From: Kurt Zeilenga Date: Sat, 4 Sep 2004 01:17:53 +0000 (+0000) Subject: SLAPI updates (blind commit) X-Git-Tag: OPENLDAP_REL_ENG_2_2_16~5 X-Git-Url: https://git.sur5r.net/?a=commitdiff_plain;h=cb4dd1a14fb2fd135c5e1f5aa8abe27362931751;p=openldap SLAPI updates (blind commit) --- diff --git a/CHANGES b/CHANGES index 704113dc55..be496be070 100644 --- a/CHANGES +++ b/CHANGES @@ -22,6 +22,7 @@ OpenLDAP 2.2.16 Engineering Fixed back-monitor syncrepl bug (ITS#3265) Fixed slurpd replog error message bug (ITS#3275) Added slapd syncrepl exattrs (ITS#3289) + Updated slapd SLAPI Updated LDAP C++ library Documentation Updated provided RFCs and I-Ds diff --git a/include/slapi-plugin.h b/include/slapi-plugin.h index d21c5471c6..e68e123adb 100644 --- a/include/slapi-plugin.h +++ b/include/slapi-plugin.h @@ -143,6 +143,7 @@ int slapi_valueset_next_value( Slapi_ValueSet *vs, int index, Slapi_Value **v); int slapi_valueset_count( const Slapi_ValueSet *vs); void slapi_valueset_set_valueset(Slapi_ValueSet *vs1, const Slapi_ValueSet *vs2); +/* locks and synchronization */ typedef struct slapi_mutex Slapi_Mutex; typedef struct slapi_condvar Slapi_CondVar; Slapi_Mutex *slapi_new_mutex( void ); @@ -154,6 +155,10 @@ void slapi_destroy_condvar( Slapi_CondVar *cvar ); int slapi_wait_condvar( Slapi_CondVar *cvar, struct timeval *timeout ); int slapi_notify_condvar( Slapi_CondVar *cvar, int notify_all ); +/* thread-safe LDAP connections */ +LDAP *slapi_ldap_init( char *ldaphost, int ldapport, int secure, int shared ); +void slapi_ldap_unbind( LDAP *ld ); + char *slapi_ch_malloc( unsigned long size ); void slapi_ch_free( void **ptr ); void slapi_ch_free_string( char **ptr ); @@ -499,12 +504,21 @@ void slapi_set_object_extension(int objecttype, void *object, #define SLAPI_RESULT_TEXT 882 #define SLAPI_RESULT_MATCHED 883 +/* managedsait control */ +#define SLAPI_MANAGEDSAIT 1000 + /* audit plugin defines */ #define SLAPI_PLUGIN_AUDIT_DATA 1100 #define SLAPI_PLUGIN_AUDIT_FN 1101 -/* managedsait control */ -#define SLAPI_MANAGEDSAIT 1000 +/* backend_group extension */ +#define SLAPI_X_PLUGIN_PRE_GROUP_FN 1202 +#define SLAPI_X_PLUGIN_POST_GROUP_FN 1203 + +#define SLAPI_X_GROUP_ENTRY 1250 /* group entry */ +#define SLAPI_X_GROUP_ATTRIBUTE 1251 /* member attribute */ +#define SLAPI_X_GROUP_OPERATION_DN 1252 /* asserted value */ +#define SLAPI_X_GROUP_TARGET_ENTRY 1253 /* target entry */ /* config stuff */ #define SLAPI_CONFIG_FILENAME 40 diff --git a/servers/slapd/backend.c b/servers/slapd/backend.c index 6369dffc33..823436a33a 100644 --- a/servers/slapd/backend.c +++ b/servers/slapd/backend.c @@ -41,7 +41,12 @@ #ifdef LDAP_SLAPI #include "slapi/slapi.h" -#endif + +static void init_group_pblock( Operation *op, Entry *target, + Entry *e, struct berval *op_ndn, AttributeDescription *group_at ); +static int call_group_preop_plugins( Operation *op ); +static void call_group_postop_plugins( Operation *op ); +#endif /* LDAP_SLAPI */ /* * If a module is configured as dynamic, its header should not @@ -1298,6 +1303,17 @@ backend_group( rc = be_entry_get_rw(op, gr_ndn, group_oc, group_at, 0, &e ); } if ( e ) { +#ifdef LDAP_SLAPI + if ( op->o_pb != NULL ) { + init_group_pblock( op, target, e, op_ndn, group_at ); + + rc = call_group_preop_plugins( op ); + if ( rc == LDAP_SUCCESS ) { + goto done; + } + } +#endif /* LDAP_SLAPI */ + a = attr_find( e->e_attrs, group_at ); if ( a ) { /* If the attribute is a subtype of labeledURI, treat this as @@ -1399,6 +1415,10 @@ loopit: rc = LDAP_NO_SUCH_OBJECT; } +#ifdef LDAP_SLAPI + if ( op->o_pb ) call_group_postop_plugins( op ); +#endif /* LDAP_SLAPI */ + if ( op->o_tag != LDAP_REQ_BIND && !op->o_do_not_cache ) { g = op->o_tmpalloc(sizeof(GroupAssertion) + gr_ndn->bv_len, op->o_tmpmemctx); @@ -1416,6 +1436,57 @@ done: return rc; } +#ifdef LDAP_SLAPI +static int backend_compute_output_attr(computed_attr_context *c, Slapi_Attr *a, Slapi_Entry *e) +{ + BerVarray v; + int rc; + BerVarray *vals = (BerVarray *)c->cac_private; + Operation *op = NULL; + int i, j; + + slapi_pblock_get( c->cac_pb, SLAPI_OPERATION, &op ); + if ( op == NULL ) { + return 1; + } + + if ( op->o_conn && access_allowed( op, + e, a->a_desc, NULL, ACL_AUTH, + &c->cac_acl_state ) == 0 ) { + return 1; + } + + for ( i=0; a->a_vals[i].bv_val; i++ ) ; + + v = op->o_tmpalloc( sizeof(struct berval) * (i+1), + op->o_tmpmemctx ); + for ( i=0,j=0; a->a_vals[i].bv_val; i++ ) { + if ( op->o_conn && access_allowed( op, + e, a->a_desc, + &a->a_nvals[i], + ACL_AUTH, &c->cac_acl_state ) == 0 ) { + continue; + } + ber_dupbv_x( &v[j], + &a->a_nvals[i], op->o_tmpmemctx ); + if (v[j].bv_val ) j++; + } + + if (j == 0) { + op->o_tmpfree( v, op->o_tmpmemctx ); + *vals = NULL; + rc = 1; + } else { + v[j].bv_val = NULL; + v[j].bv_len = 0; + *vals = v; + rc = 0; + } + + return rc; +} +#endif /* LDAP_SLAPI */ + int backend_attribute( Operation *op, @@ -1477,6 +1548,27 @@ backend_attribute( rc = LDAP_SUCCESS; } } +#ifdef LDAP_SLAPI + else if ( op->o_pb ) { + /* try any computed attributes */ + computed_attr_context ctx; + AttributeName aname; + + slapi_int_pblock_set_operation( op->o_pb, op ); + + ctx.cac_pb = op->o_pb; + ctx.cac_attrs = NULL; + ctx.cac_userattrs = 0; + ctx.cac_opattrs = 0; + ctx.cac_acl_state = acl_state; + ctx.cac_private = (void *)vals; + + if ( compute_evaluator( &ctx, entry_at->ad_cname.bv_val, e, backend_compute_output_attr ) == 1) + rc = LDAP_INSUFFICIENT_ACCESS; + else + rc = LDAP_SUCCESS; + } +#endif /* LDAP_SLAPI */ freeit: if (e != target ) { be_entry_release_r( op, e ); } @@ -1513,3 +1605,38 @@ Attribute *backend_operational( return a; } +#ifdef LDAP_SLAPI +static void init_group_pblock( Operation *op, Entry *target, + Entry *e, struct berval *op_ndn, AttributeDescription *group_at ) +{ + slapi_int_pblock_set_operation( op->o_pb, op ); + slapi_pblock_set( op->o_pb, SLAPI_X_GROUP_ENTRY, (void *)e ); + slapi_pblock_set( op->o_pb, SLAPI_X_GROUP_OPERATION_DN, (void *)op_ndn->bv_val ); + slapi_pblock_set( op->o_pb, SLAPI_X_GROUP_ATTRIBUTE, (void *)group_at->ad_cname.bv_val ); + slapi_pblock_set( op->o_pb, SLAPI_X_GROUP_TARGET_ENTRY, (void *)target ); +} + +static int call_group_preop_plugins( Operation *op ) +{ + int rc; + + rc = slapi_int_call_plugins( op->o_bd, SLAPI_X_PLUGIN_PRE_GROUP_FN, op->o_pb ); + if ( rc < 0 ) { + if (( slapi_pblock_get( op->o_pb, SLAPI_RESULT_CODE, + (void *)&rc ) != 0 ) || rc == LDAP_SUCCESS ) + { + rc = LDAP_NO_SUCH_ATTRIBUTE; + } + } else { + rc = LDAP_SUCCESS; + } + + return rc; +} + +static void call_group_postop_plugins( Operation *op ) +{ + (void) slapi_int_call_plugins( op->o_bd, SLAPI_X_PLUGIN_POST_GROUP_FN, op->o_pb ); +} +#endif /* LDAP_SLAPI */ + diff --git a/servers/slapd/slapi/slapi.h b/servers/slapd/slapi/slapi.h index 33db0b1f66..08f0ce932c 100644 --- a/servers/slapd/slapi/slapi.h +++ b/servers/slapd/slapi/slapi.h @@ -430,6 +430,15 @@ extern Backend * slapi_cl_get_be(char *dn); #define SLAPI_PLUGIN_COMPUTE_EVALUATOR_FN 1200 #define SLAPI_PLUGIN_COMPUTE_SEARCH_REWRITER_FN 1201 +#define SLAPI_X_PLUGIN_PRE_GROUP_FN 1202 +#define SLAPI_X_PLUGIN_POST_GROUP_FN 1203 + +/* backend_group extension */ +#define SLAPI_X_GROUP_ENTRY 1250 /* e */ +#define SLAPI_X_GROUP_ATTRIBUTE 1251 /* group_at */ +#define SLAPI_X_GROUP_OPERATION_DN 1252 /* op_ndn */ +#define SLAPI_X_GROUP_TARGET_ENTRY 1253 /* target */ + #define SLAPI_MANAGEDSAIT 1000 #define SLAPI_CONFIG_FILENAME 40 diff --git a/servers/slapd/slapi/slapi_ops.c b/servers/slapd/slapi/slapi_ops.c index 3bf62449c4..f3e6ecb4be 100644 --- a/servers/slapd/slapi/slapi_ops.c +++ b/servers/slapd/slapi/slapi_ops.c @@ -124,7 +124,7 @@ slapi_int_init_connection( char *DN, int OpType ) { - Connection *pConn, *c; + Connection *pConn; ber_len_t max = sockbuf_max_incoming; pConn = (Connection *) slapi_ch_calloc(1, sizeof(Connection)); @@ -149,79 +149,88 @@ slapi_int_init_connection( return (Connection *)NULL; } - c = pConn; - - /* operation object */ - c->c_pending_ops.stqh_first->o_tag = OpType; - c->c_pending_ops.stqh_first->o_protocol = LDAP_VERSION3; - c->c_pending_ops.stqh_first->o_authmech.bv_val = NULL; - c->c_pending_ops.stqh_first->o_authmech.bv_len = 0; - c->c_pending_ops.stqh_first->o_time = slap_get_time(); - c->c_pending_ops.stqh_first->o_do_not_cache = 1; - c->c_pending_ops.stqh_first->o_threadctx = ldap_pvt_thread_pool_context(); - c->c_pending_ops.stqh_first->o_tmpmemctx = NULL; - c->c_pending_ops.stqh_first->o_tmpmfuncs = &ch_mfuncs; - c->c_pending_ops.stqh_first->o_conn = c; - /* connection object */ - c->c_authmech.bv_val = NULL; - c->c_authmech.bv_len = 0; - c->c_dn.bv_val = NULL; - c->c_dn.bv_len = 0; - c->c_ndn.bv_val = NULL; - c->c_ndn.bv_len = 0; + pConn->c_authmech.bv_val = NULL; + pConn->c_authmech.bv_len = 0; + pConn->c_dn.bv_val = NULL; + pConn->c_dn.bv_len = 0; + pConn->c_ndn.bv_val = NULL; + pConn->c_ndn.bv_len = 0; - c->c_listener = &slap_unknown_listener; - ber_dupbv( &c->c_peer_domain, (struct berval *)&slap_unknown_bv ); - ber_dupbv( &c->c_peer_name, (struct berval *)&slap_unknown_bv ); + pConn->c_listener = &slap_unknown_listener; + ber_dupbv( &pConn->c_peer_domain, (struct berval *)&slap_unknown_bv ); + ber_dupbv( &pConn->c_peer_name, (struct berval *)&slap_unknown_bv ); - LDAP_STAILQ_INIT( &c->c_ops ); + LDAP_STAILQ_INIT( &pConn->c_ops ); - c->c_sasl_bind_mech.bv_val = NULL; - c->c_sasl_bind_mech.bv_len = 0; - c->c_sasl_authctx = NULL; - c->c_sasl_sockctx = NULL; - c->c_sasl_extra = NULL; + pConn->c_sasl_bind_mech.bv_val = NULL; + pConn->c_sasl_bind_mech.bv_len = 0; + pConn->c_sasl_authctx = NULL; + pConn->c_sasl_sockctx = NULL; + pConn->c_sasl_extra = NULL; - c->c_sb = ber_sockbuf_alloc( ); + pConn->c_sb = ber_sockbuf_alloc( ); - ber_sockbuf_ctrl( c->c_sb, LBER_SB_OPT_SET_MAX_INCOMING, &max ); + ber_sockbuf_ctrl( pConn->c_sb, LBER_SB_OPT_SET_MAX_INCOMING, &max ); - c->c_currentber = NULL; + pConn->c_currentber = NULL; /* should check status of thread calls */ - ldap_pvt_thread_mutex_init( &c->c_mutex ); - ldap_pvt_thread_mutex_init( &c->c_write_mutex ); - ldap_pvt_thread_cond_init( &c->c_write_cv ); + ldap_pvt_thread_mutex_init( &pConn->c_mutex ); + ldap_pvt_thread_mutex_init( &pConn->c_write_mutex ); + ldap_pvt_thread_cond_init( &pConn->c_write_cv ); + + ldap_pvt_thread_mutex_lock( &pConn->c_mutex ); - c->c_n_ops_received = 0; - c->c_n_ops_executing = 0; - c->c_n_ops_pending = 0; - c->c_n_ops_completed = 0; + pConn->c_n_ops_received = 0; + pConn->c_n_ops_executing = 0; + pConn->c_n_ops_pending = 0; + pConn->c_n_ops_completed = 0; - c->c_n_get = 0; - c->c_n_read = 0; - c->c_n_write = 0; + pConn->c_n_get = 0; + pConn->c_n_read = 0; + pConn->c_n_write = 0; - c->c_protocol = LDAP_VERSION3; + pConn->c_protocol = LDAP_VERSION3; - c->c_activitytime = c->c_starttime = slap_get_time(); + pConn->c_activitytime = pConn->c_starttime = slap_get_time(); - c->c_connid = 0; + /* + * A real connection ID is required, because syncrepl associates + * pending CSNs with unique ( connection, operation ) tuples. + * Setting a fake connection ID will cause slap_get_commit_csn() + * to return a stale value. + */ + connection_assign_nextid( pConn ); - c->c_conn_state = 0x01; /* SLAP_C_ACTIVE */ - c->c_struct_state = 0x02; /* SLAP_C_USED */ + pConn->c_conn_state = 0x01; /* SLAP_C_ACTIVE */ + pConn->c_struct_state = 0x02; /* SLAP_C_USED */ - c->c_ssf = c->c_transport_ssf = 0; - c->c_tls_ssf = 0; + pConn->c_ssf = pConn->c_transport_ssf = 0; + pConn->c_tls_ssf = 0; - backend_connection_init( c ); + backend_connection_init( pConn ); pConn->c_send_ldap_result = internal_result_v3; pConn->c_send_search_entry = internal_search_entry; pConn->c_send_ldap_extended = internal_result_ext; pConn->c_send_search_reference = internal_search_reference; + /* operation object */ + pConn->c_pending_ops.stqh_first->o_tag = OpType; + pConn->c_pending_ops.stqh_first->o_protocol = LDAP_VERSION3; + pConn->c_pending_ops.stqh_first->o_authmech.bv_val = NULL; + pConn->c_pending_ops.stqh_first->o_authmech.bv_len = 0; + pConn->c_pending_ops.stqh_first->o_time = slap_get_time(); + pConn->c_pending_ops.stqh_first->o_do_not_cache = 1; + pConn->c_pending_ops.stqh_first->o_threadctx = ldap_pvt_thread_pool_context(); + pConn->c_pending_ops.stqh_first->o_tmpmemctx = NULL; + pConn->c_pending_ops.stqh_first->o_tmpmfuncs = &ch_mfuncs; + pConn->c_pending_ops.stqh_first->o_conn = pConn; + pConn->c_pending_ops.stqh_first->o_connid = pConn->c_connid; + + ldap_pvt_thread_mutex_unlock( &pConn->c_mutex ); + return pConn; } @@ -236,6 +245,8 @@ static void slapi_int_connection_destroy( Connection **pConn ) op = (Operation *)conn->c_pending_ops.stqh_first; + slap_graduate_commit_csn( op ); + if ( op->o_req_dn.bv_val != NULL ) { slapi_ch_free( (void **)&op->o_req_dn.bv_val ); } @@ -271,7 +282,7 @@ values2obj_copy( } for ( i = 0; ppValue[i] != NULL; i++ ) - ; + ; /* EMPTY */ tmpberval = (BerVarray)slapi_ch_malloc( (i+1) * (sizeof(struct berval)) ); if ( tmpberval == NULL ) { @@ -297,19 +308,18 @@ bvptr2obj_copy( struct berval **bvptr, BerVarray *bvobj ) { - int rc = LDAP_SUCCESS; int i; BerVarray tmpberval; - if ( bvptr == NULL || *bvptr == NULL ) { - return LDAP_OTHER; + if ( bvptr == NULL ) { + *bvobj = NULL; + return LDAP_SUCCESS; } - for ( i = 0; bvptr != NULL && bvptr[i] != NULL; i++ ) { + for ( i = 0; bvptr[i] != NULL; i++ ) ; /* EMPTY */ - } - tmpberval = (BerVarray)slapi_ch_malloc( (i + 1)*sizeof(struct berval)); + tmpberval = (BerVarray)slapi_ch_malloc( (i + 1) * sizeof(struct berval)); if ( tmpberval == NULL ) { return LDAP_NO_MEMORY; } @@ -319,14 +329,13 @@ bvptr2obj_copy( tmpberval[i].bv_len = bvptr[i]->bv_len; AC_MEMCPY( tmpberval[i].bv_val, bvptr[i]->bv_val, bvptr[i]->bv_len ); } + tmpberval[i].bv_val = NULL; tmpberval[i].bv_len = 0; - if ( rc == LDAP_SUCCESS ) { - *bvobj = tmpberval; - } + *bvobj = tmpberval; - return rc; + return LDAP_SUCCESS; } /* @@ -339,6 +348,7 @@ bvptr2obj_copy( */ static Entry * slapi_int_ldapmod_to_entry( + Connection *pConn, char *ldn, LDAPMod **mods ) { @@ -357,13 +367,7 @@ slapi_int_ldapmod_to_entry( const char *text = NULL; - - op = (Operation *) slapi_ch_calloc(1, sizeof(Operation)); - if ( op == NULL) { - rc = LDAP_NO_MEMORY; - goto cleanup; - } - op->o_tag = LDAP_REQ_ADD; + op = (Operation *)pConn->c_pending_ops.stqh_first; pEntry = (Entry *) ch_calloc( 1, sizeof(Entry) ); if ( pEntry == NULL) { @@ -480,8 +484,6 @@ cleanup: if ( dn.bv_val ) slapi_ch_free( (void **)&dn.bv_val ); - if ( op ) - slapi_ch_free( (void **)&op ); if ( modlist != NULL ) slap_mods_free( modlist ); if ( rc != LDAP_SUCCESS ) { @@ -514,7 +516,6 @@ slapi_delete_internal( Connection *pConn = NULL; Operation *op = NULL; Slapi_PBlock *pPB = NULL; - Slapi_PBlock *pSavePB = NULL; SlapReply rs = { REP_RESULT }; struct berval dn = BER_BVNULL; @@ -578,13 +579,10 @@ cleanup: if ( dn.bv_val ) { slapi_ch_free( (void **)&dn.bv_val ); } - if ( pConn != NULL ) { - pSavePB = pPB; - } slapi_int_connection_destroy( &pConn ); - return (pSavePB); + return pPB; #else return NULL; #endif /* LDAP_SLAPI */ @@ -593,13 +591,13 @@ cleanup: #ifdef LDAP_SLAPI static Slapi_PBlock * slapi_int_add_entry_locked( + Connection *pConn, Slapi_Entry **e, LDAPControl **controls, int log_changes ) { - Connection *pConn = NULL; Operation *op = NULL; - Slapi_PBlock *pPB = NULL, *pSavePB = NULL; + Slapi_PBlock *pPB = NULL; int manageDsaIt = 0; int isCritical; @@ -609,12 +607,6 @@ slapi_int_add_entry_locked( rs.sr_err = LDAP_PARAM_ERROR; goto cleanup; } - - pConn = slapi_int_init_connection( NULL, LDAP_REQ_ADD ); - if ( pConn == NULL ) { - rs.sr_err = LDAP_NO_MEMORY; - goto cleanup; - } if ( slapi_control_present( controls, LDAP_CONTROL_MANAGEDSAIT, NULL, &isCritical ) ) { @@ -652,18 +644,11 @@ slapi_int_add_entry_locked( } cleanup: - if ( pPB != NULL ) { slapi_pblock_set( pPB, SLAPI_PLUGIN_INTOP_RESULT, (void *)rs.sr_err ); } - if ( pConn != NULL ) { - pSavePB = pPB; - } - - slapi_int_connection_destroy( &pConn ); - - return( pSavePB ); + return( pPB ); } #endif /* LDAP_SLAPI */ @@ -674,18 +659,27 @@ slapi_add_entry_internal( int log_changes ) { #ifdef LDAP_SLAPI - Slapi_PBlock *pb; - Slapi_Entry *entry; + Slapi_PBlock *pb = NULL; + Slapi_Entry *entry = NULL; + Connection *pConn = NULL; + + pConn = slapi_int_init_connection( NULL, LDAP_REQ_ADD ); + if ( pConn == NULL ) { + return NULL; + } /* * We make a copy to avoid an entry that may be freed later * by the caller being placed in the cache. */ entry = slapi_entry_dup( e ); - pb = slapi_int_add_entry_locked( &entry, controls, log_changes ); + pb = slapi_int_add_entry_locked( pConn, &entry, controls, log_changes ); if ( entry != NULL ) { slapi_entry_free( entry ); } + + slapi_int_connection_destroy( &pConn ); + return pb; #else return NULL; @@ -701,6 +695,7 @@ slapi_add_internal( { #ifdef LDAP_SLAPI LDAPMod *pMod = NULL; + Connection *pConn = NULL; Slapi_PBlock *pb = NULL; Entry *pEntry = NULL; int i, rc = LDAP_SUCCESS; @@ -719,9 +714,12 @@ slapi_add_internal( } if ( rc == LDAP_SUCCESS ) { - pEntry = slapi_int_ldapmod_to_entry( dn, mods ); - if ( pEntry == NULL ) { - rc = LDAP_OTHER; + pConn = slapi_int_init_connection( NULL, LDAP_REQ_ADD ); + if ( pConn != NULL ) { + pEntry = slapi_int_ldapmod_to_entry( pConn, dn, mods ); + if ( pEntry == NULL ) { + rc = LDAP_OTHER; + } } } @@ -729,14 +727,16 @@ slapi_add_internal( pb = slapi_pblock_new(); slapi_pblock_set( pb, SLAPI_PLUGIN_INTOP_RESULT, (void *)rc ); } else { - pb = slapi_int_add_entry_locked( &pEntry, controls, log_changes ); + pb = slapi_int_add_entry_locked( pConn, &pEntry, controls, log_changes ); } if ( pEntry != NULL ) { - slapi_entry_free(pEntry); + slapi_entry_free( pEntry ); } - return(pb); + slapi_int_connection_destroy( &pConn ); + + return pb; #else return NULL; #endif /* LDAP_SLAPI */ @@ -768,12 +768,11 @@ slapi_modrdn_internal( Connection *pConn = NULL; Operation *op = NULL; Slapi_PBlock *pPB = NULL; - Slapi_PBlock *pSavePB = NULL; int manageDsaIt = 0; int isCritical; SlapReply rs = { REP_RESULT }; - pConn = slapi_int_init_connection( NULL, LDAP_REQ_MODRDN); + pConn = slapi_int_init_connection( NULL, LDAP_REQ_MODRDN ); if ( pConn == NULL) { rs.sr_err = LDAP_NO_MEMORY; goto cleanup; @@ -857,13 +856,9 @@ cleanup: if ( op->oq_modrdn.rs_nnewrdn.bv_val ) slapi_ch_free( (void **)&op->oq_modrdn.rs_nnewrdn.bv_val ); - if ( pConn != NULL ) { - pSavePB = pPB; - } - slapi_int_connection_destroy( &pConn ); - return( pSavePB ); + return pPB; #else return NULL; #endif /* LDAP_SLAPI */ @@ -891,7 +886,6 @@ slapi_modify_internal( Connection *pConn = NULL; Operation *op = NULL; Slapi_PBlock *pPB = NULL; - Slapi_PBlock *pSavePB = NULL; struct berval dn = BER_BVNULL; @@ -1062,13 +1056,9 @@ cleanup: if ( modlist != NULL ) slap_mods_free( modlist ); - if ( pConn != NULL ) { - pSavePB = pPB; - } - slapi_int_connection_destroy( &pConn ); - return ( pSavePB ); + return pPB; #else return NULL; #endif /* LDAP_SLAPI */ @@ -1086,8 +1076,7 @@ slapi_search_internal( #ifdef LDAP_SLAPI Connection *c; Operation *op = NULL; - Slapi_PBlock *ptr = NULL; - Slapi_PBlock *pSavePB = NULL; + Slapi_PBlock *pPB = NULL; struct berval dn = BER_BVNULL; Filter *filter=NULL; struct berval fstr = BER_BVNULL; @@ -1107,7 +1096,7 @@ slapi_search_internal( } op = (Operation *)c->c_pending_ops.stqh_first; - ptr = (Slapi_PBlock *)op->o_pb; + pPB = (Slapi_PBlock *)op->o_pb; op->o_ctrls = controls; if ( ldn != NULL ) { @@ -1235,8 +1224,8 @@ slapi_search_internal( cleanup: - if ( ptr != NULL ) - slapi_pblock_set( ptr, SLAPI_PLUGIN_INTOP_RESULT, (void *)rs.sr_err ); + if ( pPB != NULL ) + slapi_pblock_set( pPB, SLAPI_PLUGIN_INTOP_RESULT, (void *)rs.sr_err ); if ( dn.bv_val ) slapi_ch_free( (void **)&dn.bv_val ); @@ -1247,13 +1236,9 @@ cleanup: if ( an != NULL ) slapi_ch_free( (void **)&an ); - if ( c != NULL ) { - pSavePB = ptr; - } - slapi_int_connection_destroy( &c ); - return( pSavePB ); + return pPB; #else return NULL; #endif /* LDAP_SLAPI */ diff --git a/servers/slapd/slapi/slapi_pblock.c b/servers/slapd/slapi/slapi_pblock.c index 503c2c0149..9df6d213a1 100644 --- a/servers/slapd/slapi/slapi_pblock.c +++ b/servers/slapd/slapi/slapi_pblock.c @@ -213,6 +213,12 @@ isOkNetscapeParam( int param ) case SLAPI_PLUGIN_COMPUTE_EVALUATOR_FN: case SLAPI_PLUGIN_COMPUTE_SEARCH_REWRITER_FN: case SLAPI_PLUGIN_ACL_ALLOW_ACCESS: + case SLAPI_X_PLUGIN_PRE_GROUP_FN: + case SLAPI_X_PLUGIN_POST_GROUP_FN: + case SLAPI_X_GROUP_ENTRY: + case SLAPI_X_GROUP_ATTRIBUTE: + case SLAPI_X_GROUP_OPERATION_DN: + case SLAPI_X_GROUP_TARGET_ENTRY: return LDAP_SUCCESS; default: return INVALID_PARAM; diff --git a/servers/slapd/slapi/slapi_utils.c b/servers/slapd/slapi/slapi_utils.c index 538651ac16..937c00f05a 100644 --- a/servers/slapd/slapi/slapi_utils.c +++ b/servers/slapd/slapi/slapi_utils.c @@ -2638,10 +2638,38 @@ Slapi_Attr *slapi_attr_dup( const Slapi_Attr *attr ) int slapi_attr_add_value( Slapi_Attr *a, const Slapi_Value *v ) { #ifdef LDAP_SLAPI - /* - * FIXME: here we may lose alignment between a_vals/a_nvals - */ - return value_add_one( &a->a_vals, (Slapi_Value *)v ); + struct berval nval; + struct berval *nvalp; + int rc; + AttributeDescription *desc = a->a_desc; + + if ( desc->ad_type->sat_equality && + desc->ad_type->sat_equality->smr_normalize ) { + rc = (*desc->ad_type->sat_equality->smr_normalize)( + SLAP_MR_VALUE_OF_ATTRIBUTE_SYNTAX, + desc->ad_type->sat_syntax, + desc->ad_type->sat_equality, + (Slapi_Value *)v, &nval, NULL ); + if ( rc != LDAP_SUCCESS ) { + return rc; + } + nvalp = &nval; + } else { + nvalp = NULL; + } + + rc = value_add_one( &a->a_vals, (Slapi_Value *)v ); + if ( rc == 0 && nvalp != NULL ) { + rc = value_add_one( &a->a_nvals, nvalp ); + } else { + a->a_nvals = a->a_vals; + } + + if ( nvalp != NULL ) { + slapi_ch_free_string( &nval.bv_val ); + } + + return rc; #else return -1; #endif @@ -3422,6 +3450,10 @@ Modifications *slapi_int_ldapmods2modifications (LDAPMod **mods) Modifications *modlist = NULL, **modtail; LDAPMod **modp; + if ( mods == NULL ) { + return NULL; + } + modtail = &modlist; for( modp = mods; *modp != NULL; modp++ ) {