#include "lber_pvt.h"
#include "lutil.h"
-#ifdef LDAP_SLAPI
-#include "slapi/slapi.h"
-#endif /* LDAPI_SLAPI */
-
#define ACL_BUF_SIZE 1024 /* use most appropriate size */
/*
assert( attr != NULL );
-#ifdef LDAP_SLAPI
- if ( op->o_pb != NULL ) {
- ret = slapi_int_access_allowed( op, e, desc, val, access, state );
- if ( ret == 0 ) {
- /* ACL plugin denied access */
- goto done;
- }
- }
-#endif /* LDAP_SLAPI */
-
/* grant database root access */
if ( be_isroot( op ) ) {
Debug( LDAP_DEBUG_ACL, "<= root access granted\n", 0, 0, 0 );
}
assert( be != NULL );
-#ifdef LDAP_SLAPI
- if ( op->o_pb != NULL ) {
- ret = slapi_int_access_allowed( op, e, desc, val, access, state );
- if ( ret == 0 ) {
- /* ACL plugin denied access */
- goto done;
- }
- }
-#endif /* LDAP_SLAPI */
-
/* grant database root access */
if ( be_isroot( op ) ) {
Debug( LDAP_DEBUG_ACL, "<= root access granted\n", 0, 0, 0 );
#include "slap.h"
-#ifdef LDAP_SLAPI
-#include "slapi/slapi.h"
-
-static void init_add_pblock( Operation *op, struct berval *dn, Entry *e,
- int manageDSAit );
-static int call_add_preop_plugins( Operation *op );
-static void call_add_postop_plugins( Operation *op );
-#endif /* LDAP_SLAPI */
-
int
do_add( Operation *op, SlapReply *rs )
{
goto done;
}
-#ifdef LDAP_SLAPI
- if ( op->o_pb ) init_add_pblock( op, &op->o_req_dn, op->ora_e, manageDSAit );
-#endif /* LDAP_SLAPI */
-
/*
* do the add if 1 && (2 || 3)
* 1) there is an add function implemented in this backend;
goto done;
}
-#ifdef LDAP_SLAPI
- /*
- * Call the preoperation plugin here, because the entry
- * will actually contain something.
- */
- if ( op->o_pb ) {
- rs->sr_err = call_add_preop_plugins( op );
- if ( rs->sr_err != LDAP_SUCCESS ) {
- /* plugin will have sent result */
- goto done;
- }
- }
-#endif /* LDAP_SLAPI */
-
#ifdef SLAPD_MULTIMASTER
if ( !repl_user )
#endif
#ifndef SLAPD_MULTIMASTER
} else {
BerVarray defref = NULL;
-#ifdef LDAP_SLAPI
- /*
- * SLAPI_ADD_ENTRY will be empty, but this may be acceptable
- * on replicas (for now, it involves the minimum code intrusion).
- */
- if ( op->o_pb ) {
- rs->sr_err = call_add_preop_plugins( op );
- if ( rs->sr_err != LDAP_SUCCESS ) {
- /* plugin will have sent result */
- goto done;
- }
- }
-#endif /* LDAP_SLAPI */
defref = op->o_bd->be_update_refs
? op->o_bd->be_update_refs : default_referral;
#endif /* SLAPD_MULTIMASTER */
}
} else {
-#ifdef LDAP_SLAPI
- if ( op->o_pb ) {
- rs->sr_err = call_add_preop_plugins( op );
- if ( rs->sr_err != LDAP_SUCCESS ) {
- /* plugin will have sent result */
- goto done;
- }
- }
-#endif
Debug( LDAP_DEBUG_ARGS, " do_add: no backend support\n", 0, 0, 0 );
send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM,
"operation not supported within namingContext" );
}
-#ifdef LDAP_SLAPI
- if ( op->o_pb ) call_add_postop_plugins( op );
-#endif /* LDAP_SLAPI */
-
done:;
return rc;
}
return LDAP_SUCCESS;
}
-#ifdef LDAP_SLAPI
-static void init_add_pblock( Operation *op,
- struct berval *dn, Entry *e, int manageDSAit )
-{
- slapi_int_pblock_set_operation( op->o_pb, op );
- slapi_pblock_set( op->o_pb, SLAPI_ADD_TARGET, (void *)dn->bv_val );
- slapi_pblock_set( op->o_pb, SLAPI_ADD_ENTRY, (void *)e );
- slapi_pblock_set( op->o_pb, SLAPI_MANAGEDSAIT, (void *)manageDSAit );
-}
-
-static int call_add_preop_plugins( Operation *op )
-{
- int rc;
-
- rc = slapi_int_call_plugins( op->o_bd, SLAPI_PLUGIN_PRE_ADD_FN, op->o_pb );
- if ( rc < 0 ) {
- /*
- * A preoperation plugin failure will abort the
- * entire operation.
- */
- Debug(LDAP_DEBUG_TRACE,
- "do_add: add preoperation plugin failed.\n",
- 0, 0, 0);
-
- if (( slapi_pblock_get( op->o_pb, SLAPI_RESULT_CODE,
- (void *)&rc ) != 0 ) || rc == LDAP_SUCCESS )
- {
- rc = LDAP_OTHER;
- }
- } else {
- rc = LDAP_SUCCESS;
- }
-
- return rc;
-}
-
-static void call_add_postop_plugins( Operation *op )
-{
- int rc;
-
- rc = slapi_int_call_plugins( op->o_bd, SLAPI_PLUGIN_POST_ADD_FN, op->o_pb );
- if ( rc < 0 ) {
- Debug(LDAP_DEBUG_TRACE,
- "do_add: add postoperation plugin failed\n",
- 0, 0, 0);
- }
-}
-#endif /* LDAP_SLAPI */
#include "lutil.h"
#include "lber_pvt.h"
-#ifdef LDAP_SLAPI
-#include "slapi/slapi.h"
-
-static void init_group_pblock( Operation *op, Entry *target,
- Entry *e, struct berval *op_ndn, AttributeDescription *group_at );
-static int call_group_preop_plugins( Operation *op );
-static void call_group_postop_plugins( Operation *op );
-#endif /* LDAP_SLAPI */
-
/*
* If a module is configured as dynamic, its header should not
* get included into slapd. While this is a general rule and does
int
backend_unbind( Operation *op, SlapReply *rs )
{
- int i = 0;
BackendDB *be;
LDAP_STAILQ_FOREACH( be, &backendDB, be_next ) {
-#if defined( LDAP_SLAPI )
- if ( op->o_pb ) {
- int rc;
- if ( i == 0 ) slapi_int_pblock_set_operation( op->o_pb, op );
- slapi_pblock_set( op->o_pb, SLAPI_BACKEND, (void *)be );
- rc = slapi_int_call_plugins( be,
- SLAPI_PLUGIN_PRE_UNBIND_FN, (Slapi_PBlock *)op->o_pb );
- if ( rc < 0 ) {
- /*
- * A preoperation plugin failure will abort the
- * entire operation.
- */
- Debug(LDAP_DEBUG_TRACE,
- "do_bind: Unbind preoperation plugin failed\n",
- 0, 0, 0);
- return 0;
- }
- }
-#endif /* defined( LDAP_SLAPI ) */
-
if ( be->be_unbind ) {
op->o_bd = be;
be->be_unbind( op, rs );
}
-
-#if defined( LDAP_SLAPI )
- if ( op->o_pb != NULL && slapi_int_call_plugins( be,
- SLAPI_PLUGIN_POST_UNBIND_FN, (Slapi_PBlock *)op->o_pb ) < 0 )
- {
- Debug(LDAP_DEBUG_TRACE,
- "do_unbind: Unbind postoperation plugins failed\n",
- 0, 0, 0);
- }
-#endif /* defined( LDAP_SLAPI ) */
- i++;
}
return 0;
rc = be_entry_get_rw( op, gr_ndn, group_oc, group_at, 0, &e );
}
if ( e ) {
-#ifdef LDAP_SLAPI
- if ( op->o_pb != NULL ) {
- init_group_pblock( op, target, e, op_ndn, group_at );
-
- rc = call_group_preop_plugins( op );
- if ( rc == LDAP_SUCCESS ) {
- goto done;
- }
- }
-#endif /* LDAP_SLAPI */
-
a = attr_find( e->e_attrs, group_at );
if ( a ) {
/* If the attribute is a subtype of labeledURI, treat this as
rc = LDAP_NO_SUCH_OBJECT;
}
-#ifdef LDAP_SLAPI
- if ( op->o_pb ) call_group_postop_plugins( op );
-#endif /* LDAP_SLAPI */
-
if ( op->o_tag != LDAP_REQ_BIND && !op->o_do_not_cache ) {
g = op->o_tmpalloc( sizeof( GroupAssertion ) + gr_ndn->bv_len,
op->o_tmpmemctx );
return rc;
}
-#ifdef LDAP_SLAPI
-static int backend_compute_output_attr(computed_attr_context *c, Slapi_Attr *a, Slapi_Entry *e)
-{
- BerVarray v;
- int rc;
- BerVarray *vals = (BerVarray *)c->cac_private;
- Operation *op = NULL;
- int i, j;
-
- slapi_pblock_get( c->cac_pb, SLAPI_OPERATION, &op );
- if ( op == NULL ) {
- return 1;
- }
-
- if ( op->o_conn && access_allowed( op,
- e, a->a_desc, NULL, ACL_AUTH,
- &c->cac_acl_state ) == 0 ) {
- return 1;
- }
-
- for ( i = 0; !BER_BVISNULL( &a->a_vals[i] ); i++ ) ;
-
- v = op->o_tmpalloc( sizeof(struct berval) * (i+1),
- op->o_tmpmemctx );
- for ( i = 0, j = 0; !BER_BVISNULL( &a->a_vals[i] ); i++ ) {
- if ( op->o_conn && access_allowed( op,
- e, a->a_desc,
- &a->a_nvals[i],
- ACL_AUTH, &c->cac_acl_state ) == 0 ) {
- continue;
- }
- ber_dupbv_x( &v[j],
- &a->a_nvals[i], op->o_tmpmemctx );
- if ( !BER_BVISNULL( &v[j] ) ) {
- j++;
- }
- }
-
- if ( j == 0 ) {
- op->o_tmpfree( v, op->o_tmpmemctx );
- *vals = NULL;
- rc = 1;
- } else {
- BER_BVZERO( &v[j] );
- *vals = v;
- rc = 0;
- }
-
- return rc;
-}
-#endif /* LDAP_SLAPI */
-
int
backend_attribute(
Operation *op,
rc = LDAP_SUCCESS;
}
}
-#ifdef LDAP_SLAPI
- else if ( op->o_pb ) {
- /* try any computed attributes */
- computed_attr_context ctx;
-
- slapi_int_pblock_set_operation( op->o_pb, op );
-
- ctx.cac_pb = op->o_pb;
- ctx.cac_attrs = NULL;
- ctx.cac_userattrs = 0;
- ctx.cac_opattrs = 0;
- ctx.cac_acl_state = acl_state;
- ctx.cac_private = (void *)vals;
-
- rc = compute_evaluator( &ctx, entry_at->ad_cname.bv_val, e, backend_compute_output_attr );
- if ( rc == 1 ) {
- rc = LDAP_INSUFFICIENT_ACCESS;
-
- } else {
- rc = LDAP_SUCCESS;
- }
- }
-#endif /* LDAP_SLAPI */
freeit: if ( e != target ) {
be_entry_release_r( op, e );
}
return rc;
}
-#ifdef LDAP_SLAPI
-static int backend_compute_output_attr_access(computed_attr_context *c, Slapi_Attr *a, Slapi_Entry *e)
-{
- struct berval *nval = (struct berval *)c->cac_private;
- Operation *op = NULL;
-
- slapi_pblock_get( c->cac_pb, SLAPI_OPERATION, &op );
- if ( op == NULL ) {
- return 1;
- }
-
- return access_allowed( op, e, a->a_desc, nval, ACL_AUTH, NULL ) == 0;
-}
-#endif /* LDAP_SLAPI */
-
int
backend_access(
Operation *op,
}
rc = LDAP_SUCCESS;
}
-#ifdef LDAP_SLAPI
- else if ( op->o_pb ) {
- /* try any computed attributes */
- computed_attr_context ctx;
-
- slapi_int_pblock_set_operation( op->o_pb, op );
-
- ctx.cac_pb = op->o_pb;
- ctx.cac_attrs = NULL;
- ctx.cac_userattrs = 0;
- ctx.cac_opattrs = 0;
- ctx.cac_private = (void *)nval;
-
- rc = compute_evaluator( &ctx, entry_at->ad_cname.bv_val, e, backend_compute_output_attr_access );
- if ( rc == 1 ) {
- rc = LDAP_INSUFFICIENT_ACCESS;
-
- } else {
- rc = LDAP_SUCCESS;
- }
- }
-#endif /* LDAP_SLAPI */
}
freeit: if ( e != target ) {
be_entry_release_r( op, e );
return rc;
}
-#ifdef LDAP_SLAPI
-static void init_group_pblock( Operation *op, Entry *target,
- Entry *e, struct berval *op_ndn, AttributeDescription *group_at )
-{
- slapi_pblock_set( op->o_pb,
- SLAPI_X_GROUP_ENTRY, (void *)e );
- slapi_pblock_set( op->o_pb,
- SLAPI_X_GROUP_OPERATION_DN, (void *)op_ndn->bv_val );
- slapi_pblock_set( op->o_pb,
- SLAPI_X_GROUP_ATTRIBUTE, (void *)group_at->ad_cname.bv_val );
- slapi_pblock_set( op->o_pb,
- SLAPI_X_GROUP_TARGET_ENTRY, (void *)target );
-}
-
-static int call_group_preop_plugins( Operation *op )
-{
- int rc;
-
- rc = slapi_int_call_plugins( op->o_bd,
- SLAPI_X_PLUGIN_PRE_GROUP_FN, op->o_pb );
- if ( rc < 0 ) {
- if (( slapi_pblock_get( op->o_pb, SLAPI_RESULT_CODE,
- (void *)&rc ) != 0 ) || rc == LDAP_SUCCESS )
- {
- rc = LDAP_NO_SUCH_ATTRIBUTE;
- }
- } else {
- rc = LDAP_SUCCESS;
- }
-
- return rc;
-}
-
-static void call_group_postop_plugins( Operation *op )
-{
- (void) slapi_int_call_plugins( op->o_bd, SLAPI_X_PLUGIN_POST_GROUP_FN, op->o_pb );
-}
-#endif /* LDAP_SLAPI */
-
#include <ac/socket.h>
#include "slap.h"
-#ifdef LDAP_SLAPI
-#include "slapi/slapi.h"
-#endif
-
int
do_bind(
op->o_conn->c_sasl_bind_in_progress = 0;
}
-#ifdef LDAP_SLAPI
-#define pb op->o_pb
- /*
- * Normally post-operation plugins are called only after the
- * backend operation. Because the front-end performs SASL
- * binds on behalf of the backend, we'll make a special
- * exception to call the post-operation plugins after a
- * SASL bind.
- */
- if ( pb ) {
- slapi_int_pblock_set_operation( pb, op );
- slapi_pblock_set( pb, SLAPI_BIND_TARGET, (void *)op->o_req_dn.bv_val );
- slapi_pblock_set( pb, SLAPI_BIND_METHOD, (void *)op->orb_method );
- slapi_pblock_set( pb,
- SLAPI_BIND_CREDENTIALS, (void *)&op->orb_cred );
- slapi_pblock_set( pb, SLAPI_MANAGEDSAIT, (void *)(0) );
- (void) slapi_int_call_plugins( op->o_bd,
- SLAPI_PLUGIN_POST_BIND_FN, pb );
- }
-#endif /* LDAP_SLAPI */
-
ldap_pvt_thread_mutex_unlock( &op->o_conn->c_mutex );
goto cleanup;
goto cleanup;
}
-#ifdef LDAP_SLAPI
- if ( pb ) {
- int rc;
- slapi_int_pblock_set_operation( pb, op );
- slapi_pblock_set( pb, SLAPI_BIND_TARGET, (void *)op->o_req_dn.bv_val );
- slapi_pblock_set( pb, SLAPI_BIND_METHOD, (void *)op->orb_method );
- slapi_pblock_set( pb, SLAPI_BIND_CREDENTIALS, (void *)&op->orb_cred );
- slapi_pblock_set( pb, SLAPI_MANAGEDSAIT, (void *)(0) );
- slapi_pblock_set( pb, SLAPI_CONN_DN, (void *)(0) );
-
- rc = slapi_int_call_plugins( op->o_bd, SLAPI_PLUGIN_PRE_BIND_FN, pb );
-
- Debug(LDAP_DEBUG_TRACE,
- "do_bind: Bind preoperation plugin returned %d.\n",
- rs->sr_err, 0, 0);
-
- switch ( rc ) {
- case SLAPI_BIND_SUCCESS:
- /* Continue with backend processing */
- break;
- case SLAPI_BIND_FAIL:
- /* Failure, server sends result */
- rs->sr_err = LDAP_INVALID_CREDENTIALS;
- send_ldap_result( op, rs );
- goto cleanup;
- break;
- case SLAPI_BIND_ANONYMOUS:
- /* SLAPI_BIND_ANONYMOUS is undocumented XXX */
- default:
- /* Authoritative, plugin sent result, or no plugins called. */
- if ( slapi_pblock_get( op->o_pb, SLAPI_RESULT_CODE,
- (void *)&rs->sr_err) != 0 )
- {
- rs->sr_err = LDAP_OTHER;
- }
-
- BER_BVZERO( &op->orb_edn );
-
- if ( rs->sr_err == LDAP_SUCCESS ) {
- slapi_pblock_get( pb, SLAPI_CONN_DN,
- (void *)&op->orb_edn.bv_val );
- if ( BER_BVISNULL( &op->orb_edn ) ) {
- if ( rc == 1 ) {
- /* No plugins were called; continue. */
- break;
- }
- } else {
- op->orb_edn.bv_len = strlen( op->orb_edn.bv_val );
- }
- rs->sr_err = dnPrettyNormal( NULL, &op->orb_edn,
- &op->o_req_dn, &op->o_req_ndn, op->o_tmpmemctx );
- ldap_pvt_thread_mutex_lock( &op->o_conn->c_mutex );
- ber_dupbv(&op->o_conn->c_dn, &op->o_req_dn);
- ber_dupbv(&op->o_conn->c_ndn, &op->o_req_ndn);
- op->o_tmpfree( op->o_req_dn.bv_val, op->o_tmpmemctx );
- BER_BVZERO( &op->o_req_dn );
- op->o_tmpfree( op->o_req_ndn.bv_val, op->o_tmpmemctx );
- BER_BVZERO( &op->o_req_ndn );
- if ( !BER_BVISEMPTY( &op->o_conn->c_dn ) ) {
- ber_len_t max = sockbuf_max_incoming_auth;
- ber_sockbuf_ctrl( op->o_conn->c_sb,
- LBER_SB_OPT_SET_MAX_INCOMING, &max );
- }
- /* log authorization identity */
- Statslog( LDAP_DEBUG_STATS,
- "%s BIND dn=\"%s\" mech=%s (SLAPI) ssf=0\n",
- op->o_log_prefix,
- BER_BVISNULL( &op->o_conn->c_dn )
- ? "<empty>" : op->o_conn->c_dn.bv_val,
- mech.bv_val, 0, 0 );
- ldap_pvt_thread_mutex_unlock( &op->o_conn->c_mutex );
- }
- goto cleanup;
- break;
- }
- }
-#endif /* LDAP_SLAPI */
-
if( op->o_bd->be_bind ) {
rs->sr_err = (op->o_bd->be_bind)( op, rs );
"operation not supported within naming context" );
}
-#ifdef LDAP_SLAPI
- if ( pb != NULL &&
- slapi_int_call_plugins( op->o_bd, SLAPI_PLUGIN_POST_BIND_FN, pb ) < 0 )
- {
- Debug(LDAP_DEBUG_TRACE,
- "do_bind: Bind postoperation plugins failed.\n",
- 0, 0, 0);
- }
-#endif /* LDAP_SLAPI */
-
cleanup:;
return rs->sr_err;
}
#include <ac/string.h>
#include "slap.h"
-#ifdef LDAP_SLAPI
-#include "slapi/slapi.h"
-#endif
static int compare_entry(
Operation *op,
op->o_log_prefix, op->o_req_dn.bv_val,
ava.aa_desc->ad_cname.bv_val, 0, 0 );
-#if defined( LDAP_SLAPI )
-#define pb op->o_pb
- if ( pb ) {
- slapi_int_pblock_set_operation( pb, op );
- slapi_pblock_set( pb, SLAPI_COMPARE_TARGET, (void *)op->o_req_dn.bv_val );
- slapi_pblock_set( pb, SLAPI_MANAGEDSAIT, (void *)manageDSAit );
- slapi_pblock_set( pb, SLAPI_COMPARE_TYPE, (void *)ava.aa_desc->ad_cname.bv_val );
- slapi_pblock_set( pb, SLAPI_COMPARE_VALUE, (void *)&ava.aa_value );
-
- rs->sr_err = slapi_int_call_plugins( op->o_bd,
- SLAPI_PLUGIN_PRE_COMPARE_FN, pb );
- if ( rs->sr_err < 0 ) {
- /*
- * A preoperation plugin failure will abort the
- * entire operation.
- */
- Debug(LDAP_DEBUG_TRACE,
- "do_compare: compare preoperation plugin failed\n",
- 0, 0, 0);
- if ( ( slapi_pblock_get( op->o_pb, SLAPI_RESULT_CODE,
- (void *)&rs->sr_err ) != 0 ) || rs->sr_err == LDAP_SUCCESS )
- {
- rs->sr_err = LDAP_OTHER;
- }
- goto cleanup;
- }
- }
-#endif /* defined( LDAP_SLAPI ) */
-
op->orc_ava = &ava;
if ( ava.aa_desc == slap_schema.si_ad_entryDN ) {
send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM,
}
}
-#if defined( LDAP_SLAPI )
- if ( pb != NULL && slapi_int_call_plugins( op->o_bd,
- SLAPI_PLUGIN_POST_COMPARE_FN, pb ) < 0 )
- {
- Debug(LDAP_DEBUG_TRACE,
- "do_compare: compare postoperation plugins failed\n", 0, 0, 0 );
- }
-#endif /* defined( LDAP_SLAPI ) */
-
cleanup:;
return rs->sr_err;
}
}
if(c->c_authmech.bv_val != NULL ) {
- free(c->c_authmech.bv_val);
+ ch_free(c->c_authmech.bv_val);
}
BER_BVZERO( &c->c_authmech );
if(c->c_dn.bv_val != NULL) {
- free(c->c_dn.bv_val);
+ ch_free(c->c_dn.bv_val);
}
BER_BVZERO( &c->c_dn );
if(c->c_ndn.bv_val != NULL) {
- free(c->c_ndn.bv_val);
+ ch_free(c->c_ndn.bv_val);
}
BER_BVZERO( &c->c_ndn );
if(c->c_sasl_authz_dn.bv_val != NULL) {
- free(c->c_sasl_authz_dn.bv_val);
+ ch_free(c->c_sasl_authz_dn.bv_val);
}
BER_BVZERO( &c->c_sasl_authz_dn );
#include "lutil.h"
-#ifdef LDAP_SLAPI
-#include "slapi/slapi.h"
-#endif
-
int
do_delete(
Operation *op,
goto cleanup;
}
-#if defined( LDAP_SLAPI )
-#define pb op->o_pb
- if ( pb ) {
- slapi_int_pblock_set_operation( pb, op );
- slapi_pblock_set( pb, SLAPI_DELETE_TARGET, (void *)op->o_req_dn.bv_val );
- slapi_pblock_set( pb, SLAPI_MANAGEDSAIT, (void *)manageDSAit );
-
- rs->sr_err = slapi_int_call_plugins( op->o_bd,
- SLAPI_PLUGIN_PRE_DELETE_FN, pb );
- if ( rs->sr_err < 0 ) {
- /*
- * A preoperation plugin failure will abort the
- * entire operation.
- */
- Debug (LDAP_DEBUG_TRACE, "do_delete: "
- "delete preoperation plugin failed.\n", 0, 0, 0);
- if ( ( slapi_pblock_get( pb, SLAPI_RESULT_CODE,
- (void *)&rs->sr_err ) != 0 ) ||
- rs->sr_err == LDAP_SUCCESS )
- {
- rs->sr_err = LDAP_OTHER;
- }
- goto cleanup;
- }
- }
-#endif /* defined( LDAP_SLAPI ) */
-
/*
* do the delete if 1 && (2 || 3)
* 1) there is a delete function implemented in this backend;
"operation not supported within namingContext" );
}
-#if defined( LDAP_SLAPI )
- if ( pb != NULL && slapi_int_call_plugins( op->o_bd,
- SLAPI_PLUGIN_POST_DELETE_FN, pb ) < 0)
- {
- Debug(LDAP_DEBUG_TRACE,
- "do_delete: delete postoperation plugins failed\n",
- 0, 0, 0 );
- }
-#endif /* defined( LDAP_SLAPI ) */
-
cleanup:;
return rs->sr_err;
}
#include "slap.h"
#include "lber_pvt.h"
-#ifdef LDAP_SLAPI
-#include "slapi/slapi.h"
-#endif
-
#define UNSUPPORTED_EXOP "unsupported extended operation"
struct extop_list *ext = NULL;
struct berval reqdata = BER_BVNULL;
-#if defined(LDAP_SLAPI)
- Slapi_PBlock *pb = op->o_pb;
- SLAPI_FUNC funcAddr = NULL;
- int extop_rc;
- int msg_sent = FALSE;
-#endif /* defined(LDAP_SLAPI) */
-
if (op->ore_reqdata) {
reqdata = *op->ore_reqdata;
}
-#ifdef LDAP_SLAPI
- /* NS-SLAPI extended operation */
- slapi_int_get_extop_plugin( &op->ore_reqoid, &funcAddr );
-
- if( !funcAddr && !(ext = find_extop(supp_ext_list, &op->ore_reqoid )))
-#else
if( !(ext = find_extop(supp_ext_list, &op->ore_reqoid )))
-#endif
{
Debug( LDAP_DEBUG_ANY, "do_extended: unsupported operation \"%s\"\n",
op->ore_reqoid.bv_val, 0 ,0 );
Debug( LDAP_DEBUG_ARGS, "do_extended: oid=%s\n",
op->ore_reqoid.bv_val, 0 ,0 );
-#if defined(LDAP_SLAPI)
- if ( funcAddr != NULL ) {
- rs->sr_err = slapi_pblock_set( pb, SLAPI_EXT_OP_REQ_OID,
- (void *)op->ore_reqoid.bv_val);
- if ( rs->sr_err != LDAP_SUCCESS ) {
- rs->sr_err = LDAP_OTHER;
- goto done;
- }
-
- rs->sr_err = slapi_pblock_set( pb, SLAPI_EXT_OP_REQ_VALUE,
- (void *)&reqdata);
- if ( rs->sr_err != LDAP_SUCCESS ) {
- rs->sr_err = LDAP_OTHER;
- goto done;
- }
-
- rs->sr_err = slapi_int_pblock_set_operation( pb, op );
- if ( rs->sr_err != LDAP_SUCCESS ) {
- rs->sr_err = LDAP_OTHER;
- goto done;
- }
-
- extop_rc = (*funcAddr)( pb );
- if ( extop_rc == SLAPI_PLUGIN_EXTENDED_SENT_RESULT ) {
- msg_sent = TRUE;
-
- } else if ( extop_rc == SLAPI_PLUGIN_EXTENDED_NOT_HANDLED ) {
- rs->sr_err = LDAP_PROTOCOL_ERROR;
- rs->sr_text = UNSUPPORTED_EXOP;
-
- } else {
- rs->sr_err = slapi_pblock_get( pb, SLAPI_EXT_OP_RET_OID,
- &rs->sr_rspoid);
- if ( rs->sr_err != LDAP_SUCCESS ) {
- goto done2;
- }
-
- rs->sr_err = slapi_pblock_get( pb, SLAPI_EXT_OP_RET_VALUE,
- &rs->sr_rspdata);
- if ( rs->sr_err != LDAP_SUCCESS ) {
- goto done2;
- }
-
- rs->sr_err = extop_rc;
- send_ldap_extended( op, rs );
- msg_sent = TRUE;
- }
-
-done2:;
- if ( rs->sr_err != LDAP_SUCCESS && msg_sent == FALSE ) {
- send_ldap_result( op, rs );
- }
-
- if ( rs->sr_rspoid != NULL ) {
- ch_free( (char *)rs->sr_rspoid );
- }
-
- if ( rs->sr_rspdata != NULL ) {
- ber_bvfree( rs->sr_rspdata );
- }
- } else
-#endif /* defined( LDAP_SLAPI ) */
{ /* start of OpenLDAP extended operation */
rs->sr_err = (ext->ext_main)( op, rs );
#include "ldap_rq.h"
-#ifdef LDAP_SLAPI
-#include "slapi/slapi.h"
-#endif
-
static BackendInfo slap_frontendInfo;
static BackendDB slap_frontendDB;
BackendDB *frontendDB;
#include <ac/time.h>
#include "slap.h"
-#ifdef LDAP_SLAPI
-#include "slapi/slapi.h"
-#endif
#include "lutil.h"
int manageDSAit;
Modifications *modlist = op->orm_modlist;
Modifications **modtail = &modlist;
-#ifdef LDAP_SLAPI
- LDAPMod **modv = NULL;
-#endif
int increment = op->orm_increment;
BackendDB *op_be;
char textbuf[ SLAP_TEXT_BUFLEN ];
"modify/increment not supported in context" );
}
-#if defined( LDAP_SLAPI )
-#define pb op->o_pb
- if ( pb ) {
- slapi_int_pblock_set_operation( pb, op );
- slapi_pblock_set( pb, SLAPI_MODIFY_TARGET, (void *)op->o_req_dn.bv_val );
- slapi_pblock_set( pb, SLAPI_MANAGEDSAIT, (void *)manageDSAit );
- modv = slapi_int_modifications2ldapmods( &modlist );
- slapi_pblock_set( pb, SLAPI_MODIFY_MODS, (void *)modv );
-
- rs->sr_err = slapi_int_call_plugins( op->o_bd,
- SLAPI_PLUGIN_PRE_MODIFY_FN, pb );
-
- /*
- * It's possible that the preoperation plugin changed the
- * modification array, so we need to convert it back to
- * a Modification list.
- *
- * Calling slapi_int_modifications2ldapmods() destroyed modlist so
- * we don't need to free it.
- */
- slapi_pblock_get( pb, SLAPI_MODIFY_MODS, (void **)&modv );
- modlist = slapi_int_ldapmods2modifications( modv );
-
- if ( rs->sr_err < 0 ) {
- /*
- * A preoperation plugin failure will abort the
- * entire operation.
- */
- Debug(LDAP_DEBUG_TRACE,
- "do_modify: modify preoperation plugin failed.\n",
- 0, 0, 0);
- if ( ( slapi_pblock_get( op->o_pb, SLAPI_RESULT_CODE,
- (void *)&rs->sr_err ) != 0 ) || rs->sr_err == LDAP_SUCCESS )
- {
- rs->sr_err = LDAP_OTHER;
- }
- slapi_int_free_ldapmods( modv );
- modv = NULL;
- goto cleanup;
- }
- }
-
- /*
- * NB: it is valid for the plugin to return no modifications
- * (for example, a plugin might store some attributes elsewhere
- * and remove them from the modification list; if only those
- * attribute types were included in the modification request,
- * then slapi_int_ldapmods2modifications() above will return
- * NULL).
- *
- * However, the post-operation plugin should still be
- * called.
- */
-#endif /* defined( LDAP_SLAPI ) */
-
/*
* do the modify if 1 && (2 || 3)
* 1) there is a modify function implemented in this backend;
"operation not supported within namingContext" );
}
-#if defined( LDAP_SLAPI )
- if ( pb != NULL && slapi_int_call_plugins( op->o_bd,
- SLAPI_PLUGIN_POST_MODIFY_FN, pb ) < 0 )
- {
- Debug(LDAP_DEBUG_TRACE,
- "do_modify: modify postoperation plugins failed.\n", 0, 0, 0);
- }
-#endif /* defined( LDAP_SLAPI ) */
-
cleanup:;
-#if defined( LDAP_SLAPI )
- if ( modv != NULL ) slapi_int_free_ldapmods( modv );
-#endif
-
return rs->sr_err;
}
#include <ac/string.h>
#include "slap.h"
-#ifdef LDAP_SLAPI
-#include "slapi/slapi.h"
-#endif
int
do_modrdn(
}
}
-#if defined( LDAP_SLAPI )
-#define pb op->o_pb
- if ( pb ) {
- slapi_int_pblock_set_operation( pb, op );
- slapi_pblock_set( pb, SLAPI_MODRDN_TARGET, (void *)op->o_req_dn.bv_val );
- slapi_pblock_set( pb, SLAPI_MODRDN_NEWRDN, (void *)op->orr_newrdn.bv_val );
- slapi_pblock_set( pb, SLAPI_MODRDN_NEWSUPERIOR,
- (void *)op->orr_newSup->bv_val );
- slapi_pblock_set( pb, SLAPI_MODRDN_DELOLDRDN, (void *)op->orr_deleteoldrdn);
- slapi_pblock_set( pb, SLAPI_MANAGEDSAIT, (void *)manageDSAit );
-
- rs->sr_err = slapi_int_call_plugins( op->o_bd, SLAPI_PLUGIN_PRE_MODRDN_FN, pb );
- if ( rs->sr_err < 0 ) {
- /*
- * A preoperation plugin failure will abort the
- * entire operation.
- */
- Debug(LDAP_DEBUG_TRACE, "do_modrdn: modrdn preoperation plugin "
- "failed.\n", 0, 0, 0);
- if ( ( slapi_pblock_get( pb, SLAPI_RESULT_CODE, (void *)&rs->sr_err ) != 0 ) ||
- rs->sr_err == LDAP_SUCCESS ) {
- rs->sr_err = LDAP_OTHER;
- }
- goto cleanup;
- }
- }
-#endif /* defined( LDAP_SLAPI ) */
-
/*
* do the modrdn if 1 && (2 || 3)
* 1) there is a modrdn function implemented in this backend;
"operation not supported within namingContext" );
}
-#if defined( LDAP_SLAPI )
- if ( pb != NULL && slapi_int_call_plugins( op->o_bd, SLAPI_PLUGIN_POST_MODRDN_FN, pb ) < 0 ) {
- Debug(LDAP_DEBUG_TRACE, "do_modrdn: modrdn postoperation plugins "
- "failed.\n", 0, 0, 0);
- }
-#endif /* defined( LDAP_SLAPI ) */
-
cleanup:;
return rs->sr_err;
}
ber_free( op->o_ber, 1 );
}
if ( !BER_BVISNULL( &op->o_dn ) ) {
- free( op->o_dn.bv_val );
+ ch_free( op->o_dn.bv_val );
}
if ( !BER_BVISNULL( &op->o_ndn ) ) {
- free( op->o_ndn.bv_val );
+ ch_free( op->o_ndn.bv_val );
}
if ( !BER_BVISNULL( &op->o_authmech ) ) {
- free( op->o_authmech.bv_val );
+ ch_free( op->o_authmech.bv_val );
}
if ( op->o_ctrls != NULL ) {
slap_free_ctrls( op, op->o_ctrls );
return 0;
}
-enum glue_which {
- glue_op_modify = 0,
- glue_op_modrdn,
- glue_op_add,
- glue_op_delete
-};
-
static int
glue_op_func ( Operation *op, SlapReply *rs )
{
BackendDB *b0 = op->o_bd;
BackendInfo *bi0 = op->o_bd->bd_info;
BI_op_modify **func;
- enum glue_which which;
+ slap_operation_t which;
int rc;
op->o_bd = glue_back_select (b0, &op->o_req_ndn);
b0->bd_info = on->on_info->oi_orig;
switch(op->o_tag) {
- case LDAP_REQ_ADD: which = glue_op_add; break;
- case LDAP_REQ_DELETE: which = glue_op_delete; break;
- case LDAP_REQ_MODIFY: which = glue_op_modify; break;
- case LDAP_REQ_MODRDN: which = glue_op_modrdn; break;
+ case LDAP_REQ_ADD: which = op_add; break;
+ case LDAP_REQ_DELETE: which = op_delete; break;
+ case LDAP_REQ_MODIFY: which = op_modify; break;
+ case LDAP_REQ_MODRDN: which = op_modrdn; break;
}
- func = &op->o_bd->bd_info->bi_op_modify;
+ func = &op->o_bd->bd_info->bi_op_bind;
if ( func[which] )
rc = func[which]( op, rs );
else
#include "slap.h"
-#ifdef LDAP_SLAPI
-#include "slapi/slapi.h"
-
-static int call_pre_result_plugins( Operation *, SlapReply * );
-static int call_pre_referral_plugins( Operation *, SlapReply * );
-static int call_pre_entry_plugins( Operation *, SlapReply *, int * );
-#endif /* LDAP_SLAPI */
-
const struct berval slap_dummy_bv = BER_BVNULL;
int slap_null_cb( Operation *op, SlapReply *rs )
send_ldap_controls( Operation *o, BerElement *ber, LDAPControl **c )
{
int rc;
-#ifdef LDAP_SLAPI
- LDAPControl **sctrls = NULL;
-
- /*
- * Retrieve any additional controls that may be set by the
- * plugin.
- */
-
- if ( o->o_pb &&
- slapi_pblock_get( o->o_pb, SLAPI_RESCONTROLS, &sctrls ) != 0 )
- {
- sctrls = NULL;
- }
- if ( c == NULL && sctrls == NULL ) return 0;
-#else
- if( c == NULL ) return 0;
-#endif /* LDAP_SLAPI */
+ if( c == NULL )
+ return 0;
rc = ber_printf( ber, "t{"/*}*/, LDAP_TAG_CONTROLS );
if( rc == -1 ) return rc;
-#ifdef LDAP_SLAPI
- if ( c != NULL )
-#endif /* LDAP_SLAPI */
- {
- for( ; *c != NULL; c++) {
- rc = send_ldap_control( ber, *c );
- if( rc == -1 ) return rc;
- }
+ for( ; *c != NULL; c++) {
+ rc = send_ldap_control( ber, *c );
+ if( rc == -1 ) return rc;
}
#ifdef LDAP_DEVEL
}
#endif
-#ifdef LDAP_SLAPI
- if ( sctrls != NULL ) {
- for ( c = sctrls; *c != NULL; c++ ) {
- rc = send_ldap_control( ber, *c );
- if( rc == -1 ) return rc;
- }
- }
-#endif /* LDAP_SLAPI */
-
rc = ber_printf( ber, /*{*/"N}" );
return rc;
goto cleanup;
}
-#ifdef LDAP_SLAPI
- if ( op->o_pb ) {
- slapi_pblock_set( op->o_pb, SLAPI_RESULT_CODE, (void *)rs->sr_err );
- slapi_pblock_set( op->o_pb, SLAPI_RESULT_MATCHED,
- (void *)rs->sr_matched );
- slapi_pblock_set( op->o_pb, SLAPI_RESULT_TEXT, (void *)rs->sr_text );
- }
-#endif /* LDAP_SLAPI */
-
ldap_pvt_thread_mutex_lock( &slap_counters.sc_sent_mutex );
ldap_pvt_mp_add_ulong( slap_counters.sc_pdu, 1 );
ldap_pvt_mp_add_ulong( slap_counters.sc_bytes, (unsigned long)bytes );
}
}
-#ifdef LDAP_SLAPI
- (void) call_pre_result_plugins( op, rs );
-#endif /* LDAP_SLAPI */
-
if ( op->o_protocol < LDAP_VERSION3 ) {
tmp = v2ref( rs->sr_ref, rs->sr_text );
rs->sr_text = tmp;
char *edn;
int userattrs;
AccessControlState acl_state = ACL_STATE_INIT;
-#ifdef LDAP_SLAPI
- /* Support for computed attribute plugins */
- computed_attr_context ctx;
- AttributeName *anp;
-#endif
int attrsonly;
AttributeDescription *ad_entry = slap_schema.si_ad_entry;
attrsonly = op->ors_attrsonly;
-#ifdef LDAP_SLAPI
- rc = call_pre_entry_plugins( op, rs, &attrsonly );
- if ( rc < 0 ) {
- rc = 0;
- goto error_return;
- }
-#endif /* LDAP_SLAPI */
-
if ( !access_allowed( op, rs->sr_entry, ad_entry, NULL, ACL_READ, NULL )) {
Debug( LDAP_DEBUG_ACL,
"send_search_entry: conn %lu access to entry (%s) not allowed\n",
}
}
-#ifdef LDAP_SLAPI
- /*
- * First, setup the computed attribute context that is
- * passed to all plugins.
- */
- if ( op->o_pb ) {
- ctx.cac_pb = op->o_pb;
- ctx.cac_attrs = rs->sr_attrs;
- ctx.cac_attrsonly = attrsonly;
- ctx.cac_userattrs = userattrs;
- ctx.cac_opattrs = rs->sr_attr_flags;
- ctx.cac_acl_state = acl_state;
- ctx.cac_private = (void *)ber;
-
- /*
- * For each client requested attribute, call the plugins.
- */
- if ( rs->sr_attrs != NULL ) {
- for ( anp = rs->sr_attrs; anp->an_name.bv_val != NULL; anp++ ) {
- rc = compute_evaluator( &ctx, anp->an_name.bv_val,
- rs->sr_entry, slapi_int_compute_output_ber );
- if ( rc == 1 ) break;
- }
- } else {
- /*
- * Technically we shouldn't be returning operational attributes
- * when the user requested only user attributes. We'll let the
- * plugin decide whether to be naughty or not.
- */
- rc = compute_evaluator( &ctx, "*",
- rs->sr_entry, slapi_int_compute_output_ber );
- }
- if ( rc == 1 ) {
- if ( op->o_res_ber == NULL ) ber_free_buf( ber );
- send_ldap_error( op, rs, LDAP_OTHER, "computed attribute error" );
- goto error_return;
- }
- }
-#endif /* LDAP_SLAPI */
-
/* free e_flags */
if ( e_flags ) {
slap_sl_free( e_flags, op->o_tmpmemctx );
"=> send_search_reference: dn=\"%s\"\n",
rs->sr_entry ? rs->sr_entry->e_name.bv_val : "(null)", 0, 0 );
-#ifdef notdef
- rc = call_pre_referral_plugins( op, rs );
- if ( rc < 0 )
- goto rel;
-#endif /* LDAP_SLAPI */
-
if ( rs->sr_entry && ! access_allowed( op, rs->sr_entry,
ad_entry, NULL, ACL_READ, NULL ) )
{
BerElement *ber = (BerElement *) &berbuf;
LDAPControl c;
Operation myop;
-#ifdef LDAP_SLAPI
- Slapi_PBlock *pb;
-#endif
Debug( LDAP_DEBUG_ANY, "slap_read_controls: (%s) %s\n",
oid->bv_val, e->e_dn, 0 );
myop = *op;
myop.o_bd = NULL;
myop.o_res_ber = ber;
-#ifdef LDAP_SLAPI
- pb = myop.o_pb;
- myop.o_pb = NULL;
-#endif
rc = slap_send_search_entry( &myop, rs );
-#ifdef LDAP_SLAPI
- myop.o_pb = pb;
-#endif
if( rc ) return rc;
rc = ber_flatten2( ber, &c.ldctl_value, 0 );
return flags;
}
-#ifdef LDAP_SLAPI
-static AttributeName *charray2anlist( Operation *op, char **attrs )
-{
- AttributeName *an;
- int i;
-
- if ( attrs != NULL ) {
- for ( i = 0; attrs[i] != NULL; i++ )
- ;
- an = (AttributeName *)op->o_tmpalloc( (i + 1) * sizeof(AttributeName), op->o_tmpmemctx );
- for ( i = 0; attrs[i] != NULL; i++ ) {
- const char *dummy;
-
- an[i].an_name.bv_val = attrs[i];
- an[i].an_name.bv_len = strlen( attrs[i] );
- an[i].an_oc = NULL;
- an[i].an_oc_exclude = 0;
- slap_bv2ad( &an[i].an_name, &an[i].an_desc, &dummy );
- }
- } else {
- an = NULL;
- }
-
- return an;
-}
-
-/*
- * Call pre-response plugins. To avoid infinite recursion plugins
- * should just set SLAPI_RESULT_CODE rather than sending a
- * result if they wish to change the result. Similarly, pre-entry
- * plugins can either abort sending the entry or change the list
- * of sent attributes, but they can't call send_search_entry().
- */
-
-static int call_pre_entry_plugins( Operation *op, SlapReply *rs, int *pAttributesOnly )
-{
- int rc;
- char **attrs = NULL;
- char **filteredAttributes = NULL;
- Slapi_PBlock *pb;
-
- if ( op->o_callback != NULL || op->o_pb == NULL ) {
- return 0;
- }
-
- /*
- * A new parameter block is allocated to avoid trampling on the
- * operation SLAPI state.
- */
- pb = slapi_pblock_new();
-
- slapi_int_pblock_set_operation( pb, op );
- slapi_pblock_set( pb, SLAPI_RESCONTROLS, (void *)rs->sr_ctrls );
- attrs = anlist2charray_x( op->ors_attrs, 0, op->o_tmpmemctx );
- slapi_pblock_set( pb, SLAPI_SEARCH_ATTRS, (void *)attrs );
- slapi_pblock_set( pb, SLAPI_SEARCH_ATTRSONLY, (void *)*pAttributesOnly );
- slapi_pblock_set( pb, SLAPI_SEARCH_RESULT_ENTRY, (void *)rs->sr_entry );
-
- rc = slapi_int_call_plugins( op->o_bd, SLAPI_PLUGIN_PRE_ENTRY_FN, pb );
- if ( rc < 0 ) {
- slapi_pblock_destroy( pb );
- return rc;
- }
-
- slapi_pblock_get( pb, SLAPI_RESCONTROLS, (void **)&rs->sr_ctrls );
- slapi_pblock_get( pb, SLAPI_SEARCH_ATTRS, (void **)&filteredAttributes );
- slapi_pblock_get( pb, SLAPI_SEARCH_ATTRSONLY, (void **)pAttributesOnly );
- slapi_pblock_get( pb, SLAPI_SEARCH_RESULT_ENTRY, (void **)&rs->sr_entry );
-
- if ( filteredAttributes != attrs ) {
- /*
- * Support for filtering attributes; useful for implementing
- * replication providers
- */
- rs->sr_attrs = charray2anlist( op, filteredAttributes );
- slapi_ch_free( (void **)&filteredAttributes );
- }
-
- slapi_pblock_set( pb, SLAPI_RESCONTROLS, NULL );
- slapi_pblock_destroy( pb );
-
- return rc;
-}
-
-static int call_pre_result_plugins( Operation *op, SlapReply *rs )
-{
- int rc;
-
- if ( op->o_callback != NULL || op->o_pb == NULL ) {
- return 0;
- }
-
- slapi_pblock_set( op->o_pb, SLAPI_RESCONTROLS, (void *)rs->sr_ctrls );
- slapi_pblock_set( op->o_pb, SLAPI_RESULT_CODE, (void *)rs->sr_err );
- slapi_pblock_set( op->o_pb, SLAPI_RESULT_TEXT, (void *)rs->sr_text );
- slapi_pblock_set( op->o_pb, SLAPI_RESULT_MATCHED, (void *)rs->sr_matched );
-
- rc = slapi_int_call_plugins( op->o_bd, SLAPI_PLUGIN_PRE_RESULT_FN, op->o_pb );
- if ( rc < 0 ) {
- return rc;
- }
-
- slapi_pblock_get( op->o_pb, SLAPI_RESCONTROLS, (void **)&rs->sr_ctrls );
- slapi_pblock_get( op->o_pb, SLAPI_RESULT_CODE, (void **)&rs->sr_err );
- slapi_pblock_get( op->o_pb, SLAPI_RESULT_TEXT, (void **)&rs->sr_text );
- slapi_pblock_get( op->o_pb, SLAPI_RESULT_MATCHED, (void **)&rs->sr_matched );
-
- slapi_pblock_set( op->o_pb, SLAPI_RESCONTROLS, NULL );
-
- return rc;
-}
-
-static int call_pre_referral_plugins( Operation *op, SlapReply *rs )
-{
- int rc;
- Slapi_PBlock *pb;
-
- if ( op->o_callback != NULL || op->o_pb == NULL ) {
- return 0;
- }
-
- /*
- * A new parameter block is allocated to avoid trampling on the
- * operation SLAPI state.
- */
- pb = slapi_pblock_new();
-
- slapi_int_pblock_set_operation( pb, op );
- slapi_pblock_set( pb, SLAPI_RESCONTROLS, (void *)rs->sr_ctrls );
- slapi_pblock_set( pb, SLAPI_SEARCH_RESULT_ENTRY, (void *)rs->sr_entry );
-
- rc = slapi_int_call_plugins( op->o_bd, SLAPI_PLUGIN_PRE_REFERRAL_FN, pb );
- if ( rc < 0 ) {
- return rc;
- }
-
- slapi_pblock_get( pb, SLAPI_RESCONTROLS, (void **)&rs->sr_ctrls );
- slapi_pblock_get( pb, SLAPI_SEARCH_RESULT_ENTRY, (void **)&rs->sr_entry );
-
- slapi_pblock_set( pb, SLAPI_RESCONTROLS, NULL );
- slapi_pblock_destroy( pb );
-
- return rc;
-}
-#endif /* LDAP_SLAPI */
#include "lutil.h"
#include "slap.h"
-#ifdef LDAP_SLAPI
-#include "slapi/slapi.h"
-
-static void init_search_pblock( Operation *op, char **attrs, int managedsait );
-static int call_search_preop_plugins( Operation *op );
-static int call_search_rewrite_plugins( Operation *op );
-static void call_search_postop_plugins( Operation *op );
-#endif /* LDAPI_SLAPI */
-
int
do_search(
Operation *op, /* info about the op to which we're responding */
{
int manageDSAit;
int be_manageDSAit;
-#ifdef LDAP_SLAPI
- char **attrs = NULL;
-#endif
manageDSAit = get_manageDSAit( op );
goto return_results;
}
-#ifdef LDAP_SLAPI
- if ( op->o_pb ) {
- attrs = anlist2charray_x( op->ors_attrs, 0, op->o_tmpmemctx );
- init_search_pblock( op, attrs, manageDSAit );
- rs->sr_err = call_search_preop_plugins( op );
- if ( rs->sr_err ) break;
- call_search_rewrite_plugins( op );
- }
-#endif /* LDAP_SLAPI */
rs->sr_err = root_dse_info( op->o_conn, &entry, &rs->sr_text );
} else if ( bvmatch( &op->o_req_ndn, &frontendDB->be_schemandn ) ) {
goto return_results;
}
-#ifdef LDAP_SLAPI
- if ( op->o_pb ) {
- attrs = anlist2charray_x( op->ors_attrs, 0, op->o_tmpmemctx );
- init_search_pblock( op, attrs, manageDSAit );
- rs->sr_err = call_search_preop_plugins( op );
- if ( rs->sr_err ) break;
- call_search_rewrite_plugins( op );
- }
-#endif /* LDAP_SLAPI */
rs->sr_err = schema_info( &entry, &rs->sr_text );
}
if( rs->sr_err != LDAP_SUCCESS ) {
send_ldap_result( op, rs );
-#ifdef LDAP_SLAPI
- if ( op->o_pb ) call_search_postop_plugins( op );
-#endif /* LDAP_SLAPI */
goto return_results;
} else if ( entry != NULL ) {
rs->sr_err = LDAP_SUCCESS;
send_ldap_result( op, rs );
-#ifdef LDAP_SLAPI
- if ( op->o_pb ) call_search_postop_plugins( op );
-#endif /* LDAP_SLAPI */
goto return_results;
}
break;
goto return_results;
}
-#ifdef LDAP_SLAPI
- if ( op->o_pb ) {
- attrs = anlist2charray_x( op->ors_attrs, 0, op->o_tmpmemctx );
- init_search_pblock( op, attrs, manageDSAit );
- rs->sr_err = call_search_preop_plugins( op );
- if ( rs->sr_err != LDAP_SUCCESS ) {
- goto return_results;
- }
-
- call_search_rewrite_plugins( op );
- }
-#endif /* LDAP_SLAPI */
-
/* actually do the search and send the result(s) */
if ( op->o_bd->be_search ) {
if ( limits_check( op, rs ) == 0 ) {
"operation not supported within namingContext" );
}
-#ifdef LDAP_SLAPI
- if ( op->o_pb ) call_search_postop_plugins( op );
-#endif /* LDAP_SLAPI */
-
-#ifdef LDAP_SLAPI
- if( attrs != NULL) op->o_tmpfree( attrs, op->o_tmpmemctx );
-#endif /* LDAP_SLAPI */
-
return_results:;
return rs->sr_err;
}
-#ifdef LDAP_SLAPI
-
-static void init_search_pblock( Operation *op,
- char **attrs, int managedsait )
-{
- slapi_int_pblock_set_operation( op->o_pb, op );
- slapi_pblock_set( op->o_pb, SLAPI_SEARCH_TARGET, (void *)op->o_req_dn.bv_val );
- slapi_pblock_set( op->o_pb, SLAPI_SEARCH_SCOPE, (void *)op->ors_scope );
- slapi_pblock_set( op->o_pb, SLAPI_SEARCH_DEREF, (void *)op->ors_deref );
- slapi_pblock_set( op->o_pb, SLAPI_SEARCH_SIZELIMIT, (void *)op->ors_slimit );
- slapi_pblock_set( op->o_pb, SLAPI_SEARCH_TIMELIMIT, (void *)op->ors_tlimit );
- slapi_pblock_set( op->o_pb, SLAPI_SEARCH_FILTER, (void *)op->ors_filter );
- slapi_pblock_set( op->o_pb, SLAPI_SEARCH_STRFILTER, (void *)op->ors_filterstr.bv_val );
- slapi_pblock_set( op->o_pb, SLAPI_SEARCH_ATTRS, (void *)attrs );
- slapi_pblock_set( op->o_pb, SLAPI_SEARCH_ATTRSONLY, (void *)op->ors_attrsonly );
- slapi_pblock_set( op->o_pb, SLAPI_MANAGEDSAIT, (void *)managedsait );
-}
-
-static int call_search_preop_plugins( Operation *op )
-{
- int rc;
-
- rc = slapi_int_call_plugins( op->o_bd, SLAPI_PLUGIN_PRE_SEARCH_FN, op->o_pb );
- if ( rc < 0 ) {
- /*
- * A preoperation plugin failure will abort the
- * entire operation.
- */
- Debug(LDAP_DEBUG_TRACE, "call_search_preop_plugins: search preoperation plugin "
- "returned %d.\n", rc, 0, 0);
- if ( ( slapi_pblock_get( op->o_pb, SLAPI_RESULT_CODE, (void *)&rc ) != 0 ) ||
- rc == LDAP_SUCCESS ) {
- rc = LDAP_OTHER;
- }
- } else {
- rc = LDAP_SUCCESS;
- }
-
- return rc;
-}
-
-static int call_search_rewrite_plugins( Operation *op )
-{
- if ( slapi_int_call_plugins( op->o_bd, SLAPI_PLUGIN_COMPUTE_SEARCH_REWRITER_FN, op->o_pb ) == 0 ) {
- int rc;
-
- /*
- * The plugin can set the SLAPI_SEARCH_FILTER.
- * SLAPI_SEARCH_STRFILER is not normative.
- */
- slapi_pblock_get( op->o_pb, SLAPI_SEARCH_FILTER, (void *)&op->ors_filter );
- op->o_tmpfree( op->ors_filterstr.bv_val, op->o_tmpmemctx );
- filter2bv_x( op, op->ors_filter, &op->ors_filterstr );
-
- /*
- * Also permit other search parameters to be reset. One thing
- * this doesn't (yet) deal with is plugins that change a root
- * DSE search to a non-root DSE search...
- */
- slapi_pblock_get( op->o_pb, SLAPI_SEARCH_TARGET, (void **)&op->o_req_dn.bv_val );
- op->o_req_dn.bv_len = strlen( op->o_req_dn.bv_val );
-
- if( !BER_BVISNULL( &op->o_req_ndn ) ) {
- slap_sl_free( op->o_req_ndn.bv_val, op->o_tmpmemctx );
- }
- rc = dnNormalize( 0, NULL, NULL, &op->o_req_dn, &op->o_req_ndn,
- op->o_tmpmemctx );
- if ( rc != LDAP_SUCCESS ) {
- return rc;
- }
-
- slapi_pblock_get( op->o_pb, SLAPI_SEARCH_SCOPE, (void **)&op->ors_scope );
- slapi_pblock_get( op->o_pb, SLAPI_SEARCH_DEREF, (void **)&op->ors_deref );
-
- Debug( LDAP_DEBUG_ARGS, " after compute_rewrite_search filter: %s\n",
- !BER_BVISEMPTY( &op->ors_filterstr ) ? op->ors_filterstr.bv_val : "empty", 0, 0 );
- }
-
- return LDAP_SUCCESS;
-}
-
-static void call_search_postop_plugins( Operation *op )
-{
- if ( slapi_int_call_plugins( op->o_bd, SLAPI_PLUGIN_POST_SEARCH_FN, op->o_pb ) < 0 ) {
- Debug(LDAP_DEBUG_TRACE, "call_search_postop_plugins: search postoperation plugins "
- "failed.\n", 0, 0, 0);
- }
-}
-
-#endif /* LDAP_SLAPI */
-
typedef int (BI_access_allowed) LDAP_P(( struct slap_op *op, Entry *e,
AttributeDescription *desc, struct berval *val, slap_access_t access,
AccessControlState *state, slap_mask_t *maskp ));
+typedef int (BI_acl_group) LDAP_P(( struct slap_op *op, Entry *target,
+ struct berval *gr_ndn, struct berval *op_ndn,
+ ObjectClass *group_oc, AttributeDescription *group_at ));
+typedef int (BI_acl_attribute) LDAP_P(( struct slap_op *op, Entry *target,
+ struct berval *entry_ndn, AttributeDescription *entry_at,
+ BerVarray *vals, slap_access_t access ));
#endif /* SLAP_OVERLAY_ACCESS */
typedef int (BI_connection_init) LDAP_P(( BackendDB *bd,
BI_has_subordinates *bi_has_subordinates;
#ifdef SLAP_OVERLAY_ACCESS
BI_access_allowed *bi_access_allowed;
+ BI_acl_group *bi_acl_group;
+ BI_acl_attribute *bi_acl_attribute;
#endif /* SLAP_OVERLAY_ACCESS */
BI_connection_init *bi_connection_init;
LIB_DEFS = -DSLAPI_LIBRARY
-SRCS= plugin.c slapi_pblock.c slapi_utils.c printmsg.c slapi_ops.c slapi_ext.c \
+SRCS= plugin.c slapi_pblock.c slapi_utils.c printmsg.c slapi_ops.c slapi_ext.c slapi_overlay.c \
$(@PLAT@_SRCS)
-OBJS= plugin.lo slapi_pblock.lo slapi_utils.lo printmsg.lo slapi_ops.lo slapi_ext.lo \
+OBJS= plugin.lo slapi_pblock.lo slapi_utils.lo printmsg.lo slapi_ops.lo slapi_ext.lo slapi_overlay.lo \
$(@PLAT@_SRCS)
XSRCS= version.c
fname, lineno );
return 1;
}
+
+ /* automatically instantiate overlay if necessary */
+ if ( !overlay_is_inst( be, "slapi" ) ) {
+ if ( overlay_config( be, "slapi" ) != 0 ) {
+ fprintf( stderr, "failed to instantiate SLAPI overlay\n");
+ return -1;
+ }
+ }
if ( strcasecmp( argv[1], "preoperation" ) == 0 ) {
iType = SLAPI_PLUGIN_PREOPERATION;
return -1;
}
- return 0;
+ return slapi_int_overlay_init();
}
-
/* Computed attribute support */
struct _computed_attr_context {
- /* slap_send_search_entry() argblock */
Slapi_PBlock *cac_pb;
- AttributeName *cac_attrs;
- int cac_attrsonly : 1;
- int cac_userattrs : 1;
- int cac_opattrs : 1;
- AccessControlState cac_acl_state;
- /* private data */
- void *cac_private;
+ Operation *cac_op;
+ AccessControlState *cac_acl_state;
+ void *cac_private;
};
/* for slapi_attr_type_cmp() */
}
static int
-slapi_int_pblock_get_connection( Slapi_PBlock *pb, Connection *conn )
+slapi_int_pblock_get_connection( Slapi_PBlock *pb, Operation *op )
{
char *connDn = NULL;
- Operation *op;
+ Connection *conn = op->o_conn;
slapi_pblock_get( pb, SLAPI_X_CONN_SSF, (void **)&conn->c_ssf );
slapi_pblock_get( pb, SLAPI_X_CONN_SASL_CONTEXT, (void **)&conn->c_sasl_authctx );
return rc;
}
- rc = slapi_int_pblock_get_connection( pb, op->o_conn );
- if ( rc != LDAP_SUCCESS ) {
- return rc;
- }
-
rc = slapi_int_pblock_get_backend( pb, op );
if ( rc != LDAP_SUCCESS ) {
return rc;
op->o_dn = op->o_ndn;
}
+ rc = slapi_int_pblock_get_connection( pb, op );
+ if ( rc != LDAP_SUCCESS ) {
+ return rc;
+ }
+
slapi_pblock_get( pb, SLAPI_REQCONTROLS, (void **)&controls );
rc = slapi_int_get_ctrls( op, rs, controls );
if ( rc != LDAP_SUCCESS ) {
--- /dev/null
+/* glue.c - backend glue overlay */
+/* $OpenLDAP$ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 2001-2005 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This work was initially developed by Luke Howard for inclusion
+ * in OpenLDAP Software.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+
+#include <ac/string.h>
+#include <ac/socket.h>
+
+#include "slap.h"
+#include "slapi.h"
+
+#ifdef LDAP_SLAPI
+
+static slap_overinst slapi;
+
+static int
+slapi_over_compute_output(
+ computed_attr_context *c,
+ Slapi_Attr *attribute,
+ Slapi_Entry *entry
+)
+{
+ int rc;
+ Attribute **a;
+ AttributeDescription *desc;
+ Operation *op = c->cac_op;
+ SlapReply *rs = (SlapReply *)c->cac_private;
+
+ if ( c == NULL || attribute == NULL || entry == NULL ) {
+ return 0;
+ }
+
+ assert( rs->sr_entry == entry );
+
+ desc = attribute->a_desc;
+
+ if ( rs->sr_attrs == NULL ) {
+ /* All attrs request, skip operational attributes */
+ if ( is_at_operational( desc->ad_type ) ) {
+ return 0;
+ }
+ } else {
+ /* Specific attributes requested */
+ if ( is_at_operational( desc->ad_type ) ) {
+ if ( !SLAP_OPATTRS( rs->sr_attr_flags ) &&
+ !ad_inlist( desc, rs->sr_attrs ) ) {
+ return 0;
+ }
+ } else {
+ if ( !SLAP_USERATTRS( rs->sr_attr_flags ) &&
+ !ad_inlist( desc, rs->sr_attrs ) ) {
+ return 0;
+ }
+ }
+ }
+
+ if ( !access_allowed( op, entry, desc, NULL, ACL_READ, c->cac_acl_state) ) {
+ slapi_log_error( SLAPI_LOG_ACL, "slapi_over_compute_output",
+ "acl: access to attribute %s not allowed\n",
+ desc->ad_cname.bv_val );
+ return 0;
+ }
+
+ for ( a = &rs->sr_operational_attrs; *a != NULL; a = &(*a)->a_next )
+ ;
+
+ *a = attr_dup( attribute );
+
+ return 0;
+}
+
+static int
+slapi_over_operational( Operation *op, SlapReply *rs )
+{
+ /* Support for computed attribute plugins */
+ computed_attr_context ctx;
+ AttributeName *anp;
+ AccessControlState acl_state = ACL_STATE_INIT;
+
+ ctx.cac_pb = op->o_pb;
+ ctx.cac_op = op;
+ ctx.cac_private = rs;
+ ctx.cac_acl_state = &acl_state;
+
+ if ( rs->sr_entry != NULL ) {
+ /*
+ * For each client requested attribute, call the plugins.
+ */
+ if ( rs->sr_attrs != NULL ) {
+ for ( anp = rs->sr_attrs; anp->an_name.bv_val != NULL; anp++ ) {
+ if ( compute_evaluator( &ctx, anp->an_name.bv_val,
+ rs->sr_entry, slapi_over_compute_output ) == 1 ) {
+ break;
+ }
+ }
+ } else {
+ /*
+ * Technically we shouldn't be returning operational attributes
+ * when the user requested only user attributes. We'll let the
+ * plugin decide whether to be naughty or not.
+ */
+ compute_evaluator( &ctx, "*", rs->sr_entry, slapi_over_compute_output );
+ }
+ }
+
+ return SLAP_CB_CONTINUE;
+}
+
+static int
+slapi_over_search( Operation *op, SlapReply *rs, int type )
+{
+ int rc;
+ Slapi_PBlock *pb;
+
+ pb = slapi_pblock_new();
+
+ slapi_int_pblock_set_operation( pb, op );
+ slapi_pblock_set( pb, SLAPI_RESCONTROLS, (void *)rs->sr_ctrls );
+ slapi_pblock_set( pb, SLAPI_SEARCH_RESULT_ENTRY, (void *)rs->sr_entry );
+
+ rc = slapi_int_call_plugins( op->o_bd, type, pb );
+ if ( rc == 0 )
+ rc = SLAP_CB_CONTINUE;
+
+ if ( rs->sr_type == REP_SEARCH ) {
+ /* XXX we shouldn't need this here */
+ slapi_over_operational( op, rs );
+ }
+
+ slapi_pblock_set( op->o_pb, SLAPI_RESCONTROLS, NULL );
+ slapi_pblock_destroy(pb);
+
+ return rc;
+}
+
+static int
+slapi_over_merge_controls( Operation *op, SlapReply *rs, Slapi_PBlock *pb)
+{
+ LDAPControl **slapiControls = NULL, **resControls;
+ int nSlapiControls = 0;
+ int nResControls = 0;
+ int i;
+
+ /* merge in controls */
+ if ( rs->sr_ctrls != NULL ) {
+ for ( nResControls = 0; rs->sr_ctrls[nResControls] != NULL; nResControls++ )
+ ;
+ }
+ slapi_pblock_get( op->o_pb, SLAPI_RESCONTROLS, (void **)&slapiControls );
+ if ( slapiControls != NULL ) {
+ for ( nSlapiControls = 0; slapiControls[nSlapiControls] != NULL; nSlapiControls++ )
+ ;
+ }
+
+ /* XXX this is a bit tricky, rs->sr_ctrls may have been allocated on stack */
+ resControls = (LDAPControl **)op->o_tmpalloc( ( nResControls + nSlapiControls + 1 ) *
+ sizeof( LDAPControl *), op->o_tmpmemctx );
+ if ( resControls == NULL ) {
+ return LDAP_OTHER;
+ }
+
+ if ( rs->sr_ctrls != NULL ) {
+ for ( i = 0; i < nResControls; i++ )
+ resControls[i] = rs->sr_ctrls[i];
+ }
+ if ( slapiControls != NULL ) {
+ for ( i = 0; i < nSlapiControls; i++ )
+ resControls[nResControls + i] = slapiControls[i];
+ }
+ resControls[nResControls + nSlapiControls] = NULL;
+
+ if ( slapiControls != NULL ) {
+ slapi_ch_free( (void **)&slapiControls );
+ slapi_pblock_set( op->o_pb, SLAPI_RESCONTROLS, NULL ); /* don't free */
+ }
+
+ rs->sr_ctrls = resControls;
+
+ return LDAP_SUCCESS;
+}
+
+static int
+slapi_over_result( Operation *op, SlapReply *rs )
+{
+ int rc;
+
+ slapi_pblock_set( op->o_pb, SLAPI_RESULT_CODE, (void *)rs->sr_err );
+ slapi_pblock_set( op->o_pb, SLAPI_RESULT_TEXT, (void *)rs->sr_text );
+ slapi_pblock_set( op->o_pb, SLAPI_RESULT_MATCHED, (void *)rs->sr_matched );
+
+ rc = slapi_int_call_plugins( op->o_bd, SLAPI_PLUGIN_PRE_RESULT_FN, op->o_pb );
+ if ( rc < 0 ) {
+ return rc;
+ }
+
+ slapi_pblock_get( op->o_pb, SLAPI_RESULT_CODE, (void **)&rs->sr_err );
+ slapi_pblock_get( op->o_pb, SLAPI_RESULT_TEXT, (void **)&rs->sr_text );
+ slapi_pblock_get( op->o_pb, SLAPI_RESULT_MATCHED, (void **)&rs->sr_matched );
+
+ if ( rc == 0 ) {
+ rc = slapi_over_merge_controls( op, rs, op->o_pb );
+ }
+
+ if ( rc == 0 )
+ rc = SLAP_CB_CONTINUE;
+
+ return rc;
+}
+
+static int
+slapi_op_add_init( Operation *op, SlapReply *rs, Slapi_PBlock *pb )
+{
+ slapi_pblock_set( pb, SLAPI_ADD_ENTRY, (void *)op->ora_e );
+
+ return LDAP_SUCCESS;
+}
+
+static int
+slapi_op_bind_init( Operation *op, SlapReply *rs, Slapi_PBlock *pb )
+{
+ slapi_pblock_set( pb, SLAPI_BIND_TARGET, (void *)op->o_req_dn.bv_val );
+ slapi_pblock_set( pb, SLAPI_BIND_METHOD, (void *)op->orb_method );
+ slapi_pblock_set( pb, SLAPI_BIND_CREDENTIALS, (void *)&op->orb_cred );
+ slapi_pblock_set( pb, SLAPI_CONN_DN, NULL );
+
+ return LDAP_SUCCESS;
+}
+
+static int
+slapi_op_bind_callback( Operation *op, SlapReply *rs, Slapi_PBlock *pb )
+{
+ int rc = rs->sr_err;
+
+ switch ( rc ) {
+ case SLAPI_BIND_SUCCESS:
+ /* Continue with backend processing */
+ break;
+ case SLAPI_BIND_FAIL:
+ /* Failure, frontend (that's us) sends result */
+ rs->sr_err = LDAP_INVALID_CREDENTIALS;
+ send_ldap_result( op, rs );
+ return rs->sr_err;
+ break;
+ case SLAPI_BIND_ANONYMOUS: /* undocumented */
+ default:
+ /*
+ * Plugin sent authoritative result or no plugins were called
+ */
+ if ( slapi_pblock_get( pb, SLAPI_RESULT_CODE, (void **)&rs->sr_err ) != 0 ) {
+ rs->sr_err = LDAP_OTHER;
+ }
+
+ BER_BVZERO( &op->orb_edn );
+
+ if ( rs->sr_err == LDAP_SUCCESS ) {
+ slapi_pblock_get( pb, SLAPI_CONN_DN, (void *)&op->orb_edn.bv_val );
+ if ( BER_BVISNULL( &op->orb_edn ) ) {
+ if ( rc == 1 ) {
+ /* No plugins were called; continue processing */
+ return LDAP_SUCCESS;
+ }
+ } else {
+ op->orb_edn.bv_len = strlen( op->orb_edn.bv_val );
+ }
+ rs->sr_err = dnPrettyNormal( NULL, &op->orb_edn,
+ &op->o_req_dn, &op->o_req_ndn, op->o_tmpmemctx );
+ ldap_pvt_thread_mutex_lock( &op->o_conn->c_mutex );
+ ber_dupbv(&op->o_conn->c_dn, &op->o_req_dn);
+ ber_dupbv(&op->o_conn->c_ndn, &op->o_req_ndn);
+ op->o_tmpfree( op->o_req_dn.bv_val, op->o_tmpmemctx );
+ BER_BVZERO( &op->o_req_dn );
+ op->o_tmpfree( op->o_req_ndn.bv_val, op->o_tmpmemctx );
+ BER_BVZERO( &op->o_req_ndn );
+ if ( !BER_BVISEMPTY( &op->o_conn->c_dn ) ) {
+ ber_len_t max = sockbuf_max_incoming_auth;
+ ber_sockbuf_ctrl( op->o_conn->c_sb,
+ LBER_SB_OPT_SET_MAX_INCOMING, &max );
+ }
+ /* log authorization identity */
+ Statslog( LDAP_DEBUG_STATS,
+ "%s BIND dn=\"%s\" mech=%s (SLAPI) ssf=0\n",
+ op->o_log_prefix,
+ BER_BVISNULL( &op->o_conn->c_dn )
+ ? "<empty>" : op->o_conn->c_dn.bv_val,
+ op->orb_tmp_mech.bv_val, 0, 0 );
+
+ return -1;
+ }
+ break;
+ }
+
+ return rc;
+}
+
+static int
+slapi_op_compare_init( Operation *op, SlapReply *rs, Slapi_PBlock *pb )
+{
+ slapi_pblock_set( pb, SLAPI_COMPARE_TYPE, (void *)op->orc_ava->aa_desc->ad_cname.bv_val );
+ slapi_pblock_set( pb, SLAPI_COMPARE_VALUE, (void *)&op->orc_ava->aa_value );
+
+ return LDAP_SUCCESS;
+}
+
+static int
+slapi_op_modify_init( Operation *op, SlapReply *rs, Slapi_PBlock *pb )
+{
+ LDAPMod **modv = NULL;
+
+ modv = slapi_int_modifications2ldapmods( &op->orm_modlist );
+ slapi_pblock_set( pb, SLAPI_MODIFY_MODS, (void *)modv );
+
+ return LDAP_SUCCESS;
+}
+
+static int
+slapi_op_modify_callback( Operation *op, SlapReply *rs, Slapi_PBlock *pb )
+{
+ LDAPMod **modv = NULL;
+
+ /* check preoperation result code */
+ if ( rs->sr_err < 0 ) {
+ slapi_pblock_get( pb, SLAPI_RESULT_CODE, (void **)&rs->sr_err );
+ return rs->sr_err;
+ }
+
+ /*
+ * NB: it is valid for the plugin to return no modifications
+ * (for example, a plugin might store some attributes elsewhere
+ * and remove them from the modification list; if only those
+ * attribute types were included in the modification request,
+ * then slapi_int_ldapmods2modifications() above will return
+ * NULL).
+ *
+ * However, the post-operation plugin should still be
+ * called.
+ */
+
+ slapi_pblock_get( pb, SLAPI_MODIFY_MODS, (void **)&modv );
+ op->orm_modlist = slapi_int_ldapmods2modifications( modv );
+
+ return LDAP_SUCCESS;
+}
+
+static int
+slapi_op_modify_cleanup( Operation *op, SlapReply *rs, Slapi_PBlock *pb )
+{
+ LDAPMod **modv = NULL;
+
+ slapi_pblock_get( pb, SLAPI_MODIFY_MODS, (void **)&modv );
+
+ if ( modv != NULL )
+ slapi_int_free_ldapmods( modv );
+
+ return LDAP_SUCCESS;
+}
+
+static int
+slapi_op_modrdn_init( Operation *op, SlapReply *rs, Slapi_PBlock *pb )
+{
+ slapi_pblock_set( pb, SLAPI_MODRDN_NEWRDN, (void *)op->orr_newrdn.bv_val );
+ slapi_pblock_set( pb, SLAPI_MODRDN_NEWSUPERIOR, (void *)op->orr_newSup->bv_val );
+ slapi_pblock_set( pb, SLAPI_MODRDN_DELOLDRDN, (void *)op->orr_deleteoldrdn );
+
+ return LDAP_SUCCESS;
+}
+
+static int
+slapi_op_search_init( Operation *op, SlapReply *rs, Slapi_PBlock *pb )
+{
+ char **attrs;
+
+ attrs = anlist2charray_x( op->ors_attrs, 0, op->o_tmpmemctx );
+
+ slapi_pblock_set( pb, SLAPI_SEARCH_SCOPE, (void *)op->ors_scope );
+ slapi_pblock_set( pb, SLAPI_SEARCH_DEREF, (void *)op->ors_deref );
+ slapi_pblock_set( pb, SLAPI_SEARCH_SIZELIMIT, (void *)op->ors_slimit );
+ slapi_pblock_set( pb, SLAPI_SEARCH_TIMELIMIT, (void *)op->ors_tlimit );
+ slapi_pblock_set( pb, SLAPI_SEARCH_FILTER, (void *)op->ors_filter );
+ slapi_pblock_set( pb, SLAPI_SEARCH_STRFILTER, (void *)op->ors_filterstr.bv_val );
+ slapi_pblock_set( pb, SLAPI_SEARCH_ATTRS, (void *)attrs );
+ slapi_pblock_set( pb, SLAPI_SEARCH_ATTRSONLY, (void *)op->ors_attrsonly );
+
+ return LDAP_SUCCESS;
+}
+
+static int
+slapi_op_search_callback( Operation *op, SlapReply *rs, Slapi_PBlock *pb )
+{
+ /* check preoperation result code */
+ if ( rs->sr_err < 0 ) {
+ slapi_pblock_get( pb, SLAPI_RESULT_CODE, (void **)&rs->sr_err );
+ return rs->sr_err;
+ }
+
+ if ( slapi_int_call_plugins( op->o_bd, SLAPI_PLUGIN_COMPUTE_SEARCH_REWRITER_FN, pb ) != 0 ) {
+ return LDAP_SUCCESS;
+ }
+
+ /*
+ * The plugin can set the SLAPI_SEARCH_FILTER.
+ * SLAPI_SEARCH_STRFILER is not normative.
+ */
+ slapi_pblock_get( pb, SLAPI_SEARCH_FILTER, (void *)&op->ors_filter );
+ op->o_tmpfree( op->ors_filterstr.bv_val, op->o_tmpmemctx );
+ filter2bv_x( op, op->ors_filter, &op->ors_filterstr );
+
+ slapi_pblock_get( pb, SLAPI_SEARCH_TARGET, (void **)&op->o_req_dn.bv_val );
+ op->o_req_dn.bv_len = strlen( op->o_req_dn.bv_val );
+
+ if( !BER_BVISNULL( &op->o_req_ndn ) ) {
+ slap_sl_free( op->o_req_ndn.bv_val, op->o_tmpmemctx );
+ }
+ rs->sr_err = dnNormalize( 0, NULL, NULL, &op->o_req_dn, &op->o_req_ndn,
+ op->o_tmpmemctx );
+ if ( rs->sr_err != LDAP_SUCCESS ) {
+ send_ldap_result( op, rs );
+ return rs->sr_err;
+ }
+
+ slapi_pblock_get( pb, SLAPI_SEARCH_SCOPE, (void **)&op->ors_scope );
+ slapi_pblock_get( pb, SLAPI_SEARCH_DEREF, (void **)&op->ors_deref );
+
+ return LDAP_SUCCESS;
+}
+
+static int
+slapi_op_search_cleanup( Operation *op, SlapReply *rs, Slapi_PBlock *pb )
+{
+ char **attrs = NULL;
+
+ slapi_pblock_get( pb, SLAPI_SEARCH_ATTRS, (void *)&attrs );
+
+ if ( attrs != NULL )
+ op->o_tmpfree( attrs, op->o_tmpmemctx );
+
+ return LDAP_SUCCESS;
+}
+
+typedef int (slapi_over_callback)( Operation *, SlapReply *rs, Slapi_PBlock * );
+
+struct slapi_op_info {
+ int soi_preop;
+ int soi_postop;
+ slapi_over_callback *soi_init;
+ slapi_over_callback *soi_callback;
+ slapi_over_callback *soi_cleanup;
+} slapi_op_dispatch_table[] = {
+ {
+ SLAPI_PLUGIN_PRE_BIND_FN,
+ SLAPI_PLUGIN_POST_BIND_FN,
+ slapi_op_bind_init,
+ slapi_op_bind_callback,
+ NULL
+ },
+ {
+ SLAPI_PLUGIN_PRE_UNBIND_FN, /* UNBIND */
+ SLAPI_PLUGIN_POST_UNBIND_FN,
+ NULL,
+ NULL,
+ NULL
+ },
+ {
+ SLAPI_PLUGIN_PRE_SEARCH_FN,
+ SLAPI_PLUGIN_POST_SEARCH_FN,
+ slapi_op_search_init,
+ slapi_op_search_callback,
+ slapi_op_search_cleanup
+ },
+ {
+ SLAPI_PLUGIN_PRE_COMPARE_FN,
+ SLAPI_PLUGIN_POST_COMPARE_FN,
+ slapi_op_compare_init,
+ NULL,
+ NULL
+ },
+ {
+ SLAPI_PLUGIN_PRE_MODIFY_FN,
+ SLAPI_PLUGIN_POST_MODIFY_FN,
+ slapi_op_modify_init,
+ slapi_op_modify_callback,
+ slapi_op_modify_cleanup
+ },
+ {
+ SLAPI_PLUGIN_PRE_MODRDN_FN,
+ SLAPI_PLUGIN_POST_MODRDN_FN,
+ slapi_op_modrdn_init,
+ NULL,
+ NULL
+ },
+ {
+ SLAPI_PLUGIN_PRE_ADD_FN,
+ SLAPI_PLUGIN_POST_ADD_FN,
+ slapi_op_add_init,
+ NULL,
+ NULL
+ },
+ {
+ SLAPI_PLUGIN_PRE_DELETE_FN,
+ SLAPI_PLUGIN_POST_DELETE_FN,
+ NULL,
+ NULL,
+ NULL
+ },
+ {
+ SLAPI_PLUGIN_PRE_ABANDON_FN,
+ SLAPI_PLUGIN_POST_ABANDON_FN,
+ NULL,
+ NULL,
+ NULL
+ },
+ {
+ 0,
+ 0,
+ NULL,
+ NULL,
+ NULL
+ }
+};
+
+slap_operation_t
+slapi_tag2op( ber_tag_t tag )
+{
+ slap_operation_t op;
+
+ switch ( tag ) {
+ case LDAP_REQ_BIND:
+ op = op_bind;
+ break;
+ case LDAP_REQ_ADD:
+ op = op_add;
+ break;
+ case LDAP_REQ_DELETE:
+ op = op_compare;
+ break;
+ case LDAP_REQ_MODRDN:
+ op = op_modrdn;
+ break;
+ case LDAP_REQ_MODIFY:
+ op = op_modify;
+ break;
+ case LDAP_REQ_COMPARE:
+ op = op_compare;
+ break;
+ case LDAP_REQ_SEARCH:
+ op = op_search;
+ break;
+ case LDAP_REQ_UNBIND:
+ op = op_unbind;
+ break;
+ default:
+ op = op_last;
+ break;
+ }
+
+ return op;
+}
+
+static int
+slapi_op_response( Operation *op, SlapReply *rs )
+{
+ int rc;
+
+ switch ( rs->sr_type ) {
+ case REP_RESULT:
+ rc = slapi_over_result( op, rs );
+ break;
+ case REP_SEARCH:
+ rc = slapi_over_search( op, rs, SLAPI_PLUGIN_PRE_ENTRY_FN );
+ break;
+ case REP_SEARCHREF:
+ rc = slapi_over_search( op, rs, SLAPI_PLUGIN_PRE_REFERRAL_FN );
+ break;
+ default:
+ rc = SLAP_CB_CONTINUE;
+ break;
+ }
+
+ return rc;
+}
+
+static int
+slapi_op_cleanup( Operation *op, SlapReply *rs )
+{
+ struct slapi_op_info *opinfo;
+ Slapi_PBlock *pb = op->o_pb;
+
+ assert( pb != NULL );
+
+ if ( rs->sr_type != REP_RESULT ) {
+ return SLAP_CB_CONTINUE;
+ }
+
+ opinfo = (struct slapi_op_info *)op->o_callback->sc_private;
+
+ /* call post-operation plugins */
+ slapi_int_call_plugins( op->o_bd, opinfo->soi_postop, pb );
+
+ if ( opinfo->soi_cleanup != NULL ) {
+ (opinfo->soi_cleanup)( op, rs, pb );
+ }
+
+ return SLAP_CB_CONTINUE;
+}
+
+static int
+slapi_op_func( Operation *op, SlapReply *rs )
+{
+ Slapi_PBlock *pb = op->o_pb;
+ slap_operation_t which;
+ struct slapi_op_info *opinfo;
+ int rc, flags = 0;
+ slap_overinfo *oi;
+ slap_overinst *on;
+ slap_callback *cb;
+
+ /*
+ * We check for op->o_extensions to verify that we are not
+ * processing a SLAPI internal operation. XXX
+ */
+ if ( op->o_pb == NULL || op->o_extensions == NULL ) {
+ return SLAP_CB_CONTINUE;
+ }
+
+ /*
+ * Find the SLAPI operation information for this LDAP
+ * operation; this will contain the preop and postop
+ * plugin types, as well as any additional information
+ * we need to complete.
+ */
+ which = slapi_tag2op( op->o_tag );
+ if ( which >= op_last ) {
+ return SLAP_CB_CONTINUE;
+ }
+
+ opinfo = &slapi_op_dispatch_table[which];
+ if ( opinfo == NULL || opinfo->soi_preop == 0 ) {
+ return SLAP_CB_CONTINUE;
+ }
+
+ slapi_int_pblock_set_operation( pb, op );
+
+ /*
+ * soi_init is responsible for setting any operation-specific
+ * pblock parameters ("pre-preoperation plugin")
+ */
+ if ( opinfo->soi_init != NULL ) {
+ rs->sr_err = (opinfo->soi_init)( op, rs, pb );
+ if ( rs->sr_err != LDAP_SUCCESS )
+ return rs->sr_err;
+ }
+
+ /*
+ * Call preoperation plugins
+ */
+ rs->sr_err = slapi_int_call_plugins( op->o_bd, opinfo->soi_preop, pb );
+
+ /*
+ * Setup callback so postoperation plugins will get called;
+ * don't do this before, because if a preop plugin fails then
+ * the postop plugin shouldn't be called
+ */
+ cb = op->o_tmpcalloc(1, sizeof(slap_callback), op->o_tmpmemctx);
+ cb->sc_response = slapi_op_response;
+ cb->sc_cleanup = slapi_op_cleanup;
+ cb->sc_private = opinfo;
+ cb->sc_next = op->o_callback;
+ op->o_callback = cb;
+
+ /*
+ * soi_callback is responsible for examining the result code
+ * of the preoperation plugin and determining whether to
+ * abort. This is needed because of special SLAPI behaviour
+ * with bind preoperation plugins.
+ *
+ * The soi_callback function is also used to reset any values
+ * returned from the preoperation plugin before calling the
+ * backend (for the success case).
+ */
+ if ( opinfo->soi_callback == NULL ) {
+ if ( rs->sr_err < 0 ) {
+ slapi_pblock_get( pb, SLAPI_RESULT_CODE, (void **)&rs->sr_err );
+ return rs->sr_err;
+ }
+ } else {
+ rc = (opinfo->soi_callback)( op, rs, pb );
+ if ( rc )
+ return rs->sr_err;
+ }
+
+ if ( rs->sr_err == 0 ) {
+ rs->sr_err = SLAP_CB_CONTINUE;
+ }
+
+ return rs->sr_err;
+}
+
+static int
+slapi_over_extended( Operation *op, SlapReply *rs )
+{
+ Slapi_PBlock *pb = op->o_pb;
+ SLAPI_FUNC callback;
+ int sentResult = 0;
+ int rc;
+ struct berval reqdata = BER_BVNULL;
+
+ slapi_int_get_extop_plugin( &op->ore_reqoid, &callback );
+ if ( callback == NULL ) {
+ return SLAP_CB_CONTINUE;
+ }
+
+ slapi_int_pblock_set_operation( pb, op );
+
+ if ( op->ore_reqdata != NULL ) {
+ reqdata = *op->ore_reqdata;
+ }
+
+ slapi_pblock_set( pb, SLAPI_EXT_OP_REQ_OID, (void *)op->ore_reqoid.bv_val);
+ slapi_pblock_set( pb, SLAPI_EXT_OP_REQ_VALUE, (void *)&reqdata);
+
+ rc = (*callback)( pb );
+ if ( rc == SLAPI_PLUGIN_EXTENDED_SENT_RESULT ) {
+ return rc;
+ } else if ( rc == SLAPI_PLUGIN_EXTENDED_NOT_HANDLED ) {
+ return SLAP_CB_CONTINUE;
+ }
+
+ slapi_pblock_get( pb, SLAPI_EXT_OP_RET_OID, (void **)&rs->sr_rspoid );
+ slapi_pblock_get( pb, SLAPI_EXT_OP_RET_VALUE, (void **)&rs->sr_rspdata );
+
+ rs->sr_err = rc;
+ send_ldap_extended( op, rs );
+
+ if ( rs->sr_rspoid != NULL )
+ slapi_ch_free_string( (char **)&rs->sr_rspoid );
+
+ if ( rs->sr_rspdata != NULL )
+ ber_bvfree( rs->sr_rspdata );
+
+ return rs->sr_err;
+}
+
+static int
+slapi_over_access_allowed(
+ Operation *op,
+ Entry *e,
+ AttributeDescription *desc,
+ struct berval *val,
+ slap_access_t access,
+ AccessControlState *state,
+ slap_mask_t *maskp )
+{
+ int rc;
+
+ rc = slapi_int_access_allowed( op, e, desc, val, access, state );
+ if ( rc != 0 )
+ rc = SLAP_CB_CONTINUE;
+
+ return rc;
+}
+
+#if 0
+static int
+slapi_over_acl_group(
+ Operation *op,
+ Entry *target,
+ struct berval *gr_ndn,
+ struct berval *op_ndn,
+ ObjectClass *group_oc,
+ AttributeDescription *group_at )
+{
+ slapi_pblock_set( op->o_pb, SLAPI_X_GROUP_ENTRY, (void *)e );
+ slapi_pblock_set( op->o_pb, SLAPI_X_GROUP_OPERATION_DN, (void *)op_ndn->bv_val );
+ slapi_pblock_set( op->o_pb, SLAPI_X_GROUP_ATTRIBUTE, (void *)group_at->ad_cname.bv_val );
+ slapi_pblock_set( op->o_pb, SLAPI_X_GROUP_TARGET_ENTRY, (void *)target );
+}
+
+static int
+slapi_over_compute_output_attr_access(computed_attr_context *c, Slapi_Attr *a, Slapi_Entry *e)
+{
+ struct berval *nval = (struct berval *)c->cac_private;
+
+ return access_allowed( c->cac_op, e, a->a_desc, nval, ACL_AUTH, NULL ) == 0;
+}
+
+static int
+slapi_over_acl_attribute(
+ Operation *op,
+ Entry *target,
+ struct berval *entry_ndn,
+ AttributeDescription *entry_at,
+ BerVarray *vals,
+ slap_access_t access )
+{
+ computed_attr_context ctx;
+
+ ctx.cac_pb = op->o_pb;
+ ctx.cac_op = op;
+ ctx.cac_acl_state = NULL;
+ ctx.cac_private = nval;
+}
+#endif
+
+int
+slapi_int_overlay_init()
+{
+ memset( &slapi, 0, sizeof(slapi) );
+
+ slapi.on_bi.bi_type = "slapi";
+
+ slapi.on_bi.bi_op_bind = slapi_op_func;
+ slapi.on_bi.bi_op_unbind = slapi_op_func;
+ slapi.on_bi.bi_op_search = slapi_op_func;
+ slapi.on_bi.bi_op_compare = slapi_op_func;
+ slapi.on_bi.bi_op_modify = slapi_op_func;
+ slapi.on_bi.bi_op_modrdn = slapi_op_func;
+ slapi.on_bi.bi_op_add = slapi_op_func;
+ slapi.on_bi.bi_op_delete = slapi_op_func;
+ slapi.on_bi.bi_op_abandon = slapi_op_func;
+ slapi.on_bi.bi_op_cancel = slapi_op_func;
+
+ slapi.on_bi.bi_extended = slapi_over_extended;
+ slapi.on_bi.bi_access_allowed = slapi_over_access_allowed;
+ slapi.on_bi.bi_operational = slapi_over_operational;
+
+ return overlay_register( &slapi );
+}
+
+#endif /* LDAP_SLAPI */
if ( rc != LDAP_SUCCESS )
return rc;
+ rc = slapi_pblock_set( pb, SLAPI_TARGET_DN, (void *)op->o_req_dn.bv_val );
+ if ( rc != LDAP_SUCCESS )
+ return rc;
+
+ rc = slapi_pblock_set( pb, SLAPI_MANAGEDSAIT, (void *)get_manageDSAit( op ) );
+ if ( rc != LDAP_SUCCESS )
+ return rc;
+
rc = slapi_pblock_get( pb, SLAPI_CONN_AUTHMETHOD, (void *)&opAuthType );
if ( rc == LDAP_SUCCESS && opAuthType != NULL ) {
/* Not quite sure what the point of this is. */
* useful thing indeed.
*/
-/*
- * Write the computed attribute to a BerElement. Complementary
- * functions need to be defined for anything that replaces
- * op->o_callback->sc_sendentry, if you wish to make computed
- * attributes available to it.
- */
-int slapi_int_compute_output_ber(computed_attr_context *c, Slapi_Attr *a, Slapi_Entry *e)
-{
-#ifdef LDAP_SLAPI
- Operation *op = NULL;
- BerElement *ber;
- AttributeDescription *desc = NULL;
- int rc;
- int i;
-
- if ( c == NULL ) {
- return 1;
- }
-
- if ( a == NULL ) {
- return 1;
- }
-
- if ( e == NULL ) {
- return 1;
- }
-
- rc = slapi_pblock_get( c->cac_pb, SLAPI_OPERATION, (void *)&op );
- if ( rc != 0 || op == NULL ) {
- return rc;
- }
-
- ber = (BerElement *)c->cac_private;
- desc = a->a_desc;
-
- if ( c->cac_attrs == NULL ) {
- /* All attrs request, skip operational attributes */
- if ( is_at_operational( desc->ad_type ) ) {
- return 0;
- }
- } else {
- /* Specific attrs requested */
- if ( is_at_operational( desc->ad_type ) ) {
- if ( !c->cac_opattrs && !ad_inlist( desc, c->cac_attrs ) ) {
- return 0;
- }
- } else {
- if ( !c->cac_userattrs && !ad_inlist( desc, c->cac_attrs ) ) {
- return 0;
- }
- }
- }
-
- if ( !access_allowed( op, e, desc, NULL, ACL_READ, &c->cac_acl_state) ) {
- slapi_log_error( SLAPI_LOG_ACL, "slapi_int_compute_output_ber",
- "acl: access to attribute %s not allowed\n",
- desc->ad_cname.bv_val );
- return 0;
- }
-
- rc = ber_printf( ber, "{O[" /*]}*/ , &desc->ad_cname );
- if (rc == -1 ) {
- slapi_log_error( SLAPI_LOG_BER, "slapi_int_compute_output_ber",
- "ber_printf failed\n");
- return 1;
- }
-
- if ( !c->cac_attrsonly && a->a_vals != NULL ) {
- for ( i = 0; a->a_vals[i].bv_val != NULL; i++ ) {
- if ( !access_allowed( op, e,
- desc, &a->a_vals[i], ACL_READ, &c->cac_acl_state)) {
- slapi_log_error( SLAPI_LOG_ACL, "slapi_int_compute_output_ber",
- "conn %lu "
- "acl: access to %s, value %d not allowed\n",
- op->o_connid, desc->ad_cname.bv_val, i );
- continue;
- }
-
- if (( rc = ber_printf( ber, "O", &a->a_vals[i] )) == -1 ) {
- slapi_log_error( SLAPI_LOG_BER, "slapi_int_compute_output_ber",
- "ber_printf failed\n");
- return 1;
- }
- }
- }
-
- if (( rc = ber_printf( ber, /*{[*/ "]N}" )) == -1 ) {
- slapi_log_error( SLAPI_LOG_BER, "slapi_int_compute_output_ber",
- "ber_printf failed\n" );
- return 1;
- }
-
- return 0;
-#else
- return 1;
-#endif
-}
-
/*
* For some reason Sun don't use the normal plugin mechanism
* registration path to register an "evaluator" function (an
projects / openldap / commitdiff