From: Luke Howard Date: Wed, 25 Aug 2004 15:20:19 +0000 (+0000) Subject: Support pre-operation and post-operations for backend_group() X-Git-Tag: OPENLDAP_REL_ENG_2_3_0ALPHA~639 X-Git-Url: https://git.sur5r.net/?a=commitdiff_plain;h=d45b89823fb36ae4545afcef89724fef5608e706;p=openldap Support pre-operation and post-operations for backend_group() This allows computed attribute plugins to also provide their attributes to the ACL engine, for example --- diff --git a/servers/slapd/backend.c b/servers/slapd/backend.c index 3489730dd2..d5cb3d77d5 100644 --- a/servers/slapd/backend.c +++ b/servers/slapd/backend.c @@ -41,7 +41,12 @@ #ifdef LDAP_SLAPI #include "slapi/slapi.h" -#endif + +static void init_group_pblock( Operation *op, Entry *target, + Entry *e, struct berval *op_ndn, AttributeDescription *group_at ); +static int call_group_preop_plugins( Operation *op ); +static void call_group_postop_plugins( Operation *op ); +#endif /* LDAP_SLAPI */ /* * If a module is configured as dynamic, its header should not @@ -1359,6 +1364,17 @@ backend_group( rc = be_entry_get_rw(op, gr_ndn, group_oc, group_at, 0, &e ); } if ( e ) { +#ifdef LDAP_SLAPI + if ( op->o_pb != NULL ) { + init_group_pblock( op, target, e, op_ndn, group_at ); + + rc = call_group_preop_plugins( op ); + if ( rc == LDAP_SUCCESS ) { + goto done; + } + } +#endif /* LDAP_SLAPI */ + a = attr_find( e->e_attrs, group_at ); if ( a ) { /* If the attribute is a subtype of labeledURI, treat this as @@ -1460,6 +1476,10 @@ loopit: rc = LDAP_NO_SUCH_OBJECT; } +#ifdef LDAP_SLAPI + if ( op->o_pb ) call_group_postop_plugins( op ); +#endif /* LDAP_SLAPI */ + if ( op->o_tag != LDAP_REQ_BIND && !op->o_do_not_cache ) { g = op->o_tmpalloc(sizeof(GroupAssertion) + gr_ndn->bv_len, op->o_tmpmemctx); @@ -1589,3 +1609,38 @@ int backend_operational( return rc; } +#ifdef LDAP_SLAPI +static void init_group_pblock( Operation *op, Entry *target, + Entry *e, struct berval *op_ndn, AttributeDescription *group_at ) +{ + slapi_int_pblock_set_operation( op->o_pb, op ); + slapi_pblock_set( op->o_pb, SLAPI_TARGET_DN, (void *)target->e_nname.bv_val ); + slapi_pblock_set( op->o_pb, SLAPI_X_GROUP_ENTRY, (void *)e ); + slapi_pblock_set( op->o_pb, SLAPI_X_GROUP_OPERATION_DN, (void *)op_ndn->bv_val ); + slapi_pblock_set( op->o_pb, SLAPI_X_GROUP_ATTRIBUTE, (void *)group_at->ad_cname.bv_val ); +} + +static int call_group_preop_plugins( Operation *op ) +{ + int rc; + + rc = slapi_int_call_plugins( op->o_bd, SLAPI_X_PLUGIN_PRE_GROUP_FN, op->o_pb ); + if ( rc < 0 ) { + if (( slapi_pblock_get( op->o_pb, SLAPI_RESULT_CODE, + (void *)&rc ) != 0 ) || rc == LDAP_SUCCESS ) + { + rc = LDAP_NO_SUCH_ATTRIBUTE; + } + } else { + rc = LDAP_SUCCESS; + } + + return rc; +} + +static void call_group_postop_plugins( Operation *op ) +{ + (void) slapi_int_call_plugins( op->o_bd, SLAPI_X_PLUGIN_POST_GROUP_FN, op->o_pb ); +} +#endif /* LDAP_SLAPI */ + diff --git a/servers/slapd/slapi/slapi.h b/servers/slapd/slapi/slapi.h index 33db0b1f66..d5e19d5719 100644 --- a/servers/slapd/slapi/slapi.h +++ b/servers/slapd/slapi/slapi.h @@ -430,6 +430,14 @@ extern Backend * slapi_cl_get_be(char *dn); #define SLAPI_PLUGIN_COMPUTE_EVALUATOR_FN 1200 #define SLAPI_PLUGIN_COMPUTE_SEARCH_REWRITER_FN 1201 +#define SLAPI_X_PLUGIN_PRE_GROUP_FN 1202 +#define SLAPI_X_PLUGIN_POST_GROUP_FN 1203 + +/* backend_group extension */ +#define SLAPI_X_GROUP_ENTRY 1250 /* e */ +#define SLAPI_X_GROUP_ATTRIBUTE 1251 /* group_at */ +#define SLAPI_X_GROUP_OPERATION_DN 1252 /* op_ndn */ + #define SLAPI_MANAGEDSAIT 1000 #define SLAPI_CONFIG_FILENAME 40 diff --git a/servers/slapd/slapi/slapi_pblock.c b/servers/slapd/slapi/slapi_pblock.c index 503c2c0149..446f62e3ce 100644 --- a/servers/slapd/slapi/slapi_pblock.c +++ b/servers/slapd/slapi/slapi_pblock.c @@ -213,6 +213,11 @@ isOkNetscapeParam( int param ) case SLAPI_PLUGIN_COMPUTE_EVALUATOR_FN: case SLAPI_PLUGIN_COMPUTE_SEARCH_REWRITER_FN: case SLAPI_PLUGIN_ACL_ALLOW_ACCESS: + case SLAPI_X_PLUGIN_PRE_GROUP_FN: + case SLAPI_X_PLUGIN_POST_GROUP_FN: + case SLAPI_X_GROUP_ENTRY: + case SLAPI_X_GROUP_ATTRIBUTE: + case SLAPI_X_GROUP_OPERATION_DN: return LDAP_SUCCESS; default: return INVALID_PARAM;