SLAPI updates (blind commit)

diff --git a/CHANGES b/CHANGES
index 704113dc554826bfa277ce646c27f1222047359e..be496be0702970faf0a3ffacd00f1991e432225d 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -22,6 +22,7 @@ OpenLDAP 2.2.16 Engineering
        Fixed back-monitor syncrepl bug (ITS#3265)
        Fixed slurpd replog error message bug (ITS#3275)
        Added slapd syncrepl exattrs (ITS#3289)
+       Updated slapd SLAPI
        Updated LDAP C++ library
        Documentation
                Updated provided RFCs and I-Ds

diff --git a/include/slapi-plugin.h b/include/slapi-plugin.h
index d21c5471c66f6cf4b6858913833fbc93444dd6be..e68e123adbd46a2a7e6e7aee29178e417d065b81 100644 (file)
--- a/include/slapi-plugin.h
+++ b/include/slapi-plugin.h
@@ -143,6 +143,7 @@ int slapi_valueset_next_value( Slapi_ValueSet *vs, int index, Slapi_Value **v);
 int slapi_valueset_count( const Slapi_ValueSet *vs);
 void slapi_valueset_set_valueset(Slapi_ValueSet *vs1, const Slapi_ValueSet *vs2);
 
+/* locks and synchronization */
 typedef struct slapi_mutex     Slapi_Mutex;
 typedef struct slapi_condvar   Slapi_CondVar;
 Slapi_Mutex *slapi_new_mutex( void );
@@ -154,6 +155,10 @@ void slapi_destroy_condvar( Slapi_CondVar *cvar );
 int slapi_wait_condvar( Slapi_CondVar *cvar, struct timeval *timeout );
 int slapi_notify_condvar( Slapi_CondVar *cvar, int notify_all );
 
+/* thread-safe LDAP connections */
+LDAP *slapi_ldap_init( char *ldaphost, int ldapport, int secure, int shared );
+void slapi_ldap_unbind( LDAP *ld );
+
 char *slapi_ch_malloc( unsigned long size );
 void slapi_ch_free( void **ptr );
 void slapi_ch_free_string( char **ptr );
@@ -499,12 +504,21 @@ void slapi_set_object_extension(int objecttype, void *object,
 #define SLAPI_RESULT_TEXT                       882
 #define SLAPI_RESULT_MATCHED                    883
 
+/* managedsait control */
+#define SLAPI_MANAGEDSAIT                      1000
+
 /* audit plugin defines */
 #define SLAPI_PLUGIN_AUDIT_DATA                1100
 #define SLAPI_PLUGIN_AUDIT_FN                  1101
 
-/* managedsait control */
-#define SLAPI_MANAGEDSAIT                      1000
+/* backend_group extension */
+#define SLAPI_X_PLUGIN_PRE_GROUP_FN            1202 
+#define SLAPI_X_PLUGIN_POST_GROUP_FN           1203
+
+#define SLAPI_X_GROUP_ENTRY                    1250 /* group entry */
+#define SLAPI_X_GROUP_ATTRIBUTE                        1251 /* member attribute */
+#define SLAPI_X_GROUP_OPERATION_DN             1252 /* asserted value */
+#define SLAPI_X_GROUP_TARGET_ENTRY             1253 /* target entry */
 
 /* config stuff */
 #define SLAPI_CONFIG_FILENAME                  40

diff --git a/servers/slapd/backend.c b/servers/slapd/backend.c
index 6369dffc33210c354ccfd7c650c61dcb2dee1600..823436a33a24a71f3c83421ed9421bbee3b9572c 100644 (file)
--- a/servers/slapd/backend.c
+++ b/servers/slapd/backend.c
@@ -41,7 +41,12 @@
 
 #ifdef LDAP_SLAPI
 #include "slapi/slapi.h"
-#endif
+
+static void init_group_pblock( Operation *op, Entry *target,
+       Entry *e, struct berval *op_ndn, AttributeDescription *group_at );
+static int call_group_preop_plugins( Operation *op );
+static void call_group_postop_plugins( Operation *op );
+#endif /* LDAP_SLAPI */
 
 /*
  * If a module is configured as dynamic, its header should not
@@ -1298,6 +1303,17 @@ backend_group(
                rc = be_entry_get_rw(op, gr_ndn, group_oc, group_at, 0, &e );
        }
        if ( e ) {
+#ifdef LDAP_SLAPI
+               if ( op->o_pb != NULL ) {
+                       init_group_pblock( op, target, e, op_ndn, group_at );
+
+                       rc = call_group_preop_plugins( op );
+                       if ( rc == LDAP_SUCCESS ) {
+                               goto done;
+                       }
+               }
+#endif /* LDAP_SLAPI */
+
                a = attr_find( e->e_attrs, group_at );
                if ( a ) {
                        /* If the attribute is a subtype of labeledURI, treat this as
@@ -1399,6 +1415,10 @@ loopit:
                rc = LDAP_NO_SUCH_OBJECT;
        }
 
+#ifdef LDAP_SLAPI
+       if ( op->o_pb ) call_group_postop_plugins( op );
+#endif /* LDAP_SLAPI */
+
        if ( op->o_tag != LDAP_REQ_BIND && !op->o_do_not_cache ) {
                g = op->o_tmpalloc(sizeof(GroupAssertion) + gr_ndn->bv_len,
                        op->o_tmpmemctx);
@@ -1416,6 +1436,57 @@ done:
        return rc;
 }
 
+#ifdef LDAP_SLAPI
+static int backend_compute_output_attr(computed_attr_context *c, Slapi_Attr *a, Slapi_Entry *e)
+{
+       BerVarray v;
+       int rc;
+       BerVarray *vals = (BerVarray *)c->cac_private;
+       Operation *op = NULL;
+       int i, j;
+
+       slapi_pblock_get( c->cac_pb, SLAPI_OPERATION, &op );
+       if ( op == NULL ) {
+               return 1;
+       }
+
+       if ( op->o_conn && access_allowed( op,
+               e, a->a_desc, NULL, ACL_AUTH,
+               &c->cac_acl_state ) == 0 ) {
+               return 1;
+       }
+
+       for ( i=0; a->a_vals[i].bv_val; i++ ) ;
+                       
+       v = op->o_tmpalloc( sizeof(struct berval) * (i+1),
+               op->o_tmpmemctx );
+       for ( i=0,j=0; a->a_vals[i].bv_val; i++ ) {
+               if ( op->o_conn && access_allowed( op,
+                       e, a->a_desc,
+                       &a->a_nvals[i],
+                       ACL_AUTH, &c->cac_acl_state ) == 0 ) {
+                       continue;
+               }
+               ber_dupbv_x( &v[j],
+                       &a->a_nvals[i], op->o_tmpmemctx );
+               if (v[j].bv_val ) j++;
+       }
+
+       if (j == 0) {
+               op->o_tmpfree( v, op->o_tmpmemctx );
+               *vals = NULL;
+               rc = 1;
+       } else {
+               v[j].bv_val = NULL;
+               v[j].bv_len = 0;
+               *vals = v;
+               rc = 0;
+       }
+
+       return rc;
+}
+#endif /* LDAP_SLAPI */
+
 int 
 backend_attribute(
        Operation *op,
@@ -1477,6 +1548,27 @@ backend_attribute(
                                rc = LDAP_SUCCESS;
                        }
                }
+#ifdef LDAP_SLAPI
+               else if ( op->o_pb ) {
+                       /* try any computed attributes */
+                       computed_attr_context ctx;
+                       AttributeName aname;
+
+                       slapi_int_pblock_set_operation( op->o_pb, op );
+
+                       ctx.cac_pb = op->o_pb;
+                       ctx.cac_attrs = NULL;
+                       ctx.cac_userattrs = 0;
+                       ctx.cac_opattrs = 0;
+                       ctx.cac_acl_state = acl_state;
+                       ctx.cac_private = (void *)vals;
+
+                       if ( compute_evaluator( &ctx, entry_at->ad_cname.bv_val, e, backend_compute_output_attr ) == 1)
+                               rc = LDAP_INSUFFICIENT_ACCESS;
+                       else
+                               rc = LDAP_SUCCESS;
+               }
+#endif /* LDAP_SLAPI */
 freeit:                if (e != target ) {
                        be_entry_release_r( op, e );
                }
@@ -1513,3 +1605,38 @@ Attribute *backend_operational(
        return a;
 }
 
+#ifdef LDAP_SLAPI
+static void init_group_pblock( Operation *op, Entry *target,
+       Entry *e, struct berval *op_ndn, AttributeDescription *group_at )
+{
+       slapi_int_pblock_set_operation( op->o_pb, op );
+       slapi_pblock_set( op->o_pb, SLAPI_X_GROUP_ENTRY, (void *)e );
+       slapi_pblock_set( op->o_pb, SLAPI_X_GROUP_OPERATION_DN, (void *)op_ndn->bv_val );
+       slapi_pblock_set( op->o_pb, SLAPI_X_GROUP_ATTRIBUTE, (void *)group_at->ad_cname.bv_val );
+       slapi_pblock_set( op->o_pb, SLAPI_X_GROUP_TARGET_ENTRY, (void *)target );
+}
+
+static int call_group_preop_plugins( Operation *op )
+{
+       int rc;
+
+       rc = slapi_int_call_plugins( op->o_bd, SLAPI_X_PLUGIN_PRE_GROUP_FN, op->o_pb );
+       if ( rc < 0 ) {
+               if (( slapi_pblock_get( op->o_pb, SLAPI_RESULT_CODE,
+                       (void *)&rc ) != 0 ) || rc == LDAP_SUCCESS )
+               {
+                       rc = LDAP_NO_SUCH_ATTRIBUTE;
+               }
+       } else {
+               rc = LDAP_SUCCESS;
+       }
+
+       return rc;
+}
+
+static void call_group_postop_plugins( Operation *op )
+{
+       (void) slapi_int_call_plugins( op->o_bd, SLAPI_X_PLUGIN_POST_GROUP_FN, op->o_pb );
+}
+#endif /* LDAP_SLAPI */
+

diff --git a/servers/slapd/slapi/slapi.h b/servers/slapd/slapi/slapi.h
index 33db0b1f66e4ec830b3a15ef2dc452bc777ee6a9..08f0ce932cf362a0da64be519a344de7e18a4567 100644 (file)
--- a/servers/slapd/slapi/slapi.h
+++ b/servers/slapd/slapi/slapi.h
@@ -430,6 +430,15 @@ extern Backend * slapi_cl_get_be(char *dn);
 #define SLAPI_PLUGIN_COMPUTE_EVALUATOR_FN      1200
 #define SLAPI_PLUGIN_COMPUTE_SEARCH_REWRITER_FN        1201
 
+#define SLAPI_X_PLUGIN_PRE_GROUP_FN            1202 
+#define SLAPI_X_PLUGIN_POST_GROUP_FN           1203
+
+/* backend_group extension */
+#define SLAPI_X_GROUP_ENTRY                    1250            /* e */
+#define SLAPI_X_GROUP_ATTRIBUTE                        1251            /* group_at */
+#define SLAPI_X_GROUP_OPERATION_DN             1252            /* op_ndn */
+#define SLAPI_X_GROUP_TARGET_ENTRY             1253            /* target */
+
 #define SLAPI_MANAGEDSAIT                      1000
 
 #define SLAPI_CONFIG_FILENAME                  40

diff --git a/servers/slapd/slapi/slapi_ops.c b/servers/slapd/slapi/slapi_ops.c
index 3bf62449c4c010f9fedcbb03c744f9bb3d42f16c..f3e6ecb4be41bee84682187839631b966342e594 100644 (file)
--- a/servers/slapd/slapi/slapi_ops.c
+++ b/servers/slapd/slapi/slapi_ops.c
@@ -124,7 +124,7 @@ slapi_int_init_connection(
        char *DN, 
        int OpType ) 
 { 
-       Connection *pConn, *c;
+       Connection *pConn;
        ber_len_t max = sockbuf_max_incoming;
 
        pConn = (Connection *) slapi_ch_calloc(1, sizeof(Connection));
@@ -149,79 +149,88 @@ slapi_int_init_connection(
                return (Connection *)NULL;
        }
 
-       c = pConn;
-
-       /* operation object */
-       c->c_pending_ops.stqh_first->o_tag = OpType;
-       c->c_pending_ops.stqh_first->o_protocol = LDAP_VERSION3; 
-       c->c_pending_ops.stqh_first->o_authmech.bv_val = NULL; 
-       c->c_pending_ops.stqh_first->o_authmech.bv_len = 0; 
-       c->c_pending_ops.stqh_first->o_time = slap_get_time();
-       c->c_pending_ops.stqh_first->o_do_not_cache = 1;
-       c->c_pending_ops.stqh_first->o_threadctx = ldap_pvt_thread_pool_context();
-       c->c_pending_ops.stqh_first->o_tmpmemctx = NULL;
-       c->c_pending_ops.stqh_first->o_tmpmfuncs = &ch_mfuncs;
-       c->c_pending_ops.stqh_first->o_conn = c;
-
        /* connection object */
-       c->c_authmech.bv_val = NULL;
-       c->c_authmech.bv_len = 0;
-       c->c_dn.bv_val = NULL;
-       c->c_dn.bv_len = 0;
-       c->c_ndn.bv_val = NULL;
-       c->c_ndn.bv_len = 0;
+       pConn->c_authmech.bv_val = NULL;
+       pConn->c_authmech.bv_len = 0;
+       pConn->c_dn.bv_val = NULL;
+       pConn->c_dn.bv_len = 0;
+       pConn->c_ndn.bv_val = NULL;
+       pConn->c_ndn.bv_len = 0;
 
-       c->c_listener = &slap_unknown_listener;
-       ber_dupbv( &c->c_peer_domain, (struct berval *)&slap_unknown_bv );
-       ber_dupbv( &c->c_peer_name, (struct berval *)&slap_unknown_bv );
+       pConn->c_listener = &slap_unknown_listener;
+       ber_dupbv( &pConn->c_peer_domain, (struct berval *)&slap_unknown_bv );
+       ber_dupbv( &pConn->c_peer_name, (struct berval *)&slap_unknown_bv );
 
-       LDAP_STAILQ_INIT( &c->c_ops );
+       LDAP_STAILQ_INIT( &pConn->c_ops );
 
-       c->c_sasl_bind_mech.bv_val = NULL;
-       c->c_sasl_bind_mech.bv_len = 0;
-       c->c_sasl_authctx = NULL;
-       c->c_sasl_sockctx = NULL;
-       c->c_sasl_extra = NULL;
+       pConn->c_sasl_bind_mech.bv_val = NULL;
+       pConn->c_sasl_bind_mech.bv_len = 0;
+       pConn->c_sasl_authctx = NULL;
+       pConn->c_sasl_sockctx = NULL;
+       pConn->c_sasl_extra = NULL;
 
-       c->c_sb = ber_sockbuf_alloc( );
+       pConn->c_sb = ber_sockbuf_alloc( );
 
-       ber_sockbuf_ctrl( c->c_sb, LBER_SB_OPT_SET_MAX_INCOMING, &max );
+       ber_sockbuf_ctrl( pConn->c_sb, LBER_SB_OPT_SET_MAX_INCOMING, &max );
 
-       c->c_currentber = NULL;
+       pConn->c_currentber = NULL;
 
        /* should check status of thread calls */
-       ldap_pvt_thread_mutex_init( &c->c_mutex );
-       ldap_pvt_thread_mutex_init( &c->c_write_mutex );
-       ldap_pvt_thread_cond_init( &c->c_write_cv );
+       ldap_pvt_thread_mutex_init( &pConn->c_mutex );
+       ldap_pvt_thread_mutex_init( &pConn->c_write_mutex );
+       ldap_pvt_thread_cond_init( &pConn->c_write_cv );
+
+       ldap_pvt_thread_mutex_lock( &pConn->c_mutex );
 
-       c->c_n_ops_received = 0;
-       c->c_n_ops_executing = 0;
-       c->c_n_ops_pending = 0;
-       c->c_n_ops_completed = 0;
+       pConn->c_n_ops_received = 0;
+       pConn->c_n_ops_executing = 0;
+       pConn->c_n_ops_pending = 0;
+       pConn->c_n_ops_completed = 0;
 
-       c->c_n_get = 0;
-       c->c_n_read = 0;
-       c->c_n_write = 0;
+       pConn->c_n_get = 0;
+       pConn->c_n_read = 0;
+       pConn->c_n_write = 0;
 
-       c->c_protocol = LDAP_VERSION3; 
+       pConn->c_protocol = LDAP_VERSION3; 
 
-       c->c_activitytime = c->c_starttime = slap_get_time();
+       pConn->c_activitytime = pConn->c_starttime = slap_get_time();
 
-       c->c_connid = 0;
+       /*
+        * A real connection ID is required, because syncrepl associates
+        * pending CSNs with unique ( connection, operation ) tuples.
+        * Setting a fake connection ID will cause slap_get_commit_csn()
+        * to return a stale value.
+        */
+       connection_assign_nextid( pConn );
 
-       c->c_conn_state  = 0x01;        /* SLAP_C_ACTIVE */
-       c->c_struct_state = 0x02;       /* SLAP_C_USED */
+       pConn->c_conn_state  = 0x01;    /* SLAP_C_ACTIVE */
+       pConn->c_struct_state = 0x02;   /* SLAP_C_USED */
 
-       c->c_ssf = c->c_transport_ssf = 0;
-       c->c_tls_ssf = 0;
+       pConn->c_ssf = pConn->c_transport_ssf = 0;
+       pConn->c_tls_ssf = 0;
 
-       backend_connection_init( c );
+       backend_connection_init( pConn );
 
        pConn->c_send_ldap_result = internal_result_v3;
        pConn->c_send_search_entry = internal_search_entry;
        pConn->c_send_ldap_extended = internal_result_ext;
        pConn->c_send_search_reference = internal_search_reference;
 
+       /* operation object */
+       pConn->c_pending_ops.stqh_first->o_tag = OpType;
+       pConn->c_pending_ops.stqh_first->o_protocol = LDAP_VERSION3; 
+       pConn->c_pending_ops.stqh_first->o_authmech.bv_val = NULL; 
+       pConn->c_pending_ops.stqh_first->o_authmech.bv_len = 0; 
+       pConn->c_pending_ops.stqh_first->o_time = slap_get_time();
+       pConn->c_pending_ops.stqh_first->o_do_not_cache = 1;
+       pConn->c_pending_ops.stqh_first->o_threadctx = ldap_pvt_thread_pool_context();
+       pConn->c_pending_ops.stqh_first->o_tmpmemctx = NULL;
+       pConn->c_pending_ops.stqh_first->o_tmpmfuncs = &ch_mfuncs;
+       pConn->c_pending_ops.stqh_first->o_conn = pConn;
+       pConn->c_pending_ops.stqh_first->o_connid = pConn->c_connid;
+
+       ldap_pvt_thread_mutex_unlock( &pConn->c_mutex );
+
        return pConn;
 }
 
@@ -236,6 +245,8 @@ static void slapi_int_connection_destroy( Connection **pConn )
 
        op = (Operation *)conn->c_pending_ops.stqh_first;
 
+       slap_graduate_commit_csn( op );
+
        if ( op->o_req_dn.bv_val != NULL ) {
                slapi_ch_free( (void **)&op->o_req_dn.bv_val );
        }
@@ -271,7 +282,7 @@ values2obj_copy(
        }
 
        for ( i = 0; ppValue[i] != NULL; i++ )
-               ;
+               ; /* EMPTY */
 
        tmpberval = (BerVarray)slapi_ch_malloc( (i+1) * (sizeof(struct berval)) );
        if ( tmpberval == NULL ) {
@@ -297,19 +308,18 @@ bvptr2obj_copy(
        struct berval   **bvptr, 
        BerVarray       *bvobj )
 {
-       int             rc = LDAP_SUCCESS;
        int             i;
        BerVarray       tmpberval;
 
-       if ( bvptr == NULL || *bvptr == NULL ) {
-               return LDAP_OTHER;
+       if ( bvptr == NULL ) {
+               *bvobj = NULL;
+               return LDAP_SUCCESS;
        }
 
-       for ( i = 0; bvptr != NULL && bvptr[i] != NULL; i++ ) {
+       for ( i = 0; bvptr[i] != NULL; i++ )
                ; /* EMPTY */
-       }
 
-       tmpberval = (BerVarray)slapi_ch_malloc( (i + 1)*sizeof(struct berval));
+       tmpberval = (BerVarray)slapi_ch_malloc( (i + 1) * sizeof(struct berval));
        if ( tmpberval == NULL ) {
                return LDAP_NO_MEMORY;
        } 
@@ -319,14 +329,13 @@ bvptr2obj_copy(
                tmpberval[i].bv_len = bvptr[i]->bv_len;
                AC_MEMCPY( tmpberval[i].bv_val, bvptr[i]->bv_val, bvptr[i]->bv_len );
        }
+
        tmpberval[i].bv_val = NULL;
        tmpberval[i].bv_len = 0;
 
-       if ( rc == LDAP_SUCCESS ) {
-               *bvobj = tmpberval;
-       }
+       *bvobj = tmpberval;
 
-       return rc;
+       return LDAP_SUCCESS;
 }
 
 /*
@@ -339,6 +348,7 @@ bvptr2obj_copy(
 */
 static Entry *
 slapi_int_ldapmod_to_entry(
+       Connection *pConn,
        char *ldn, 
        LDAPMod **mods )
 {
@@ -357,13 +367,7 @@ slapi_int_ldapmod_to_entry(
 
        const char              *text = NULL;
 
-
-       op = (Operation *) slapi_ch_calloc(1, sizeof(Operation));
-       if ( op == NULL) {
-               rc = LDAP_NO_MEMORY;
-               goto cleanup;
-       }  
-       op->o_tag = LDAP_REQ_ADD;
+       op = (Operation *)pConn->c_pending_ops.stqh_first;
 
        pEntry = (Entry *) ch_calloc( 1, sizeof(Entry) );
        if ( pEntry == NULL) {
@@ -480,8 +484,6 @@ cleanup:
 
        if ( dn.bv_val )
                slapi_ch_free( (void **)&dn.bv_val );
-       if ( op )
-               slapi_ch_free( (void **)&op );
        if ( modlist != NULL )
                slap_mods_free( modlist );
        if ( rc != LDAP_SUCCESS ) {
@@ -514,7 +516,6 @@ slapi_delete_internal(
        Connection              *pConn = NULL;
        Operation               *op = NULL;
        Slapi_PBlock            *pPB = NULL;
-       Slapi_PBlock            *pSavePB = NULL;
        SlapReply               rs = { REP_RESULT };
        struct berval           dn = BER_BVNULL;
 
@@ -578,13 +579,10 @@ cleanup:
        if ( dn.bv_val ) {
                slapi_ch_free( (void **)&dn.bv_val );
        }
-       if ( pConn != NULL ) {
-               pSavePB = pPB;
-       }
 
        slapi_int_connection_destroy( &pConn );
 
-       return (pSavePB);
+       return pPB;
 #else
        return NULL;
 #endif /* LDAP_SLAPI */
@@ -593,13 +591,13 @@ cleanup:
 #ifdef LDAP_SLAPI
 static Slapi_PBlock * 
 slapi_int_add_entry_locked(
+       Connection *pConn,
        Slapi_Entry **e, 
        LDAPControl **controls, 
        int log_changes ) 
 {
-       Connection              *pConn = NULL;
        Operation               *op = NULL;
-       Slapi_PBlock            *pPB = NULL, *pSavePB = NULL;
+       Slapi_PBlock            *pPB = NULL;
 
        int                     manageDsaIt = 0;
        int                     isCritical;
@@ -609,12 +607,6 @@ slapi_int_add_entry_locked(
                rs.sr_err = LDAP_PARAM_ERROR;
                goto cleanup;
        }
-       
-       pConn = slapi_int_init_connection( NULL, LDAP_REQ_ADD );
-       if ( pConn == NULL ) {
-               rs.sr_err = LDAP_NO_MEMORY;
-               goto cleanup;
-       }
 
        if ( slapi_control_present( controls, LDAP_CONTROL_MANAGEDSAIT,
                                NULL, &isCritical ) ) {
@@ -652,18 +644,11 @@ slapi_int_add_entry_locked(
        }
 
 cleanup:
-
        if ( pPB != NULL ) {
                slapi_pblock_set( pPB, SLAPI_PLUGIN_INTOP_RESULT, (void *)rs.sr_err );
        }
 
-       if ( pConn != NULL ) {
-               pSavePB = pPB;
-       }
-
-       slapi_int_connection_destroy( &pConn );
-
-       return( pSavePB );
+       return( pPB );
 }
 #endif /* LDAP_SLAPI */
 
@@ -674,18 +659,27 @@ slapi_add_entry_internal(
        int log_changes ) 
 {
 #ifdef LDAP_SLAPI
-       Slapi_PBlock *pb;
-       Slapi_Entry *entry;
+       Slapi_PBlock            *pb = NULL;
+       Slapi_Entry             *entry = NULL;
+       Connection              *pConn = NULL;
+
+       pConn = slapi_int_init_connection( NULL, LDAP_REQ_ADD );
+       if ( pConn == NULL ) {
+               return NULL;
+       }
 
        /*
         * We make a copy to avoid an entry that may be freed later
         * by the caller being placed in the cache.
         */
        entry = slapi_entry_dup( e );
-       pb = slapi_int_add_entry_locked( &entry, controls, log_changes );
+       pb = slapi_int_add_entry_locked( pConn, &entry, controls, log_changes );
        if ( entry != NULL ) {
                slapi_entry_free( entry );
        }
+
+       slapi_int_connection_destroy( &pConn );
+
        return pb;
 #else
        return NULL;
@@ -701,6 +695,7 @@ slapi_add_internal(
 {
 #ifdef LDAP_SLAPI
        LDAPMod                 *pMod = NULL;
+       Connection              *pConn = NULL;
        Slapi_PBlock            *pb = NULL;
        Entry                   *pEntry = NULL;
        int                     i, rc = LDAP_SUCCESS;
@@ -719,9 +714,12 @@ slapi_add_internal(
        }
 
        if ( rc == LDAP_SUCCESS ) {
-               pEntry = slapi_int_ldapmod_to_entry( dn, mods );
-               if ( pEntry == NULL ) {
-                       rc = LDAP_OTHER;
+               pConn = slapi_int_init_connection( NULL, LDAP_REQ_ADD );
+               if ( pConn != NULL ) {
+                       pEntry = slapi_int_ldapmod_to_entry( pConn, dn, mods );
+                       if ( pEntry == NULL ) {
+                               rc = LDAP_OTHER;
+                       }
                }
        }
 
@@ -729,14 +727,16 @@ slapi_add_internal(
                pb = slapi_pblock_new();
                slapi_pblock_set( pb, SLAPI_PLUGIN_INTOP_RESULT, (void *)rc );
        } else {
-               pb = slapi_int_add_entry_locked( &pEntry, controls, log_changes );
+               pb = slapi_int_add_entry_locked( pConn, &pEntry, controls, log_changes );
        }
 
        if ( pEntry != NULL ) {
-               slapi_entry_free(pEntry);
+               slapi_entry_free( pEntry );
        }
 
-       return(pb);
+       slapi_int_connection_destroy( &pConn );
+
+       return pb;
 #else
        return NULL;
 #endif /* LDAP_SLAPI */
@@ -768,12 +768,11 @@ slapi_modrdn_internal(
        Connection              *pConn = NULL;
        Operation               *op = NULL;
        Slapi_PBlock            *pPB = NULL;
-       Slapi_PBlock            *pSavePB = NULL;
        int                     manageDsaIt = 0;
        int                     isCritical;
        SlapReply               rs = { REP_RESULT };
 
-       pConn = slapi_int_init_connection( NULL,  LDAP_REQ_MODRDN);
+       pConn = slapi_int_init_connection( NULL,  LDAP_REQ_MODRDN );
        if ( pConn == NULL) {
                rs.sr_err = LDAP_NO_MEMORY;
                goto cleanup;
@@ -857,13 +856,9 @@ cleanup:
        if ( op->oq_modrdn.rs_nnewrdn.bv_val )
                slapi_ch_free( (void **)&op->oq_modrdn.rs_nnewrdn.bv_val );
 
-       if ( pConn != NULL ) {
-               pSavePB = pPB;
-       }
-
        slapi_int_connection_destroy( &pConn );
 
-       return( pSavePB );
+       return pPB;
 #else
        return NULL;
 #endif /* LDAP_SLAPI */
@@ -891,7 +886,6 @@ slapi_modify_internal(
        Connection              *pConn = NULL;
        Operation               *op = NULL;
        Slapi_PBlock            *pPB = NULL;
-       Slapi_PBlock            *pSavePB = NULL;
 
        struct berval dn = BER_BVNULL;
 
@@ -1062,13 +1056,9 @@ cleanup:
        if ( modlist != NULL )
                slap_mods_free( modlist );
 
-       if ( pConn != NULL ) {
-               pSavePB = pPB;
-       }
-
        slapi_int_connection_destroy( &pConn );
 
-       return ( pSavePB );
+       return pPB;
 #else
        return NULL;
 #endif /* LDAP_SLAPI */
@@ -1086,8 +1076,7 @@ slapi_search_internal(
 #ifdef LDAP_SLAPI
        Connection              *c;
        Operation               *op = NULL;
-       Slapi_PBlock            *ptr = NULL;            
-       Slapi_PBlock            *pSavePB = NULL;                
+       Slapi_PBlock            *pPB = NULL;            
        struct berval           dn = BER_BVNULL;
        Filter                  *filter=NULL;
        struct berval           fstr = BER_BVNULL;
@@ -1107,7 +1096,7 @@ slapi_search_internal(
        }
 
        op = (Operation *)c->c_pending_ops.stqh_first;
-       ptr = (Slapi_PBlock *)op->o_pb;
+       pPB = (Slapi_PBlock *)op->o_pb;
        op->o_ctrls = controls;
 
        if ( ldn != NULL ) {
@@ -1235,8 +1224,8 @@ slapi_search_internal(
 
 cleanup:
 
-       if ( ptr != NULL )
-               slapi_pblock_set( ptr, SLAPI_PLUGIN_INTOP_RESULT, (void *)rs.sr_err );
+       if ( pPB != NULL )
+               slapi_pblock_set( pPB, SLAPI_PLUGIN_INTOP_RESULT, (void *)rs.sr_err );
 
        if ( dn.bv_val )
                slapi_ch_free( (void **)&dn.bv_val );
@@ -1247,13 +1236,9 @@ cleanup:
        if ( an != NULL )
                slapi_ch_free( (void **)&an );
 
-       if ( c != NULL ) {
-               pSavePB = ptr;
-       }
-
        slapi_int_connection_destroy( &c );
 
-       return( pSavePB );
+       return pPB;
 #else
        return NULL;
 #endif /* LDAP_SLAPI */

diff --git a/servers/slapd/slapi/slapi_pblock.c b/servers/slapd/slapi/slapi_pblock.c
index 503c2c014944a45d6b0293cfd01548992761324b..9df6d213a126432727dd689cb8d042dea08faa3b 100644 (file)
--- a/servers/slapd/slapi/slapi_pblock.c
+++ b/servers/slapd/slapi/slapi_pblock.c
@@ -213,6 +213,12 @@ isOkNetscapeParam( int param )
        case SLAPI_PLUGIN_COMPUTE_EVALUATOR_FN:
        case SLAPI_PLUGIN_COMPUTE_SEARCH_REWRITER_FN:
        case SLAPI_PLUGIN_ACL_ALLOW_ACCESS:
+       case SLAPI_X_PLUGIN_PRE_GROUP_FN:
+       case SLAPI_X_PLUGIN_POST_GROUP_FN:
+       case SLAPI_X_GROUP_ENTRY:
+       case SLAPI_X_GROUP_ATTRIBUTE:
+       case SLAPI_X_GROUP_OPERATION_DN:
+       case SLAPI_X_GROUP_TARGET_ENTRY:
                return LDAP_SUCCESS;
        default:
                return INVALID_PARAM;

diff --git a/servers/slapd/slapi/slapi_utils.c b/servers/slapd/slapi/slapi_utils.c
index 538651ac162a76fdc4951f1fe3eebc449667f8ef..937c00f05ac6abd382459ce5d4784f03a7f41de5 100644 (file)
--- a/servers/slapd/slapi/slapi_utils.c
+++ b/servers/slapd/slapi/slapi_utils.c
@@ -2638,10 +2638,38 @@ Slapi_Attr *slapi_attr_dup( const Slapi_Attr *attr )
 int slapi_attr_add_value( Slapi_Attr *a, const Slapi_Value *v )
 {
 #ifdef LDAP_SLAPI
-       /*
-        * FIXME: here we may lose alignment between a_vals/a_nvals
-        */
-       return value_add_one( &a->a_vals, (Slapi_Value *)v );
+       struct berval nval;
+       struct berval *nvalp;
+       int rc;
+       AttributeDescription *desc = a->a_desc;
+
+       if ( desc->ad_type->sat_equality &&
+            desc->ad_type->sat_equality->smr_normalize ) {
+               rc = (*desc->ad_type->sat_equality->smr_normalize)(
+                       SLAP_MR_VALUE_OF_ATTRIBUTE_SYNTAX,
+                       desc->ad_type->sat_syntax,
+                       desc->ad_type->sat_equality,
+                       (Slapi_Value *)v, &nval, NULL );
+               if ( rc != LDAP_SUCCESS ) {
+                       return rc;
+               }
+               nvalp = &nval;
+       } else {
+               nvalp = NULL;
+       }
+
+       rc = value_add_one( &a->a_vals, (Slapi_Value *)v );
+       if ( rc == 0 && nvalp != NULL ) {
+               rc = value_add_one( &a->a_nvals, nvalp );
+       } else {
+               a->a_nvals = a->a_vals;
+       }
+
+       if ( nvalp != NULL ) {
+               slapi_ch_free_string( &nval.bv_val );
+       }
+
+       return rc;
 #else
        return -1;
 #endif
@@ -3422,6 +3450,10 @@ Modifications *slapi_int_ldapmods2modifications (LDAPMod **mods)
        Modifications *modlist = NULL, **modtail;
        LDAPMod **modp;
 
+       if ( mods == NULL ) {
+               return NULL;
+       }
+
        modtail = &modlist;
 
        for( modp = mods; *modp != NULL; modp++ ) {