#ifdef LDAP_SLAPI
#include "slapi/slapi.h"
-#endif
+
+static void init_group_pblock( Operation *op, Entry *target,
+ Entry *e, struct berval *op_ndn, AttributeDescription *group_at );
+static int call_group_preop_plugins( Operation *op );
+static void call_group_postop_plugins( Operation *op );
+#endif /* LDAP_SLAPI */
/*
* If a module is configured as dynamic, its header should not
* imported into slapd without appropriate __declspec(dllimport) directives.
*/
-#if SLAPD_BDB == SLAPD_MOD_STATIC
-#include "back-bdb/external.h"
-#endif
-#if SLAPD_DNSSRV == SLAPD_MOD_STATIC
-#include "back-dnssrv/external.h"
-#endif
-#if SLAPD_HDB == SLAPD_MOD_STATIC
-#include "back-hdb/external.h"
-#endif
-#if SLAPD_LDAP == SLAPD_MOD_STATIC
-#include "back-ldap/external.h"
-#endif
-#if SLAPD_LDBM == SLAPD_MOD_STATIC
-#include "back-ldbm/external.h"
-#endif
-#if SLAPD_META == SLAPD_MOD_STATIC
-#include "back-meta/external.h"
-#endif
-#if SLAPD_MONITOR == SLAPD_MOD_STATIC
-#include "back-monitor/external.h"
-#endif
-#if SLAPD_NULL == SLAPD_MOD_STATIC
-#include "back-null/external.h"
-#endif
-#if SLAPD_PASSWD == SLAPD_MOD_STATIC
-#include "back-passwd/external.h"
-#endif
-#if SLAPD_PERL == SLAPD_MOD_STATIC
-#include "back-perl/external.h"
-#endif
-#if SLAPD_RELAY == SLAPD_MOD_STATIC
-#include "back-relay/external.h"
-#endif
-#if SLAPD_SHELL == SLAPD_MOD_STATIC
-#include "back-shell/external.h"
-#endif
-#if SLAPD_TCL == SLAPD_MOD_STATIC
-#include "back-tcl/external.h"
-#endif
-#if SLAPD_SQL == SLAPD_MOD_STATIC
-#include "back-sql/external.h"
-#endif
-#if SLAPD_PRIVATE == SLAPD_MOD_STATIC
-#include "private/external.h"
-#endif
+/*
+ * This file is automatically generated by configure; it defines
+ * the BackendInfo binfo[] structure with the configured static
+ * backend info. It assumes that every backend of type <name>
+ * provides an initialization function
+ *
+ * int name_back_initialize( BackendInfo *bi )
+ *
+ * that populates the rest of the structure.
+ */
-static BackendInfo binfo[] = {
-#if SLAPD_BDB == SLAPD_MOD_STATIC
- {"bdb", bdb_initialize},
-#endif
-#if SLAPD_DNSSRV == SLAPD_MOD_STATIC
- {"dnssrv", dnssrv_back_initialize},
-#endif
-#if SLAPD_HDB == SLAPD_MOD_STATIC
- {"hdb", hdb_initialize},
-#endif
-#if SLAPD_LDAP == SLAPD_MOD_STATIC
- {"ldap", ldap_back_initialize},
-#endif
-#if SLAPD_LDBM == SLAPD_MOD_STATIC
- {"ldbm", ldbm_back_initialize},
-#endif
-#if SLAPD_META == SLAPD_MOD_STATIC
- {"meta", meta_back_initialize},
-#endif
-#if SLAPD_MONITOR == SLAPD_MOD_STATIC
- {"monitor", monitor_back_initialize},
-#endif
-#if SLAPD_NULL == SLAPD_MOD_STATIC
- {"null", null_back_initialize},
-#endif
-#if SLAPD_PASSWD == SLAPD_MOD_STATIC
- {"passwd", passwd_back_initialize},
-#endif
-#if SLAPD_PERL == SLAPD_MOD_STATIC
- {"perl", perl_back_initialize},
-#endif
-#if SLAPD_RELAY == SLAPD_MOD_STATIC
- {"relay", relay_back_initialize},
-#endif
-#if SLAPD_SHELL == SLAPD_MOD_STATIC
- {"shell", shell_back_initialize},
-#endif
-#if SLAPD_TCL == SLAPD_MOD_STATIC
- {"tcl", tcl_back_initialize},
-#endif
-#if SLAPD_SQL == SLAPD_MOD_STATIC
- {"sql", sql_back_initialize},
-#endif
- /* for any private backend */
-#if SLAPD_PRIVATE == SLAPD_MOD_STATIC
- {"private", private_back_initialize},
-#endif
- {NULL}
-};
+#include "backend.h"
int nBackendInfo = 0;
-BackendInfo *backendInfo = NULL;
+BackendInfo *backendInfo = NULL;
int nBackendDB = 0;
-BackendDB *backendDB = NULL;
+BackendDB *backendDB = NULL;
ldap_pvt_thread_pool_t syncrepl_pool;
int syncrepl_pool_max = SLAP_MAX_SYNCREPL_THREADS;
if((nBackendInfo != 0) || (backendInfo != NULL)) {
/* already initialized */
-#ifdef NEW_LOGGING
- LDAP_LOG( BACKEND, ERR,
- "backend_init: backend already initialized\n", 0, 0, 0 );
-#else
Debug( LDAP_DEBUG_ANY,
"backend_init: already initialized.\n", 0, 0, 0 );
-#endif
return -1;
}
rc = binfo[nBackendInfo].bi_init( &binfo[nBackendInfo] );
if(rc != 0) {
-#ifdef NEW_LOGGING
- LDAP_LOG( BACKEND, INFO,
- "backend_init: initialized for type \"%s\"\n",
- binfo[nBackendInfo].bi_type, 0, 0 );
-#else
Debug( LDAP_DEBUG_ANY,
"backend_init: initialized for type \"%s\"\n",
binfo[nBackendInfo].bi_type, 0, 0 );
-#endif
/* destroy those we've already inited */
for( nBackendInfo--;
nBackendInfo >= 0 ;
return 0;
#else
-#ifdef NEW_LOGGING
- LDAP_LOG( BACKEND, ERR, "backend_init: failed\n", 0, 0, 0 );
-#else
Debug( LDAP_DEBUG_ANY,
"backend_init: failed\n",
0, 0, 0 );
-#endif
return rc;
#endif /* SLAPD_MODULES */
int rc = 0;
if ( aBackendInfo->bi_init == NULL ) {
-#ifdef NEW_LOGGING
- LDAP_LOG( BACKEND, ERR, "backend_add: "
- "backend type \"%s\" does not have the (mandatory)init function\n",
- aBackendInfo->bi_type, 0, 0 );
-#else
Debug( LDAP_DEBUG_ANY, "backend_add: "
"backend type \"%s\" does not have the (mandatory)init function\n",
aBackendInfo->bi_type, 0, 0 );
-#endif
return -1;
}
if ((rc = aBackendInfo->bi_init(aBackendInfo)) != 0) {
-#ifdef NEW_LOGGING
- LDAP_LOG( BACKEND, ERR,
- "backend_add: initialization for type \"%s\" failed\n",
- aBackendInfo->bi_type, 0, 0 );
-#else
Debug( LDAP_DEBUG_ANY,
"backend_add: initialization for type \"%s\" failed\n",
aBackendInfo->bi_type, 0, 0 );
-#endif
return rc;
}
}
}
+/* startup a specific backend database */
+int backend_startup_one(Backend *be)
+{
+ int rc = 0;
+
+ assert(be);
+
+ be->be_pending_csn_list = (struct be_pcl *)
+ ch_calloc( 1, sizeof( struct be_pcl ));
+
+ LDAP_TAILQ_INIT( be->be_pending_csn_list );
+
+ Debug( LDAP_DEBUG_TRACE,
+ "backend_startup: starting \"%s\"\n",
+ be->be_suffix ? be->be_suffix[0].bv_val : "(unknown)",
+ 0, 0 );
+ if ( be->bd_info->bi_db_open ) {
+ rc = be->bd_info->bi_db_open( be );
+ if ( rc != 0 ) {
+ Debug( LDAP_DEBUG_ANY,
+ "backend_startup: bi_db_open failed! (%d)\n",
+ rc, 0, 0 );
+ }
+ }
+ return rc;
+}
+
int backend_startup(Backend *be)
{
int i;
if( ! ( nBackendDB > 0 ) ) {
/* no databases */
-#ifdef NEW_LOGGING
- LDAP_LOG( BACKEND, INFO,
- "backend_startup: %d databases to startup. \n", nBackendDB, 0, 0 );
-#else
Debug( LDAP_DEBUG_ANY,
"backend_startup: %d databases to startup.\n",
nBackendDB, 0, 0 );
-#endif
return 1;
}
if(be != NULL) {
- /* startup a specific backend database */
- be->be_pending_csn_list = (struct be_pcl *)
- ch_calloc( 1, sizeof( struct be_pcl ));
- build_new_dn( &be->be_context_csn, be->be_nsuffix,
- &slap_ldapsync_cn_bv, NULL );
-
- LDAP_TAILQ_INIT( be->be_pending_csn_list );
-
-#ifdef NEW_LOGGING
- LDAP_LOG( BACKEND, DETAIL1, "backend_startup: starting \"%s\"\n",
- be->be_suffix ? be->be_suffix[0].bv_val : "(unknown)",
- 0, 0 );
-#else
- Debug( LDAP_DEBUG_TRACE,
- "backend_startup: starting \"%s\"\n",
- be->be_suffix ? be->be_suffix[0].bv_val : "(unknown)",
- 0, 0 );
-#endif
-
if ( be->bd_info->bi_open ) {
rc = be->bd_info->bi_open( be->bd_info );
if ( rc != 0 ) {
-#ifdef NEW_LOGGING
- LDAP_LOG( BACKEND, CRIT,
- "backend_startup: bi_open failed!\n", 0, 0, 0 );
-#else
Debug( LDAP_DEBUG_ANY,
"backend_startup: bi_open failed!\n",
0, 0, 0 );
-#endif
return rc;
}
}
- if ( be->bd_info->bi_db_open ) {
- rc = be->bd_info->bi_db_open( be );
- if ( rc != 0 ) {
-#ifdef NEW_LOGGING
- LDAP_LOG( BACKEND, CRIT,
- "backend_startup: bi_db_open failed! (%d)\n", rc, 0, 0 );
-#else
- Debug( LDAP_DEBUG_ANY,
- "backend_startup: bi_db_open failed! (%d)\n",
- rc, 0, 0 );
-#endif
- return rc;
- }
- }
+ return backend_startup_one( be );
+ }
- return rc;
+ /* open frontend, if required */
+ if ( frontendDB->bd_info->bi_db_open ) {
+ rc = frontendDB->bd_info->bi_db_open( frontendDB );
+ if ( rc != 0 ) {
+ Debug( LDAP_DEBUG_ANY,
+ "backend_startup: bi_db_open(frontend) failed! (%d)\n",
+ rc, 0, 0 );
+ return rc;
+ }
}
/* open each backend type */
rc = backendInfo[i].bi_open(
&backendInfo[i] );
if ( rc != 0 ) {
-#ifdef NEW_LOGGING
- LDAP_LOG( BACKEND, CRIT,
- "backend_startup: bi_open %d failed!\n", i, 0, 0 );
-#else
Debug( LDAP_DEBUG_ANY,
"backend_startup: bi_open %d failed!\n",
i, 0, 0 );
-#endif
return rc;
}
}
}
- ldap_pvt_thread_mutex_init( &syncrepl_rq.rq_mutex );
- LDAP_STAILQ_INIT( &syncrepl_rq.task_list );
- LDAP_STAILQ_INIT( &syncrepl_rq.run_list );
+ ldap_pvt_thread_mutex_init( &slapd_rq.rq_mutex );
+ LDAP_STAILQ_INIT( &slapd_rq.task_list );
+ LDAP_STAILQ_INIT( &slapd_rq.run_list );
/* open each backend database */
for( i = 0; i < nBackendDB; i++ ) {
- /* append global access controls */
- acl_append( &backendDB[i].be_acl, global_acl );
-
- backendDB[i].be_pending_csn_list = (struct be_pcl *)
- ch_calloc( 1, sizeof( struct be_pcl ));
- LDAP_TAILQ_INIT( backendDB[i].be_pending_csn_list );
-
if ( backendDB[i].be_suffix == NULL ) {
-#ifdef NEW_LOGGING
- LDAP_LOG( BACKEND, CRIT,
- "backend_startup: warning, database %d (%s) "
- "has no suffix\n",
- i, backendDB[i].bd_info->bi_type, 0 );
-#else
Debug( LDAP_DEBUG_ANY,
"backend_startup: warning, database %d (%s) "
"has no suffix\n",
i, backendDB[i].bd_info->bi_type, 0 );
-#endif
}
- build_new_dn( &be->be_context_csn, be->be_nsuffix,
- &slap_ldapsync_cn_bv, NULL );
+ /* append global access controls */
+ acl_append( &backendDB[i].be_acl, frontendDB->be_acl );
+
+ rc = backend_startup_one( &backendDB[i] );
+
+ if ( rc ) return rc;
- if ( backendDB[i].bd_info->bi_db_open ) {
- rc = backendDB[i].bd_info->bi_db_open(
- &backendDB[i] );
- if ( rc != 0 ) {
-#ifdef NEW_LOGGING
- LDAP_LOG( BACKEND, CRIT,
- "backend_startup: bi_db_open(%d) failed! (%d)\n",
- i, rc, 0 );
-#else
- Debug( LDAP_DEBUG_ANY,
- "backend_startup: bi_db_open(%d) failed! (%d)\n",
- i, rc, 0 );
-#endif
- return rc;
- }
- }
if ( !LDAP_STAILQ_EMPTY( &backendDB[i].be_syncinfo )) {
syncinfo_t *si;
if ( !( backendDB[i].be_search && backendDB[i].be_add &&
backendDB[i].be_modify && backendDB[i].be_delete )) {
-#ifdef NEW_LOGGING
- LDAP_LOG( BACKEND, CRIT,
- "backend_startup: database(%d) does not support "
- "operations required for syncrepl", i, 0, 0 );
-#else
Debug( LDAP_DEBUG_ANY,
"backend_startup: database(%d) does not support "
"operations required for syncrepl", i, 0, 0 );
-#endif
continue;
}
LDAP_STAILQ_FOREACH( si, &backendDB[i].be_syncinfo, si_next ) {
si->si_be = &backendDB[i];
init_syncrepl( si );
- ldap_pvt_thread_mutex_lock( &syncrepl_rq.rq_mutex );
- ldap_pvt_runqueue_insert( &syncrepl_rq,
+ ldap_pvt_thread_mutex_lock( &slapd_rq.rq_mutex );
+ ldap_pvt_runqueue_insert( &slapd_rq,
si->si_interval, do_syncrepl, (void *) si );
- ldap_pvt_thread_mutex_unlock( &syncrepl_rq.rq_mutex );
+ ldap_pvt_thread_mutex_unlock( &slapd_rq.rq_mutex );
}
}
}
}
if(rc != 0) {
-#ifdef NEW_LOGGING
- LDAP_LOG( BACKEND, NOTICE,
- "backend_shutdown: bi_close %s failed!\n",
- backendDB[i].be_type, 0, 0 );
-#else
Debug( LDAP_DEBUG_ANY,
- "backend_close: bi_close %s failed!\n",
+ "backend_close: bi_db_close %s failed!\n",
backendDB[i].be_type, 0, 0 );
-#endif
}
}
}
}
+ /* close frontend, if required */
+ if ( frontendDB->bd_info->bi_db_close ) {
+ rc = frontendDB->bd_info->bi_db_close ( frontendDB );
+ if ( rc != 0 ) {
+ Debug( LDAP_DEBUG_ANY,
+ "backend_startup: bi_db_close(frontend) failed! (%d)\n",
+ rc, 0, 0 );
+ }
+ }
+
return 0;
}
{
int i;
BackendDB *bd;
+ syncinfo_t *si_entry;
+ struct slap_csn_entry *csne;
ldap_pvt_thread_pool_destroy( &syncrepl_pool, 1 );
/* destroy each backend database */
for( i = 0, bd = backendDB; i < nBackendDB; i++, bd++ ) {
+
+ while ( !LDAP_STAILQ_EMPTY( &bd->be_syncinfo )) {
+ si_entry = LDAP_STAILQ_FIRST( &bd->be_syncinfo );
+ LDAP_STAILQ_REMOVE_HEAD( &bd->be_syncinfo, si_next );
+ syncinfo_free( si_entry );
+ }
+
+ if ( bd->be_pending_csn_list ) {
+ csne = LDAP_TAILQ_FIRST( bd->be_pending_csn_list );
+ while ( csne ) {
+ struct slap_csn_entry *tmp_csne = csne;
+
+ LDAP_TAILQ_REMOVE( bd->be_pending_csn_list, csne, ce_csn_link );
+ ch_free( csne->ce_csn.bv_val );
+ csne = LDAP_TAILQ_NEXT( csne, ce_csn_link );
+ ch_free( tmp_csne );
+ }
+ }
+
if ( bd->bd_info->bi_db_destroy ) {
bd->bd_info->bi_db_destroy( bd );
}
if ( bd->be_rootdn.bv_val ) free( bd->be_rootdn.bv_val );
if ( bd->be_rootndn.bv_val ) free( bd->be_rootndn.bv_val );
if ( bd->be_rootpw.bv_val ) free( bd->be_rootpw.bv_val );
- acl_destroy( bd->be_acl, global_acl );
+ acl_destroy( bd->be_acl, frontendDB->be_acl );
}
free( backendDB );
nBackendInfo = 0;
backendInfo = NULL;
+ /* destroy frontend database */
+ bd = frontendDB;
+ if ( bd ) {
+ if ( bd->bd_info->bi_db_destroy ) {
+ bd->bd_info->bi_db_destroy( bd );
+ }
+ ber_bvarray_free( bd->be_suffix );
+ ber_bvarray_free( bd->be_nsuffix );
+ if ( bd->be_rootdn.bv_val ) free( bd->be_rootdn.bv_val );
+ if ( bd->be_rootndn.bv_val ) free( bd->be_rootndn.bv_val );
+ if ( bd->be_rootpw.bv_val ) free( bd->be_rootpw.bv_val );
+ acl_destroy( bd->be_acl, frontendDB->be_acl );
+ }
+
return 0;
}
return NULL;
}
+ be = backendDB;
+
backendDB = (BackendDB *) ch_realloc(
(char *) backendDB,
(nBackendDB + 1) * sizeof(Backend) );
memset( &backendDB[nbackends], '\0', sizeof(Backend) );
+ /* did realloc move our table? if so, fix up dependent pointers */
+ if ( be != backendDB ) {
+ int i;
+ for ( i=0, be=backendDB; i<nbackends; i++, be++ ) {
+ be->be_pcl_mutexp = &be->be_pcl_mutex;
+ }
+ }
+
be = &backends[nbackends++];
be->bd_info = bi;
- be->be_def_limit = deflimit;
- be->be_dfltaccess = global_default_access;
+ be->be_def_limit = frontendDB->be_def_limit;
+ be->be_dfltaccess = frontendDB->be_dfltaccess;
- be->be_restrictops = global_restrictops;
- be->be_requires = global_requires;
- be->be_ssf_set = global_ssf_set;
+ be->be_restrictops = frontendDB->be_restrictops;
+ be->be_requires = frontendDB->be_requires;
+ be->be_ssf_set = frontendDB->be_ssf_set;
- be->be_context_csn.bv_len = 0;
- be->be_context_csn.bv_val = NULL;
- ldap_pvt_thread_mutex_init( &be->be_pcl_mutex );
- ldap_pvt_thread_mutex_init( &be->be_context_csn_mutex );
+ be->be_pcl_mutexp = &be->be_pcl_mutex;
+ ldap_pvt_thread_mutex_init( be->be_pcl_mutexp );
LDAP_STAILQ_INIT( &be->be_syncinfo );
(*backends[i].bd_info->bi_db_close)( &backends[i] );
}
}
+
+ if ( frontendDB->bd_info->bi_db_close ) {
+ (*frontendDB->bd_info->bi_db_close)( frontendDB );
+ }
}
Backend *
be_isroot_pw( Operation *op )
{
int result;
- char *errmsg;
if ( ! be_isroot_dn( op->o_bd, &op->o_req_ndn ) ) {
return 0;
* A preoperation plugin failure will abort the
* entire operation.
*/
-#ifdef NEW_LOGGING
- LDAP_LOG( OPERATION, INFO,
- "do_bind: Unbind preoperation plugin failed\n",
- 0, 0, 0);
-#else
Debug(LDAP_DEBUG_TRACE,
"do_bind: Unbind preoperation plugin failed\n",
0, 0, 0);
-#endif
return 0;
}
}
if ( op->o_pb != NULL && slapi_int_call_plugins( &backends[i],
SLAPI_PLUGIN_POST_UNBIND_FN, (Slapi_PBlock *)op->o_pb ) < 0 )
{
-#ifdef NEW_LOGGING
- LDAP_LOG( OPERATION, INFO,
- "do_unbind: Unbind postoperation plugins failed\n",
- 0, 0, 0);
-#else
Debug(LDAP_DEBUG_TRACE,
"do_unbind: Unbind postoperation plugins failed\n",
0, 0, 0);
-#endif
}
#endif /* defined( LDAP_SLAPI ) */
}
if( (*ctrls)->ldctl_iscritical && !ldap_charray_inlist(
op->o_bd->be_controls, (*ctrls)->ldctl_oid ) )
{
+ /* FIXME: standards compliance issue
+ *
+ * Per RFC 2251 (and LDAPBIS discussions), if the control
+ * is recognized and appropriate for the operation (which
+ * we've already verified), then the server should make
+ * use of the control when performing the operation
+ * (without regard to criticality). This code is incorrect
+ * on two counts.
+ * 1) a service error (e.g., unwillingToPerform) should be
+ * returned where a particular backend cannot service the
+ * operation,
+ * 2) this error should be returned irregardless of the
+ * criticality of the control.
+ */
rs->sr_text = "control unavailable in context";
rs->sr_err = LDAP_UNAVAILABLE_CRITICAL_EXTENSION;
break;
ssf = &op->o_bd->be_ssf_set;
} else {
- restrictops = global_restrictops;
- requires = global_requires;
- ssf = &global_ssf_set;
+ restrictops = frontendDB->be_restrictops;
+ requires = frontendDB->be_requires;
+ ssf = &frontendDB->be_ssf_set;
}
switch( op->o_tag ) {
rc = be_entry_get_rw(op, gr_ndn, group_oc, group_at, 0, &e );
}
if ( e ) {
+#ifdef LDAP_SLAPI
+ if ( op->o_pb != NULL ) {
+ init_group_pblock( op, target, e, op_ndn, group_at );
+
+ rc = call_group_preop_plugins( op );
+ if ( rc == LDAP_SUCCESS ) {
+ goto done;
+ }
+ }
+#endif /* LDAP_SLAPI */
+
a = attr_find( e->e_attrs, group_at );
if ( a ) {
/* If the attribute is a subtype of labeledURI, treat this as
if ( target && dn_match( &target->e_nname, op_ndn ) ) {
user = target;
} else {
+ /* back-bdb stored lockinfo here, we saved it
+ * above. Clear it out so that a new lock can be used.
+ */
op->o_bd = select_backend( op_ndn, 0, 0 );
rc = be_entry_get_rw(op, op_ndn, NULL, NULL, 0, &user );
}
rc = 1;
for (i=0; a->a_vals[i].bv_val; i++) {
if ( ldap_url_parse( a->a_vals[i].bv_val, &ludp ) !=
- LDAP_SUCCESS )
+ LDAP_URL_SUCCESS )
{
continue;
}
break;
#ifdef LDAP_SCOPE_SUBORDINATE
case LDAP_SCOPE_SUBORDINATE:
- if ( dn_match( &nbase, op_ndn ) &&
- !dnIsSuffix(op_ndn, &nbase ))
+ if ( dn_match( &nbase, op_ndn ) ||
+ !dnIsSuffix( op_ndn, &nbase ) )
{
goto loopit;
}
rc = LDAP_NO_SUCH_OBJECT;
}
+#ifdef LDAP_SLAPI
+ if ( op->o_pb ) call_group_postop_plugins( op );
+#endif /* LDAP_SLAPI */
+
if ( op->o_tag != LDAP_REQ_BIND && !op->o_do_not_cache ) {
g = op->o_tmpalloc(sizeof(GroupAssertion) + gr_ndn->bv_len,
op->o_tmpmemctx);
return rc;
}
+#ifdef LDAP_SLAPI
+static int backend_compute_output_attr(computed_attr_context *c, Slapi_Attr *a, Slapi_Entry *e)
+{
+ BerVarray v;
+ int rc;
+ BerVarray *vals = (BerVarray *)c->cac_private;
+ Operation *op = NULL;
+ int i, j;
+
+ slapi_pblock_get( c->cac_pb, SLAPI_OPERATION, &op );
+ if ( op == NULL ) {
+ return 1;
+ }
+
+ if ( op->o_conn && access_allowed( op,
+ e, a->a_desc, NULL, ACL_AUTH,
+ &c->cac_acl_state ) == 0 ) {
+ return 1;
+ }
+
+ for ( i=0; a->a_vals[i].bv_val; i++ ) ;
+
+ v = op->o_tmpalloc( sizeof(struct berval) * (i+1),
+ op->o_tmpmemctx );
+ for ( i=0,j=0; a->a_vals[i].bv_val; i++ ) {
+ if ( op->o_conn && access_allowed( op,
+ e, a->a_desc,
+ &a->a_nvals[i],
+ ACL_AUTH, &c->cac_acl_state ) == 0 ) {
+ continue;
+ }
+ ber_dupbv_x( &v[j],
+ &a->a_nvals[i], op->o_tmpmemctx );
+ if (v[j].bv_val ) j++;
+ }
+
+ if (j == 0) {
+ op->o_tmpfree( v, op->o_tmpmemctx );
+ *vals = NULL;
+ rc = 1;
+ } else {
+ v[j].bv_val = NULL;
+ v[j].bv_len = 0;
+ *vals = v;
+ rc = 0;
+ }
+
+ return rc;
+}
+#endif /* LDAP_SLAPI */
+
int
backend_attribute(
Operation *op,
Entry *target,
struct berval *edn,
AttributeDescription *entry_at,
- BerVarray *vals )
+ BerVarray *vals,
+ slap_access_t access )
{
Entry *e;
Attribute *a;
if ( a ) {
BerVarray v;
- if ( op->o_conn && access_allowed( op,
- e, entry_at, NULL, ACL_AUTH,
+ if ( op->o_conn && access > ACL_NONE && access_allowed( op,
+ e, entry_at, NULL, access,
&acl_state ) == 0 ) {
rc = LDAP_INSUFFICIENT_ACCESS;
goto freeit;
v = op->o_tmpalloc( sizeof(struct berval) * (i+1),
op->o_tmpmemctx );
for ( i=0,j=0; a->a_vals[i].bv_val; i++ ) {
- if ( op->o_conn && access_allowed( op,
+ if ( op->o_conn && access > ACL_NONE && access_allowed( op,
e, entry_at,
&a->a_nvals[i],
- ACL_AUTH, &acl_state ) == 0 ) {
+ access, &acl_state ) == 0 ) {
continue;
}
ber_dupbv_x( &v[j],
rc = LDAP_SUCCESS;
}
}
+#ifdef LDAP_SLAPI
+ else if ( op->o_pb ) {
+ /* try any computed attributes */
+ computed_attr_context ctx;
+ AttributeName aname;
+
+ slapi_int_pblock_set_operation( op->o_pb, op );
+
+ ctx.cac_pb = op->o_pb;
+ ctx.cac_attrs = NULL;
+ ctx.cac_userattrs = 0;
+ ctx.cac_opattrs = 0;
+ ctx.cac_acl_state = acl_state;
+ ctx.cac_private = (void *)vals;
+
+ if ( compute_evaluator( &ctx, entry_at->ad_cname.bv_val, e, backend_compute_output_attr ) == 1)
+ rc = LDAP_INSUFFICIENT_ACCESS;
+ else
+ rc = LDAP_SUCCESS;
+ }
+#endif /* LDAP_SLAPI */
freeit: if (e != target ) {
be_entry_release_r( op, e );
}
return rc;
}
-Attribute *backend_operational(
+int backend_operational(
Operation *op,
- SlapReply *rs,
- int opattrs )
+ SlapReply *rs )
{
- Attribute *a = NULL, **ap = &a;
+ Attribute **ap;
+ int rc = 0;
+ BackendDB *be_orig;
+
+ for ( ap = &rs->sr_operational_attrs; *ap; ap = &(*ap)->a_next )
+ /* just count them */ ;
/*
* If operational attributes (allegedly) are required,
* and the backend supports specific operational attributes,
* add them to the attribute list
*/
- if ( opattrs || ( op->ors_attrs &&
- ad_inlist( slap_schema.si_ad_subschemaSubentry, op->ors_attrs )) ) {
+ if ( SLAP_OPATTRS( rs->sr_attr_flags ) || ( op->ors_attrs &&
+ ad_inlist( slap_schema.si_ad_entryDN, op->ors_attrs )))
+ {
+ *ap = slap_operational_entryDN( rs->sr_entry );
+ ap = &(*ap)->a_next;
+ }
+
+ if ( SLAP_OPATTRS( rs->sr_attr_flags ) || ( op->ors_attrs &&
+ ad_inlist( slap_schema.si_ad_subschemaSubentry, op->ors_attrs )))
+ {
*ap = slap_operational_subschemaSubentry( op->o_bd );
ap = &(*ap)->a_next;
}
- if ( ( opattrs || op->ors_attrs ) && op->o_bd &&
- op->o_bd->be_operational != NULL )
+ /* Let the overlays have a chance at this */
+ be_orig = op->o_bd;
+ if ( SLAP_ISOVERLAY( be_orig ))
+ op->o_bd = select_backend( be_orig->be_nsuffix, 0, 0 );
+
+ if (( SLAP_OPATTRS( rs->sr_attr_flags ) || op->ors_attrs ) &&
+ op->o_bd && op->o_bd->be_operational != NULL )
{
- ( void )op->o_bd->be_operational( op, rs, opattrs, ap );
+ Attribute *a;
+
+ a = rs->sr_operational_attrs;
+ rs->sr_operational_attrs = NULL;
+ rc = op->o_bd->be_operational( op, rs );
+ *ap = rs->sr_operational_attrs;
+ if ( a != NULL ) {
+ rs->sr_operational_attrs = a;
+ }
+
+ for ( ; *ap; ap = &(*ap)->a_next )
+ /* just count them */ ;
+ }
+ op->o_bd = be_orig;
+
+ return rc;
+}
+
+#ifdef LDAP_SLAPI
+static void init_group_pblock( Operation *op, Entry *target,
+ Entry *e, struct berval *op_ndn, AttributeDescription *group_at )
+{
+ slapi_int_pblock_set_operation( op->o_pb, op );
+
+ slapi_pblock_set( op->o_pb,
+ SLAPI_X_GROUP_ENTRY, (void *)e );
+ slapi_pblock_set( op->o_pb,
+ SLAPI_X_GROUP_OPERATION_DN, (void *)op_ndn->bv_val );
+ slapi_pblock_set( op->o_pb,
+ SLAPI_X_GROUP_ATTRIBUTE, (void *)group_at->ad_cname.bv_val );
+ slapi_pblock_set( op->o_pb,
+ SLAPI_X_GROUP_TARGET_ENTRY, (void *)target );
+}
+
+static int call_group_preop_plugins( Operation *op )
+{
+ int rc;
+
+ rc = slapi_int_call_plugins( op->o_bd,
+ SLAPI_X_PLUGIN_PRE_GROUP_FN, op->o_pb );
+ if ( rc < 0 ) {
+ if (( slapi_pblock_get( op->o_pb, SLAPI_RESULT_CODE,
+ (void *)&rc ) != 0 ) || rc == LDAP_SUCCESS )
+ {
+ rc = LDAP_NO_SUCH_ATTRIBUTE;
+ }
+ } else {
+ rc = LDAP_SUCCESS;
}
- return a;
+ return rc;
+}
+
+static void call_group_postop_plugins( Operation *op )
+{
+ (void) slapi_int_call_plugins( op->o_bd, SLAPI_X_PLUGIN_POST_GROUP_FN, op->o_pb );
}
+#endif /* LDAP_SLAPI */
projects / openldap / blobdiff