X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=servers%2Fslapd%2Foverlays%2Fmemberof.c;h=502cb46fc1bd4f8037fe32dd158d21b4437bf918;hb=f1ad87e649ec7b80f6a2561eee9a222e79feaeb8;hp=8915661ef62c33d821e1480db2c4ccb41bb809d5;hpb=30f401c62898426664d71518e4d176293f64ebc7;p=openldap diff --git a/servers/slapd/overlays/memberof.c b/servers/slapd/overlays/memberof.c index 8915661ef6..502cb46fc1 100644 --- a/servers/slapd/overlays/memberof.c +++ b/servers/slapd/overlays/memberof.c @@ -178,74 +178,19 @@ typedef enum memberof_is_t { MEMBEROF_IS_BOTH = (MEMBEROF_IS_GROUP|MEMBEROF_IS_MEMBER) } memberof_is_t; -/* - * failover storage for member attribute values of groups being deleted - * handles [no]thread cases. - */ -static BerVarray saved_member_vals; -static BerVarray saved_memberof_vals; - -static void -memberof_saved_member_free( void *key, void *data ) -{ - ber_bvarray_free( (BerVarray)data ); -} - -static BerVarray -memberof_saved_member_get( Operation *op, void *keyp ) -{ - void *vals; - BerVarray *key = (BerVarray *)keyp; - - assert( op != NULL ); - - if ( op->o_threadctx == NULL ) { - vals = *key; - *key = NULL; - - } else { - ldap_pvt_thread_pool_setkey( op->o_threadctx, - key, NULL, NULL, &vals, NULL ); - } - - return vals; -} - -static void -memberof_saved_member_set( Operation *op, void *keyp, BerVarray vals ) -{ - BerVarray saved_vals = NULL; - BerVarray *key = (BerVarray*)keyp; - - assert( op != NULL ); - - if ( vals ) { - ber_bvarray_dup_x( &saved_vals, vals, NULL ); - } - - if ( op->o_threadctx == NULL ) { - if ( *key ) { - ber_bvarray_free( *key ); - } - *key = saved_vals; - - } else { - void *old_vals = NULL; - - ldap_pvt_thread_pool_setkey( op->o_threadctx, key, - saved_vals, memberof_saved_member_free, &old_vals, NULL ); - if ( old_vals != NULL ) { - ber_bvarray_free( old_vals ); - } - } -} - typedef struct memberof_cookie_t { AttributeDescription *ad; - void *key; + BerVarray vals; int foundit; } memberof_cookie_t; +typedef struct memberof_cbinfo_t { + slap_overinst *on; + BerVarray member; + BerVarray memberof; + memberof_is_t what; +} memberof_cbinfo_t; + static int memberof_isGroupOrMember_cb( Operation *op, SlapReply *rs ) { @@ -269,7 +214,6 @@ memberof_saveMember_cb( Operation *op, SlapReply *rs ) if ( rs->sr_type == REP_SEARCH ) { memberof_cookie_t *mc; Attribute *a; - BerVarray vals = NULL; mc = (memberof_cookie_t *)op->o_callback->sc_private; mc->foundit = 1; @@ -279,19 +223,9 @@ memberof_saveMember_cb( Operation *op, SlapReply *rs ) a = attr_find( rs->sr_entry->e_attrs, mc->ad ); if ( a != NULL ) { - vals = a->a_nvals; - } - - memberof_saved_member_set( op, mc->key, vals ); + ber_bvarray_dup_x( &mc->vals, a->a_nvals, op->o_tmpmemctx ); - if ( a && attr_find( a->a_next, mc->ad ) != NULL ) { - Debug( LDAP_DEBUG_ANY, - "%s: memberof_saveMember_cb(\"%s\"): " - "more than one occurrence of \"%s\" " - "attribute.\n", - op->o_log_prefix, - rs->sr_entry->e_name.bv_val, - mc->ad->ad_cname.bv_val ); + assert( attr_find( a->a_next, mc->ad ) == NULL ); } } @@ -303,21 +237,20 @@ memberof_saveMember_cb( Operation *op, SlapReply *rs ) * attribute values of groups being deleted. */ static int -memberof_isGroupOrMember( Operation *op, memberof_is_t *iswhatp ) +memberof_isGroupOrMember( Operation *op, memberof_cbinfo_t *mci ) { - slap_overinst *on = (slap_overinst *)op->o_bd->bd_info; + slap_overinst *on = mci->on; memberof_t *mo = (memberof_t *)on->on_bi.bi_private; Operation op2 = *op; - SlapReply rs2 = { REP_RESULT }; slap_callback cb = { 0 }; - memberof_cookie_t mc; + BackendInfo *bi = op->o_bd->bd_info; AttributeName an[ 2 ]; memberof_is_t iswhat = MEMBEROF_IS_NONE; + memberof_cookie_t mc; - assert( iswhatp != NULL ); - assert( *iswhatp != MEMBEROF_IS_NONE ); + assert( mci->what != MEMBEROF_IS_NONE ); cb.sc_private = &mc; if ( op->o_tag == LDAP_REQ_DELETE ) { @@ -341,10 +274,12 @@ memberof_isGroupOrMember( Operation *op, memberof_is_t *iswhatp ) op2.ors_slimit = 1; op2.ors_tlimit = SLAP_NO_LIMIT; - if ( *iswhatp & MEMBEROF_IS_GROUP ) { + if ( mci->what & MEMBEROF_IS_GROUP ) { + SlapReply rs2 = { REP_RESULT }; + mc.ad = mo->mo_ad_member; - mc.key = &saved_member_vals; mc.foundit = 0; + mc.vals = NULL; an[ 0 ].an_desc = mo->mo_ad_member; an[ 0 ].an_name = an[ 0 ].an_desc->ad_cname; op2.ors_filterstr = mo->mo_groupFilterstr; @@ -352,20 +287,21 @@ memberof_isGroupOrMember( Operation *op, memberof_is_t *iswhatp ) op2.o_bd->bd_info = (BackendInfo *)on->on_info; (void)op->o_bd->be_search( &op2, &rs2 ); - op2.o_bd->bd_info = (BackendInfo *)on; + op2.o_bd->bd_info = bi; if ( mc.foundit ) { iswhat |= MEMBEROF_IS_GROUP; + if ( mc.vals ) mci->member = mc.vals; - } else { - memberof_saved_member_set( op, mc.key, NULL ); } } - if ( *iswhatp & MEMBEROF_IS_MEMBER ) { + if ( mci->what & MEMBEROF_IS_MEMBER ) { + SlapReply rs2 = { REP_RESULT }; + mc.ad = mo->mo_ad_memberof; - mc.key = &saved_memberof_vals; mc.foundit = 0; + mc.vals = NULL; an[ 0 ].an_desc = mo->mo_ad_memberof; an[ 0 ].an_name = an[ 0 ].an_desc->ad_cname; op2.ors_filterstr = mo->mo_memberFilterstr; @@ -373,17 +309,16 @@ memberof_isGroupOrMember( Operation *op, memberof_is_t *iswhatp ) op2.o_bd->bd_info = (BackendInfo *)on->on_info; (void)op->o_bd->be_search( &op2, &rs2 ); - op2.o_bd->bd_info = (BackendInfo *)on; + op2.o_bd->bd_info = bi; if ( mc.foundit ) { iswhat |= MEMBEROF_IS_MEMBER; + if ( mc.vals ) mci->memberof = mc.vals; - } else { - memberof_saved_member_set( op, mc.key, NULL ); } } - *iswhatp = iswhat; + mci->what = iswhat; return LDAP_SUCCESS; } @@ -391,10 +326,9 @@ memberof_isGroupOrMember( Operation *op, memberof_is_t *iswhatp ) /* * response callback that adds memberof values when a group is modified. */ -static int +static void memberof_value_modify( Operation *op, - SlapReply *rs, struct berval *ndn, AttributeDescription *ad, struct berval *old_dn, @@ -402,7 +336,8 @@ memberof_value_modify( struct berval *new_dn, struct berval *new_ndn ) { - slap_overinst *on = (slap_overinst *)op->o_bd->bd_info; + memberof_cbinfo_t *mci = op->o_callback->sc_private; + slap_overinst *on = mci->on; memberof_t *mo = (memberof_t *)on->on_bi.bi_private; Operation op2 = *op; @@ -417,13 +352,15 @@ memberof_value_modify( op2.o_req_dn = *ndn; op2.o_req_ndn = *ndn; - op2.o_bd->bd_info = (BackendInfo *)on->on_info; - op2.o_callback = &cb; op2.o_dn = op->o_bd->be_rootdn; op2.o_ndn = op->o_bd->be_rootndn; op2.orm_modlist = NULL; + /* Internal ops, never replicate these */ + op2.orm_no_opattrs = 1; + op2.o_dont_replicate = 1; + if ( !BER_BVISNULL( &mo->mo_ndn ) ) { ml = &mod[ mcnt ]; ml->sml_numvals = 1; @@ -456,6 +393,9 @@ memberof_value_modify( op2.orm_modlist = ml; if ( new_ndn != NULL ) { + BackendInfo *bi = op2.o_bd->bd_info; + OpExtra oex; + assert( !BER_BVISNULL( new_dn ) ); assert( !BER_BVISNULL( new_ndn ) ); @@ -465,13 +405,17 @@ memberof_value_modify( ml->sml_values[ 0 ] = *new_dn; ml->sml_nvalues[ 0 ] = *new_ndn; + oex.oe_key = (void *)&memberof; + LDAP_SLIST_INSERT_HEAD(&op2.o_extra, &oex, oe_next); + op2.o_bd->bd_info = (BackendInfo *)on->on_info; (void)op->o_bd->be_modify( &op2, &rs2 ); + op2.o_bd->bd_info = bi; + LDAP_SLIST_REMOVE(&op2.o_extra, &oex, OpExtra, oe_next); if ( rs2.sr_err != LDAP_SUCCESS ) { char buf[ SLAP_TEXT_BUFLEN ]; snprintf( buf, sizeof( buf ), - "memberof_value_modify %s=\"%s\" failed err=%d text=%s", - ad->ad_cname.bv_val, new_dn->bv_val, rs2.sr_err, - rs2.sr_text ? rs2.sr_text : "" ); + "memberof_value_modify DN=\"%s\" add %s=\"%s\" failed err=%d", + op2.o_req_dn.bv_val, ad->ad_cname.bv_val, new_dn->bv_val, rs2.sr_err ); Debug( LDAP_DEBUG_ANY, "%s: %s\n", op->o_log_prefix, buf, 0 ); } @@ -491,6 +435,9 @@ memberof_value_modify( } if ( old_ndn != NULL ) { + BackendInfo *bi = op2.o_bd->bd_info; + OpExtra oex; + assert( !BER_BVISNULL( old_dn ) ); assert( !BER_BVISNULL( old_ndn ) ); @@ -500,13 +447,17 @@ memberof_value_modify( ml->sml_values[ 0 ] = *old_dn; ml->sml_nvalues[ 0 ] = *old_ndn; + oex.oe_key = (void *)&memberof; + LDAP_SLIST_INSERT_HEAD(&op2.o_extra, &oex, oe_next); + op2.o_bd->bd_info = (BackendInfo *)on->on_info; (void)op->o_bd->be_modify( &op2, &rs2 ); + op2.o_bd->bd_info = bi; + LDAP_SLIST_REMOVE(&op2.o_extra, &oex, OpExtra, oe_next); if ( rs2.sr_err != LDAP_SUCCESS ) { char buf[ SLAP_TEXT_BUFLEN ]; snprintf( buf, sizeof( buf ), - "memberof_value_modify %s=\"%s\" failed err=%d text=%s", - ad->ad_cname.bv_val, old_dn->bv_val, rs2.sr_err, - rs2.sr_text ? rs2.sr_text : "" ); + "memberof_value_modify DN=\"%s\" delete %s=\"%s\" failed err=%d", + op2.o_req_dn.bv_val, ad->ad_cname.bv_val, old_dn->bv_val, rs2.sr_err ); Debug( LDAP_DEBUG_ANY, "%s: %s\n", op->o_log_prefix, buf, 0 ); } @@ -526,12 +477,28 @@ memberof_value_modify( * add will fail; better split in two operations, although * not optimal in terms of performance. At least it would * move towards self-repairing capabilities. */ +} - op2.o_bd->bd_info = (BackendInfo *)on; - - return rs2.sr_err; +static int +memberof_cleanup( Operation *op, SlapReply *rs ) +{ + slap_callback *sc = op->o_callback; + memberof_cbinfo_t *mci = sc->sc_private; + + op->o_callback = sc->sc_next; + if ( mci->memberof ) + ber_bvarray_free_x( mci->memberof, op->o_tmpmemctx ); + if ( mci->member ) + ber_bvarray_free_x( mci->member, op->o_tmpmemctx ); + op->o_tmpfree( sc, op->o_tmpmemctx ); + return 0; } +static int memberof_res_add( Operation *op, SlapReply *rs ); +static int memberof_res_delete( Operation *op, SlapReply *rs ); +static int memberof_res_modify( Operation *op, SlapReply *rs ); +static int memberof_res_modrdn( Operation *op, SlapReply *rs ); + static int memberof_op_add( Operation *op, SlapReply *rs ) { @@ -542,6 +509,14 @@ memberof_op_add( Operation *op, SlapReply *rs ) int rc = SLAP_CB_CONTINUE; int i; struct berval save_dn, save_ndn; + slap_callback *sc; + memberof_cbinfo_t *mci; + OpExtra *oex; + + LDAP_SLIST_FOREACH( oex, &op->o_extra, oe_next ) { + if ( oex->oe_key == (void *)&memberof ) + return SLAP_CB_CONTINUE; + } if ( op->ora_e->e_attrs == NULL ) { /* FIXME: global overlay; need to deal with */ @@ -571,7 +546,7 @@ memberof_op_add( Operation *op, SlapReply *rs ) && is_entry_objectclass_or_sub( op->ora_e, mo->mo_oc_group ) ) { op->o_dn = op->o_bd->be_rootdn; - op->o_dn = op->o_bd->be_rootndn; + op->o_ndn = op->o_bd->be_rootndn; op->o_bd->bd_info = (BackendInfo *)on->on_info; for ( ap = &op->ora_e->e_attrs; *ap; ) { @@ -587,6 +562,10 @@ memberof_op_add( Operation *op, SlapReply *rs ) for ( i = 0; !BER_BVISNULL( &a->a_nvals[ i ] ); i++ ) { Entry *e = NULL; + /* ITS#6670 Ignore member pointing to this entry */ + if ( dn_match( &a->a_nvals[i], &save_ndn )) + continue; + rc = be_entry_get_rw( op, &a->a_nvals[ i ], NULL, NULL, 0, &e ); if ( rc == LDAP_SUCCESS ) { @@ -628,6 +607,7 @@ memberof_op_add( Operation *op, SlapReply *rs ) sizeof( struct berval ) * ( j - i ) ); } i--; + a->a_numvals--; } } @@ -664,6 +644,10 @@ memberof_op_add( Operation *op, SlapReply *rs ) send_ldap_result( op, rs ); goto done; } + /* ITS#6670 Ignore member pointing to this entry */ + if ( dn_match( &a->a_nvals[i], &save_ndn )) + continue; + rc = be_entry_get_rw( op, &a->a_nvals[ i ], NULL, NULL, 0, &e ); op->o_bd->bd_info = (BackendInfo *)on; @@ -733,7 +717,18 @@ memberof_op_add( Operation *op, SlapReply *rs ) } rc = SLAP_CB_CONTINUE; - + + sc = op->o_tmpalloc( sizeof(slap_callback)+sizeof(*mci), op->o_tmpmemctx ); + sc->sc_private = sc+1; + sc->sc_response = memberof_res_add; + sc->sc_cleanup = memberof_cleanup; + mci = sc->sc_private; + mci->on = on; + mci->member = NULL; + mci->memberof = NULL; + sc->sc_next = op->o_callback; + op->o_callback = sc; + done:; op->o_dn = save_dn; op->o_ndn = save_ndn; @@ -748,13 +743,32 @@ memberof_op_delete( Operation *op, SlapReply *rs ) slap_overinst *on = (slap_overinst *)op->o_bd->bd_info; memberof_t *mo = (memberof_t *)on->on_bi.bi_private; - memberof_is_t iswhat = MEMBEROF_IS_GROUP; + slap_callback *sc; + memberof_cbinfo_t *mci; + OpExtra *oex; + LDAP_SLIST_FOREACH( oex, &op->o_extra, oe_next ) { + if ( oex->oe_key == (void *)&memberof ) + return SLAP_CB_CONTINUE; + } + + sc = op->o_tmpalloc( sizeof(slap_callback)+sizeof(*mci), op->o_tmpmemctx ); + sc->sc_private = sc+1; + sc->sc_response = memberof_res_delete; + sc->sc_cleanup = memberof_cleanup; + mci = sc->sc_private; + mci->on = on; + mci->member = NULL; + mci->memberof = NULL; + mci->what = MEMBEROF_IS_GROUP; if ( MEMBEROF_REFINT( mo ) ) { - iswhat = MEMBEROF_IS_BOTH; + mci->what = MEMBEROF_IS_BOTH; } - memberof_isGroupOrMember( op, &iswhat ); + memberof_isGroupOrMember( op, mci ); + + sc->sc_next = op->o_callback; + op->o_callback = sc; return SLAP_CB_CONTINUE; } @@ -766,9 +780,16 @@ memberof_op_modify( Operation *op, SlapReply *rs ) memberof_t *mo = (memberof_t *)on->on_bi.bi_private; Modifications **mlp, **mmlp = NULL; - int rc = SLAP_CB_CONTINUE; + int rc = SLAP_CB_CONTINUE, save_member = 0; struct berval save_dn, save_ndn; - memberof_is_t iswhat = MEMBEROF_IS_GROUP; + slap_callback *sc; + memberof_cbinfo_t *mci, mcis; + OpExtra *oex; + + LDAP_SLIST_FOREACH( oex, &op->o_extra, oe_next ) { + if ( oex->oe_key == (void *)&memberof ) + return SLAP_CB_CONTINUE; + } if ( MEMBEROF_REVERSE( mo ) ) { for ( mlp = &op->orm_modlist; *mlp; mlp = &(*mlp)->sml_next ) { @@ -783,12 +804,13 @@ memberof_op_modify( Operation *op, SlapReply *rs ) save_dn = op->o_dn; save_ndn = op->o_ndn; + mcis.on = on; + mcis.what = MEMBEROF_IS_GROUP; - if ( memberof_isGroupOrMember( op, &iswhat ) == LDAP_SUCCESS - && ( iswhat & MEMBEROF_IS_GROUP ) ) + if ( memberof_isGroupOrMember( op, &mcis ) == LDAP_SUCCESS + && ( mcis.what & MEMBEROF_IS_GROUP ) ) { Modifications *ml; - int save_member = 0; for ( ml = op->orm_modlist; ml; ml = ml->sml_next ) { if ( ml->sml_desc == mo->mo_ad_member ) { @@ -801,26 +823,12 @@ memberof_op_modify( Operation *op, SlapReply *rs ) } } - if ( save_member ) { - BerVarray vals = NULL; - - op->o_dn = op->o_bd->be_rootdn; - op->o_dn = op->o_bd->be_rootndn; - op->o_bd->bd_info = (BackendInfo *)on->on_info; - rc = backend_attribute( op, NULL, &op->o_req_ndn, - mo->mo_ad_member, &vals, ACL_READ ); - op->o_bd->bd_info = (BackendInfo *)on; - if ( rc == LDAP_SUCCESS && vals != NULL ) { - memberof_saved_member_set( op, &saved_member_vals, vals ); - ber_bvarray_free_x( vals, op->o_tmpmemctx ); - } - } if ( MEMBEROF_DANGLING_CHECK( mo ) && !get_relax( op ) ) { op->o_dn = op->o_bd->be_rootdn; - op->o_dn = op->o_bd->be_rootndn; + op->o_ndn = op->o_bd->be_rootndn; op->o_bd->bd_info = (BackendInfo *)on->on_info; assert( op->orm_modlist != NULL ); @@ -843,6 +851,12 @@ memberof_op_modify( Operation *op, SlapReply *rs ) break; case LDAP_MOD_REPLACE: + /* Handle this just like a delete (see above) */ + if ( !ml->sml_values ) { + mlp = &ml->sml_next; + break; + } + case LDAP_MOD_ADD: /* NOTE: right now, the attributeType we use * for member must have a normalized value */ @@ -852,6 +866,10 @@ memberof_op_modify( Operation *op, SlapReply *rs ) int rc; Entry *e; + /* ITS#6670 Ignore member pointing to this entry */ + if ( dn_match( &ml->sml_nvalues[i], &save_ndn )) + continue; + if ( be_entry_get_rw( op, &ml->sml_nvalues[ i ], NULL, NULL, 0, &e ) == LDAP_SUCCESS ) { @@ -1038,7 +1056,7 @@ memberof_op_modify( Operation *op, SlapReply *rs ) goto done2; } - if ( ml->sml_op == LDAP_MOD_DELETE ) { + if ( ml->sml_op == LDAP_MOD_DELETE || !ml->sml_values ) { break; } /* fall thru */ @@ -1063,6 +1081,10 @@ memberof_op_modify( Operation *op, SlapReply *rs ) goto done2; } + /* ITS#6670 Ignore member pointing to this entry */ + if ( dn_match( &ml->sml_nvalues[i], &save_ndn )) + continue; + rc = be_entry_get_rw( op, &ml->sml_nvalues[ i ], NULL, NULL, 0, &e ); op->o_bd->bd_info = (BackendInfo *)on; @@ -1141,6 +1163,28 @@ done2:; op->o_bd->bd_info = (BackendInfo *)on; } + sc = op->o_tmpalloc( sizeof(slap_callback)+sizeof(*mci), op->o_tmpmemctx ); + sc->sc_private = sc+1; + sc->sc_response = memberof_res_modify; + sc->sc_cleanup = memberof_cleanup; + mci = sc->sc_private; + mci->on = on; + mci->member = NULL; + mci->memberof = NULL; + mci->what = mcis.what; + + if ( save_member ) { + op->o_dn = op->o_bd->be_rootdn; + op->o_ndn = op->o_bd->be_rootndn; + op->o_bd->bd_info = (BackendInfo *)on->on_info; + rc = backend_attribute( op, NULL, &op->o_req_ndn, + mo->mo_ad_member, &mci->member, ACL_READ ); + op->o_bd->bd_info = (BackendInfo *)on; + } + + sc->sc_next = op->o_callback; + op->o_callback = sc; + rc = SLAP_CB_CONTINUE; done:; @@ -1151,34 +1195,68 @@ done:; return rc; } +static int +memberof_op_modrdn( Operation *op, SlapReply *rs ) +{ + slap_overinst *on = (slap_overinst *)op->o_bd->bd_info; + slap_callback *sc; + memberof_cbinfo_t *mci; + OpExtra *oex; + + LDAP_SLIST_FOREACH( oex, &op->o_extra, oe_next ) { + if ( oex->oe_key == (void *)&memberof ) + return SLAP_CB_CONTINUE; + } + + sc = op->o_tmpalloc( sizeof(slap_callback)+sizeof(*mci), op->o_tmpmemctx ); + sc->sc_private = sc+1; + sc->sc_response = memberof_res_modrdn; + sc->sc_cleanup = memberof_cleanup; + mci = sc->sc_private; + mci->on = on; + mci->member = NULL; + mci->memberof = NULL; + + sc->sc_next = op->o_callback; + op->o_callback = sc; + + return SLAP_CB_CONTINUE; +} + /* * response callback that adds memberof values when a group is added. */ static int memberof_res_add( Operation *op, SlapReply *rs ) { - slap_overinst *on = (slap_overinst *)op->o_bd->bd_info; + memberof_cbinfo_t *mci = op->o_callback->sc_private; + slap_overinst *on = mci->on; memberof_t *mo = (memberof_t *)on->on_bi.bi_private; int i; + if ( rs->sr_err != LDAP_SUCCESS ) { + return SLAP_CB_CONTINUE; + } + if ( MEMBEROF_REVERSE( mo ) ) { Attribute *ma; ma = attr_find( op->ora_e->e_attrs, mo->mo_ad_memberof ); if ( ma != NULL ) { - Operation op2 = *op; - SlapReply rs2 = { 0 }; - /* relax is required to allow to add * a non-existing member */ - op2.o_relax = SLAP_CONTROL_CRITICAL; + op->o_relax = SLAP_CONTROL_CRITICAL; for ( i = 0; !BER_BVISNULL( &ma->a_nvals[ i ] ); i++ ) { + /* ITS#6670 Ignore member pointing to this entry */ + if ( dn_match( &ma->a_nvals[i], &op->o_req_ndn )) + continue; + /* the modification is attempted * with the original identity */ - (void)memberof_value_modify( &op2, &rs2, + memberof_value_modify( op, &ma->a_nvals[ i ], mo->mo_ad_member, NULL, NULL, &op->o_req_dn, &op->o_req_ndn ); } @@ -1193,7 +1271,11 @@ memberof_res_add( Operation *op, SlapReply *rs ) a = attrs_find( a->a_next, mo->mo_ad_member ) ) { for ( i = 0; !BER_BVISNULL( &a->a_nvals[ i ] ); i++ ) { - (void)memberof_value_modify( op, rs, + /* ITS#6670 Ignore member pointing to this entry */ + if ( dn_match( &a->a_nvals[i], &op->o_req_ndn )) + continue; + + memberof_value_modify( op, &a->a_nvals[ i ], mo->mo_ad_memberof, NULL, NULL, @@ -1212,37 +1294,36 @@ memberof_res_add( Operation *op, SlapReply *rs ) static int memberof_res_delete( Operation *op, SlapReply *rs ) { - slap_overinst *on = (slap_overinst *)op->o_bd->bd_info; + memberof_cbinfo_t *mci = op->o_callback->sc_private; + slap_overinst *on = mci->on; memberof_t *mo = (memberof_t *)on->on_bi.bi_private; BerVarray vals; int i; - vals = memberof_saved_member_get( op, &saved_member_vals ); + if ( rs->sr_err != LDAP_SUCCESS ) { + return SLAP_CB_CONTINUE; + } + + vals = mci->member; if ( vals != NULL ) { for ( i = 0; !BER_BVISNULL( &vals[ i ] ); i++ ) { - (void)memberof_value_modify( op, rs, + memberof_value_modify( op, &vals[ i ], mo->mo_ad_memberof, &op->o_req_dn, &op->o_req_ndn, NULL, NULL ); } - - memberof_saved_member_set( op, &saved_memberof_vals, NULL ); - ber_bvarray_free( vals ); } if ( MEMBEROF_REFINT( mo ) ) { - vals = memberof_saved_member_get( op, &saved_memberof_vals ); + vals = mci->memberof; if ( vals != NULL ) { for ( i = 0; !BER_BVISNULL( &vals[ i ] ); i++ ) { - (void)memberof_value_modify( op, rs, + memberof_value_modify( op, &vals[ i ], mo->mo_ad_member, &op->o_req_dn, &op->o_req_ndn, NULL, NULL ); } - - memberof_saved_member_set( op, &saved_member_vals, NULL ); - ber_bvarray_free( vals ); } } @@ -1256,13 +1337,17 @@ memberof_res_delete( Operation *op, SlapReply *rs ) static int memberof_res_modify( Operation *op, SlapReply *rs ) { - slap_overinst *on = (slap_overinst *)op->o_bd->bd_info; + memberof_cbinfo_t *mci = op->o_callback->sc_private; + slap_overinst *on = mci->on; memberof_t *mo = (memberof_t *)on->on_bi.bi_private; int i, rc; Modifications *ml, *mml = NULL; BerVarray vals; - memberof_is_t iswhat = MEMBEROF_IS_GROUP; + + if ( rs->sr_err != LDAP_SUCCESS ) { + return SLAP_CB_CONTINUE; + } if ( MEMBEROF_REVERSE( mo ) ) { for ( ml = op->orm_modlist; ml; ml = ml->sml_next ) { @@ -1280,7 +1365,7 @@ memberof_res_modify( Operation *op, SlapReply *rs ) case LDAP_MOD_DELETE: if ( vals != NULL ) { for ( i = 0; !BER_BVISNULL( &vals[ i ] ); i++ ) { - memberof_value_modify( op, rs, + memberof_value_modify( op, &vals[ i ], mo->mo_ad_member, &op->o_req_dn, &op->o_req_ndn, NULL, NULL ); @@ -1297,7 +1382,7 @@ memberof_res_modify( Operation *op, SlapReply *rs ) op->o_bd->bd_info = (BackendInfo *)on; if ( rc == LDAP_SUCCESS ) { for ( i = 0; !BER_BVISNULL( &vals[ i ] ); i++ ) { - (void)memberof_value_modify( op, rs, + memberof_value_modify( op, &vals[ i ], mo->mo_ad_member, &op->o_req_dn, &op->o_req_ndn, NULL, NULL ); @@ -1305,7 +1390,7 @@ memberof_res_modify( Operation *op, SlapReply *rs ) ber_bvarray_free_x( vals, op->o_tmpmemctx ); } - if ( ml->sml_op == LDAP_MOD_DELETE ) { + if ( ml->sml_op == LDAP_MOD_DELETE || !mml->sml_values ) { break; } /* fall thru */ @@ -1314,7 +1399,7 @@ memberof_res_modify( Operation *op, SlapReply *rs ) assert( vals != NULL ); for ( i = 0; !BER_BVISNULL( &vals[ i ] ); i++ ) { - memberof_value_modify( op, rs, + memberof_value_modify( op, &vals[ i ], mo->mo_ad_member, NULL, NULL, &op->o_req_dn, &op->o_req_ndn ); @@ -1326,8 +1411,7 @@ memberof_res_modify( Operation *op, SlapReply *rs ) } } - if ( memberof_isGroupOrMember( op, &iswhat ) == LDAP_SUCCESS - && ( iswhat & MEMBEROF_IS_GROUP ) ) + if ( mci->what & MEMBEROF_IS_GROUP ) { for ( ml = op->orm_modlist; ml; ml = ml->sml_next ) { if ( ml->sml_desc != mo->mo_ad_member ) { @@ -1339,7 +1423,7 @@ memberof_res_modify( Operation *op, SlapReply *rs ) vals = ml->sml_nvalues; if ( vals != NULL ) { for ( i = 0; !BER_BVISNULL( &vals[ i ] ); i++ ) { - memberof_value_modify( op, rs, + memberof_value_modify( op, &vals[ i ], mo->mo_ad_memberof, &op->o_req_dn, &op->o_req_ndn, NULL, NULL ); @@ -1349,20 +1433,19 @@ memberof_res_modify( Operation *op, SlapReply *rs ) /* fall thru */ case LDAP_MOD_REPLACE: - vals = memberof_saved_member_get( op, &saved_member_vals ); + vals = mci->member; /* delete all ... */ if ( vals != NULL ) { for ( i = 0; !BER_BVISNULL( &vals[ i ] ); i++ ) { - (void)memberof_value_modify( op, rs, + memberof_value_modify( op, &vals[ i ], mo->mo_ad_memberof, &op->o_req_dn, &op->o_req_ndn, NULL, NULL ); } - ber_bvarray_free_x( vals, op->o_tmpmemctx ); } - if ( ml->sml_op == LDAP_MOD_DELETE ) { + if ( ml->sml_op == LDAP_MOD_DELETE || !ml->sml_values ) { break; } /* fall thru */ @@ -1371,7 +1454,7 @@ memberof_res_modify( Operation *op, SlapReply *rs ) assert( ml->sml_nvalues != NULL ); vals = ml->sml_nvalues; for ( i = 0; !BER_BVISNULL( &vals[ i ] ); i++ ) { - memberof_value_modify( op, rs, + memberof_value_modify( op, &vals[ i ], mo->mo_ad_memberof, NULL, NULL, &op->o_req_dn, &op->o_req_ndn ); @@ -1389,12 +1472,13 @@ memberof_res_modify( Operation *op, SlapReply *rs ) /* * response callback that adds/deletes member values when a group member - * is modified. + * is renamed. */ static int -memberof_res_rename( Operation *op, SlapReply *rs ) +memberof_res_modrdn( Operation *op, SlapReply *rs ) { - slap_overinst *on = (slap_overinst *)op->o_bd->bd_info; + memberof_cbinfo_t *mci = op->o_callback->sc_private; + slap_overinst *on = mci->on; memberof_t *mo = (memberof_t *)on->on_bi.bi_private; struct berval newPDN, newDN = BER_BVNULL, newPNDN, newNDN; @@ -1402,10 +1486,14 @@ memberof_res_rename( Operation *op, SlapReply *rs ) BerVarray vals; struct berval save_dn, save_ndn; - memberof_is_t iswhat = MEMBEROF_IS_GROUP; + if ( rs->sr_err != LDAP_SUCCESS ) { + return SLAP_CB_CONTINUE; + } + + mci->what = MEMBEROF_IS_GROUP; if ( MEMBEROF_REFINT( mo ) ) { - iswhat |= MEMBEROF_IS_MEMBER; + mci->what |= MEMBEROF_IS_MEMBER; } if ( op->orr_nnewSup ) { @@ -1422,11 +1510,11 @@ memberof_res_rename( Operation *op, SlapReply *rs ) op->o_req_dn = newNDN; op->o_req_ndn = newNDN; - rc = memberof_isGroupOrMember( op, &iswhat ); + rc = memberof_isGroupOrMember( op, mci ); op->o_req_dn = save_dn; op->o_req_ndn = save_ndn; - if ( rc != LDAP_SUCCESS || iswhat == MEMBEROF_IS_NONE ) { + if ( rc != LDAP_SUCCESS || mci->what == MEMBEROF_IS_NONE ) { goto done; } @@ -1439,7 +1527,7 @@ memberof_res_rename( Operation *op, SlapReply *rs ) build_new_dn( &newDN, &newPDN, &op->orr_newrdn, op->o_tmpmemctx ); - if ( iswhat & MEMBEROF_IS_GROUP ) { + if ( mci->what & MEMBEROF_IS_GROUP ) { op->o_bd->bd_info = (BackendInfo *)on->on_info; rc = backend_attribute( op, NULL, &newNDN, mo->mo_ad_member, &vals, ACL_READ ); @@ -1447,7 +1535,7 @@ memberof_res_rename( Operation *op, SlapReply *rs ) if ( rc == LDAP_SUCCESS ) { for ( i = 0; !BER_BVISNULL( &vals[ i ] ); i++ ) { - (void)memberof_value_modify( op, rs, + memberof_value_modify( op, &vals[ i ], mo->mo_ad_memberof, &op->o_req_dn, &op->o_req_ndn, &newDN, &newNDN ); @@ -1456,7 +1544,7 @@ memberof_res_rename( Operation *op, SlapReply *rs ) } } - if ( MEMBEROF_REFINT( mo ) && ( iswhat & MEMBEROF_IS_MEMBER ) ) { + if ( MEMBEROF_REFINT( mo ) && ( mci->what & MEMBEROF_IS_MEMBER ) ) { op->o_bd->bd_info = (BackendInfo *)on->on_info; rc = backend_attribute( op, NULL, &newNDN, mo->mo_ad_memberof, &vals, ACL_READ ); @@ -1464,7 +1552,7 @@ memberof_res_rename( Operation *op, SlapReply *rs ) if ( rc == LDAP_SUCCESS ) { for ( i = 0; !BER_BVISNULL( &vals[ i ] ); i++ ) { - (void)memberof_value_modify( op, rs, + memberof_value_modify( op, &vals[ i ], mo->mo_ad_member, &op->o_req_dn, &op->o_req_ndn, &newDN, &newNDN ); @@ -1482,30 +1570,6 @@ done:; return SLAP_CB_CONTINUE; } -static int -memberof_response( Operation *op, SlapReply *rs ) -{ - if ( rs->sr_err != LDAP_SUCCESS ) { - return SLAP_CB_CONTINUE; - } - - switch ( op->o_tag ) { - case LDAP_REQ_ADD: - return memberof_res_add( op, rs ); - - case LDAP_REQ_DELETE: - return memberof_res_delete( op, rs ); - - case LDAP_REQ_MODIFY: - return memberof_res_modify( op, rs ); - - case LDAP_REQ_MODDN: - return memberof_res_rename( op, rs ); - - default: - return SLAP_CB_CONTINUE; - } -} static int memberof_db_init( @@ -2051,8 +2115,7 @@ memberof_initialize( void ) memberof.on_bi.bi_op_add = memberof_op_add; memberof.on_bi.bi_op_delete = memberof_op_delete; memberof.on_bi.bi_op_modify = memberof_op_modify; - - memberof.on_response = memberof_response; + memberof.on_bi.bi_op_modrdn = memberof_op_modrdn; memberof.on_bi.bi_cf_ocs = mo_ocs;