SRCS = init.c tools.c config.c \
add.c bind.c compare.c delete.c modify.c modrdn.c search.c \
- extended.c passwd.c referral.c \
+ extended.c passwd.c referral.c attribute.c group.c \
attr.c index.c key.c dbcache.c filterindex.c \
dn2entry.c dn2id.c error.c id2entry.c idl.c nextid.c
OBJS = init.lo tools.lo config.lo \
add.lo bind.lo compare.lo delete.lo modify.lo modrdn.lo search.lo \
- extended.lo passwd.lo referral.lo \
+ extended.lo passwd.lo referral.lo attribute.lo group.lo \
attr.lo index.lo key.lo dbcache.lo filterindex.lo \
dn2entry.lo dn2id.lo error.lo id2entry.lo idl.lo nextid.lo
--- /dev/null
+/* attribute.c - bdb backend acl attribute routine */
+/* $OpenLDAP$ */
+/*
+ * Copyright 1998-2000 The OpenLDAP Foundation, All Rights Reserved.
+ * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+
+#include <ac/socket.h>
+#include <ac/string.h>
+
+#include "slap.h"
+#include "back-bdb.h"
+#include "proto-bdb.h"
+
+
+/* return LDAP_SUCCESS IFF we can retrieve the attributes
+ * of entry with e_ndn
+ */
+int
+bdb_attribute(
+ Backend *be,
+ Connection *conn,
+ Operation *op,
+ Entry *target,
+ const char *e_ndn,
+ AttributeDescription *entry_at,
+ struct berval ***vals )
+{
+ struct bdbinfo *li = (struct bdbinfo *) be->be_private;
+ Entry *e;
+ int i, j, rc;
+ Attribute *attr;
+ struct berval **v;
+ const char *entry_at_name = entry_at->ad_cname.bv_val;
+
+#ifdef NEW_LOGGING
+ LDAP_LOG(( "backend", LDAP_LEVEL_ARGS,
+ "bdb_attribute: gr dn: \"%s\"\n", e_ndn ));
+ LDAP_LOG(( "backend", LDAP_LEVEL_ARGS,
+ "bdb_attribute: at: \"%s\"\n", entry_at_name));
+ LDAP_LOG(( "backend", LDAP_LEVEL_ARGS,
+ "bdb_attribute: tr dn: \"%s\"\n",
+ target ? target->e_ndn : "" ));
+#else
+ Debug( LDAP_DEBUG_ARGS,
+ "=> bdb_attribute: gr dn: \"%s\"\n",
+ e_ndn, 0, 0 );
+ Debug( LDAP_DEBUG_ARGS,
+ "=> bdb_attribute: at: \"%s\"\n",
+ entry_at_name, 0, 0 );
+
+ Debug( LDAP_DEBUG_ARGS,
+ "=> bdb_attribute: tr dn: \"%s\"\n",
+ target ? target->e_ndn : "", 0, 0 );
+#endif
+
+ if (target != NULL && strcmp(target->e_ndn, e_ndn) == 0) {
+ /* we already have a LOCKED copy of the entry */
+ e = target;
+#ifdef NEW_LOGGING
+ LDAP_LOG(( "backend", LDAP_LEVEL_DETAIL1,
+ "bdb_attribute: target is LOCKED (%s)\n",
+ e_ndn ));
+#else
+ Debug( LDAP_DEBUG_ARGS,
+ "=> bdb_attribute: target is entry: \"%s\"\n",
+ e_ndn, 0, 0 );
+#endif
+
+
+ } else {
+ /* can we find entry */
+ rc = bdb_dn2entry( be, NULL, e_ndn, &e, NULL, 0 );
+ switch( rc ) {
+ case DB_NOTFOUND:
+ case 0:
+ break;
+ default:
+ return LDAP_OTHER;
+ }
+ if (e == NULL) {
+#ifdef NEW_LOGGING
+ LDAP_LOG(( "backend", LDAP_LEVEL_INFO,
+ "bdb_attribute: cannot find entry (%s)\n",
+ e_ndn ));
+#else
+ Debug( LDAP_DEBUG_ACL,
+ "=> bdb_attribute: cannot find entry: \"%s\"\n",
+ e_ndn, 0, 0 );
+#endif
+ return LDAP_NO_SUCH_OBJECT;
+ }
+
+#ifdef NEW_LOGGING
+ LDAP_LOG(( "backend", LDAP_LEVEL_DETAIL1,
+ "bdb_attribute: found entry (%s)\n", e_ndn ));
+#else
+ Debug( LDAP_DEBUG_ACL,
+ "=> bdb_attribute: found entry: \"%s\"\n",
+ e_ndn, 0, 0 );
+#endif
+
+ }
+
+ /* find attribute values */
+
+ if( is_entry_alias( e ) ) {
+#ifdef NEW_LOGGING
+ LDAP_LOG(( "backend", LDAP_LEVEL_INFO,
+ "bdb_attribute: entry (%s) is an alias\n", e->e_dn ));
+#else
+ Debug( LDAP_DEBUG_ACL,
+ "<= bdb_attribute: entry is an alias\n", 0, 0, 0 );
+#endif
+ rc = LDAP_ALIAS_PROBLEM;
+ goto return_results;
+ }
+
+ if( is_entry_referral( e ) ) {
+#ifdef NEW_LOGGING
+ LDAP_LOG(( "backend", LDAP_LEVEL_INFO,
+ "bdb_attribute: entry (%s) is a referral.\n", e->e_dn ));
+#else
+ Debug( LDAP_DEBUG_ACL,
+ "<= bdb_attribute: entry is a referral\n", 0, 0, 0 );
+#endif
+ rc = LDAP_REFERRAL;
+ goto return_results;
+ }
+
+ if (conn != NULL && op != NULL
+ && access_allowed(be, conn, op, e, slap_schema.si_ad_entry,
+ NULL, ACL_READ) == 0)
+ {
+ rc = LDAP_INSUFFICIENT_ACCESS;
+ goto return_results;
+ }
+
+ if ((attr = attr_find(e->e_attrs, entry_at)) == NULL) {
+#ifdef NEW_LOGGING
+ LDAP_LOG(( "backend", LDAP_LEVEL_INFO,
+ "bdb_attribute: failed to find %s.\n", entry_at_name ));
+#else
+ Debug( LDAP_DEBUG_ACL,
+ "<= bdb_attribute: failed to find %s\n",
+ entry_at_name, 0, 0 );
+#endif
+ rc = LDAP_NO_SUCH_ATTRIBUTE;
+ goto return_results;
+ }
+
+ if (conn != NULL && op != NULL
+ && access_allowed(be, conn, op, e, entry_at, NULL, ACL_READ) == 0)
+ {
+ rc = LDAP_INSUFFICIENT_ACCESS;
+ goto return_results;
+ }
+
+ for ( i = 0; attr->a_vals[i] != NULL; i++ ) {
+ /* count them */
+ }
+
+ v = (struct berval **) ch_malloc( sizeof(struct berval *) * (i+1) );
+
+ for ( i=0, j=0; attr->a_vals[i] != NULL; i++ ) {
+ if( conn != NULL
+ && op != NULL
+ && access_allowed(be, conn, op, e, entry_at,
+ attr->a_vals[i], ACL_READ) == 0)
+ {
+ continue;
+ }
+ v[j] = ber_bvdup( attr->a_vals[i] );
+
+ if( v[j] != NULL ) j++;
+ }
+
+ if( j == 0 ) {
+ ch_free( v );
+ *vals = NULL;
+ rc = LDAP_INSUFFICIENT_ACCESS;
+ } else {
+ v[j] = NULL;
+ *vals = v;
+ rc = LDAP_SUCCESS;
+ }
+
+return_results:
+ if( target != e ) {
+ /* free entry */
+ bdb_entry_return( be, e );
+ }
+
+#ifdef NEW_LOGGING
+ LDAP_LOG(( "backend", LDAP_LEVEL_ENTRY,
+ "bdb_attribute: rc=%d nvals=%d.\n",
+ rc, j ));
+#else
+ Debug( LDAP_DEBUG_TRACE,
+ "bdb_attribute: rc=%d nvals=%d\n",
+ rc, j, 0 );
+#endif
+ return(rc);
+}
--- /dev/null
+/* group.c - bdb backend acl group routine */
+/* $OpenLDAP$ */
+/*
+ * Copyright 1998-2000 The OpenLDAP Foundation, All Rights Reserved.
+ * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+
+#include <ac/socket.h>
+#include <ac/string.h>
+
+#include "slap.h"
+#include "back-bdb.h"
+#include "proto-bdb.h"
+
+
+/* return 0 IFF op_dn is a value in member attribute
+ * of entry with gr_dn AND that entry has an objectClass
+ * value of groupOfNames
+ */
+int
+bdb_group(
+ Backend *be,
+ Connection *conn,
+ Operation *op,
+ Entry *target,
+ const char *gr_ndn,
+ const char *op_ndn,
+ ObjectClass *group_oc,
+ AttributeDescription *group_at
+)
+{
+ struct bdbinfo *li = (struct bdbinfo *) be->be_private;
+ Entry *e;
+ int rc = 1;
+ Attribute *attr;
+ struct berval bv;
+
+ AttributeDescription *ad_objectClass = slap_schema.si_ad_objectClass;
+ const char *group_oc_name = NULL;
+ const char *group_at_name = group_at->ad_cname.bv_val;
+
+ if( group_oc->soc_names && group_oc->soc_names[0] ) {
+ group_oc_name = group_oc->soc_names[0];
+ } else {
+ group_oc_name = group_oc->soc_oid;
+ }
+
+#ifdef NEW_LOGGING
+ LDAP_LOG(( "backend", LDAP_LEVEL_ENTRY,
+ "bdb_group: check (%s) member of (%s), oc %s\n",
+ op_ndn, gr_ndn, group_oc_name ));
+#else
+ Debug( LDAP_DEBUG_ARGS,
+ "=> bdb_group: gr dn: \"%s\"\n",
+ gr_ndn, 0, 0 );
+
+ Debug( LDAP_DEBUG_ARGS,
+ "=> bdb_group: op dn: \"%s\"\n",
+ op_ndn, 0, 0 );
+ Debug( LDAP_DEBUG_ARGS,
+ "=> bdb_group: oc: \"%s\" at: \"%s\"\n",
+ group_oc_name, group_at_name, 0 );
+
+ Debug( LDAP_DEBUG_ARGS,
+ "=> bdb_group: tr dn: \"%s\"\n",
+ target->e_ndn, 0, 0 );
+#endif
+
+ if (strcmp(target->e_ndn, gr_ndn) == 0) {
+ /* we already have a LOCKED copy of the entry */
+ e = target;
+#ifdef NEW_LOGGING
+ LDAP_LOG(( "backend", LDAP_LEVEL_DETAIL1,
+ "bdb_group: target is group (%s)\n", gr_ndn ));
+#else
+ Debug( LDAP_DEBUG_ARGS,
+ "=> bdb_group: target is group: \"%s\"\n",
+ gr_ndn, 0, 0 );
+#endif
+ } else {
+ /* can we find group entry */
+ rc = bdb_dn2entry( be, NULL, gr_ndn, &e, NULL, 0 );
+ if( rc ) {
+ return( 1 );
+ }
+ if (e == NULL) {
+#ifdef NEW_LOGGING
+ LDAP_LOG(( "backend", LDAP_LEVEL_DETAIL1,
+ "bdb_group: cannot find group (%s)\n",
+ gr_ndn ));
+#else
+ Debug( LDAP_DEBUG_ACL,
+ "=> bdb_group: cannot find group: \"%s\"\n",
+ gr_ndn, 0, 0 );
+#endif
+ return( 1 );
+ }
+#ifdef NEW_LOGGING
+ LDAP_LOG(( "backend", LDAP_LEVEL_DETAIL1,
+ "bdb_group: found group (%s)\n", gr_ndn ));
+#else
+ Debug( LDAP_DEBUG_ACL,
+ "=> bdb_group: found group: \"%s\"\n",
+ gr_ndn, 0, 0 );
+#endif
+ }
+
+ /* find it's objectClass and member attribute values
+ * make sure this is a group entry
+ * finally test if we can find op_dn in the member attribute value list
+ */
+
+ rc = 1;
+
+
+ if( is_entry_alias( e ) ) {
+#ifdef NEW_LOGGING
+ LDAP_LOG(( "backend", LDAP_LEVEL_INFO,
+ "bdb_group: group (%s) is an alias\n", gr_ndn ));
+#else
+ Debug( LDAP_DEBUG_ACL,
+ "<= bdb_group: group is an alias\n", 0, 0, 0 );
+#endif
+ goto return_results;
+ }
+
+ if( is_entry_referral( e ) ) {
+#ifdef NEW_LOGGING
+ LDAP_LOG(( "backend", LDAP_LEVEL_INFO,
+ "bdb_group: group (%s) is a referral.\n", gr_ndn ));
+#else
+ Debug( LDAP_DEBUG_ACL,
+ "<= bdb_group: group is a referral\n", 0, 0, 0 );
+#endif
+ goto return_results;
+ }
+
+ if( !is_entry_objectclass( e, group_oc ) ) {
+#ifdef NEW_LOGGING
+ LDAP_LOG(( "backend", LDAP_LEVEL_ERR,
+ "bdb_group: failed to find %s in objectClass.\n",
+ group_oc_name ));
+#else
+ Debug( LDAP_DEBUG_ACL,
+ "<= bdb_group: failed to find %s in objectClass\n",
+ group_oc_name, 0, 0 );
+#endif
+ goto return_results;
+ }
+
+ if ((attr = attr_find(e->e_attrs, group_at)) == NULL) {
+#ifdef NEW_LOGGING
+ LDAP_LOG(( "backend", LDAP_LEVEL_INFO,
+ "bdb_group: failed to find %s\n", group_at_name ));
+#else
+ Debug( LDAP_DEBUG_ACL,
+ "<= bdb_group: failed to find %s\n",
+ group_at_name, 0, 0 );
+#endif
+ goto return_results;
+ }
+
+#ifdef NEW_LOGGING
+ LDAP_LOG(( "backend", LDAP_LEVEL_ENTRY,
+ "bdb_group: found objectClass %s and %s\n",
+ group_oc_name, group_at_name ));
+#else
+ Debug( LDAP_DEBUG_ACL,
+ "<= bdb_group: found objectClass %s and %s\n",
+ group_oc_name, group_at_name, 0 );
+#endif
+
+ bv.bv_val = (char *) op_ndn;
+ bv.bv_len = strlen( op_ndn );
+
+ if( value_find( group_at, attr->a_vals, &bv ) != LDAP_SUCCESS ) {
+#ifdef NEW_LOGGING
+ LDAP_LOG(( "backend", LDAP_LEVEL_DETAIL1,
+ "bdb_group: \"%s\" not in \"%s\": %s\n",
+ op_ndn, gr_ndn, group_at_name ));
+#else
+ Debug( LDAP_DEBUG_ACL,
+ "<= bdb_group: \"%s\" not in \"%s\": %s\n",
+ op_ndn, gr_ndn, group_at_name );
+#endif
+ goto return_results;
+ }
+
+#ifdef NEW_LOGGING
+ LDAP_LOG(( "backend", LDAP_LEVEL_DETAIL1,
+ "bdb_group: %s is in %s: %s\n",
+ op_ndn, gr_ndn, group_at_name ));
+#else
+ Debug( LDAP_DEBUG_ACL,
+ "<= bdb_group: \"%s\" is in \"%s\": %s\n",
+ op_ndn, gr_ndn, group_at_name );
+#endif
+
+ rc = 0;
+
+return_results:
+ if( target != e ) {
+ /* free entry */
+ bdb_entry_return( be, e );
+ }
+
+#ifdef NEW_LOGGING
+ LDAP_LOG(( "backend", LDAP_LEVEL_ENTRY,
+ "bdb_group: rc=%d\n", rc ));
+#else
+ Debug( LDAP_DEBUG_TRACE, "bdb_group: rc=%d\n", rc, 0, 0 );
+#endif
+
+ return(rc);
+}
+
bi->bi_op_abandon = bdb_abandon;
bi->bi_extended = bdb_extended;
-
+#endif
bi->bi_acl_group = bdb_group;
bi->bi_acl_attribute = bdb_attribute;
-#endif
bi->bi_chk_referrals = bdb_referrals;
bi->bi_entry_release_rw = 0;
void bdb_attr_index_destroy LDAP_P(( Avlnode *tree ));
+/*
+ * attribute.c
+ */
+
+int
+bdb_attribute LDAP_P(( Backend *be, Connection *conn, Operation *op,
+ Entry *target, const char *e_ndn, AttributeDescription *entry_at,
+ struct berval ***vals ));
+
/*
* dbcache.c
*/
Filter *f,
ID *ids );
+/*
+ * group.c
+ */
+
+int bdb_group(
+ Backend *be,
+ Connection *conn,
+ Operation *op,
+ Entry *target,
+ const char *gr_ndn,
+ const char *op_ndn,
+ ObjectClass *group_oc,
+ AttributeDescription *group_at);
+
/*
* id2entry
*/
projects / openldap / commitdiff