case).
763 if ( opinfo->soi_callback == NULL ) {
764 /* default behaviour is preop plugin can abort operation */
765 if ( rs->sr_err < 0 ) {
766 slapi_pblock_get( pb, SLAPI_RESULT_CODE, (void **)&rs->sr_err );
770 rc = (opinfo->soi_callback)( op, rs );
776 * Call actual backend (or next overlay in stack). We need to
777 * do this rather than returning SLAP_CB_CONTINUE and calling
778 * postoperation plugins in a response handler to match the
779 * behaviour of SLAPI in OpenLDAP 2.2, where postoperation
780 * plugins are called after the backend has completely
781 * finished processing the operation.
783 on = (slap_overinst *)op->o_bd->bd_info;
786 rs->sr_err = overlay_op_walk( op, rs, which, oi, on->on_next );
789 * Call postoperation plugins
791 slapi_pblock_set( pb, SLAPI_RESULT_CODE, (void *)rs->sr_err );
793 if ( opinfo->soi_postop_init != NULL ) {
794 (opinfo->soi_postop_init)( op, rs );
797 slapi_int_call_plugins( op->o_bd, opinfo->soi_postop, pb );
800 if ( opinfo->soi_cleanup != NULL ) {
801 (opinfo->soi_cleanup)( op, rs );
804 op->o_callback = cb.sc_next;
805 slapi_pblock_destroy(pb);
811 slapi_over_extended( Operation *op, SlapReply *rs )
817 struct berval reqdata = BER_BVNULL;
819 slapi_int_get_extop_plugin( &op->ore_reqoid, &callback );
820 if ( callback == NULL ) {
821 return SLAP_CB_CONTINUE;
824 pb = slapi_over_pblock_new( op );
826 if ( op->ore_reqdata != NULL ) {
827 reqdata = *op->ore_reqdata;
830 slapi_pblock_set( pb, SLAPI_EXT_OP_REQ_OID, (void *)op->ore_reqoid.bv_val);
831 slapi_pblock_set( pb, SLAPI_EXT_OP_REQ_VALUE, (void *)&reqdata);
833 rc = (*callback)( pb );
834 if ( rc == SLAPI_PLUGIN_EXTENDED_SENT_RESULT ) {
835 slapi_pblock_destroy( pb );
837 } else if ( rc == SLAPI_PLUGIN_EXTENDED_NOT_HANDLED ) {
838 slapi_pblock_destroy( pb );
839 return SLAP_CB_CONTINUE;
842 slapi_pblock_get( pb, SLAPI_EXT_OP_RET_OID, (void **)&rs->sr_rspoid );
843 slapi_pblock_get( pb, SLAPI_EXT_OP_RET_VALUE, (void **)&rs->sr_rspdata );
846 send_ldap_extended( op, rs );
848 if ( rs->sr_rspoid != NULL )
849 slapi_ch_free_string( (char **)&rs->sr_rspoid );
851 if ( rs->sr_rspdata != NULL )
852 ber_bvfree( rs->sr_rspdata );
854 slapi_pblock_destroy( pb );
860 slapi_over_access_allowed(
863 AttributeDescription *desc,
865 slap_access_t access,
866 AccessControlState *state,
873 pb = slapi_over_pblock_new( op );
875 cb.sc_response = NULL;
876 cb.sc_cleanup = NULL;
878 cb.sc_next = op->o_callback;
879 op->o_callback = &cb;
881 rc = slapi_int_access_allowed( op, e, desc, val, access, state );
883 rc = SLAP_CB_CONTINUE;
886 op->o_callback = cb.sc_next;
887 slapi_pblock_destroy( pb );
893 slapi_over_acl_group(
896 struct berval *gr_ndn,
897 struct berval *op_ndn,
898 ObjectClass *group_oc,
899 AttributeDescription *group_at )
904 BackendDB *be = NULL;
905 BackendDB *be_orig = op->o_bd;
907 if ( target != NULL && dn_match( &target->e_nname, gr_ndn ) ) {
911 be = select_backend( gr_ndn, 0, 0 );
913 rc = LDAP_NO_SUCH_OBJECT;
916 rc = be_entry_get_rw( op, gr_ndn, group_oc, group_at, 0, &e );
922 return SLAP_CB_CONTINUE;
925 pb = slapi_over_pblock_new( op );
927 slapi_pblock_set( pb, SLAPI_X_GROUP_ENTRY, (void *)e );
928 slapi_pblock_set( pb, SLAPI_X_GROUP_OPERATION_DN, (void *)op_ndn->bv_val );
929 slapi_pblock_set( pb, SLAPI_X_GROUP_ATTRIBUTE, (void *)group_at->ad_cname.bv_val );
930 slapi_pblock_set( pb, SLAPI_X_GROUP_TARGET_ENTRY, (void *)target );
932 rc = slapi_int_call_plugins( op->o_bd, SLAPI_X_PLUGIN_PRE_GROUP_FN, pb );
934 rc = SLAP_CB_CONTINUE;
936 slapi_pblock_get( pb, SLAPI_RESULT_CODE, (void **)&rc );
938 slapi_pblock_destroy( pb );
942 be_entry_release_r( op, e );
947 * XXX don't call POST_GROUP_FN, I have no idea what the point of
948 * that plugin function was anyway
954 slapi_int_overlay_init()
956 memset( &slapi, 0, sizeof(slapi) );
958 slapi.on_bi.bi_type = SLAPI_OVERLAY_NAME;
960 slapi.on_bi.bi_op_bind = slapi_op_func;
961 slapi.on_bi.bi_op_unbind = slapi_op_func;
962 slapi.on_bi.bi_op_search = slapi_op_func;
963 slapi.on_bi.bi_op_compare = slapi_op_func;
964 slapi.on_bi.bi_op_modify = slapi_op_func;
965 slapi.on_bi.bi_op_modrdn = slapi_op_func;
966 slapi.on_bi.bi_op_add = slapi_op_func;
967 slapi.on_bi.bi_op_delete = slapi_op_func;
968 slapi.on_bi.bi_op_abandon = slapi_op_func;
969 slapi.on_bi.bi_op_cancel = slapi_op_func;
971 slapi.on_bi.bi_extended = slapi_over_extended;
972 slapi.on_bi.bi_access_allowed = slapi_over_access_allowed;
973 slapi.on_bi.bi_operational = slapi_over_aux_operational;
974 slapi.on_bi.bi_acl_group = slapi_over_acl_group;
976 return overlay_register( &slapi );
979 #endif /* LDAP_SLAPI */
projects / openldap / blob