* COPYING RESTRICTIONS APPLY, see COPYRIGHT file
*/
/*
- * (C) Copyright IBM Corp. 1997,2002
- * Redistribution and use in source and binary forms are permitted
- * provided that this notice is preserved and that due credit is
- * given to IBM Corporation. This software is provided ``as is''
- * without express or implied warranty.
+ * Copyright IBM Corp. 1997,2002
+ * Use of this source code is subject to the terms of The OpenLDAP Public
+ * License (version 2.7 or later).
+ * No trademarks of the IBM Corporation are to be used to identify, endorse
+ * or promote any products derived from this code without the prior
+ * written consent of IBM
*/
/*
* Portions (C) Copyright PADL Software Pty Ltd. 2003
- * Redistribution and use in source and binary forms are permitted
- * provided that this notice is preserved and that due credit is
- * given to PADL Software Pty Ltd. This software is provided ``as is''
- * without express or implied warranty.
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that this notice is preserved
+ * and that due credit is given to PADL Software Pty Ltd. This software
+ * is provided ``as is'' without express or implied warranty.
*/
#include "portable.h"
dn.bv_val = ldn;
dn.bv_len = strlen( ldn );
- dnPrettyNormal( NULL, &dn, &e->e_name, &e->e_nname );
+ dnPrettyNormal( NULL, &dn, &e->e_name, &e->e_nname, NULL );
#endif /* LDAP_SLAPI */
}
slapi_entry_dup( Slapi_Entry *e )
{
#ifdef LDAP_SLAPI
- char *tmp = NULL;
- Slapi_Entry *tmpEnt;
- int len = 0;
-
- tmp = slapi_entry2str( e, &len );
- if ( tmp == NULL ) {
- return (Slapi_Entry *)NULL;
- }
+ Slapi_Entry *ret;
- tmpEnt = (Slapi_Entry *)str2entry( tmp );
- if ( tmpEnt == NULL ) {
- slapi_ch_free( (void **)&tmp );
- return (Slapi_Entry *)NULL;
- }
-
- if (tmp != NULL) {
- slapi_ch_free( (void **)&tmp );
- }
+ ret = (Slapi_Entry *)slapi_ch_calloc( 1, sizeof(*ret) );
- return tmpEnt;
+ ret->e_id = e->e_id;
+ ber_dupbv( &ret->e_name, &e->e_name );
+ ber_dupbv( &ret->e_nname, &e->e_nname );
+ ret->e_attrs = attrs_dup( e->e_attrs );
+ ret->e_ocflags = e->e_ocflags;
+ ber_dupbv( &ret->e_bv, &e->e_bv );
+ ret->e_private = NULL;
#else /* LDAP_SLAPI */
return NULL;
#endif /* LDAP_SLAPI */
return -1;
}
- rc = attr_mergeit( e, ad, bv );
+ rc = attr_merge_normalize_one( e, ad, bv, NULL );
ch_free( bv );
return rc;
return NULL;
}
- if ( attr->a_vals != NULL && attr->a_vals[0].bv_val != NULL ) {
+ if ( attr->a_vals != NULL && attr->a_vals[0].bv_len != 0 ) {
return slapi_ch_strdup( attr->a_vals[0].bv_val );
}
if ( value != NULL ) {
bv.bv_val = (char *)value;
bv.bv_len = strlen(value);
- attr_mergeit_one( e, ad, &bv );
+ attr_merge_normalize_one( e, ad, &bv, NULL );
}
#endif /* LDAP_SLAPI */
}
return LDAP_CONSTRAINT_VIOLATION;
}
}
-#ifdef SLAP_NVALUES
mod.sm_nvalues = NULL;
-#endif
rc = modify_add_values( e, &mod, 0, &text, textbuf, sizeof(textbuf) );
return -1;
}
- return attr_mergeit( e, ad, *vs );
+ return attr_merge_normalize( e, ad, *vs, NULL );
#else
return -1;
#endif /* LDAP_SLAPI */
if ( rc != LDAP_SUCCESS ) {
return LDAP_CONSTRAINT_VIOLATION;
}
-#if SLAP_NVALUES
mod.sm_nvalues = NULL;
-#endif
rc = modify_delete_values( e, &mod, 0, &text, textbuf, sizeof(textbuf) );
return -1;
}
- rc = attr_mergeit_one( e, ad, (Slapi_Value *)value );
+ rc = attr_merge_normalize_one( e, ad, (Slapi_Value *)value, NULL );
if ( rc != LDAP_SUCCESS ) {
return -1;
}
return -1;
}
- rc = attr_mergeit( e, ad, bv );
+ rc = attr_merge_normalize( e, ad, bv, NULL );
slapi_ch_free( (void **)&bv );
if ( rc != LDAP_SUCCESS ) {
return -1;
{
#ifdef LDAP_SLAPI
struct berval bdn;
- struct berval ndn;
+ struct berval pdn;
assert( dn != NULL );
bdn.bv_val = dn;
bdn.bv_len = strlen( dn );
- dnNormalize2( NULL, &bdn, &ndn );
+ if ( dnPretty( NULL, &bdn, &pdn, NULL ) != LDAP_SUCCESS ) {
+ return NULL;
+ }
- /*
- * FIXME: ain't it safe to set dn = ndn.bv_val ?
- */
- dn = ch_strdup( ndn.bv_val );
- ch_free( ndn.bv_val );
-
- return dn;
+ return pdn.bv_val;
#else /* LDAP_SLAPI */
return NULL;
#endif /* LDAP_SLAPI */
}
-/*
- * FIXME: this function is dangerous and should be deprecated;
- * DN normalization is a lot more than lower-casing, and BTW
- * OpenLDAP's DN normalization for case insensitive attributes
- * is already lower case
- */
char *
slapi_dn_normalize_case( char *dn )
{
#ifdef LDAP_SLAPI
- slapi_dn_normalize( dn );
- ldap_pvt_str2lower( dn );
+ struct berval bdn;
+ struct berval ndn;
+
+ assert( dn != NULL );
+
+ bdn.bv_val = dn;
+ bdn.bv_len = strlen( dn );
- return dn;
+ if ( dnNormalize( 0, NULL, NULL, &bdn, &ndn, NULL ) != LDAP_SUCCESS ) {
+ return NULL;
+ }
+
+ return ndn.bv_val;
#else /* LDAP_SLAPI */
return NULL;
#endif /* LDAP_SLAPI */
#ifdef LDAP_SLAPI
struct berval bdn, ndn;
struct berval bsuffix, nsuffix;
+ int rc;
assert( dn != NULL );
assert( suffix != NULL );
bsuffix.bv_val = suffix;
bsuffix.bv_len = strlen( suffix );
- dnNormalize2( NULL, &bdn, &ndn );
- dnNormalize2( NULL, &bsuffix, &nsuffix );
+ if ( dnNormalize( 0, NULL, NULL, &bdn, &ndn, NULL ) != LDAP_SUCCESS ) {
+ return 0;
+ }
+
+ if ( dnNormalize( 0, NULL, NULL, &bsuffix, &nsuffix, NULL )
+ != LDAP_SUCCESS )
+ {
+ slapi_ch_free( (void **)&ndn.bv_val );
+ return 0;
+ }
+
+ rc = dnIsSuffix( &ndn, &nsuffix );
- return dnIsSuffix( &ndn, &nsuffix );
+ slapi_ch_free( (void **)&ndn.bv_val );
+ slapi_ch_free( (void **)&nsuffix.bv_val );
+
+ return rc;
#else /* LDAP_SLAPI */
return 0;
#endif /* LDAP_SLAPI */
char *extOID = NULL;
struct berval *extValue = NULL;
int rc;
- SlapReply rs;
+ SlapReply rs = { REP_RESULT };
slapi_pblock_get( pb, SLAPI_OPERATION, &op );
rs.sr_ref = NULL;
rs.sr_ctrls = NULL;
+ slapi_pblock_get( pb, SLAPI_RESCONTROLS, &rs.sr_ctrls );
+
if ( err == LDAP_SASL_BIND_IN_PROGRESS ) {
- rs.sr_type = REP_SASL;
slapi_pblock_get( pb, SLAPI_BIND_RET_SASLCREDS, (void *) &rs.sr_sasldata );
-
send_ldap_sasl( op, &rs );
return;
}
slapi_pblock_get( pb, SLAPI_EXT_OP_RET_OID, &extOID );
if ( extOID != NULL ) {
- rs.sr_type = REP_EXTENDED;
rs.sr_rspoid = extOID;
slapi_pblock_get( pb, SLAPI_EXT_OP_RET_VALUE, &rs.sr_rspdata );
- send_ldap_extended_response( op, &rs );
+ send_ldap_extended( op, &rs );
return;
}
- rs.sr_type = REP_RESULT;
- slapi_pblock_get( pb, SLAPI_RESCONTROLS, &rs.sr_ctrls );
+ if (op->o_tag == LDAP_REQ_SEARCH)
+ rs.sr_nentries = nentries;
send_ldap_result( op, &rs );
#endif /* LDAP_SLAPI */
int attrsonly )
{
#ifdef LDAP_SLAPI
- Backend *be;
- Connection *pConn;
Operation *pOp;
- int rc;
- SlapReply rs;
+ SlapReply rs = { REP_RESULT };
int i;
AttributeName *an = NULL;
const char *text;
- for ( i = 0; attrs[ i ] != NULL; i++ ) {
- ; /* empty */
+ if ( attrs != NULL ) {
+ for ( i = 0; attrs[ i ] != NULL; i++ ) {
+ ; /* empty */
+ }
+ } else {
+ i = 0;
}
if ( i > 0 ) {
an[i].an_name.bv_val = NULL;
}
- rs.sr_type = REP_SEARCH;
rs.sr_err = LDAP_SUCCESS;
rs.sr_matched = NULL;
rs.sr_text = NULL;
rs.sr_entry = e;
rs.sr_v2ref = NULL;
- if ( rc = slapi_pblock_get( pb, SLAPI_OPERATION, (void *)&pOp) != 0 ) {
- rc = LDAP_OTHER;
- } else {
- rc = send_search_entry( pOp, &rs );
+ if ( slapi_pblock_get( pb, SLAPI_OPERATION, (void *)&pOp ) != 0 ) {
+ return LDAP_OTHER;
}
- return rc;
-
+ return send_search_entry( pOp, &rs );
#else /* LDAP_SLAPI */
return -1;
#endif /* LDAP_SLAPI */
f->f_mra->ma_desc = filter->f_mra->ma_desc;
f->f_mra->ma_dnattrs = filter->f_mra->ma_dnattrs;
ber_dupbv( &f->f_mra->ma_value, &filter->f_mra->ma_value );
+ break;
case LDAP_FILTER_SUBSTRINGS: {
int i;
f->f_sub = (SubstringsAssertion *)slapi_ch_malloc( sizeof(SubstringsAssertion) );
+ f->f_sub->sa_desc = filter->f_sub->sa_desc;
ber_dupbv( &f->f_sub_initial, &filter->f_sub_initial );
- for ( i = 0; filter->f_sub_any[i].bv_val != NULL; i++ )
- ;
- f->f_sub_any = (BerVarray)slapi_ch_malloc( (i + 1) * (sizeof(struct berval)) );
- for ( i = 0; filter->f_sub_any[i].bv_val != NULL; i++ ) {
- ber_dupbv( &f->f_sub_any[i], &filter->f_sub_any[i] );
+ if ( filter->f_sub_any != NULL ) {
+ for ( i = 0; filter->f_sub_any[i].bv_val != NULL; i++ )
+ ;
+ f->f_sub_any = (BerVarray)slapi_ch_malloc( (i + 1) * (sizeof(struct berval)) );
+ for ( i = 0; filter->f_sub_any[i].bv_val != NULL; i++ ) {
+ ber_dupbv( &f->f_sub_any[i], &filter->f_sub_any[i] );
+ }
+ f->f_sub_any[i].bv_val = NULL;
+ } else {
+ f->f_sub_any = NULL;
}
- f->f_sub_any[i].bv_val = NULL;
ber_dupbv( &f->f_sub_final, &filter->f_sub_final );
break;
}
if ( ftype == LDAP_FILTER_AND
|| ftype == LDAP_FILTER_OR
|| ftype == LDAP_FILTER_NOT ) {
- return (Slapi_Filter *)f->f_and;
+ return (Slapi_Filter *)f->f_list;
} else {
return NULL;
}
*/
*type = f->f_sub_desc->ad_cname.bv_val;
*initial = f->f_sub_initial.bv_val ? slapi_ch_strdup(f->f_sub_initial.bv_val) : NULL;
- for ( i = 0; f->f_sub_any[i].bv_val != NULL; i++ )
- ;
- *any = (char **)slapi_ch_malloc( (i + 1) * sizeof(char *) );
- for ( i = 0; f->f_sub_any[i].bv_val != NULL; i++ ) {
- (*any)[i] = slapi_ch_strdup(f->f_sub_any[i].bv_val);
+ if ( f->f_sub_any != NULL ) {
+ for ( i = 0; f->f_sub_any[i].bv_val != NULL; i++ )
+ ;
+ *any = (char **)slapi_ch_malloc( (i + 1) * sizeof(char *) );
+ for ( i = 0; f->f_sub_any[i].bv_val != NULL; i++ ) {
+ (*any)[i] = slapi_ch_strdup(f->f_sub_any[i].bv_val);
+ }
+ (*any)[i] = NULL;
+ } else {
+ *any = NULL;
}
- (*any)[i] = NULL;
*final = f->f_sub_final.bv_val ? slapi_ch_strdup(f->f_sub_final.bv_val) : NULL;
return 0;
}
Slapi_Filter *
-slapi_filter_join( int ftype, Slapi_Filter *f1, Slapi_Filter *f2)
+slapi_filter_join( int ftype, Slapi_Filter *f1, Slapi_Filter *f2 )
{
#ifdef LDAP_SLAPI
Slapi_Filter *f = NULL;
f = (Slapi_Filter *)slapi_ch_malloc( sizeof(*f) );
f->f_choice = ftype;
f->f_list = f1;
- f->f_next = f2;
+ f->f_list->f_next = f2;
+ f->f_next = NULL;
}
return f;
#endif /* LDAP_SLAPI */
}
+int
+slapi_x_filter_append( int ftype,
+ Slapi_Filter **pContainingFilter, /* NULL on first call */
+ Slapi_Filter **pNextFilter,
+ Slapi_Filter *filterToAppend )
+{
+#ifdef LDAP_SLAPI
+ if ( ftype == LDAP_FILTER_AND ||
+ ftype == LDAP_FILTER_OR ||
+ ftype == LDAP_FILTER_NOT )
+ {
+ if ( *pContainingFilter == NULL ) {
+ *pContainingFilter = (Slapi_Filter *)slapi_ch_malloc( sizeof(Slapi_Filter) );
+ (*pContainingFilter)->f_choice = ftype;
+ (*pContainingFilter)->f_list = filterToAppend;
+ (*pContainingFilter)->f_next = NULL;
+ } else {
+ if ( (*pContainingFilter)->f_choice != ftype ) {
+ /* Sanity check */
+ return -1;
+ }
+ (*pNextFilter)->f_next = filterToAppend;
+ }
+ *pNextFilter = filterToAppend;
+
+ return 0;
+ }
+#endif /* LDAP_SLAPI */
+ return -1;
+}
+
int
slapi_filter_test( Slapi_PBlock *pb, Slapi_Entry *e, Slapi_Filter *f,
int verify_access )
{
#ifdef LDAP_SLAPI
- Backend *be = NULL;
- Connection *conn;
Operation *op;
int rc;
}
if ( verify_access ) {
- (void) slapi_pblock_get(pb, SLAPI_BACKEND, (void *)&be);
- rc = slapi_pblock_get(pb, SLAPI_CONNECTION, (void *)&conn);
- if ( rc != 0 ) {
- return LDAP_PARAM_ERROR;
- }
rc = slapi_pblock_get(pb, SLAPI_OPERATION, (void *)&op);
if ( rc != 0 ) {
return LDAP_PARAM_ERROR;
}
} else {
- conn = NULL;
op = NULL;
}
/*
#ifdef LDAP_SLAPI
SlapReply rs;
- rs.sr_type = REP_EXTENDED;
rs.sr_err = errornum;
rs.sr_matched = NULL;
rs.sr_text = NULL;
#endif /* LDAP_SLAPI */
}
+#ifdef LDAP_SLAPI
/*
* Internal API to prime a Slapi_PBlock with a Backend.
*/
-int slapi_x_backend_set_pb( Slapi_PBlock *pb, Backend *be )
+static int initBackendPB( Slapi_PBlock *pb, Backend *be )
{
-#ifdef LDAP_SLAPI
int rc;
rc = slapi_pblock_set( pb, SLAPI_BACKEND, (void *)be );
}
return LDAP_SUCCESS;
-#else
- return -1;
-#endif /* LDAP_SLAPI */
}
-#ifdef LDAP_SLAPI
/*
* If oldStyle is TRUE, then a value suitable for setting to
* the deprecated SLAPI_CONN_AUTHTYPE value is returned
return authType;
}
-#endif
/*
* Internal API to prime a Slapi_PBlock with a Connection.
*/
-int slapi_x_connection_set_pb( Slapi_PBlock *pb, Connection *conn )
+static int initConnectionPB( Slapi_PBlock *pb, Connection *conn )
{
-#ifdef LDAP_SLAPI
char *connAuthType;
int rc;
return rc;
/* Returns pointer to static string */
- connAuthType = Authorization2AuthType( &conn->c_authz, conn->c_is_tls, 1 );
+ connAuthType = Authorization2AuthType( &conn->c_authz,
+#ifdef HAVE_TLS
+ conn->c_is_tls,
+#else
+ 0,
+#endif
+ 1 );
if ( connAuthType != NULL ) {
rc = slapi_pblock_set(pb, SLAPI_CONN_AUTHTYPE, (void *)connAuthType);
if ( rc != LDAP_SUCCESS )
}
/* Returns pointer to allocated string */
- connAuthType = Authorization2AuthType( &conn->c_authz, conn->c_is_tls, 0 );
+ connAuthType = Authorization2AuthType( &conn->c_authz,
+#ifdef HAVE_TLS
+ conn->c_is_tls,
+#else
+ 0,
+#endif
+ 0 );
if ( connAuthType != NULL ) {
rc = slapi_pblock_set(pb, SLAPI_CONN_AUTHMETHOD, (void *)connAuthType);
if ( rc != LDAP_SUCCESS )
return rc;
}
+ rc = slapi_pblock_set(pb, SLAPI_X_CONN_SSF, (void *)conn->c_ssf);
+ if ( rc != LDAP_SUCCESS )
+ return rc;
+
+ rc = slapi_pblock_set(pb, SLAPI_X_CONN_SASL_CONTEXT,
+ ( conn->c_sasl_authctx != NULL ? conn->c_sasl_authctx :
+ conn->c_sasl_sockctx ) );
+ if ( rc != LDAP_SUCCESS )
+ return rc;
+
return rc;
-#else
- return -1;
-#endif /* LDAP_SLAPI */
}
+#endif /* LDAP_SLAPI */
/*
* Internal API to prime a Slapi_PBlock with an Operation.
*/
-int slapi_x_operation_set_pb( Slapi_PBlock *pb, Operation *op )
+int slapi_x_pblock_set_operation( Slapi_PBlock *pb, Operation *op )
{
#ifdef LDAP_SLAPI
int isRoot = 0;
int isUpdateDn = 0;
int rc;
- Backend *be;
char *opAuthType;
- if ( slapi_pblock_get(pb, SLAPI_BACKEND, (void *)&be ) != 0 ) {
- be = NULL;
- }
- if (be != NULL) {
- isRoot = be_isroot( be, &op->o_ndn );
- isUpdateDn = be_isupdate( be, &op->o_ndn );
+ if ( op->o_bd != NULL ) {
+ isRoot = be_isroot( op->o_bd, &op->o_ndn );
+ isUpdateDn = be_isupdate( op->o_bd, &op->o_ndn );
}
-
+
+ rc = initBackendPB( pb, op->o_bd );
+ if ( rc != LDAP_SUCCESS )
+ return rc;
+
+ rc = initConnectionPB( pb, op->o_conn );
+ if ( rc != LDAP_SUCCESS )
+ return rc;
+
rc = slapi_pblock_set( pb, SLAPI_OPERATION, (void *)op );
if ( rc != LDAP_SUCCESS )
return rc;
Connection *conn;
slapi_pblock_get( pb, SLAPI_CONNECTION, &conn );
+#ifdef HAVE_TLS
*isSSL = conn->c_is_tls;
+#else
+ *isSSL = 0;
+#endif
return LDAP_SUCCESS;
#else
a->a_desc = ad;
a->a_vals = NULL;
-#ifdef SLAP_NVALUES
a->a_nvals = NULL;
-#endif
a->a_next = NULL;
a->a_flags = 0;
int slapi_attr_add_value( Slapi_Attr *a, const Slapi_Value *v )
{
#ifdef LDAP_SLAPI
-#ifdef SLAP_NVALUES
/*
* FIXME: here we may lose alignment between a_vals/a_nvals
*/
-#endif
return value_add_one( &a->a_vals, (Slapi_Value *)v );
#else
return -1;
const char *text;
mr = a->a_desc->ad_type->sat_equality;
-#ifdef SLAP_NVALUES
rc = value_match( &ret, a->a_desc, mr,
SLAP_MR_VALUE_OF_ASSERTION_SYNTAX,
(struct berval *)v1, (void *)v2, &text );
-#else
- rc = value_match( &ret, a->a_desc, mr, SLAP_MR_ASSERTION_SYNTAX_MATCH,
- (struct berval *)v1, (void *)v2, &text );
-#endif
if ( rc != LDAP_SUCCESS )
return -1;
int rc;
int ret;
+ if ( a ->a_vals == NULL ) {
+ return -1;
+ }
mr = a->a_desc->ad_type->sat_equality;
for ( bv = a->a_vals, j = 0; bv->bv_val != NULL; bv++, j++ ) {
-#ifdef SLAP_NVALUES
rc = value_match( &ret, a->a_desc, mr,
SLAP_MR_VALUE_OF_ASSERTION_SYNTAX, bv, v, &text );
-#else
- rc = value_match( &ret, a->a_desc, mr,
- SLAP_MR_ASSERTION_SYNTAX_MATCH, bv, v, &text );
-#endif
if ( rc != LDAP_SUCCESS ) {
return -1;
}
return 0;
}
}
-#endif
+#endif /* LDAP_SLAPI */
return -1;
}
int slapi_access_allowed( Slapi_PBlock *pb, Slapi_Entry *e, char *attr,
struct berval *val, int access )
{
-#ifdef LDAPI_SLAPI
+#ifdef LDAP_SLAPI
Backend *be;
Connection *conn;
Operation *op;
int ret;
slap_access_t slap_access;
AttributeDescription *ad = NULL;
- char *text;
+ const char *text;
ret = slap_str2ad( attr, &ad, &text );
if ( ret != LDAP_SUCCESS ) {
return LDAP_PARAM_ERROR;
}
- ret = access_allowed( be, conn, op, e, desc, val, slap_access, NULL );
+ ret = access_allowed( op, e, ad, val, slap_access, NULL );
return ret ? LDAP_SUCCESS : LDAP_INSUFFICIENT_ACCESS;
#else
{
#ifdef LDAP_SLAPI
Operation *op;
- int ret;
- Modifications *ml;
- Modifications *next;
+ int rc = LDAP_SUCCESS;
+ Modifications *ml, *mp;
if ( slapi_pblock_get( pb, SLAPI_OPERATION, (void *)&op ) != 0 ) {
return LDAP_PARAM_ERROR;
return LDAP_OTHER;
}
- ret = acl_check_modlist( op, e, ml );
+ for ( mp = ml; mp != NULL; mp = mp->sml_next ) {
+ rc = slap_bv2ad( &mp->sml_type, &mp->sml_desc, (const char **)errbuf );
+ if ( rc != LDAP_SUCCESS ) {
+ break;
+ }
+ }
+
+ if ( rc == LDAP_SUCCESS ) {
+ rc = acl_check_modlist( op, e, ml ) ? LDAP_SUCCESS : LDAP_INSUFFICIENT_ACCESS;
+ }
/* Careful when freeing the modlist because it has pointers into the mods array. */
- for ( ; ml != NULL; ml = next ) {
- next = ml->sml_next;
+ for ( ; ml != NULL; ml = mp ) {
+ mp = ml->sml_next;
/* just free the containing array */
slapi_ch_free( (void **)&ml->sml_bvalues );
slapi_ch_free( (void **)&ml );
}
- return ret ? LDAP_SUCCESS : LDAP_INSUFFICIENT_ACCESS;
+ return rc;
#else
return LDAP_UNWILLING_TO_PERFORM;
#endif
Modifications *slapi_x_ldapmods2modifications (LDAPMod **mods)
{
#ifdef LDAP_SLAPI
- Modifications *modlist, **modtail;
+ Modifications *modlist = NULL, **modtail;
LDAPMod **modp;
modtail = &modlist;
}
if ( i == 0 ) {
- mod->sml_bvalues = NULL;
+ mod->sml_bvalues = NULL;
} else {
mod->sml_bvalues = (BerVarray) ch_malloc( (i + 1) * sizeof(struct berval) );
}
mod->sml_bvalues[i].bv_val = NULL;
}
-#ifdef SLAP_NVALUES
mod->sml_nvalues = NULL;
-#endif
*modtail = mod;
modtail = &mod->sml_next;
#endif
}
+int slapi_x_access_allowed( Operation *op,
+ Entry *entry,
+ AttributeDescription *desc,
+ struct berval *val,
+ slap_access_t access,
+ AccessControlState *state )
+{
+#ifdef LDAP_SLAPI
+ int rc, slap_access = 0;
+ slapi_acl_callback_t *pGetPlugin, *tmpPlugin;
+
+ if ( op->o_pb == NULL ) {
+ /* internal operation */
+ return 1;
+ }
+
+ slapi_x_pblock_set_operation( op->o_pb, op );
+
+ switch ( access ) {
+ case ACL_WRITE:
+ slap_access |= SLAPI_ACL_ADD | SLAPI_ACL_DELETE | SLAPI_ACL_WRITE;
+ break;
+ case ACL_READ:
+ slap_access |= SLAPI_ACL_READ;
+ break;
+ case ACL_SEARCH:
+ slap_access |= SLAPI_ACL_SEARCH;
+ break;
+ case ACL_COMPARE:
+ slap_access = ACL_COMPARE;
+ break;
+ default:
+ break;
+ }
+
+ rc = getAllPluginFuncs( op->o_bd, SLAPI_PLUGIN_ACL_ALLOW_ACCESS, (SLAPI_FUNC **)&tmpPlugin );
+ if ( rc != LDAP_SUCCESS || tmpPlugin == NULL ) {
+ /* nothing to do; allowed access */
+ return 1;
+ }
+
+ rc = 1; /* default allow policy */
+
+ for ( pGetPlugin = tmpPlugin; *pGetPlugin != NULL; pGetPlugin++ ) {
+ /*
+ * 0 access denied
+ * 1 access granted
+ */
+ rc = (*pGetPlugin)( op->o_pb, entry, desc->ad_cname.bv_val,
+ val, slap_access, (void *)state );
+ if ( rc == 0 ) {
+ break;
+ }
+ }
+
+ slapi_ch_free( (void **)&tmpPlugin );
+
+ return rc;
+#else
+ return 1;
+#endif /* LDAP_SLAPI */
+}
+
projects / openldap / blobdiff