/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2001-2005 The OpenLDAP Foundation.
+ * Copyright 2001-2006 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
#ifdef LDAP_SLAPI
static slap_overinst slapi;
+static int slapi_over_initialized = 0;
+
+static int slapi_over_response( Operation *op, SlapReply *rs );
+static int slapi_over_cleanup( Operation *op, SlapReply *rs );
+
+static Slapi_PBlock *
+slapi_over_pblock_new( Operation *op, SlapReply *rs )
+{
+ Slapi_PBlock *pb;
+
+ pb = slapi_pblock_new();
+ pb->pb_op = op;
+ pb->pb_conn = op->o_conn;
+ pb->pb_rs = rs;
+ pb->pb_intop = 0;
+
+ PBLOCK_ASSERT_OP( pb, op->o_tag );
+
+ return pb;
+}
+
+static int
+slapi_op_internal_p( Operation *op, SlapReply *rs, slap_callback *cb )
+{
+ int internal_op = 0;
+ Slapi_PBlock *pb = NULL;
+ slap_callback *pcb;
+
+ /*
+ * Abstraction violating check for SLAPI internal operations
+ * allows pblock to remain consistent when invoking internal
+ * op plugins
+ */
+ for ( pcb = op->o_callback; pcb != NULL; pcb = pcb->sc_next ) {
+ if ( pcb->sc_response == slapi_int_response ) {
+ pb = (Slapi_PBlock *)pcb->sc_private;
+ PBLOCK_ASSERT_INTOP( pb, 0 );
+ internal_op = 1;
+ break;
+ }
+ }
+
+ if ( cb != NULL ) {
+ if ( pb == NULL ) {
+ pb = slapi_over_pblock_new( op, rs );
+ }
+
+ cb->sc_response = slapi_over_response;
+ cb->sc_cleanup = slapi_over_cleanup;
+ cb->sc_private = pb;
+ cb->sc_next = op->o_callback;
+ op->o_callback = cb;
+ }
+
+ return internal_op;
+}
static int
slapi_over_compute_output(
Slapi_Entry *entry
)
{
- int rc;
Attribute **a;
AttributeDescription *desc;
- Operation *op = c->cac_op;
- SlapReply *rs = (SlapReply *)c->cac_private;
+ SlapReply *rs;
if ( c == NULL || attribute == NULL || entry == NULL ) {
return 0;
}
+ rs = (SlapReply *)c->cac_private;
+
assert( rs->sr_entry == entry );
desc = attribute->a_desc;
}
}
- if ( !access_allowed( op, entry, desc, NULL, ACL_READ, c->cac_acl_state) ) {
- slapi_log_error( SLAPI_LOG_ACL, "slapi_over_compute_output",
- "acl: access to attribute %s not allowed\n",
- desc->ad_cname.bv_val );
- return 0;
- }
-
+ /* XXX perhaps we should check for existing attributes and merge */
for ( a = &rs->sr_operational_attrs; *a != NULL; a = &(*a)->a_next )
;
- *a = attr_dup( attribute );
+ *a = slapi_attr_dup( attribute );
return 0;
}
/* Support for computed attribute plugins */
computed_attr_context ctx;
AttributeName *anp;
- AccessControlState acl_state = ACL_STATE_INIT;
- ctx.cac_pb = op->o_pb;
+ if ( slapi_op_internal_p( op, rs, NULL ) ) {
+ return SLAP_CB_CONTINUE;
+ }
+
+ ctx.cac_pb = slapi_over_pblock_new( op, rs );
ctx.cac_op = op;
ctx.cac_private = rs;
- ctx.cac_acl_state = &acl_state;
if ( rs->sr_entry != NULL ) {
/*
}
}
+ slapi_pblock_destroy( ctx.cac_pb );
+
return SLAP_CB_CONTINUE;
}
+/*
+ * We need this function to call frontendDB (global) plugins before
+ * database plugins, if we are invoked by a slap_callback.
+ */
static int
-slapi_over_search( Operation *op, SlapReply *rs, int type )
+slapi_over_call_plugins( Slapi_PBlock *pb, int type )
{
- int rc;
- Slapi_PBlock *pb;
-
- pb = slapi_pblock_new();
+ int rc = 1; /* means no plugins called */
+ Operation *op;
- slapi_int_pblock_set_operation( pb, op );
- slapi_pblock_set( pb, SLAPI_RESCONTROLS, (void *)rs->sr_ctrls );
- slapi_pblock_set( pb, SLAPI_SEARCH_RESULT_ENTRY, (void *)rs->sr_entry );
-
- rc = slapi_int_call_plugins( op->o_bd, type, pb );
- if ( rc >= 0 ) /* 1 means no plugins called */
- rc = SLAP_CB_CONTINUE;
- else
- rc = LDAP_SUCCESS; /* confusing: don't abort, but don't send */
+ PBLOCK_ASSERT_OP( pb, 0 );
+ op = pb->pb_op;
- if ( rc == SLAP_CB_CONTINUE && rs->sr_type == REP_SEARCH ) {
- /* XXX we shouldn't need this here */
- slapi_over_aux_operational( op, rs );
+ if ( !be_match( op->o_bd, frontendDB ) ) {
+ rc = slapi_int_call_plugins( frontendDB, type, pb );
+ }
+ if ( rc >= 0 ) {
+ rc = slapi_int_call_plugins( op->o_bd, type, pb );
}
-
- slapi_pblock_set( pb, SLAPI_RESCONTROLS, NULL ); /* don't free */
- slapi_pblock_destroy(pb);
return rc;
}
static int
-slapi_over_merge_controls( Operation *op, SlapReply *rs, Slapi_PBlock *pb)
+slapi_over_search( Operation *op, SlapReply *rs, int type )
{
- LDAPControl **slapiControls = NULL, **resControls;
- int nSlapiControls = 0;
- int nResControls = 0;
- int i;
-
- /* merge in controls */
- if ( rs->sr_ctrls != NULL ) {
- for ( nResControls = 0; rs->sr_ctrls[nResControls] != NULL; nResControls++ )
- ;
- }
- slapi_pblock_get( op->o_pb, SLAPI_RESCONTROLS, (void **)&slapiControls );
- if ( slapiControls != NULL ) {
- for ( nSlapiControls = 0; slapiControls[nSlapiControls] != NULL; nSlapiControls++ )
- ;
- }
+ int rc;
+ Slapi_PBlock *pb;
- /* XXX this is a bit tricky, rs->sr_ctrls may have been allocated on stack */
- resControls = (LDAPControl **)op->o_tmpalloc( ( nResControls + nSlapiControls + 1 ) *
- sizeof( LDAPControl *), op->o_tmpmemctx );
- if ( resControls == NULL ) {
- return LDAP_OTHER;
- }
+ assert( rs->sr_type == REP_SEARCH || rs->sr_type == REP_SEARCHREF );
- if ( rs->sr_ctrls != NULL ) {
- for ( i = 0; i < nResControls; i++ )
- resControls[i] = rs->sr_ctrls[i];
- }
- if ( slapiControls != NULL ) {
- for ( i = 0; i < nSlapiControls; i++ )
- resControls[nResControls + i] = slapiControls[i];
- }
- resControls[nResControls + nSlapiControls] = NULL;
+ /* create a new pblock to not trample on result controls */
+ pb = slapi_over_pblock_new( op, rs );
- if ( slapiControls != NULL ) {
- slapi_ch_free( (void **)&slapiControls );
- slapi_pblock_set( op->o_pb, SLAPI_RESCONTROLS, NULL ); /* don't free */
- }
+ rc = slapi_over_call_plugins( pb, type );
+ if ( rc >= 0 ) /* 1 means no plugins called */
+ rc = SLAP_CB_CONTINUE;
+ else
+ rc = LDAP_SUCCESS; /* confusing: don't abort, but don't send */
- rs->sr_ctrls = resControls;
+ slapi_pblock_destroy(pb);
- return LDAP_SUCCESS;
+ return rc;
}
+/*
+ * Call pre- and post-result plugins
+ */
static int
slapi_over_result( Operation *op, SlapReply *rs, int type )
{
- int rc;
-
- slapi_pblock_set( op->o_pb, SLAPI_RESULT_CODE, (void *)rs->sr_err );
- slapi_pblock_set( op->o_pb, SLAPI_RESULT_TEXT, (void *)rs->sr_text );
- slapi_pblock_set( op->o_pb, SLAPI_RESULT_MATCHED, (void *)rs->sr_matched );
+ Slapi_PBlock *pb = SLAPI_OPERATION_PBLOCK( op );
- rc = slapi_int_call_plugins( op->o_bd, type, op->o_pb );
-
- slapi_pblock_get( op->o_pb, SLAPI_RESULT_CODE, (void **)&rs->sr_err );
- slapi_pblock_get( op->o_pb, SLAPI_RESULT_TEXT, (void **)&rs->sr_text );
- slapi_pblock_get( op->o_pb, SLAPI_RESULT_MATCHED, (void **)&rs->sr_matched );
+ assert( rs->sr_type == REP_RESULT || rs->sr_type == REP_SASL || rs->sr_type == REP_EXTENDED );
- if ( type == SLAPI_PLUGIN_PRE_RESULT_FN ) {
- rc = slapi_over_merge_controls( op, rs, op->o_pb );
- }
+ slapi_over_call_plugins( pb, type );
return SLAP_CB_CONTINUE;
}
-static int
-slapi_op_add_init( Operation *op, SlapReply *rs, Slapi_PBlock *pb )
-{
- slapi_pblock_set( pb, SLAPI_ADD_ENTRY, (void *)op->ora_e );
-
- return LDAP_SUCCESS;
-}
-
-static int
-slapi_op_bind_preop_init( Operation *op, SlapReply *rs, Slapi_PBlock *pb )
-{
- slapi_pblock_set( pb, SLAPI_BIND_TARGET, (void *)op->o_req_dn.bv_val );
- slapi_pblock_set( pb, SLAPI_BIND_METHOD, (void *)op->orb_method );
- slapi_pblock_set( pb, SLAPI_BIND_CREDENTIALS, (void *)&op->orb_cred );
- slapi_pblock_set( pb, SLAPI_CONN_DN, NULL );
-
- return LDAP_SUCCESS;
-}
-
-static int
-slapi_op_bind_postop_init( Operation *op, SlapReply *rs, Slapi_PBlock *pb )
-{
- char *dn = NULL;
-
- if ( rs->sr_err == LDAP_SUCCESS ) {
- /* fix for ITS#2971 */
- slapi_pblock_set( pb, SLAPI_CONN_DN, op->o_conn->c_authz.sai_dn.bv_val );
- }
-
- return LDAP_SUCCESS;
-}
static int
-slapi_op_bind_callback( Operation *op, SlapReply *rs, Slapi_PBlock *pb )
+slapi_op_bind_callback( Operation *op, SlapReply *rs, int prc )
{
- int rc = rs->sr_err;
-
- switch ( rc ) {
+ switch ( prc ) {
case SLAPI_BIND_SUCCESS:
/* Continue with backend processing */
break;
return rs->sr_err;
break;
case SLAPI_BIND_ANONYMOUS: /* undocumented */
- default:
- /*
- * Plugin sent authoritative result or no plugins were called
- */
- if ( slapi_pblock_get( pb, SLAPI_RESULT_CODE, (void **)&rs->sr_err ) != 0 ) {
- rs->sr_err = LDAP_OTHER;
- }
-
+ default: /* plugin sent result or no plugins called */
BER_BVZERO( &op->orb_edn );
if ( rs->sr_err == LDAP_SUCCESS ) {
- slapi_pblock_get( pb, SLAPI_CONN_DN, (void *)&op->orb_edn.bv_val );
- if ( BER_BVISNULL( &op->orb_edn ) ) {
- if ( rc == 1 ) {
- /* No plugins were called; continue processing */
- return LDAP_SUCCESS;
- }
- } else {
- op->orb_edn.bv_len = strlen( op->orb_edn.bv_val );
+ /*
+ * Plugin will have called slapi_pblock_set(LDAP_CONN_DN) which
+ * will have set conn->c_dn and conn->c_ndn
+ */
+ if ( BER_BVISNULL( &op->o_conn->c_ndn ) && prc == 1 ) {
+ /* No plugins were called; continue processing */
+ return LDAP_SUCCESS;
}
- rs->sr_err = dnPrettyNormal( NULL, &op->orb_edn,
- &op->o_req_dn, &op->o_req_ndn, op->o_tmpmemctx );
ldap_pvt_thread_mutex_lock( &op->o_conn->c_mutex );
- ber_dupbv(&op->o_conn->c_dn, &op->o_req_dn);
- ber_dupbv(&op->o_conn->c_ndn, &op->o_req_ndn);
- op->o_tmpfree( op->o_req_dn.bv_val, op->o_tmpmemctx );
- BER_BVZERO( &op->o_req_dn );
- op->o_tmpfree( op->o_req_ndn.bv_val, op->o_tmpmemctx );
- BER_BVZERO( &op->o_req_ndn );
- if ( !BER_BVISEMPTY( &op->o_conn->c_dn ) ) {
+ if ( !BER_BVISEMPTY( &op->o_conn->c_ndn ) ) {
ber_len_t max = sockbuf_max_incoming_auth;
ber_sockbuf_ctrl( op->o_conn->c_sb,
LBER_SB_OPT_SET_MAX_INCOMING, &max );
}
+ ldap_pvt_thread_mutex_unlock( &op->o_conn->c_mutex );
+
/* log authorization identity */
Statslog( LDAP_DEBUG_STATS,
"%s BIND dn=\"%s\" mech=%s (SLAPI) ssf=0\n",
op->o_log_prefix,
BER_BVISNULL( &op->o_conn->c_dn )
? "<empty>" : op->o_conn->c_dn.bv_val,
- op->orb_tmp_mech.bv_val, 0, 0 );
-
+ BER_BVISNULL( &op->orb_tmp_mech )
+ ? "<empty>" : op->orb_tmp_mech.bv_val, 0, 0 );
+
return -1;
}
break;
}
- return rc;
-}
-
-static int
-slapi_op_compare_init( Operation *op, SlapReply *rs, Slapi_PBlock *pb )
-{
- slapi_pblock_set( pb, SLAPI_COMPARE_TYPE, (void *)op->orc_ava->aa_desc->ad_cname.bv_val );
- slapi_pblock_set( pb, SLAPI_COMPARE_VALUE, (void *)&op->orc_ava->aa_value );
-
- return LDAP_SUCCESS;
-}
-
-static int
-slapi_op_modify_init( Operation *op, SlapReply *rs, Slapi_PBlock *pb )
-{
- LDAPMod **modv = NULL;
-
- modv = slapi_int_modifications2ldapmods( &op->orm_modlist );
- slapi_pblock_set( pb, SLAPI_MODIFY_MODS, (void *)modv );
-
- return LDAP_SUCCESS;
-}
-
-static int
-slapi_op_modify_callback( Operation *op, SlapReply *rs, Slapi_PBlock *pb )
-{
- LDAPMod **modv = NULL;
-
- /* check preoperation result code */
- if ( rs->sr_err < 0 ) {
- slapi_pblock_get( pb, SLAPI_RESULT_CODE, (void **)&rs->sr_err );
- return rs->sr_err;
- }
-
- /*
- * NB: it is valid for the plugin to return no modifications
- * (for example, a plugin might store some attributes elsewhere
- * and remove them from the modification list; if only those
- * attribute types were included in the modification request,
- * then slapi_int_ldapmods2modifications() above will return
- * NULL).
- *
- * However, the post-operation plugin should still be
- * called.
- */
-
- slapi_pblock_get( pb, SLAPI_MODIFY_MODS, (void **)&modv );
- op->orm_modlist = slapi_int_ldapmods2modifications( modv );
-
- return LDAP_SUCCESS;
-}
-
-static int
-slapi_op_modify_cleanup( Operation *op, SlapReply *rs, Slapi_PBlock *pb )
-{
- LDAPMod **modv = NULL;
-
- slapi_pblock_get( pb, SLAPI_MODIFY_MODS, (void **)&modv );
-
- if ( modv != NULL )
- slapi_int_free_ldapmods( modv );
-
- return LDAP_SUCCESS;
-}
-
-static int
-slapi_op_modrdn_init( Operation *op, SlapReply *rs, Slapi_PBlock *pb )
-{
- slapi_pblock_set( pb, SLAPI_MODRDN_NEWRDN, (void *)op->orr_newrdn.bv_val );
- slapi_pblock_set( pb, SLAPI_MODRDN_NEWSUPERIOR, (void *)op->orr_newSup->bv_val );
- slapi_pblock_set( pb, SLAPI_MODRDN_DELOLDRDN, (void *)op->orr_deleteoldrdn );
-
- return LDAP_SUCCESS;
+ return rs->sr_err;
}
static int
-slapi_op_search_init( Operation *op, SlapReply *rs, Slapi_PBlock *pb )
+slapi_op_search_callback( Operation *op, SlapReply *rs, int prc )
{
- char **attrs;
-
- attrs = anlist2charray_x( op->ors_attrs, 0, op->o_tmpmemctx );
-
- slapi_pblock_set( pb, SLAPI_SEARCH_SCOPE, (void *)op->ors_scope );
- slapi_pblock_set( pb, SLAPI_SEARCH_DEREF, (void *)op->ors_deref );
- slapi_pblock_set( pb, SLAPI_SEARCH_SIZELIMIT, (void *)op->ors_slimit );
- slapi_pblock_set( pb, SLAPI_SEARCH_TIMELIMIT, (void *)op->ors_tlimit );
- slapi_pblock_set( pb, SLAPI_SEARCH_FILTER, (void *)op->ors_filter );
- slapi_pblock_set( pb, SLAPI_SEARCH_STRFILTER, (void *)op->ors_filterstr.bv_val );
- slapi_pblock_set( pb, SLAPI_SEARCH_ATTRS, (void *)attrs );
- slapi_pblock_set( pb, SLAPI_SEARCH_ATTRSONLY, (void *)op->ors_attrsonly );
-
- return LDAP_SUCCESS;
-}
+ Slapi_PBlock *pb = SLAPI_OPERATION_PBLOCK( op );
-static int
-slapi_op_search_callback( Operation *op, SlapReply *rs, Slapi_PBlock *pb )
-{
/* check preoperation result code */
- if ( rs->sr_err < 0 ) {
- slapi_pblock_get( pb, SLAPI_RESULT_CODE, (void **)&rs->sr_err );
+ if ( prc < 0 ) {
return rs->sr_err;
}
- if ( slapi_int_call_plugins( op->o_bd, SLAPI_PLUGIN_COMPUTE_SEARCH_REWRITER_FN, pb ) != 0 ) {
- return LDAP_SUCCESS;
- }
-
- /*
- * The plugin can set the SLAPI_SEARCH_FILTER.
- * SLAPI_SEARCH_STRFILER is not normative.
- */
- slapi_pblock_get( pb, SLAPI_SEARCH_FILTER, (void *)&op->ors_filter );
- op->o_tmpfree( op->ors_filterstr.bv_val, op->o_tmpmemctx );
- filter2bv_x( op, op->ors_filter, &op->ors_filterstr );
-
- slapi_pblock_get( pb, SLAPI_SEARCH_TARGET, (void **)&op->o_req_dn.bv_val );
- op->o_req_dn.bv_len = strlen( op->o_req_dn.bv_val );
+ rs->sr_err = LDAP_SUCCESS;
- if( !BER_BVISNULL( &op->o_req_ndn ) ) {
- slap_sl_free( op->o_req_ndn.bv_val, op->o_tmpmemctx );
- }
- rs->sr_err = dnNormalize( 0, NULL, NULL, &op->o_req_dn, &op->o_req_ndn,
- op->o_tmpmemctx );
- if ( rs->sr_err != LDAP_SUCCESS ) {
- send_ldap_result( op, rs );
- return rs->sr_err;
+ if ( slapi_int_call_plugins( op->o_bd, SLAPI_PLUGIN_COMPUTE_SEARCH_REWRITER_FN, pb ) == 0 ) {
+ /*
+ * The plugin can set the SLAPI_SEARCH_FILTER.
+ * SLAPI_SEARCH_STRFILER is not normative.
+ */
+ op->o_tmpfree( op->ors_filterstr.bv_val, op->o_tmpmemctx );
+ filter2bv_x( op, op->ors_filter, &op->ors_filterstr );
}
- slapi_pblock_get( pb, SLAPI_SEARCH_SCOPE, (void **)&op->ors_scope );
- slapi_pblock_get( pb, SLAPI_SEARCH_DEREF, (void **)&op->ors_deref );
-
- return LDAP_SUCCESS;
-}
-
-static int
-slapi_op_search_cleanup( Operation *op, SlapReply *rs, Slapi_PBlock *pb )
-{
- char **attrs = NULL;
-
- slapi_pblock_get( pb, SLAPI_SEARCH_ATTRS, (void *)&attrs );
-
- if ( attrs != NULL )
- op->o_tmpfree( attrs, op->o_tmpmemctx );
-
return LDAP_SUCCESS;
}
-typedef int (slapi_over_callback)( Operation *, SlapReply *rs, Slapi_PBlock * );
-
struct slapi_op_info {
- int soi_preop;
- int soi_postop;
- slapi_over_callback *soi_preop_init;
- slapi_over_callback *soi_callback;
- slapi_over_callback *soi_postop_init;
- slapi_over_callback *soi_cleanup;
+ int soi_preop; /* preoperation plugin parameter */
+ int soi_postop; /* postoperation plugin parameter */
+ int soi_internal_preop; /* internal preoperation plugin parameter */
+ int soi_internal_postop; /* internal postoperation plugin parameter */
+ int (*soi_callback)(Operation *, SlapReply *, int); /* preoperation result handler */
} slapi_op_dispatch_table[] = {
{
SLAPI_PLUGIN_PRE_BIND_FN,
SLAPI_PLUGIN_POST_BIND_FN,
- slapi_op_bind_preop_init,
- slapi_op_bind_callback,
- slapi_op_bind_postop_init,
- NULL
+ 0,
+ 0,
+ slapi_op_bind_callback
},
{
- SLAPI_PLUGIN_PRE_UNBIND_FN, /* UNBIND */
+ SLAPI_PLUGIN_PRE_UNBIND_FN,
SLAPI_PLUGIN_POST_UNBIND_FN,
- NULL,
- NULL,
- NULL,
+ 0,
+ 0,
NULL
},
{
SLAPI_PLUGIN_PRE_SEARCH_FN,
SLAPI_PLUGIN_POST_SEARCH_FN,
- slapi_op_search_init,
- slapi_op_search_callback,
- NULL,
- slapi_op_search_cleanup
+ 0,
+ 0,
+ slapi_op_search_callback
},
{
SLAPI_PLUGIN_PRE_COMPARE_FN,
SLAPI_PLUGIN_POST_COMPARE_FN,
- slapi_op_compare_init,
- NULL,
- NULL,
+ 0,
+ 0,
NULL
},
{
SLAPI_PLUGIN_PRE_MODIFY_FN,
SLAPI_PLUGIN_POST_MODIFY_FN,
- slapi_op_modify_init,
- slapi_op_modify_callback,
- NULL,
- slapi_op_modify_cleanup
+ SLAPI_PLUGIN_INTERNAL_PRE_MODIFY_FN,
+ SLAPI_PLUGIN_INTERNAL_POST_MODIFY_FN,
+ NULL
},
{
SLAPI_PLUGIN_PRE_MODRDN_FN,
SLAPI_PLUGIN_POST_MODRDN_FN,
- slapi_op_modrdn_init,
- NULL,
- NULL,
+ SLAPI_PLUGIN_INTERNAL_PRE_MODRDN_FN,
+ SLAPI_PLUGIN_INTERNAL_POST_MODRDN_FN,
NULL
},
{
SLAPI_PLUGIN_PRE_ADD_FN,
SLAPI_PLUGIN_POST_ADD_FN,
- slapi_op_add_init,
- NULL,
- NULL,
+ SLAPI_PLUGIN_INTERNAL_PRE_ADD_FN,
+ SLAPI_PLUGIN_INTERNAL_POST_ADD_FN,
NULL
},
{
SLAPI_PLUGIN_PRE_DELETE_FN,
SLAPI_PLUGIN_POST_DELETE_FN,
- NULL,
- NULL,
- NULL,
+ SLAPI_PLUGIN_INTERNAL_PRE_DELETE_FN,
+ SLAPI_PLUGIN_INTERNAL_POST_DELETE_FN,
NULL
},
{
SLAPI_PLUGIN_PRE_ABANDON_FN,
SLAPI_PLUGIN_POST_ABANDON_FN,
- NULL,
- NULL,
- NULL,
+ 0,
+ 0,
NULL
},
{
0,
0,
- NULL,
- NULL,
- NULL,
+ 0,
+ 0,
NULL
}
};
op = op_add;
break;
case LDAP_REQ_DELETE:
- op = op_compare;
+ op = op_delete;
break;
case LDAP_REQ_MODRDN:
op = op_modrdn;
return op;
}
+/* Add SLAPI_RESCONTROLS to rs->sr_ctrls, with care, because
+ * rs->sr_ctrls could be allocated on the stack */
static int
-slapi_op_response( Operation *op, SlapReply *rs )
+slapi_over_merge_controls( Operation *op, SlapReply *rs )
{
- int rc;
+ Slapi_PBlock *pb = SLAPI_OPERATION_PBLOCK( op );
+ LDAPControl **ctrls = NULL;
+ LDAPControl **slapi_ctrls = NULL;
+ size_t n_slapi_ctrls = 0;
+ size_t n_rs_ctrls = 0;
+ size_t i;
- switch ( rs->sr_type ) {
- case REP_RESULT:
- rc = slapi_over_result( op, rs, SLAPI_PLUGIN_PRE_RESULT_FN );
- break;
- case REP_SEARCH:
- rc = slapi_over_search( op, rs, SLAPI_PLUGIN_PRE_ENTRY_FN );
- break;
- case REP_SEARCHREF:
- rc = slapi_over_search( op, rs, SLAPI_PLUGIN_PRE_REFERRAL_FN );
- break;
- default:
- rc = SLAP_CB_CONTINUE;
- break;
+ slapi_pblock_get( pb, SLAPI_RESCONTROLS, (void **)&slapi_ctrls );
+
+ n_slapi_ctrls = slapi_int_count_controls( slapi_ctrls );
+ n_rs_ctrls = slapi_int_count_controls( rs->sr_ctrls );
+
+ slapi_pblock_set( pb, SLAPI_X_OLD_RESCONTROLS, (void *)rs->sr_ctrls );
+
+ if ( n_slapi_ctrls == 0 )
+ return LDAP_SUCCESS; /* no SLAPI controls */
+
+ ctrls = (LDAPControl **) op->o_tmpalloc(
+ ( n_slapi_ctrls + n_rs_ctrls + 1 ) * sizeof(LDAPControl *),
+ op->o_tmpmemctx );
+
+ for ( i = 0; i < n_slapi_ctrls; i++ ) {
+ ctrls[i] = slapi_ctrls[i];
+ }
+ if ( rs->sr_ctrls != NULL ) {
+ for ( i = 0; i < n_rs_ctrls; i++ ) {
+ ctrls[n_slapi_ctrls + i] = rs->sr_ctrls[i];
+ }
}
+ ctrls[n_slapi_ctrls + n_rs_ctrls] = NULL;
- return rc;
+ rs->sr_ctrls = ctrls;
+
+ return LDAP_SUCCESS;
}
static int
-slapi_op_cleanup( Operation *op, SlapReply *rs )
+slapi_over_unmerge_controls( Operation *op, SlapReply *rs )
{
- int rc;
+ Slapi_PBlock *pb = SLAPI_OPERATION_PBLOCK( op );
+ LDAPControl **rs_ctrls = NULL;
- switch ( rs->sr_type ) {
- case REP_RESULT:
- rc = slapi_over_result( op, rs, SLAPI_PLUGIN_POST_RESULT_FN );
- break;
- case REP_SEARCH:
- rc = slapi_over_search( op, rs, SLAPI_PLUGIN_POST_ENTRY_FN );
- break;
- case REP_SEARCHREF:
- rc = slapi_over_search( op, rs, SLAPI_PLUGIN_POST_REFERRAL_FN );
- break;
- default:
- rc = SLAP_CB_CONTINUE;
- break;
+ slapi_pblock_get( pb, SLAPI_X_OLD_RESCONTROLS, (void **)&rs_ctrls );
+
+ if ( rs_ctrls == NULL || rs->sr_ctrls == rs_ctrls ) {
+ /* no copying done */
+ return LDAP_SUCCESS;
+ }
+
+ op->o_tmpfree( rs->sr_ctrls, op->o_tmpmemctx );
+ rs->sr_ctrls = rs_ctrls;
+
+ return LDAP_SUCCESS;
+}
+
+static int
+slapi_over_response( Operation *op, SlapReply *rs )
+{
+ Slapi_PBlock *pb = SLAPI_OPERATION_PBLOCK( op );
+ int rc = SLAP_CB_CONTINUE;
+
+ if ( pb->pb_intop == 0 ) {
+ switch ( rs->sr_type ) {
+ case REP_RESULT:
+ case REP_SASL:
+ case REP_EXTENDED:
+ rc = slapi_over_result( op, rs, SLAPI_PLUGIN_PRE_RESULT_FN );
+ break;
+ case REP_SEARCH:
+ rc = slapi_over_search( op, rs, SLAPI_PLUGIN_PRE_ENTRY_FN );
+ break;
+ case REP_SEARCHREF:
+ rc = slapi_over_search( op, rs, SLAPI_PLUGIN_PRE_REFERRAL_FN );
+ break;
+ default:
+ break;
+ }
+ }
+
+ slapi_over_merge_controls( op, rs );
+
+ return rc;
+}
+
+static int
+slapi_over_cleanup( Operation *op, SlapReply *rs )
+{
+ Slapi_PBlock *pb = SLAPI_OPERATION_PBLOCK( op );
+ int rc = SLAP_CB_CONTINUE;
+
+ slapi_over_unmerge_controls( op, rs );
+
+ if ( pb->pb_intop == 0 ) {
+ switch ( rs->sr_type ) {
+ case REP_RESULT:
+ case REP_SASL:
+ case REP_EXTENDED:
+ rc = slapi_over_result( op, rs, SLAPI_PLUGIN_POST_RESULT_FN );
+ break;
+ case REP_SEARCH:
+ rc = slapi_over_search( op, rs, SLAPI_PLUGIN_POST_ENTRY_FN );
+ break;
+ case REP_SEARCHREF:
+ rc = slapi_over_search( op, rs, SLAPI_PLUGIN_POST_REFERRAL_FN );
+ break;
+ default:
+ break;
+ }
}
return rc;
static int
slapi_op_func( Operation *op, SlapReply *rs )
{
- Slapi_PBlock *pb = op->o_pb;
+ Slapi_PBlock *pb;
slap_operation_t which;
struct slapi_op_info *opinfo;
- int rc, flags = 0;
+ int rc;
slap_overinfo *oi;
slap_overinst *on;
slap_callback cb;
+ int internal_op;
+ int preop_type, postop_type;
+ BackendDB *be;
- /*
- * We check for op->o_extensions to verify that we are not
- * processing a SLAPI internal operation. XXX
- */
- if ( op->o_pb == NULL || op->o_extensions == NULL ) {
+ if ( !slapi_plugins_used )
return SLAP_CB_CONTINUE;
- }
/*
* Find the SLAPI operation information for this LDAP
* operation; this will contain the preop and postop
- * plugin types, as well as any additional information
- * we need to complete.
+ * plugin types, as well as optional callbacks for
+ * setting up the SLAPI environment.
*/
which = slapi_tag2op( op->o_tag );
if ( which >= op_last ) {
+ /* invalid operation, but let someone else deal with it */
return SLAP_CB_CONTINUE;
}
opinfo = &slapi_op_dispatch_table[which];
- if ( opinfo == NULL || opinfo->soi_preop == 0 ) {
+ if ( opinfo == NULL ) {
+ /* no SLAPI plugin types for this operation */
return SLAP_CB_CONTINUE;
}
- slapi_int_pblock_set_operation( pb, op );
+ internal_op = slapi_op_internal_p( op, rs, &cb );
- cb.sc_response = slapi_op_response;
- cb.sc_cleanup = slapi_op_cleanup;
- cb.sc_private = opinfo;
- cb.sc_next = op->o_callback;
- op->o_callback = &cb;
+ if ( internal_op ) {
+ preop_type = opinfo->soi_internal_preop;
+ postop_type = opinfo->soi_internal_postop;
+ } else {
+ preop_type = opinfo->soi_preop;
+ postop_type = opinfo->soi_postop;
+ }
- /*
- * Call preoperation plugins
- */
- if ( opinfo->soi_preop_init != NULL ) {
- rs->sr_err = (opinfo->soi_preop_init)( op, rs, pb );
- if ( rs->sr_err != LDAP_SUCCESS )
- return rs->sr_err;
+ if ( preop_type == 0 ) {
+ /* no SLAPI plugin types for this operation */
+ pb = NULL;
+ rc = SLAP_CB_CONTINUE;
+ goto cleanup;
}
- rs->sr_err = slapi_int_call_plugins( op->o_bd, opinfo->soi_preop, pb );
+ pb = SLAPI_OPERATION_PBLOCK( op );
+
+ /* cache backend so we call correct postop plugins */
+ be = pb->pb_op->o_bd;
+
+ rc = slapi_int_call_plugins( be, preop_type, pb );
/*
* soi_callback is responsible for examining the result code
* of the preoperation plugin and determining whether to
* abort. This is needed because of special SLAPI behaviour
- * with bind preoperation plugins.
+ e with bind preoperation plugins.
*
* The soi_callback function is also used to reset any values
* returned from the preoperation plugin before calling the
* backend (for the success case).
*/
if ( opinfo->soi_callback == NULL ) {
- if ( rs->sr_err < 0 ) {
- slapi_pblock_get( pb, SLAPI_RESULT_CODE, (void **)&rs->sr_err );
+ /* default behaviour is preop plugin can abort operation */
+ if ( rc < 0 ) {
+ rc = rs->sr_err;
goto cleanup;
}
} else {
- rc = (opinfo->soi_callback)( op, rs, pb );
+ rc = (opinfo->soi_callback)( op, rs, rc );
if ( rc )
goto cleanup;
}
/*
- * Call actual backend (or next overlay in stack)
+ * Call actual backend (or next overlay in stack). We need to
+ * do this rather than returning SLAP_CB_CONTINUE and calling
+ * postoperation plugins in a response handler to match the
+ * behaviour of SLAPI in OpenLDAP 2.2, where postoperation
+ * plugins are called after the backend has completely
+ * finished processing the operation.
*/
on = (slap_overinst *)op->o_bd->bd_info;
oi = on->on_info;
- rs->sr_err = overlay_op_walk( op, rs, which, oi, on->on_next );
+ rc = overlay_op_walk( op, rs, which, oi, on->on_next );
/*
* Call postoperation plugins
*/
- slapi_pblock_set( pb, SLAPI_RESULT_CODE, (void *)rs->sr_err );
-
- if ( opinfo->soi_postop_init != NULL ) {
- (opinfo->soi_postop_init)( op, rs, pb );
- }
-
- slapi_int_call_plugins( op->o_bd, opinfo->soi_postop, pb );
+ slapi_int_call_plugins( be, postop_type, pb );
cleanup:
- if ( opinfo->soi_cleanup != NULL ) {
- (opinfo->soi_cleanup)( op, rs, pb );
+ if ( !internal_op ) {
+ slapi_pblock_destroy(pb);
+ cb.sc_private = NULL;
}
op->o_callback = cb.sc_next;
- return rs->sr_err;
+ return rc;
}
static int
slapi_over_extended( Operation *op, SlapReply *rs )
{
- Slapi_PBlock *pb = op->o_pb;
+ Slapi_PBlock *pb;
SLAPI_FUNC callback;
- int sentResult = 0;
int rc;
- struct berval reqdata = BER_BVNULL;
+ int internal_op;
+ slap_callback cb;
slapi_int_get_extop_plugin( &op->ore_reqoid, &callback );
if ( callback == NULL ) {
return SLAP_CB_CONTINUE;
}
- slapi_int_pblock_set_operation( pb, op );
-
- if ( op->ore_reqdata != NULL ) {
- reqdata = *op->ore_reqdata;
+ internal_op = slapi_op_internal_p( op, rs, &cb );
+ if ( internal_op ) {
+ return SLAP_CB_CONTINUE;
}
- slapi_pblock_set( pb, SLAPI_EXT_OP_REQ_OID, (void *)op->ore_reqoid.bv_val);
- slapi_pblock_set( pb, SLAPI_EXT_OP_REQ_VALUE, (void *)&reqdata);
+ pb = SLAPI_OPERATION_PBLOCK( op );
rc = (*callback)( pb );
if ( rc == SLAPI_PLUGIN_EXTENDED_SENT_RESULT ) {
- return rc;
+ goto cleanup;
} else if ( rc == SLAPI_PLUGIN_EXTENDED_NOT_HANDLED ) {
- return SLAP_CB_CONTINUE;
+ rc = SLAP_CB_CONTINUE;
+ goto cleanup;
}
- slapi_pblock_get( pb, SLAPI_EXT_OP_RET_OID, (void **)&rs->sr_rspoid );
- slapi_pblock_get( pb, SLAPI_EXT_OP_RET_VALUE, (void **)&rs->sr_rspdata );
+ assert( rs->sr_rspoid != NULL );
- rs->sr_err = rc;
send_ldap_extended( op, rs );
- if ( rs->sr_rspoid != NULL )
- slapi_ch_free_string( (char **)&rs->sr_rspoid );
+#if 0
+ slapi_ch_free_string( (char **)&rs->sr_rspoid );
+#endif
if ( rs->sr_rspdata != NULL )
ber_bvfree( rs->sr_rspdata );
- return rs->sr_err;
+ rc = rs->sr_err;
+
+cleanup:
+ slapi_pblock_destroy( pb );
+ op->o_callback = cb.sc_next;
+
+ return rc;
}
static int
AccessControlState *state,
slap_mask_t *maskp )
{
- int rc;
+ int rc;
+ Slapi_PBlock *pb;
+ slap_callback cb;
+ int internal_op;
+ SlapReply rs = { REP_RESULT };
+
+ internal_op = slapi_op_internal_p( op, &rs, &cb );
+
+ cb.sc_response = NULL;
+ cb.sc_cleanup = NULL;
+
+ pb = SLAPI_OPERATION_PBLOCK( op );
rc = slapi_int_access_allowed( op, e, desc, val, access, state );
- if ( rc != 0 )
+ if ( rc ) {
rc = SLAP_CB_CONTINUE;
+ }
+
+ if ( !internal_op ) {
+ slapi_pblock_destroy( pb );
+ }
+
+ op->o_callback = cb.sc_next;
return rc;
}
{
Slapi_Entry *e;
int rc;
- Slapi_PBlock *pb = op->o_pb;
+ Slapi_PBlock *pb;
+ BackendDB *be = op->o_bd;
+ GroupAssertion *g;
+ SlapReply rs = { REP_RESULT };
- if ( pb == NULL ) {
- return SLAP_CB_CONTINUE;
+ op->o_bd = select_backend( gr_ndn, 0, 0 );
+
+ for ( g = op->o_groups; g; g = g->ga_next ) {
+ if ( g->ga_be != op->o_bd || g->ga_oc != group_oc ||
+ g->ga_at != group_at || g->ga_len != gr_ndn->bv_len )
+ {
+ continue;
+ }
+ if ( strcmp( g->ga_ndn, gr_ndn->bv_val ) == 0 ) {
+ break;
+ }
+ }
+ if ( g != NULL ) {
+ rc = g->ga_res;
+ goto done;
}
- rc = be_entry_get_rw( op, gr_ndn, group_oc, group_at, 0, &e );
- if ( e == NULL ) {
- return SLAP_CB_CONTINUE;
+ if ( target != NULL && dn_match( &target->e_nname, gr_ndn ) ) {
+ e = target;
+ rc = 0;
+ } else {
+ rc = be_entry_get_rw( op, gr_ndn, group_oc, group_at, 0, &e );
}
+ if ( e != NULL ) {
+ int internal_op;
+ slap_callback cb;
- slapi_pblock_set( pb, SLAPI_X_GROUP_ENTRY, (void *)e );
- slapi_pblock_set( pb, SLAPI_X_GROUP_OPERATION_DN, (void *)op_ndn->bv_val );
- slapi_pblock_set( pb, SLAPI_X_GROUP_ATTRIBUTE, (void *)group_at->ad_cname.bv_val );
- slapi_pblock_set( pb, SLAPI_X_GROUP_TARGET_ENTRY, (void *)target );
+ internal_op = slapi_op_internal_p( op, &rs, &cb );
- rc = slapi_int_call_plugins( op->o_bd, SLAPI_X_PLUGIN_PRE_GROUP_FN, pb );
- if ( rc == 0 )
- rc = SLAP_CB_CONTINUE;
- else
- slapi_pblock_get( pb, SLAPI_RESULT_CODE, (void **)&rc );
+ cb.sc_response = NULL;
+ cb.sc_cleanup = NULL;
- slapi_pblock_set( pb, SLAPI_X_GROUP_ENTRY, NULL );
- slapi_pblock_set( pb, SLAPI_X_GROUP_OPERATION_DN, NULL );
- slapi_pblock_set( pb, SLAPI_X_GROUP_ATTRIBUTE, NULL );
- slapi_pblock_set( pb, SLAPI_X_GROUP_TARGET_ENTRY, NULL );
+ pb = SLAPI_OPERATION_PBLOCK( op );
- if ( e != target )
- be_entry_release_r( op, e );
+ slapi_pblock_set( pb, SLAPI_X_GROUP_ENTRY, (void *)e );
+ slapi_pblock_set( pb, SLAPI_X_GROUP_OPERATION_DN, (void *)op_ndn->bv_val );
+ slapi_pblock_set( pb, SLAPI_X_GROUP_ATTRIBUTE, (void *)group_at->ad_cname.bv_val );
+ slapi_pblock_set( pb, SLAPI_X_GROUP_TARGET_ENTRY, (void *)target );
+ rc = slapi_over_call_plugins( pb, SLAPI_X_PLUGIN_PRE_GROUP_FN );
+ if ( rc >= 0 ) /* 1 means no plugins called */
+ rc = SLAP_CB_CONTINUE;
+ else
+ rc = pb->pb_rs->sr_err;
+
+ slapi_pblock_delete_param( pb, SLAPI_X_GROUP_ENTRY );
+ slapi_pblock_delete_param( pb, SLAPI_X_GROUP_OPERATION_DN );
+ slapi_pblock_delete_param( pb, SLAPI_X_GROUP_ATTRIBUTE );
+ slapi_pblock_delete_param( pb, SLAPI_X_GROUP_TARGET_ENTRY );
+
+ if ( !internal_op )
+ slapi_pblock_destroy( pb );
+
+ if ( e != target ) {
+ be_entry_release_r( op, e );
+ }
+
+ op->o_callback = cb.sc_next;
+ } else {
+ rc = LDAP_NO_SUCH_OBJECT; /* return SLAP_CB_CONTINUE for correctness? */
+ }
+
+ if ( op->o_tag != LDAP_REQ_BIND && !op->o_do_not_cache &&
+ rc != SLAP_CB_CONTINUE ) {
+ g = op->o_tmpalloc( sizeof( GroupAssertion ) + gr_ndn->bv_len,
+ op->o_tmpmemctx );
+ g->ga_be = op->o_bd;
+ g->ga_oc = group_oc;
+ g->ga_at = group_at;
+ g->ga_res = rc;
+ g->ga_len = gr_ndn->bv_len;
+ strcpy( g->ga_ndn, gr_ndn->bv_val );
+ g->ga_next = op->o_groups;
+ op->o_groups = g;
+ }
/*
* XXX don't call POST_GROUP_FN, I have no idea what the point of
* that plugin function was anyway
*/
+done:
+ op->o_bd = be;
return rc;
}
-#if 0
static int
-slapi_over_compute_output_attr_access(computed_attr_context *c, Slapi_Attr *a, Slapi_Entry *e)
+slapi_over_db_open( BackendDB *be )
{
- struct berval *nval = (struct berval *)c->cac_private;
+ Slapi_PBlock *pb;
+ int rc;
- return access_allowed( c->cac_op, e, a->a_desc, nval, ACL_AUTH, NULL ) == 0;
+ pb = slapi_pblock_new();
+
+ rc = slapi_int_call_plugins( be, SLAPI_PLUGIN_START_FN, pb );
+
+ slapi_pblock_destroy( pb );
+
+ return rc;
}
static int
-slapi_over_acl_attribute(
- Operation *op,
- Entry *target,
- struct berval *entry_ndn,
- AttributeDescription *entry_at,
- BerVarray *vals,
- slap_access_t access )
+slapi_over_db_close( BackendDB *be )
{
- computed_attr_context ctx;
+ Slapi_PBlock *pb;
+ int rc;
- ctx.cac_pb = op->o_pb;
- ctx.cac_op = op;
- ctx.cac_acl_state = NULL;
- ctx.cac_private = nval;
+ pb = slapi_pblock_new();
+
+ rc = slapi_int_call_plugins( be, SLAPI_PLUGIN_CLOSE_FN, pb );
+
+ slapi_pblock_destroy( pb );
+
+ return rc;
}
-#endif
-int
-slapi_int_overlay_init()
+static int
+slapi_over_init()
{
memset( &slapi, 0, sizeof(slapi) );
slapi.on_bi.bi_type = SLAPI_OVERLAY_NAME;
- slapi.on_bi.bi_op_bind = slapi_op_func;
- slapi.on_bi.bi_op_unbind = slapi_op_func;
- slapi.on_bi.bi_op_search = slapi_op_func;
- slapi.on_bi.bi_op_compare = slapi_op_func;
- slapi.on_bi.bi_op_modify = slapi_op_func;
- slapi.on_bi.bi_op_modrdn = slapi_op_func;
- slapi.on_bi.bi_op_add = slapi_op_func;
- slapi.on_bi.bi_op_delete = slapi_op_func;
- slapi.on_bi.bi_op_abandon = slapi_op_func;
- slapi.on_bi.bi_op_cancel = slapi_op_func;
-
- slapi.on_bi.bi_extended = slapi_over_extended;
- slapi.on_bi.bi_access_allowed = slapi_over_access_allowed;
- slapi.on_bi.bi_operational = slapi_over_aux_operational;
+ slapi.on_bi.bi_op_bind = slapi_op_func;
+ slapi.on_bi.bi_op_unbind = slapi_op_func;
+ slapi.on_bi.bi_op_search = slapi_op_func;
+ slapi.on_bi.bi_op_compare = slapi_op_func;
+ slapi.on_bi.bi_op_modify = slapi_op_func;
+ slapi.on_bi.bi_op_modrdn = slapi_op_func;
+ slapi.on_bi.bi_op_add = slapi_op_func;
+ slapi.on_bi.bi_op_delete = slapi_op_func;
+ slapi.on_bi.bi_op_abandon = slapi_op_func;
+ slapi.on_bi.bi_op_cancel = slapi_op_func;
+
+ slapi.on_bi.bi_db_open = slapi_over_db_open;
+ slapi.on_bi.bi_db_close = slapi_over_db_close;
+
+ slapi.on_bi.bi_extended = slapi_over_extended;
+ slapi.on_bi.bi_access_allowed = slapi_over_access_allowed;
+ slapi.on_bi.bi_operational = slapi_over_aux_operational;
+ slapi.on_bi.bi_acl_group = slapi_over_acl_group;
return overlay_register( &slapi );
}
+int slapi_over_is_inst( BackendDB *be )
+{
+ return overlay_is_inst( be, SLAPI_OVERLAY_NAME );
+}
+
+int slapi_over_config( BackendDB *be )
+{
+ if ( slapi_over_initialized == 0 ) {
+ int rc;
+
+ /* do global initializaiton */
+ ldap_pvt_thread_mutex_init( &slapi_hn_mutex );
+ ldap_pvt_thread_mutex_init( &slapi_time_mutex );
+ ldap_pvt_thread_mutex_init( &slapi_printmessage_mutex );
+
+ if ( slapi_log_file == NULL )
+ slapi_log_file = slapi_ch_strdup( LDAP_RUNDIR LDAP_DIRSEP "errors" );
+
+ rc = slapi_int_init_object_extensions();
+ if ( rc != 0 )
+ return rc;
+
+ rc = slapi_over_init();
+ if ( rc != 0 )
+ return rc;
+
+ slapi_over_initialized = 1;
+ }
+
+ return overlay_config( be, SLAPI_OVERLAY_NAME );
+}
+
#endif /* LDAP_SLAPI */
projects / openldap / blobdiff