}
if ( vals == NULL ) {
- /* Apparently vals can be NULL */
+ /* Apparently vals can be NULL
+ * FIXME: sm_bvalues = NULL ? */
mod.sm_bvalues = (BerVarray)ch_malloc( sizeof(struct berval) );
mod.sm_bvalues->bv_val = NULL;
+
} else {
rc = bvptr2obj( vals, &mod.sm_bvalues );
if ( rc != LDAP_SUCCESS ) {
return LDAP_CONSTRAINT_VIOLATION;
}
}
+#ifdef SLAP_NVALUES
+ mod.sm_nvalues = NULL;
+#endif
rc = modify_add_values( e, &mod, 0, &text, textbuf, sizeof(textbuf) );
}
if ( vals[0] == NULL ) {
- /* SLAPI doco says LDAP_OPERATIONS_ERROR */
- return attr_delete( &e->e_attrs, mod.sm_desc ) ? LDAP_OPERATIONS_ERROR : LDAP_SUCCESS;
+ /* SLAPI doco says LDAP_OPERATIONS_ERROR but LDAP_OTHER is better */
+ return attr_delete( &e->e_attrs, mod.sm_desc ) ? LDAP_OTHER : LDAP_SUCCESS;
}
rc = bvptr2obj( vals, &mod.sm_bvalues );
if ( rc != LDAP_SUCCESS ) {
return LDAP_CONSTRAINT_VIOLATION;
}
+#if SLAP_NVALUES
+ mod.sm_nvalues = NULL;
+#endif
rc = modify_delete_values( e, &mod, 0, &text, textbuf, sizeof(textbuf) );
#ifdef LDAP_SLAPI
struct berval bdn, ndn;
struct berval bsuffix, nsuffix;
+ int rc;
assert( dn != NULL );
assert( suffix != NULL );
bsuffix.bv_val = suffix;
bsuffix.bv_len = strlen( suffix );
- dnNormalize2( NULL, &bdn, &ndn );
- dnNormalize2( NULL, &bsuffix, &nsuffix );
+ if ( dnNormalize2( NULL, &bdn, &ndn ) != LDAP_SUCCESS ) {
+ return 0;
+ }
+
+ if ( dnNormalize2( NULL, &bsuffix, &nsuffix ) != LDAP_SUCCESS ) {
+ slapi_ch_free( (void **)&ndn.bv_val );
+ return 0;
+ }
+
+ rc = dnIsSuffix( &ndn, &nsuffix );
+
+ slapi_ch_free( (void **)&ndn.bv_val );
+ slapi_ch_free( (void **)&nsuffix.bv_val );
- return dnIsSuffix( &ndn, &nsuffix );
+ return rc;
#else /* LDAP_SLAPI */
return 0;
#endif /* LDAP_SLAPI */
#endif /* LDAP_SLAPI */
}
+#ifdef LDAP_SLAPI
+static void
+slapControlMask2SlapiControlOp(slap_mask_t slap_mask,
+ unsigned long *slapi_mask)
+{
+ *slapi_mask = SLAPI_OPERATION_NONE;
+
+ if ( slap_mask & SLAP_CTRL_ABANDON )
+ *slapi_mask |= SLAPI_OPERATION_ABANDON;
+
+ if ( slap_mask & SLAP_CTRL_ADD )
+ *slapi_mask |= SLAPI_OPERATION_ADD;
+
+ if ( slap_mask & SLAP_CTRL_BIND )
+ *slapi_mask |= SLAPI_OPERATION_BIND;
+
+ if ( slap_mask & SLAP_CTRL_COMPARE )
+ *slapi_mask |= SLAPI_OPERATION_COMPARE;
+
+ if ( slap_mask & SLAP_CTRL_DELETE )
+ *slapi_mask |= SLAPI_OPERATION_DELETE;
+
+ if ( slap_mask & SLAP_CTRL_MODIFY )
+ *slapi_mask |= SLAPI_OPERATION_MODIFY;
+
+ if ( slap_mask & SLAP_CTRL_RENAME )
+ *slapi_mask |= SLAPI_OPERATION_MODDN;
+
+ if ( slap_mask & SLAP_CTRL_SEARCH )
+ *slapi_mask |= SLAPI_OPERATION_SEARCH;
+
+ if ( slap_mask & SLAP_CTRL_UNBIND )
+ *slapi_mask |= SLAPI_OPERATION_UNBIND;
+}
+
+static void
+slapiControlOp2SlapControlMask(unsigned long slapi_mask,
+ slap_mask_t *slap_mask)
+{
+ *slap_mask = 0;
+
+ if ( slapi_mask & SLAPI_OPERATION_BIND )
+ *slap_mask |= SLAP_CTRL_BIND;
+
+ if ( slapi_mask & SLAPI_OPERATION_UNBIND )
+ *slap_mask |= SLAP_CTRL_UNBIND;
+
+ if ( slapi_mask & SLAPI_OPERATION_SEARCH )
+ *slap_mask |= SLAP_CTRL_SEARCH;
+
+ if ( slapi_mask & SLAPI_OPERATION_MODIFY )
+ *slap_mask |= SLAP_CTRL_MODIFY;
+
+ if ( slapi_mask & SLAPI_OPERATION_ADD )
+ *slap_mask |= SLAP_CTRL_ADD;
+
+ if ( slapi_mask & SLAPI_OPERATION_DELETE )
+ *slap_mask |= SLAP_CTRL_DELETE;
+
+ if ( slapi_mask & SLAPI_OPERATION_MODDN )
+ *slap_mask |= SLAP_CTRL_RENAME;
+
+ if ( slapi_mask & SLAPI_OPERATION_COMPARE )
+ *slap_mask |= SLAP_CTRL_COMPARE;
+
+ if ( slapi_mask & SLAPI_OPERATION_ABANDON )
+ *slap_mask |= SLAP_CTRL_ABANDON;
+
+ *slap_mask |= SLAP_CTRL_FRONTEND;
+}
+
+static int
+parseSlapiControl(
+ Operation *op,
+ SlapReply *rs,
+ LDAPControl *ctrl )
+{
+ /* Plugins must deal with controls themselves. */
+
+ return LDAP_SUCCESS;
+}
+#endif /* LDAP_SLAPI */
+
void
slapi_register_supported_control(
char *controloid,
unsigned long controlops )
{
#ifdef LDAP_SLAPI
- /* FIXME -- can not add controls to OpenLDAP dynamically */
- slapi_log_error( SLAPI_LOG_FATAL, "SLAPI_CONTROLS",
- "OpenLDAP does not support dynamic registration of LDAP controls\n" );
+ slap_mask_t controlmask;
+
+ slapiControlOp2SlapControlMask( controlops, &controlmask );
+
+ register_supported_control( controloid, controlmask, NULL, parseSlapiControl );
#endif /* LDAP_SLAPI */
}
unsigned long **ctrlopsp )
{
#ifdef LDAP_SLAPI
- int i, n;
- int rc = 1;
- char **oids = NULL;
- unsigned long *masks = NULL;
-
- for (n = 0; get_supported_ctrl( n ) != NULL; n++) {
- ; /* count them */
- }
-
- if ( n == 0 ) {
- /* no controls */
- *ctrloidsp = NULL;
- *ctrlopsp = NULL;
- return LDAP_SUCCESS;
- }
-
-
- oids = (char **)slapi_ch_malloc( (n + 1) * sizeof(char *) );
- if ( oids == NULL ) {
- rc = LDAP_NO_MEMORY;
- goto error_return;
- }
+ int i, rc;
- masks = (unsigned long *)slapi_ch_malloc( n * sizeof(int) );
- if ( masks == NULL ) {
- rc = LDAP_NO_MEMORY;
- goto error_return;
+ rc = get_supported_controls( ctrloidsp, (slap_mask_t **)ctrlopsp );
+ if ( rc != LDAP_SUCCESS ) {
+ return rc;
}
- for ( i = 0; i < n; i++ ) {
- /*
- * FIXME: Netscape's specification says nothing about
- * memory; should we copy the OIDs or return pointers
- * to internal values? In OpenLDAP the latter is safe
- * since we do not allow to register coltrols runtime
- */
- oids[ i ] = ch_strdup( get_supported_ctrl( i ) );
- if ( oids[ i ] == NULL ) {
- rc = LDAP_NO_MEMORY;
- goto error_return;
- }
- masks[ i ] = (unsigned long)get_supported_ctrl_mask( i );
+ for ( i = 0; (*ctrloidsp)[i] != NULL; i++ ) {
+ /* In place, naughty. */
+ slapControlMask2SlapiControlOp( (*ctrlopsp)[i], &((*ctrlopsp)[i]) );
}
- *ctrloidsp = oids;
- *ctrlopsp = masks;
return LDAP_SUCCESS;
-
-error_return:
- if ( rc != LDAP_SUCCESS ) {
- for ( i = 0; oids != NULL && oids[ i ] != NULL; i++ ) {
- ch_free( oids[ i ] );
- }
- ch_free( oids );
- ch_free( masks );
- }
-
- return rc;
#else /* LDAP_SLAPI */
return 1;
#endif /* LDAP_SLAPI */
}
+LDAPControl *
+slapi_dup_control( LDAPControl *ctrl )
+{
+#ifdef LDAP_SLAPI
+ LDAPControl *ret;
+
+ ret = (LDAPControl *)slapi_ch_malloc( sizeof(*ret) );
+ ret->ldctl_oid = slapi_ch_strdup( ctrl->ldctl_oid );
+ ber_dupbv( &ret->ldctl_value, &ctrl->ldctl_value );
+ ret->ldctl_iscritical = ctrl->ldctl_iscritical;
+
+ return ret;
+#else
+ return NULL;
+#endif /* LDAP_SLAPI */
+}
+
void
slapi_register_supported_saslmechanism( char *mechanism )
{
slapi_get_supported_saslmechanisms( void )
{
#ifdef LDAP_SLAPI
- /* FIXME -- can not get the saslmechanism wihtout a connection. */
+ /* FIXME -- can not get the saslmechanism without a connection. */
slapi_log_error( SLAPI_LOG_FATAL, "SLAPI_SASL",
- "can not get the saslmechanism "
- "wihtout a connection\n" );
+ "can not get the SASL mechanism list "
+ "without a connection\n" );
return NULL;
#else /* LDAP_SLAPI */
return NULL;
struct berval **urls )
{
#ifdef LDAP_SLAPI
- Connection *conn;
Operation *op;
struct berval *s;
char *extOID = NULL;
struct berval *extValue = NULL;
int rc;
+ SlapReply rs = { REP_RESULT };
- slapi_pblock_get( pb, SLAPI_CONNECTION, &conn );
slapi_pblock_get( pb, SLAPI_OPERATION, &op );
+
+ rs.sr_err = err;
+ rs.sr_matched = matched;
+ rs.sr_text = text;
+ rs.sr_ref = NULL;
+ rs.sr_ctrls = NULL;
+
+ slapi_pblock_get( pb, SLAPI_RESCONTROLS, &rs.sr_ctrls );
+
if ( err == LDAP_SASL_BIND_IN_PROGRESS ) {
- slapi_pblock_get( pb, SLAPI_BIND_RET_SASLCREDS, &s );
- rc = LDAP_SASL_BIND_IN_PROGRESS;
- send_ldap_sasl( conn, op, rc, NULL, NULL, NULL, NULL, s );
+ slapi_pblock_get( pb, SLAPI_BIND_RET_SASLCREDS, (void *) &rs.sr_sasldata );
+ send_ldap_sasl( op, &rs );
return;
}
slapi_pblock_get( pb, SLAPI_EXT_OP_RET_OID, &extOID );
if ( extOID != NULL ) {
- slapi_pblock_get( pb, SLAPI_EXT_OP_RET_VALUE, &extValue );
- slapi_send_ldap_extended_response( conn, op, err, extOID,
- extValue );
+ rs.sr_rspoid = extOID;
+ slapi_pblock_get( pb, SLAPI_EXT_OP_RET_VALUE, &rs.sr_rspdata );
+ send_ldap_extended( op, &rs );
return;
}
- send_ldap_result( conn, op, err, matched, text, NULL, NULL );
+ if (op->o_tag == LDAP_REQ_SEARCH)
+ rs.sr_nentries = nentries;
+
+ send_ldap_result( op, &rs );
#endif /* LDAP_SLAPI */
}
int attrsonly )
{
#ifdef LDAP_SLAPI
- Backend *be;
- Connection *pConn;
Operation *pOp;
- int rc;
-
+ SlapReply rs = { REP_RESULT };
int i;
AttributeName *an = NULL;
const char *text;
}
if ( i > 0 ) {
- an = (AttributeName *) ch_malloc( i * sizeof(AttributeName) );
+ an = (AttributeName *) ch_malloc( (i+1) * sizeof(AttributeName) );
for ( i = 0; attrs[i] != NULL; i++ ) {
an[i].an_name.bv_val = ch_strdup( attrs[i] );
an[i].an_name.bv_len = strlen( attrs[i] );
if( slap_bv2ad( &an[i].an_name, &an[i].an_desc, &text ) != LDAP_SUCCESS)
return -1;
}
+ an[i].an_name.bv_len = 0;
+ an[i].an_name.bv_val = NULL;
}
- if ( ( rc = slapi_pblock_get( pb, SLAPI_BACKEND, (void *)&be ) != 0 ) ||
- ( rc = slapi_pblock_get( pb, SLAPI_CONNECTION, (void *)&pConn) != 0 ) ||
- ( rc = slapi_pblock_get( pb, SLAPI_OPERATION, (void *)&pOp) != 0 ) ) {
- rc = LDAP_OTHER;
- } else {
- rc = send_search_entry( be, pConn, pOp, e, an, attrsonly, NULL );
- }
+ rs.sr_err = LDAP_SUCCESS;
+ rs.sr_matched = NULL;
+ rs.sr_text = NULL;
+ rs.sr_ref = NULL;
+ rs.sr_ctrls = ectrls;
+ rs.sr_attrs = an;
+ rs.sr_entry = e;
+ rs.sr_v2ref = NULL;
- return rc;
+ if ( slapi_pblock_get( pb, SLAPI_OPERATION, (void *)&pOp ) != 0 ) {
+ return LDAP_OTHER;
+ }
+ return send_search_entry( pOp, &rs );
#else /* LDAP_SLAPI */
return -1;
#endif /* LDAP_SLAPI */
* According to acl.c it is safe to call test_filter() with
* NULL arguments...
*/
- rc = test_filter( be, conn, op, e, f );
+ rc = test_filter( op, e, f );
switch (rc) {
case LDAP_COMPARE_TRUE:
rc = 0;
struct berval *response )
{
#ifdef LDAP_SLAPI
- send_ldap_extended( conn,op, errornum, NULL, NULL, NULL,
- respName,response, NULL );
+ SlapReply rs;
+
+ rs.sr_err = errornum;
+ rs.sr_matched = NULL;
+ rs.sr_text = NULL;
+ rs.sr_ref = NULL;
+ rs.sr_ctrls = NULL;
+ rs.sr_rspoid = respName;
+ rs.sr_rspdata = response;
+
+ send_ldap_extended( op, &rs );
+
return LDAP_SUCCESS;
#else /* LDAP_SLAPI */
return -1;
#endif /* LDAP_SLAPI */
}
+#ifdef LDAP_SLAPI
/*
* Internal API to prime a Slapi_PBlock with a Backend.
*/
-int slapi_x_backend_set_pb( Slapi_PBlock *pb, Backend *be )
+static int initBackendPB( Slapi_PBlock *pb, Backend *be )
{
-#ifdef LDAP_SLAPI
int rc;
rc = slapi_pblock_set( pb, SLAPI_BACKEND, (void *)be );
}
return LDAP_SUCCESS;
-#else
- return -1;
-#endif /* LDAP_SLAPI */
}
-#ifdef LDAP_SLAPI
/*
* If oldStyle is TRUE, then a value suitable for setting to
* the deprecated SLAPI_CONN_AUTHTYPE value is returned
return authType;
}
-#endif
/*
* Internal API to prime a Slapi_PBlock with a Connection.
*/
-int slapi_x_connection_set_pb( Slapi_PBlock *pb, Connection *conn )
+static int initConnectionPB( Slapi_PBlock *pb, Connection *conn )
{
-#ifdef LDAP_SLAPI
char *connAuthType;
int rc;
}
return rc;
-#else
- return -1;
-#endif /* LDAP_SLAPI */
}
+#endif /* LDAP_SLAPI */
/*
* Internal API to prime a Slapi_PBlock with an Operation.
*/
-int slapi_x_operation_set_pb( Slapi_PBlock *pb, Operation *op )
+int slapi_x_pblock_set_operation( Slapi_PBlock *pb, Operation *op )
{
#ifdef LDAP_SLAPI
int isRoot = 0;
int isUpdateDn = 0;
int rc;
- Backend *be;
char *opAuthType;
- if ( slapi_pblock_get(pb, SLAPI_BACKEND, (void *)&be ) != 0 ) {
- be = NULL;
- }
- if (be != NULL) {
- isRoot = be_isroot( be, &op->o_ndn );
- isUpdateDn = be_isupdate( be, &op->o_ndn );
+ if ( op->o_bd != NULL ) {
+ isRoot = be_isroot( op->o_bd, &op->o_ndn );
+ isUpdateDn = be_isupdate( op->o_bd, &op->o_ndn );
}
-
+
+ rc = initBackendPB( pb, op->o_bd );
+ if ( rc != LDAP_SUCCESS )
+ return rc;
+
+ rc = initConnectionPB( pb, op->o_conn );
+ if ( rc != LDAP_SUCCESS )
+ return rc;
+
rc = slapi_pblock_set( pb, SLAPI_OPERATION, (void *)op );
if ( rc != LDAP_SUCCESS )
return rc;
a->a_desc = ad;
a->a_vals = NULL;
+#ifdef SLAP_NVALUES
+ a->a_nvals = NULL;
+#endif
a->a_next = NULL;
a->a_flags = 0;
int slapi_attr_add_value( Slapi_Attr *a, const Slapi_Value *v )
{
#ifdef LDAP_SLAPI
+#ifdef SLAP_NVALUES
+ /*
+ * FIXME: here we may lose alignment between a_vals/a_nvals
+ */
+#endif
return value_add_one( &a->a_vals, (Slapi_Value *)v );
#else
return -1;
const char *text;
mr = a->a_desc->ad_type->sat_equality;
+#ifdef SLAP_NVALUES
+ rc = value_match( &ret, a->a_desc, mr,
+ SLAP_MR_VALUE_OF_ASSERTION_SYNTAX,
+ (struct berval *)v1, (void *)v2, &text );
+#else
rc = value_match( &ret, a->a_desc, mr, SLAP_MR_ASSERTION_SYNTAX_MATCH,
(struct berval *)v1, (void *)v2, &text );
+#endif
if ( rc != LDAP_SUCCESS )
return -1;
mr = a->a_desc->ad_type->sat_equality;
for ( bv = a->a_vals, j = 0; bv->bv_val != NULL; bv++, j++ ) {
+#ifdef SLAP_NVALUES
+ rc = value_match( &ret, a->a_desc, mr,
+ SLAP_MR_VALUE_OF_ASSERTION_SYNTAX, bv, v, &text );
+#else
rc = value_match( &ret, a->a_desc, mr,
SLAP_MR_ASSERTION_SYNTAX_MATCH, bv, v, &text );
+#endif
if ( rc != LDAP_SUCCESS ) {
return -1;
}
int slapi_acl_check_mods(Slapi_PBlock *pb, Slapi_Entry *e, LDAPMod **mods, char **errbuf)
{
#ifdef LDAP_SLAPI
- Backend *be;
- Connection *conn;
Operation *op;
int ret;
Modifications *ml;
Modifications *next;
- if ( slapi_pblock_get( pb, SLAPI_BACKEND, (void *)&be ) != 0 ) {
- return LDAP_PARAM_ERROR;
- }
-
- if ( slapi_pblock_get( pb, SLAPI_CONNECTION, (void *)&conn ) != 0 ) {
- return LDAP_PARAM_ERROR;
- }
-
if ( slapi_pblock_get( pb, SLAPI_OPERATION, (void *)&op ) != 0 ) {
return LDAP_PARAM_ERROR;
}
return LDAP_OTHER;
}
- ret = acl_check_modlist( be, conn, op, e, ml );
+ ret = acl_check_modlist( op, e, ml );
/* Careful when freeing the modlist because it has pointers into the mods array. */
for ( ; ml != NULL; ml = next ) {
Modifications *slapi_x_ldapmods2modifications (LDAPMod **mods)
{
#ifdef LDAP_SLAPI
- Modifications *modlist, **modtail;
+ Modifications *modlist = NULL, **modtail;
LDAPMod **modp;
modtail = &modlist;
}
mod->sml_bvalues[i].bv_val = NULL;
}
+#ifdef SLAP_NVALUES
+ mod->sml_nvalues = NULL;
+#endif
*modtail = mod;
modtail = &mod->sml_next;
int slapi_x_compute_output_ber(computed_attr_context *c, Slapi_Attr *a, Slapi_Entry *e)
{
#ifdef LDAP_SLAPI
- Backend *be = NULL;
- Connection *conn = NULL;
Operation *op = NULL;
BerElement *ber;
AttributeDescription *desc = NULL;
return 1;
}
- rc = slapi_pblock_get( c->cac_pb, SLAPI_BACKEND, (void *)&be );
- if ( rc != 0 ) {
- be = NULL; /* no backend for root DSE */
- }
-
- rc = slapi_pblock_get( c->cac_pb, SLAPI_CONNECTION, (void *)&conn );
- if ( rc != 0 || conn == NULL ) {
- return rc;
- }
-
rc = slapi_pblock_get( c->cac_pb, SLAPI_OPERATION, (void *)&op );
if ( rc != 0 || op == NULL ) {
return rc;
}
}
- if ( !access_allowed( be, conn, op, e, desc, NULL, ACL_READ, &c->cac_acl_state) ) {
+ if ( !access_allowed( op, e, desc, NULL, ACL_READ, &c->cac_acl_state) ) {
slapi_log_error( SLAPI_LOG_ACL, "SLAPI_COMPUTE",
"acl: access to attribute %s not allowed\n",
desc->ad_cname.bv_val );
if ( !c->cac_attrsonly ) {
for ( i = 0; a->a_vals[i].bv_val != NULL; i++ ) {
- if ( !access_allowed( be, conn, op, e,
+ if ( !access_allowed( op, e,
desc, &a->a_vals[i], ACL_READ, &c->cac_acl_state)) {
slapi_log_error( SLAPI_LOG_ACL, "SLAPI_COMPUTE",
"slapi_x_compute_output_ber: conn %lu "
projects / openldap / blobdiff