From: Luke Howard Date: Thu, 21 Jul 2005 16:35:20 +0000 (+0000) Subject: Move most of SLAPI frontend into overlay X-Git-Tag: OPENLDAP_AC_BP~292 X-Git-Url: https://git.sur5r.net/?a=commitdiff_plain;h=ffe20229dc2a3c0b69c327d49dbbea172d213e4c;p=openldap Move most of SLAPI frontend into overlay --- diff --git a/servers/slapd/acl.c b/servers/slapd/acl.c index b675717390..7572598bef 100644 --- a/servers/slapd/acl.c +++ b/servers/slapd/acl.c @@ -37,10 +37,6 @@ #include "lber_pvt.h" #include "lutil.h" -#ifdef LDAP_SLAPI -#include "slapi/slapi.h" -#endif /* LDAPI_SLAPI */ - #define ACL_BUF_SIZE 1024 /* use most appropriate size */ /* @@ -207,16 +203,6 @@ slap_access_allowed( assert( attr != NULL ); -#ifdef LDAP_SLAPI - if ( op->o_pb != NULL ) { - ret = slapi_int_access_allowed( op, e, desc, val, access, state ); - if ( ret == 0 ) { - /* ACL plugin denied access */ - goto done; - } - } -#endif /* LDAP_SLAPI */ - /* grant database root access */ if ( be_isroot( op ) ) { Debug( LDAP_DEBUG_ACL, "<= root access granted\n", 0, 0, 0 ); @@ -580,16 +566,6 @@ access_allowed_mask( } assert( be != NULL ); -#ifdef LDAP_SLAPI - if ( op->o_pb != NULL ) { - ret = slapi_int_access_allowed( op, e, desc, val, access, state ); - if ( ret == 0 ) { - /* ACL plugin denied access */ - goto done; - } - } -#endif /* LDAP_SLAPI */ - /* grant database root access */ if ( be_isroot( op ) ) { Debug( LDAP_DEBUG_ACL, "<= root access granted\n", 0, 0, 0 ); diff --git a/servers/slapd/add.c b/servers/slapd/add.c index 537129fdd4..b877169f49 100644 --- a/servers/slapd/add.c +++ b/servers/slapd/add.c @@ -32,15 +32,6 @@ #include "slap.h" -#ifdef LDAP_SLAPI -#include "slapi/slapi.h" - -static void init_add_pblock( Operation *op, struct berval *dn, Entry *e, - int manageDSAit ); -static int call_add_preop_plugins( Operation *op ); -static void call_add_postop_plugins( Operation *op ); -#endif /* LDAP_SLAPI */ - int do_add( Operation *op, SlapReply *rs ) { @@ -273,10 +264,6 @@ fe_op_add( Operation *op, SlapReply *rs ) goto done; } -#ifdef LDAP_SLAPI - if ( op->o_pb ) init_add_pblock( op, &op->o_req_dn, op->ora_e, manageDSAit ); -#endif /* LDAP_SLAPI */ - /* * do the add if 1 && (2 || 3) * 1) there is an add function implemented in this backend; @@ -331,20 +318,6 @@ fe_op_add( Operation *op, SlapReply *rs ) goto done; } -#ifdef LDAP_SLAPI - /* - * Call the preoperation plugin here, because the entry - * will actually contain something. - */ - if ( op->o_pb ) { - rs->sr_err = call_add_preop_plugins( op ); - if ( rs->sr_err != LDAP_SUCCESS ) { - /* plugin will have sent result */ - goto done; - } - } -#endif /* LDAP_SLAPI */ - #ifdef SLAPD_MULTIMASTER if ( !repl_user ) #endif @@ -364,19 +337,6 @@ fe_op_add( Operation *op, SlapReply *rs ) #ifndef SLAPD_MULTIMASTER } else { BerVarray defref = NULL; -#ifdef LDAP_SLAPI - /* - * SLAPI_ADD_ENTRY will be empty, but this may be acceptable - * on replicas (for now, it involves the minimum code intrusion). - */ - if ( op->o_pb ) { - rs->sr_err = call_add_preop_plugins( op ); - if ( rs->sr_err != LDAP_SUCCESS ) { - /* plugin will have sent result */ - goto done; - } - } -#endif /* LDAP_SLAPI */ defref = op->o_bd->be_update_refs ? op->o_bd->be_update_refs : default_referral; @@ -400,24 +360,11 @@ fe_op_add( Operation *op, SlapReply *rs ) #endif /* SLAPD_MULTIMASTER */ } } else { -#ifdef LDAP_SLAPI - if ( op->o_pb ) { - rs->sr_err = call_add_preop_plugins( op ); - if ( rs->sr_err != LDAP_SUCCESS ) { - /* plugin will have sent result */ - goto done; - } - } -#endif Debug( LDAP_DEBUG_ARGS, " do_add: no backend support\n", 0, 0, 0 ); send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM, "operation not supported within namingContext" ); } -#ifdef LDAP_SLAPI - if ( op->o_pb ) call_add_postop_plugins( op ); -#endif /* LDAP_SLAPI */ - done:; return rc; } @@ -660,51 +607,3 @@ slap_entry2mods( return LDAP_SUCCESS; } -#ifdef LDAP_SLAPI -static void init_add_pblock( Operation *op, - struct berval *dn, Entry *e, int manageDSAit ) -{ - slapi_int_pblock_set_operation( op->o_pb, op ); - slapi_pblock_set( op->o_pb, SLAPI_ADD_TARGET, (void *)dn->bv_val ); - slapi_pblock_set( op->o_pb, SLAPI_ADD_ENTRY, (void *)e ); - slapi_pblock_set( op->o_pb, SLAPI_MANAGEDSAIT, (void *)manageDSAit ); -} - -static int call_add_preop_plugins( Operation *op ) -{ - int rc; - - rc = slapi_int_call_plugins( op->o_bd, SLAPI_PLUGIN_PRE_ADD_FN, op->o_pb ); - if ( rc < 0 ) { - /* - * A preoperation plugin failure will abort the - * entire operation. - */ - Debug(LDAP_DEBUG_TRACE, - "do_add: add preoperation plugin failed.\n", - 0, 0, 0); - - if (( slapi_pblock_get( op->o_pb, SLAPI_RESULT_CODE, - (void *)&rc ) != 0 ) || rc == LDAP_SUCCESS ) - { - rc = LDAP_OTHER; - } - } else { - rc = LDAP_SUCCESS; - } - - return rc; -} - -static void call_add_postop_plugins( Operation *op ) -{ - int rc; - - rc = slapi_int_call_plugins( op->o_bd, SLAPI_PLUGIN_POST_ADD_FN, op->o_pb ); - if ( rc < 0 ) { - Debug(LDAP_DEBUG_TRACE, - "do_add: add postoperation plugin failed\n", - 0, 0, 0); - } -} -#endif /* LDAP_SLAPI */ diff --git a/servers/slapd/backend.c b/servers/slapd/backend.c index 92792314f5..a2e476ded1 100644 --- a/servers/slapd/backend.c +++ b/servers/slapd/backend.c @@ -37,15 +37,6 @@ #include "lutil.h" #include "lber_pvt.h" -#ifdef LDAP_SLAPI -#include "slapi/slapi.h" - -static void init_group_pblock( Operation *op, Entry *target, - Entry *e, struct berval *op_ndn, AttributeDescription *group_at ); -static int call_group_preop_plugins( Operation *op ); -static void call_group_postop_plugins( Operation *op ); -#endif /* LDAP_SLAPI */ - /* * If a module is configured as dynamic, its header should not * get included into slapd. While this is a general rule and does @@ -723,45 +714,13 @@ be_entry_release_rw( int backend_unbind( Operation *op, SlapReply *rs ) { - int i = 0; BackendDB *be; LDAP_STAILQ_FOREACH( be, &backendDB, be_next ) { -#if defined( LDAP_SLAPI ) - if ( op->o_pb ) { - int rc; - if ( i == 0 ) slapi_int_pblock_set_operation( op->o_pb, op ); - slapi_pblock_set( op->o_pb, SLAPI_BACKEND, (void *)be ); - rc = slapi_int_call_plugins( be, - SLAPI_PLUGIN_PRE_UNBIND_FN, (Slapi_PBlock *)op->o_pb ); - if ( rc < 0 ) { - /* - * A preoperation plugin failure will abort the - * entire operation. - */ - Debug(LDAP_DEBUG_TRACE, - "do_bind: Unbind preoperation plugin failed\n", - 0, 0, 0); - return 0; - } - } -#endif /* defined( LDAP_SLAPI ) */ - if ( be->be_unbind ) { op->o_bd = be; be->be_unbind( op, rs ); } - -#if defined( LDAP_SLAPI ) - if ( op->o_pb != NULL && slapi_int_call_plugins( be, - SLAPI_PLUGIN_POST_UNBIND_FN, (Slapi_PBlock *)op->o_pb ) < 0 ) - { - Debug(LDAP_DEBUG_TRACE, - "do_unbind: Unbind postoperation plugins failed\n", - 0, 0, 0); - } -#endif /* defined( LDAP_SLAPI ) */ - i++; } return 0; @@ -1259,17 +1218,6 @@ backend_group( rc = be_entry_get_rw( op, gr_ndn, group_oc, group_at, 0, &e ); } if ( e ) { -#ifdef LDAP_SLAPI - if ( op->o_pb != NULL ) { - init_group_pblock( op, target, e, op_ndn, group_at ); - - rc = call_group_preop_plugins( op ); - if ( rc == LDAP_SUCCESS ) { - goto done; - } - } -#endif /* LDAP_SLAPI */ - a = attr_find( e->e_attrs, group_at ); if ( a ) { /* If the attribute is a subtype of labeledURI, treat this as @@ -1379,10 +1327,6 @@ loopit: rc = LDAP_NO_SUCH_OBJECT; } -#ifdef LDAP_SLAPI - if ( op->o_pb ) call_group_postop_plugins( op ); -#endif /* LDAP_SLAPI */ - if ( op->o_tag != LDAP_REQ_BIND && !op->o_do_not_cache ) { g = op->o_tmpalloc( sizeof( GroupAssertion ) + gr_ndn->bv_len, op->o_tmpmemctx ); @@ -1400,58 +1344,6 @@ done: return rc; } -#ifdef LDAP_SLAPI -static int backend_compute_output_attr(computed_attr_context *c, Slapi_Attr *a, Slapi_Entry *e) -{ - BerVarray v; - int rc; - BerVarray *vals = (BerVarray *)c->cac_private; - Operation *op = NULL; - int i, j; - - slapi_pblock_get( c->cac_pb, SLAPI_OPERATION, &op ); - if ( op == NULL ) { - return 1; - } - - if ( op->o_conn && access_allowed( op, - e, a->a_desc, NULL, ACL_AUTH, - &c->cac_acl_state ) == 0 ) { - return 1; - } - - for ( i = 0; !BER_BVISNULL( &a->a_vals[i] ); i++ ) ; - - v = op->o_tmpalloc( sizeof(struct berval) * (i+1), - op->o_tmpmemctx ); - for ( i = 0, j = 0; !BER_BVISNULL( &a->a_vals[i] ); i++ ) { - if ( op->o_conn && access_allowed( op, - e, a->a_desc, - &a->a_nvals[i], - ACL_AUTH, &c->cac_acl_state ) == 0 ) { - continue; - } - ber_dupbv_x( &v[j], - &a->a_nvals[i], op->o_tmpmemctx ); - if ( !BER_BVISNULL( &v[j] ) ) { - j++; - } - } - - if ( j == 0 ) { - op->o_tmpfree( v, op->o_tmpmemctx ); - *vals = NULL; - rc = 1; - } else { - BER_BVZERO( &v[j] ); - *vals = v; - rc = 0; - } - - return rc; -} -#endif /* LDAP_SLAPI */ - int backend_attribute( Operation *op, @@ -1548,29 +1440,6 @@ backend_attribute( rc = LDAP_SUCCESS; } } -#ifdef LDAP_SLAPI - else if ( op->o_pb ) { - /* try any computed attributes */ - computed_attr_context ctx; - - slapi_int_pblock_set_operation( op->o_pb, op ); - - ctx.cac_pb = op->o_pb; - ctx.cac_attrs = NULL; - ctx.cac_userattrs = 0; - ctx.cac_opattrs = 0; - ctx.cac_acl_state = acl_state; - ctx.cac_private = (void *)vals; - - rc = compute_evaluator( &ctx, entry_at->ad_cname.bv_val, e, backend_compute_output_attr ); - if ( rc == 1 ) { - rc = LDAP_INSUFFICIENT_ACCESS; - - } else { - rc = LDAP_SUCCESS; - } - } -#endif /* LDAP_SLAPI */ freeit: if ( e != target ) { be_entry_release_r( op, e ); } @@ -1583,21 +1452,6 @@ freeit: if ( e != target ) { return rc; } -#ifdef LDAP_SLAPI -static int backend_compute_output_attr_access(computed_attr_context *c, Slapi_Attr *a, Slapi_Entry *e) -{ - struct berval *nval = (struct berval *)c->cac_private; - Operation *op = NULL; - - slapi_pblock_get( c->cac_pb, SLAPI_OPERATION, &op ); - if ( op == NULL ) { - return 1; - } - - return access_allowed( op, e, a->a_desc, nval, ACL_AUTH, NULL ) == 0; -} -#endif /* LDAP_SLAPI */ - int backend_access( Operation *op, @@ -1686,28 +1540,6 @@ backend_access( } rc = LDAP_SUCCESS; } -#ifdef LDAP_SLAPI - else if ( op->o_pb ) { - /* try any computed attributes */ - computed_attr_context ctx; - - slapi_int_pblock_set_operation( op->o_pb, op ); - - ctx.cac_pb = op->o_pb; - ctx.cac_attrs = NULL; - ctx.cac_userattrs = 0; - ctx.cac_opattrs = 0; - ctx.cac_private = (void *)nval; - - rc = compute_evaluator( &ctx, entry_at->ad_cname.bv_val, e, backend_compute_output_attr_access ); - if ( rc == 1 ) { - rc = LDAP_INSUFFICIENT_ACCESS; - - } else { - rc = LDAP_SUCCESS; - } - } -#endif /* LDAP_SLAPI */ } freeit: if ( e != target ) { be_entry_release_r( op, e ); @@ -1769,42 +1601,3 @@ int backend_operational( return rc; } -#ifdef LDAP_SLAPI -static void init_group_pblock( Operation *op, Entry *target, - Entry *e, struct berval *op_ndn, AttributeDescription *group_at ) -{ - slapi_pblock_set( op->o_pb, - SLAPI_X_GROUP_ENTRY, (void *)e ); - slapi_pblock_set( op->o_pb, - SLAPI_X_GROUP_OPERATION_DN, (void *)op_ndn->bv_val ); - slapi_pblock_set( op->o_pb, - SLAPI_X_GROUP_ATTRIBUTE, (void *)group_at->ad_cname.bv_val ); - slapi_pblock_set( op->o_pb, - SLAPI_X_GROUP_TARGET_ENTRY, (void *)target ); -} - -static int call_group_preop_plugins( Operation *op ) -{ - int rc; - - rc = slapi_int_call_plugins( op->o_bd, - SLAPI_X_PLUGIN_PRE_GROUP_FN, op->o_pb ); - if ( rc < 0 ) { - if (( slapi_pblock_get( op->o_pb, SLAPI_RESULT_CODE, - (void *)&rc ) != 0 ) || rc == LDAP_SUCCESS ) - { - rc = LDAP_NO_SUCH_ATTRIBUTE; - } - } else { - rc = LDAP_SUCCESS; - } - - return rc; -} - -static void call_group_postop_plugins( Operation *op ) -{ - (void) slapi_int_call_plugins( op->o_bd, SLAPI_X_PLUGIN_POST_GROUP_FN, op->o_pb ); -} -#endif /* LDAP_SLAPI */ - diff --git a/servers/slapd/bind.c b/servers/slapd/bind.c index 6dac6e2a6b..73699edf1d 100644 --- a/servers/slapd/bind.c +++ b/servers/slapd/bind.c @@ -32,10 +32,6 @@ #include #include "slap.h" -#ifdef LDAP_SLAPI -#include "slapi/slapi.h" -#endif - int do_bind( @@ -327,27 +323,6 @@ fe_op_bind( Operation *op, SlapReply *rs ) op->o_conn->c_sasl_bind_in_progress = 0; } -#ifdef LDAP_SLAPI -#define pb op->o_pb - /* - * Normally post-operation plugins are called only after the - * backend operation. Because the front-end performs SASL - * binds on behalf of the backend, we'll make a special - * exception to call the post-operation plugins after a - * SASL bind. - */ - if ( pb ) { - slapi_int_pblock_set_operation( pb, op ); - slapi_pblock_set( pb, SLAPI_BIND_TARGET, (void *)op->o_req_dn.bv_val ); - slapi_pblock_set( pb, SLAPI_BIND_METHOD, (void *)op->orb_method ); - slapi_pblock_set( pb, - SLAPI_BIND_CREDENTIALS, (void *)&op->orb_cred ); - slapi_pblock_set( pb, SLAPI_MANAGEDSAIT, (void *)(0) ); - (void) slapi_int_call_plugins( op->o_bd, - SLAPI_PLUGIN_POST_BIND_FN, pb ); - } -#endif /* LDAP_SLAPI */ - ldap_pvt_thread_mutex_unlock( &op->o_conn->c_mutex ); goto cleanup; @@ -476,84 +451,6 @@ fe_op_bind( Operation *op, SlapReply *rs ) goto cleanup; } -#ifdef LDAP_SLAPI - if ( pb ) { - int rc; - slapi_int_pblock_set_operation( pb, op ); - slapi_pblock_set( pb, SLAPI_BIND_TARGET, (void *)op->o_req_dn.bv_val ); - slapi_pblock_set( pb, SLAPI_BIND_METHOD, (void *)op->orb_method ); - slapi_pblock_set( pb, SLAPI_BIND_CREDENTIALS, (void *)&op->orb_cred ); - slapi_pblock_set( pb, SLAPI_MANAGEDSAIT, (void *)(0) ); - slapi_pblock_set( pb, SLAPI_CONN_DN, (void *)(0) ); - - rc = slapi_int_call_plugins( op->o_bd, SLAPI_PLUGIN_PRE_BIND_FN, pb ); - - Debug(LDAP_DEBUG_TRACE, - "do_bind: Bind preoperation plugin returned %d.\n", - rs->sr_err, 0, 0); - - switch ( rc ) { - case SLAPI_BIND_SUCCESS: - /* Continue with backend processing */ - break; - case SLAPI_BIND_FAIL: - /* Failure, server sends result */ - rs->sr_err = LDAP_INVALID_CREDENTIALS; - send_ldap_result( op, rs ); - goto cleanup; - break; - case SLAPI_BIND_ANONYMOUS: - /* SLAPI_BIND_ANONYMOUS is undocumented XXX */ - default: - /* Authoritative, plugin sent result, or no plugins called. */ - if ( slapi_pblock_get( op->o_pb, SLAPI_RESULT_CODE, - (void *)&rs->sr_err) != 0 ) - { - rs->sr_err = LDAP_OTHER; - } - - BER_BVZERO( &op->orb_edn ); - - if ( rs->sr_err == LDAP_SUCCESS ) { - slapi_pblock_get( pb, SLAPI_CONN_DN, - (void *)&op->orb_edn.bv_val ); - if ( BER_BVISNULL( &op->orb_edn ) ) { - if ( rc == 1 ) { - /* No plugins were called; continue. */ - break; - } - } else { - op->orb_edn.bv_len = strlen( op->orb_edn.bv_val ); - } - rs->sr_err = dnPrettyNormal( NULL, &op->orb_edn, - &op->o_req_dn, &op->o_req_ndn, op->o_tmpmemctx ); - ldap_pvt_thread_mutex_lock( &op->o_conn->c_mutex ); - ber_dupbv(&op->o_conn->c_dn, &op->o_req_dn); - ber_dupbv(&op->o_conn->c_ndn, &op->o_req_ndn); - op->o_tmpfree( op->o_req_dn.bv_val, op->o_tmpmemctx ); - BER_BVZERO( &op->o_req_dn ); - op->o_tmpfree( op->o_req_ndn.bv_val, op->o_tmpmemctx ); - BER_BVZERO( &op->o_req_ndn ); - if ( !BER_BVISEMPTY( &op->o_conn->c_dn ) ) { - ber_len_t max = sockbuf_max_incoming_auth; - ber_sockbuf_ctrl( op->o_conn->c_sb, - LBER_SB_OPT_SET_MAX_INCOMING, &max ); - } - /* log authorization identity */ - Statslog( LDAP_DEBUG_STATS, - "%s BIND dn=\"%s\" mech=%s (SLAPI) ssf=0\n", - op->o_log_prefix, - BER_BVISNULL( &op->o_conn->c_dn ) - ? "" : op->o_conn->c_dn.bv_val, - mech.bv_val, 0, 0 ); - ldap_pvt_thread_mutex_unlock( &op->o_conn->c_mutex ); - } - goto cleanup; - break; - } - } -#endif /* LDAP_SLAPI */ - if( op->o_bd->be_bind ) { rs->sr_err = (op->o_bd->be_bind)( op, rs ); @@ -604,16 +501,6 @@ fe_op_bind( Operation *op, SlapReply *rs ) "operation not supported within naming context" ); } -#ifdef LDAP_SLAPI - if ( pb != NULL && - slapi_int_call_plugins( op->o_bd, SLAPI_PLUGIN_POST_BIND_FN, pb ) < 0 ) - { - Debug(LDAP_DEBUG_TRACE, - "do_bind: Bind postoperation plugins failed.\n", - 0, 0, 0); - } -#endif /* LDAP_SLAPI */ - cleanup:; return rs->sr_err; } diff --git a/servers/slapd/compare.c b/servers/slapd/compare.c index d43af1c016..8787ee45c1 100644 --- a/servers/slapd/compare.c +++ b/servers/slapd/compare.c @@ -30,9 +30,6 @@ #include #include "slap.h" -#ifdef LDAP_SLAPI -#include "slapi/slapi.h" -#endif static int compare_entry( Operation *op, @@ -240,35 +237,6 @@ fe_op_compare( Operation *op, SlapReply *rs ) op->o_log_prefix, op->o_req_dn.bv_val, ava.aa_desc->ad_cname.bv_val, 0, 0 ); -#if defined( LDAP_SLAPI ) -#define pb op->o_pb - if ( pb ) { - slapi_int_pblock_set_operation( pb, op ); - slapi_pblock_set( pb, SLAPI_COMPARE_TARGET, (void *)op->o_req_dn.bv_val ); - slapi_pblock_set( pb, SLAPI_MANAGEDSAIT, (void *)manageDSAit ); - slapi_pblock_set( pb, SLAPI_COMPARE_TYPE, (void *)ava.aa_desc->ad_cname.bv_val ); - slapi_pblock_set( pb, SLAPI_COMPARE_VALUE, (void *)&ava.aa_value ); - - rs->sr_err = slapi_int_call_plugins( op->o_bd, - SLAPI_PLUGIN_PRE_COMPARE_FN, pb ); - if ( rs->sr_err < 0 ) { - /* - * A preoperation plugin failure will abort the - * entire operation. - */ - Debug(LDAP_DEBUG_TRACE, - "do_compare: compare preoperation plugin failed\n", - 0, 0, 0); - if ( ( slapi_pblock_get( op->o_pb, SLAPI_RESULT_CODE, - (void *)&rs->sr_err ) != 0 ) || rs->sr_err == LDAP_SUCCESS ) - { - rs->sr_err = LDAP_OTHER; - } - goto cleanup; - } - } -#endif /* defined( LDAP_SLAPI ) */ - op->orc_ava = &ava; if ( ava.aa_desc == slap_schema.si_ad_entryDN ) { send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM, @@ -395,15 +363,6 @@ fe_op_compare( Operation *op, SlapReply *rs ) } } -#if defined( LDAP_SLAPI ) - if ( pb != NULL && slapi_int_call_plugins( op->o_bd, - SLAPI_PLUGIN_POST_COMPARE_FN, pb ) < 0 ) - { - Debug(LDAP_DEBUG_TRACE, - "do_compare: compare postoperation plugins failed\n", 0, 0, 0 ); - } -#endif /* defined( LDAP_SLAPI ) */ - cleanup:; return rs->sr_err; } diff --git a/servers/slapd/connection.c b/servers/slapd/connection.c index 036f7ae0e1..2ac706c6ce 100644 --- a/servers/slapd/connection.c +++ b/servers/slapd/connection.c @@ -599,20 +599,20 @@ void connection2anonymous( Connection *c ) } if(c->c_authmech.bv_val != NULL ) { - free(c->c_authmech.bv_val); + ch_free(c->c_authmech.bv_val); } BER_BVZERO( &c->c_authmech ); if(c->c_dn.bv_val != NULL) { - free(c->c_dn.bv_val); + ch_free(c->c_dn.bv_val); } BER_BVZERO( &c->c_dn ); if(c->c_ndn.bv_val != NULL) { - free(c->c_ndn.bv_val); + ch_free(c->c_ndn.bv_val); } BER_BVZERO( &c->c_ndn ); if(c->c_sasl_authz_dn.bv_val != NULL) { - free(c->c_sasl_authz_dn.bv_val); + ch_free(c->c_sasl_authz_dn.bv_val); } BER_BVZERO( &c->c_sasl_authz_dn ); diff --git a/servers/slapd/delete.c b/servers/slapd/delete.c index 40a87c07f3..722359ae06 100644 --- a/servers/slapd/delete.c +++ b/servers/slapd/delete.c @@ -34,10 +34,6 @@ #include "lutil.h" -#ifdef LDAP_SLAPI -#include "slapi/slapi.h" -#endif - int do_delete( Operation *op, @@ -156,33 +152,6 @@ fe_op_delete( Operation *op, SlapReply *rs ) goto cleanup; } -#if defined( LDAP_SLAPI ) -#define pb op->o_pb - if ( pb ) { - slapi_int_pblock_set_operation( pb, op ); - slapi_pblock_set( pb, SLAPI_DELETE_TARGET, (void *)op->o_req_dn.bv_val ); - slapi_pblock_set( pb, SLAPI_MANAGEDSAIT, (void *)manageDSAit ); - - rs->sr_err = slapi_int_call_plugins( op->o_bd, - SLAPI_PLUGIN_PRE_DELETE_FN, pb ); - if ( rs->sr_err < 0 ) { - /* - * A preoperation plugin failure will abort the - * entire operation. - */ - Debug (LDAP_DEBUG_TRACE, "do_delete: " - "delete preoperation plugin failed.\n", 0, 0, 0); - if ( ( slapi_pblock_get( pb, SLAPI_RESULT_CODE, - (void *)&rs->sr_err ) != 0 ) || - rs->sr_err == LDAP_SUCCESS ) - { - rs->sr_err = LDAP_OTHER; - } - goto cleanup; - } - } -#endif /* defined( LDAP_SLAPI ) */ - /* * do the delete if 1 && (2 || 3) * 1) there is a delete function implemented in this backend; @@ -281,16 +250,6 @@ fe_op_delete( Operation *op, SlapReply *rs ) "operation not supported within namingContext" ); } -#if defined( LDAP_SLAPI ) - if ( pb != NULL && slapi_int_call_plugins( op->o_bd, - SLAPI_PLUGIN_POST_DELETE_FN, pb ) < 0) - { - Debug(LDAP_DEBUG_TRACE, - "do_delete: delete postoperation plugins failed\n", - 0, 0, 0 ); - } -#endif /* defined( LDAP_SLAPI ) */ - cleanup:; return rs->sr_err; } diff --git a/servers/slapd/extended.c b/servers/slapd/extended.c index 6d3237cae4..cbe8b5e581 100644 --- a/servers/slapd/extended.c +++ b/servers/slapd/extended.c @@ -39,10 +39,6 @@ #include "slap.h" #include "lber_pvt.h" -#ifdef LDAP_SLAPI -#include "slapi/slapi.h" -#endif - #define UNSUPPORTED_EXOP "unsupported extended operation" @@ -194,25 +190,11 @@ fe_extended( Operation *op, SlapReply *rs ) struct extop_list *ext = NULL; struct berval reqdata = BER_BVNULL; -#if defined(LDAP_SLAPI) - Slapi_PBlock *pb = op->o_pb; - SLAPI_FUNC funcAddr = NULL; - int extop_rc; - int msg_sent = FALSE; -#endif /* defined(LDAP_SLAPI) */ - if (op->ore_reqdata) { reqdata = *op->ore_reqdata; } -#ifdef LDAP_SLAPI - /* NS-SLAPI extended operation */ - slapi_int_get_extop_plugin( &op->ore_reqoid, &funcAddr ); - - if( !funcAddr && !(ext = find_extop(supp_ext_list, &op->ore_reqoid ))) -#else if( !(ext = find_extop(supp_ext_list, &op->ore_reqoid ))) -#endif { Debug( LDAP_DEBUG_ANY, "do_extended: unsupported operation \"%s\"\n", op->ore_reqoid.bv_val, 0 ,0 ); @@ -226,68 +208,6 @@ fe_extended( Operation *op, SlapReply *rs ) Debug( LDAP_DEBUG_ARGS, "do_extended: oid=%s\n", op->ore_reqoid.bv_val, 0 ,0 ); -#if defined(LDAP_SLAPI) - if ( funcAddr != NULL ) { - rs->sr_err = slapi_pblock_set( pb, SLAPI_EXT_OP_REQ_OID, - (void *)op->ore_reqoid.bv_val); - if ( rs->sr_err != LDAP_SUCCESS ) { - rs->sr_err = LDAP_OTHER; - goto done; - } - - rs->sr_err = slapi_pblock_set( pb, SLAPI_EXT_OP_REQ_VALUE, - (void *)&reqdata); - if ( rs->sr_err != LDAP_SUCCESS ) { - rs->sr_err = LDAP_OTHER; - goto done; - } - - rs->sr_err = slapi_int_pblock_set_operation( pb, op ); - if ( rs->sr_err != LDAP_SUCCESS ) { - rs->sr_err = LDAP_OTHER; - goto done; - } - - extop_rc = (*funcAddr)( pb ); - if ( extop_rc == SLAPI_PLUGIN_EXTENDED_SENT_RESULT ) { - msg_sent = TRUE; - - } else if ( extop_rc == SLAPI_PLUGIN_EXTENDED_NOT_HANDLED ) { - rs->sr_err = LDAP_PROTOCOL_ERROR; - rs->sr_text = UNSUPPORTED_EXOP; - - } else { - rs->sr_err = slapi_pblock_get( pb, SLAPI_EXT_OP_RET_OID, - &rs->sr_rspoid); - if ( rs->sr_err != LDAP_SUCCESS ) { - goto done2; - } - - rs->sr_err = slapi_pblock_get( pb, SLAPI_EXT_OP_RET_VALUE, - &rs->sr_rspdata); - if ( rs->sr_err != LDAP_SUCCESS ) { - goto done2; - } - - rs->sr_err = extop_rc; - send_ldap_extended( op, rs ); - msg_sent = TRUE; - } - -done2:; - if ( rs->sr_err != LDAP_SUCCESS && msg_sent == FALSE ) { - send_ldap_result( op, rs ); - } - - if ( rs->sr_rspoid != NULL ) { - ch_free( (char *)rs->sr_rspoid ); - } - - if ( rs->sr_rspdata != NULL ) { - ber_bvfree( rs->sr_rspdata ); - } - } else -#endif /* defined( LDAP_SLAPI ) */ { /* start of OpenLDAP extended operation */ rs->sr_err = (ext->ext_main)( op, rs ); diff --git a/servers/slapd/frontend.c b/servers/slapd/frontend.c index befc06c766..510645f901 100644 --- a/servers/slapd/frontend.c +++ b/servers/slapd/frontend.c @@ -38,10 +38,6 @@ #include "ldap_rq.h" -#ifdef LDAP_SLAPI -#include "slapi/slapi.h" -#endif - static BackendInfo slap_frontendInfo; static BackendDB slap_frontendDB; BackendDB *frontendDB; diff --git a/servers/slapd/modify.c b/servers/slapd/modify.c index b7d7589105..a0d7d225fd 100644 --- a/servers/slapd/modify.c +++ b/servers/slapd/modify.c @@ -32,9 +32,6 @@ #include #include "slap.h" -#ifdef LDAP_SLAPI -#include "slapi/slapi.h" -#endif #include "lutil.h" @@ -221,9 +218,6 @@ fe_op_modify( Operation *op, SlapReply *rs ) int manageDSAit; Modifications *modlist = op->orm_modlist; Modifications **modtail = &modlist; -#ifdef LDAP_SLAPI - LDAPMod **modv = NULL; -#endif int increment = op->orm_increment; BackendDB *op_be; char textbuf[ SLAP_TEXT_BUFLEN ]; @@ -365,61 +359,6 @@ fe_op_modify( Operation *op, SlapReply *rs ) "modify/increment not supported in context" ); } -#if defined( LDAP_SLAPI ) -#define pb op->o_pb - if ( pb ) { - slapi_int_pblock_set_operation( pb, op ); - slapi_pblock_set( pb, SLAPI_MODIFY_TARGET, (void *)op->o_req_dn.bv_val ); - slapi_pblock_set( pb, SLAPI_MANAGEDSAIT, (void *)manageDSAit ); - modv = slapi_int_modifications2ldapmods( &modlist ); - slapi_pblock_set( pb, SLAPI_MODIFY_MODS, (void *)modv ); - - rs->sr_err = slapi_int_call_plugins( op->o_bd, - SLAPI_PLUGIN_PRE_MODIFY_FN, pb ); - - /* - * It's possible that the preoperation plugin changed the - * modification array, so we need to convert it back to - * a Modification list. - * - * Calling slapi_int_modifications2ldapmods() destroyed modlist so - * we don't need to free it. - */ - slapi_pblock_get( pb, SLAPI_MODIFY_MODS, (void **)&modv ); - modlist = slapi_int_ldapmods2modifications( modv ); - - if ( rs->sr_err < 0 ) { - /* - * A preoperation plugin failure will abort the - * entire operation. - */ - Debug(LDAP_DEBUG_TRACE, - "do_modify: modify preoperation plugin failed.\n", - 0, 0, 0); - if ( ( slapi_pblock_get( op->o_pb, SLAPI_RESULT_CODE, - (void *)&rs->sr_err ) != 0 ) || rs->sr_err == LDAP_SUCCESS ) - { - rs->sr_err = LDAP_OTHER; - } - slapi_int_free_ldapmods( modv ); - modv = NULL; - goto cleanup; - } - } - - /* - * NB: it is valid for the plugin to return no modifications - * (for example, a plugin might store some attributes elsewhere - * and remove them from the modification list; if only those - * attribute types were included in the modification request, - * then slapi_int_ldapmods2modifications() above will return - * NULL). - * - * However, the post-operation plugin should still be - * called. - */ -#endif /* defined( LDAP_SLAPI ) */ - /* * do the modify if 1 && (2 || 3) * 1) there is a modify function implemented in this backend; @@ -510,20 +449,7 @@ fe_op_modify( Operation *op, SlapReply *rs ) "operation not supported within namingContext" ); } -#if defined( LDAP_SLAPI ) - if ( pb != NULL && slapi_int_call_plugins( op->o_bd, - SLAPI_PLUGIN_POST_MODIFY_FN, pb ) < 0 ) - { - Debug(LDAP_DEBUG_TRACE, - "do_modify: modify postoperation plugins failed.\n", 0, 0, 0); - } -#endif /* defined( LDAP_SLAPI ) */ - cleanup:; -#if defined( LDAP_SLAPI ) - if ( modv != NULL ) slapi_int_free_ldapmods( modv ); -#endif - return rs->sr_err; } diff --git a/servers/slapd/modrdn.c b/servers/slapd/modrdn.c index c2ceab26bb..f54f714103 100644 --- a/servers/slapd/modrdn.c +++ b/servers/slapd/modrdn.c @@ -39,9 +39,6 @@ #include #include "slap.h" -#ifdef LDAP_SLAPI -#include "slapi/slapi.h" -#endif int do_modrdn( @@ -285,34 +282,6 @@ fe_op_modrdn( Operation *op, SlapReply *rs ) } } -#if defined( LDAP_SLAPI ) -#define pb op->o_pb - if ( pb ) { - slapi_int_pblock_set_operation( pb, op ); - slapi_pblock_set( pb, SLAPI_MODRDN_TARGET, (void *)op->o_req_dn.bv_val ); - slapi_pblock_set( pb, SLAPI_MODRDN_NEWRDN, (void *)op->orr_newrdn.bv_val ); - slapi_pblock_set( pb, SLAPI_MODRDN_NEWSUPERIOR, - (void *)op->orr_newSup->bv_val ); - slapi_pblock_set( pb, SLAPI_MODRDN_DELOLDRDN, (void *)op->orr_deleteoldrdn); - slapi_pblock_set( pb, SLAPI_MANAGEDSAIT, (void *)manageDSAit ); - - rs->sr_err = slapi_int_call_plugins( op->o_bd, SLAPI_PLUGIN_PRE_MODRDN_FN, pb ); - if ( rs->sr_err < 0 ) { - /* - * A preoperation plugin failure will abort the - * entire operation. - */ - Debug(LDAP_DEBUG_TRACE, "do_modrdn: modrdn preoperation plugin " - "failed.\n", 0, 0, 0); - if ( ( slapi_pblock_get( pb, SLAPI_RESULT_CODE, (void *)&rs->sr_err ) != 0 ) || - rs->sr_err == LDAP_SUCCESS ) { - rs->sr_err = LDAP_OTHER; - } - goto cleanup; - } - } -#endif /* defined( LDAP_SLAPI ) */ - /* * do the modrdn if 1 && (2 || 3) * 1) there is a modrdn function implemented in this backend; @@ -403,13 +372,6 @@ fe_op_modrdn( Operation *op, SlapReply *rs ) "operation not supported within namingContext" ); } -#if defined( LDAP_SLAPI ) - if ( pb != NULL && slapi_int_call_plugins( op->o_bd, SLAPI_PLUGIN_POST_MODRDN_FN, pb ) < 0 ) { - Debug(LDAP_DEBUG_TRACE, "do_modrdn: modrdn postoperation plugins " - "failed.\n", 0, 0, 0); - } -#endif /* defined( LDAP_SLAPI ) */ - cleanup:; return rs->sr_err; } diff --git a/servers/slapd/operation.c b/servers/slapd/operation.c index d2e9fd05f7..dc95226c01 100644 --- a/servers/slapd/operation.c +++ b/servers/slapd/operation.c @@ -69,13 +69,13 @@ slap_op_free( Operation *op ) ber_free( op->o_ber, 1 ); } if ( !BER_BVISNULL( &op->o_dn ) ) { - free( op->o_dn.bv_val ); + ch_free( op->o_dn.bv_val ); } if ( !BER_BVISNULL( &op->o_ndn ) ) { - free( op->o_ndn.bv_val ); + ch_free( op->o_ndn.bv_val ); } if ( !BER_BVISNULL( &op->o_authmech ) ) { - free( op->o_authmech.bv_val ); + ch_free( op->o_authmech.bv_val ); } if ( op->o_ctrls != NULL ) { slap_free_ctrls( op, op->o_ctrls ); diff --git a/servers/slapd/overlays/glue.c b/servers/slapd/overlays/glue.c index a6e0d68304..125af28328 100644 --- a/servers/slapd/overlays/glue.c +++ b/servers/slapd/overlays/glue.c @@ -153,13 +153,6 @@ glue_op_response ( Operation *op, SlapReply *rs ) return 0; } -enum glue_which { - glue_op_modify = 0, - glue_op_modrdn, - glue_op_add, - glue_op_delete -}; - static int glue_op_func ( Operation *op, SlapReply *rs ) { @@ -167,20 +160,20 @@ glue_op_func ( Operation *op, SlapReply *rs ) BackendDB *b0 = op->o_bd; BackendInfo *bi0 = op->o_bd->bd_info; BI_op_modify **func; - enum glue_which which; + slap_operation_t which; int rc; op->o_bd = glue_back_select (b0, &op->o_req_ndn); b0->bd_info = on->on_info->oi_orig; switch(op->o_tag) { - case LDAP_REQ_ADD: which = glue_op_add; break; - case LDAP_REQ_DELETE: which = glue_op_delete; break; - case LDAP_REQ_MODIFY: which = glue_op_modify; break; - case LDAP_REQ_MODRDN: which = glue_op_modrdn; break; + case LDAP_REQ_ADD: which = op_add; break; + case LDAP_REQ_DELETE: which = op_delete; break; + case LDAP_REQ_MODIFY: which = op_modify; break; + case LDAP_REQ_MODRDN: which = op_modrdn; break; } - func = &op->o_bd->bd_info->bi_op_modify; + func = &op->o_bd->bd_info->bi_op_bind; if ( func[which] ) rc = func[which]( op, rs ); else diff --git a/servers/slapd/result.c b/servers/slapd/result.c index 2bd7b6bff0..9262bfccaf 100644 --- a/servers/slapd/result.c +++ b/servers/slapd/result.c @@ -37,14 +37,6 @@ #include "slap.h" -#ifdef LDAP_SLAPI -#include "slapi/slapi.h" - -static int call_pre_result_plugins( Operation *, SlapReply * ); -static int call_pre_referral_plugins( Operation *, SlapReply * ); -static int call_pre_entry_plugins( Operation *, SlapReply *, int * ); -#endif /* LDAP_SLAPI */ - const struct berval slap_dummy_bv = BER_BVNULL; int slap_null_cb( Operation *op, SlapReply *rs ) @@ -250,36 +242,16 @@ static int send_ldap_controls( Operation *o, BerElement *ber, LDAPControl **c ) { int rc; -#ifdef LDAP_SLAPI - LDAPControl **sctrls = NULL; - - /* - * Retrieve any additional controls that may be set by the - * plugin. - */ - - if ( o->o_pb && - slapi_pblock_get( o->o_pb, SLAPI_RESCONTROLS, &sctrls ) != 0 ) - { - sctrls = NULL; - } - if ( c == NULL && sctrls == NULL ) return 0; -#else - if( c == NULL ) return 0; -#endif /* LDAP_SLAPI */ + if( c == NULL ) + return 0; rc = ber_printf( ber, "t{"/*}*/, LDAP_TAG_CONTROLS ); if( rc == -1 ) return rc; -#ifdef LDAP_SLAPI - if ( c != NULL ) -#endif /* LDAP_SLAPI */ - { - for( ; *c != NULL; c++) { - rc = send_ldap_control( ber, *c ); - if( rc == -1 ) return rc; - } + for( ; *c != NULL; c++) { + rc = send_ldap_control( ber, *c ); + if( rc == -1 ) return rc; } #ifdef LDAP_DEVEL @@ -307,15 +279,6 @@ send_ldap_controls( Operation *o, BerElement *ber, LDAPControl **c ) } #endif -#ifdef LDAP_SLAPI - if ( sctrls != NULL ) { - for ( c = sctrls; *c != NULL; c++ ) { - rc = send_ldap_control( ber, *c ); - if( rc == -1 ) return rc; - } - } -#endif /* LDAP_SLAPI */ - rc = ber_printf( ber, /*{*/"N}" ); return rc; @@ -480,15 +443,6 @@ send_ldap_response( goto cleanup; } -#ifdef LDAP_SLAPI - if ( op->o_pb ) { - slapi_pblock_set( op->o_pb, SLAPI_RESULT_CODE, (void *)rs->sr_err ); - slapi_pblock_set( op->o_pb, SLAPI_RESULT_MATCHED, - (void *)rs->sr_matched ); - slapi_pblock_set( op->o_pb, SLAPI_RESULT_TEXT, (void *)rs->sr_text ); - } -#endif /* LDAP_SLAPI */ - ldap_pvt_thread_mutex_lock( &slap_counters.sc_sent_mutex ); ldap_pvt_mp_add_ulong( slap_counters.sc_pdu, 1 ); ldap_pvt_mp_add_ulong( slap_counters.sc_bytes, (unsigned long)bytes ); @@ -615,10 +569,6 @@ slap_send_ldap_result( Operation *op, SlapReply *rs ) } } -#ifdef LDAP_SLAPI - (void) call_pre_result_plugins( op, rs ); -#endif /* LDAP_SLAPI */ - if ( op->o_protocol < LDAP_VERSION3 ) { tmp = v2ref( rs->sr_ref, rs->sr_text ); rs->sr_text = tmp; @@ -707,11 +657,6 @@ slap_send_search_entry( Operation *op, SlapReply *rs ) char *edn; int userattrs; AccessControlState acl_state = ACL_STATE_INIT; -#ifdef LDAP_SLAPI - /* Support for computed attribute plugins */ - computed_attr_context ctx; - AttributeName *anp; -#endif int attrsonly; AttributeDescription *ad_entry = slap_schema.si_ad_entry; @@ -767,14 +712,6 @@ slap_send_search_entry( Operation *op, SlapReply *rs ) attrsonly = op->ors_attrsonly; -#ifdef LDAP_SLAPI - rc = call_pre_entry_plugins( op, rs, &attrsonly ); - if ( rc < 0 ) { - rc = 0; - goto error_return; - } -#endif /* LDAP_SLAPI */ - if ( !access_allowed( op, rs->sr_entry, ad_entry, NULL, ACL_READ, NULL )) { Debug( LDAP_DEBUG_ACL, "send_search_entry: conn %lu access to entry (%s) not allowed\n", @@ -1125,46 +1062,6 @@ slap_send_search_entry( Operation *op, SlapReply *rs ) } } -#ifdef LDAP_SLAPI - /* - * First, setup the computed attribute context that is - * passed to all plugins. - */ - if ( op->o_pb ) { - ctx.cac_pb = op->o_pb; - ctx.cac_attrs = rs->sr_attrs; - ctx.cac_attrsonly = attrsonly; - ctx.cac_userattrs = userattrs; - ctx.cac_opattrs = rs->sr_attr_flags; - ctx.cac_acl_state = acl_state; - ctx.cac_private = (void *)ber; - - /* - * For each client requested attribute, call the plugins. - */ - if ( rs->sr_attrs != NULL ) { - for ( anp = rs->sr_attrs; anp->an_name.bv_val != NULL; anp++ ) { - rc = compute_evaluator( &ctx, anp->an_name.bv_val, - rs->sr_entry, slapi_int_compute_output_ber ); - if ( rc == 1 ) break; - } - } else { - /* - * Technically we shouldn't be returning operational attributes - * when the user requested only user attributes. We'll let the - * plugin decide whether to be naughty or not. - */ - rc = compute_evaluator( &ctx, "*", - rs->sr_entry, slapi_int_compute_output_ber ); - } - if ( rc == 1 ) { - if ( op->o_res_ber == NULL ) ber_free_buf( ber ); - send_ldap_error( op, rs, LDAP_OTHER, "computed attribute error" ); - goto error_return; - } - } -#endif /* LDAP_SLAPI */ - /* free e_flags */ if ( e_flags ) { slap_sl_free( e_flags, op->o_tmpmemctx ); @@ -1318,12 +1215,6 @@ slap_send_search_reference( Operation *op, SlapReply *rs ) "=> send_search_reference: dn=\"%s\"\n", rs->sr_entry ? rs->sr_entry->e_name.bv_val : "(null)", 0, 0 ); -#ifdef notdef - rc = call_pre_referral_plugins( op, rs ); - if ( rc < 0 ) - goto rel; -#endif /* LDAP_SLAPI */ - if ( rs->sr_entry && ! access_allowed( op, rs->sr_entry, ad_entry, NULL, ACL_READ, NULL ) ) { @@ -1522,9 +1413,6 @@ int slap_read_controls( BerElement *ber = (BerElement *) &berbuf; LDAPControl c; Operation myop; -#ifdef LDAP_SLAPI - Slapi_PBlock *pb; -#endif Debug( LDAP_DEBUG_ANY, "slap_read_controls: (%s) %s\n", oid->bv_val, e->e_dn, 0 ); @@ -1543,15 +1431,8 @@ int slap_read_controls( myop = *op; myop.o_bd = NULL; myop.o_res_ber = ber; -#ifdef LDAP_SLAPI - pb = myop.o_pb; - myop.o_pb = NULL; -#endif rc = slap_send_search_entry( &myop, rs ); -#ifdef LDAP_SLAPI - myop.o_pb = pb; -#endif if( rc ) return rc; rc = ber_flatten2( ber, &c.ldctl_value, 0 ); @@ -1638,148 +1519,3 @@ slap_attr_flags( AttributeName *an ) return flags; } -#ifdef LDAP_SLAPI -static AttributeName *charray2anlist( Operation *op, char **attrs ) -{ - AttributeName *an; - int i; - - if ( attrs != NULL ) { - for ( i = 0; attrs[i] != NULL; i++ ) - ; - an = (AttributeName *)op->o_tmpalloc( (i + 1) * sizeof(AttributeName), op->o_tmpmemctx ); - for ( i = 0; attrs[i] != NULL; i++ ) { - const char *dummy; - - an[i].an_name.bv_val = attrs[i]; - an[i].an_name.bv_len = strlen( attrs[i] ); - an[i].an_oc = NULL; - an[i].an_oc_exclude = 0; - slap_bv2ad( &an[i].an_name, &an[i].an_desc, &dummy ); - } - } else { - an = NULL; - } - - return an; -} - -/* - * Call pre-response plugins. To avoid infinite recursion plugins - * should just set SLAPI_RESULT_CODE rather than sending a - * result if they wish to change the result. Similarly, pre-entry - * plugins can either abort sending the entry or change the list - * of sent attributes, but they can't call send_search_entry(). - */ - -static int call_pre_entry_plugins( Operation *op, SlapReply *rs, int *pAttributesOnly ) -{ - int rc; - char **attrs = NULL; - char **filteredAttributes = NULL; - Slapi_PBlock *pb; - - if ( op->o_callback != NULL || op->o_pb == NULL ) { - return 0; - } - - /* - * A new parameter block is allocated to avoid trampling on the - * operation SLAPI state. - */ - pb = slapi_pblock_new(); - - slapi_int_pblock_set_operation( pb, op ); - slapi_pblock_set( pb, SLAPI_RESCONTROLS, (void *)rs->sr_ctrls ); - attrs = anlist2charray_x( op->ors_attrs, 0, op->o_tmpmemctx ); - slapi_pblock_set( pb, SLAPI_SEARCH_ATTRS, (void *)attrs ); - slapi_pblock_set( pb, SLAPI_SEARCH_ATTRSONLY, (void *)*pAttributesOnly ); - slapi_pblock_set( pb, SLAPI_SEARCH_RESULT_ENTRY, (void *)rs->sr_entry ); - - rc = slapi_int_call_plugins( op->o_bd, SLAPI_PLUGIN_PRE_ENTRY_FN, pb ); - if ( rc < 0 ) { - slapi_pblock_destroy( pb ); - return rc; - } - - slapi_pblock_get( pb, SLAPI_RESCONTROLS, (void **)&rs->sr_ctrls ); - slapi_pblock_get( pb, SLAPI_SEARCH_ATTRS, (void **)&filteredAttributes ); - slapi_pblock_get( pb, SLAPI_SEARCH_ATTRSONLY, (void **)pAttributesOnly ); - slapi_pblock_get( pb, SLAPI_SEARCH_RESULT_ENTRY, (void **)&rs->sr_entry ); - - if ( filteredAttributes != attrs ) { - /* - * Support for filtering attributes; useful for implementing - * replication providers - */ - rs->sr_attrs = charray2anlist( op, filteredAttributes ); - slapi_ch_free( (void **)&filteredAttributes ); - } - - slapi_pblock_set( pb, SLAPI_RESCONTROLS, NULL ); - slapi_pblock_destroy( pb ); - - return rc; -} - -static int call_pre_result_plugins( Operation *op, SlapReply *rs ) -{ - int rc; - - if ( op->o_callback != NULL || op->o_pb == NULL ) { - return 0; - } - - slapi_pblock_set( op->o_pb, SLAPI_RESCONTROLS, (void *)rs->sr_ctrls ); - slapi_pblock_set( op->o_pb, SLAPI_RESULT_CODE, (void *)rs->sr_err ); - slapi_pblock_set( op->o_pb, SLAPI_RESULT_TEXT, (void *)rs->sr_text ); - slapi_pblock_set( op->o_pb, SLAPI_RESULT_MATCHED, (void *)rs->sr_matched ); - - rc = slapi_int_call_plugins( op->o_bd, SLAPI_PLUGIN_PRE_RESULT_FN, op->o_pb ); - if ( rc < 0 ) { - return rc; - } - - slapi_pblock_get( op->o_pb, SLAPI_RESCONTROLS, (void **)&rs->sr_ctrls ); - slapi_pblock_get( op->o_pb, SLAPI_RESULT_CODE, (void **)&rs->sr_err ); - slapi_pblock_get( op->o_pb, SLAPI_RESULT_TEXT, (void **)&rs->sr_text ); - slapi_pblock_get( op->o_pb, SLAPI_RESULT_MATCHED, (void **)&rs->sr_matched ); - - slapi_pblock_set( op->o_pb, SLAPI_RESCONTROLS, NULL ); - - return rc; -} - -static int call_pre_referral_plugins( Operation *op, SlapReply *rs ) -{ - int rc; - Slapi_PBlock *pb; - - if ( op->o_callback != NULL || op->o_pb == NULL ) { - return 0; - } - - /* - * A new parameter block is allocated to avoid trampling on the - * operation SLAPI state. - */ - pb = slapi_pblock_new(); - - slapi_int_pblock_set_operation( pb, op ); - slapi_pblock_set( pb, SLAPI_RESCONTROLS, (void *)rs->sr_ctrls ); - slapi_pblock_set( pb, SLAPI_SEARCH_RESULT_ENTRY, (void *)rs->sr_entry ); - - rc = slapi_int_call_plugins( op->o_bd, SLAPI_PLUGIN_PRE_REFERRAL_FN, pb ); - if ( rc < 0 ) { - return rc; - } - - slapi_pblock_get( pb, SLAPI_RESCONTROLS, (void **)&rs->sr_ctrls ); - slapi_pblock_get( pb, SLAPI_SEARCH_RESULT_ENTRY, (void **)&rs->sr_entry ); - - slapi_pblock_set( pb, SLAPI_RESCONTROLS, NULL ); - slapi_pblock_destroy( pb ); - - return rc; -} -#endif /* LDAP_SLAPI */ diff --git a/servers/slapd/search.c b/servers/slapd/search.c index d8819bd725..b83b2d165d 100644 --- a/servers/slapd/search.c +++ b/servers/slapd/search.c @@ -33,15 +33,6 @@ #include "lutil.h" #include "slap.h" -#ifdef LDAP_SLAPI -#include "slapi/slapi.h" - -static void init_search_pblock( Operation *op, char **attrs, int managedsait ); -static int call_search_preop_plugins( Operation *op ); -static int call_search_rewrite_plugins( Operation *op ); -static void call_search_postop_plugins( Operation *op ); -#endif /* LDAPI_SLAPI */ - int do_search( Operation *op, /* info about the op to which we're responding */ @@ -247,9 +238,6 @@ fe_op_search( Operation *op, SlapReply *rs ) { int manageDSAit; int be_manageDSAit; -#ifdef LDAP_SLAPI - char **attrs = NULL; -#endif manageDSAit = get_manageDSAit( op ); @@ -270,15 +258,6 @@ fe_op_search( Operation *op, SlapReply *rs ) goto return_results; } -#ifdef LDAP_SLAPI - if ( op->o_pb ) { - attrs = anlist2charray_x( op->ors_attrs, 0, op->o_tmpmemctx ); - init_search_pblock( op, attrs, manageDSAit ); - rs->sr_err = call_search_preop_plugins( op ); - if ( rs->sr_err ) break; - call_search_rewrite_plugins( op ); - } -#endif /* LDAP_SLAPI */ rs->sr_err = root_dse_info( op->o_conn, &entry, &rs->sr_text ); } else if ( bvmatch( &op->o_req_ndn, &frontendDB->be_schemandn ) ) { @@ -288,23 +267,11 @@ fe_op_search( Operation *op, SlapReply *rs ) goto return_results; } -#ifdef LDAP_SLAPI - if ( op->o_pb ) { - attrs = anlist2charray_x( op->ors_attrs, 0, op->o_tmpmemctx ); - init_search_pblock( op, attrs, manageDSAit ); - rs->sr_err = call_search_preop_plugins( op ); - if ( rs->sr_err ) break; - call_search_rewrite_plugins( op ); - } -#endif /* LDAP_SLAPI */ rs->sr_err = schema_info( &entry, &rs->sr_text ); } if( rs->sr_err != LDAP_SUCCESS ) { send_ldap_result( op, rs ); -#ifdef LDAP_SLAPI - if ( op->o_pb ) call_search_postop_plugins( op ); -#endif /* LDAP_SLAPI */ goto return_results; } else if ( entry != NULL ) { @@ -322,9 +289,6 @@ fe_op_search( Operation *op, SlapReply *rs ) rs->sr_err = LDAP_SUCCESS; send_ldap_result( op, rs ); -#ifdef LDAP_SLAPI - if ( op->o_pb ) call_search_postop_plugins( op ); -#endif /* LDAP_SLAPI */ goto return_results; } break; @@ -374,19 +338,6 @@ fe_op_search( Operation *op, SlapReply *rs ) goto return_results; } -#ifdef LDAP_SLAPI - if ( op->o_pb ) { - attrs = anlist2charray_x( op->ors_attrs, 0, op->o_tmpmemctx ); - init_search_pblock( op, attrs, manageDSAit ); - rs->sr_err = call_search_preop_plugins( op ); - if ( rs->sr_err != LDAP_SUCCESS ) { - goto return_results; - } - - call_search_rewrite_plugins( op ); - } -#endif /* LDAP_SLAPI */ - /* actually do the search and send the result(s) */ if ( op->o_bd->be_search ) { if ( limits_check( op, rs ) == 0 ) { @@ -399,106 +350,7 @@ fe_op_search( Operation *op, SlapReply *rs ) "operation not supported within namingContext" ); } -#ifdef LDAP_SLAPI - if ( op->o_pb ) call_search_postop_plugins( op ); -#endif /* LDAP_SLAPI */ - -#ifdef LDAP_SLAPI - if( attrs != NULL) op->o_tmpfree( attrs, op->o_tmpmemctx ); -#endif /* LDAP_SLAPI */ - return_results:; return rs->sr_err; } -#ifdef LDAP_SLAPI - -static void init_search_pblock( Operation *op, - char **attrs, int managedsait ) -{ - slapi_int_pblock_set_operation( op->o_pb, op ); - slapi_pblock_set( op->o_pb, SLAPI_SEARCH_TARGET, (void *)op->o_req_dn.bv_val ); - slapi_pblock_set( op->o_pb, SLAPI_SEARCH_SCOPE, (void *)op->ors_scope ); - slapi_pblock_set( op->o_pb, SLAPI_SEARCH_DEREF, (void *)op->ors_deref ); - slapi_pblock_set( op->o_pb, SLAPI_SEARCH_SIZELIMIT, (void *)op->ors_slimit ); - slapi_pblock_set( op->o_pb, SLAPI_SEARCH_TIMELIMIT, (void *)op->ors_tlimit ); - slapi_pblock_set( op->o_pb, SLAPI_SEARCH_FILTER, (void *)op->ors_filter ); - slapi_pblock_set( op->o_pb, SLAPI_SEARCH_STRFILTER, (void *)op->ors_filterstr.bv_val ); - slapi_pblock_set( op->o_pb, SLAPI_SEARCH_ATTRS, (void *)attrs ); - slapi_pblock_set( op->o_pb, SLAPI_SEARCH_ATTRSONLY, (void *)op->ors_attrsonly ); - slapi_pblock_set( op->o_pb, SLAPI_MANAGEDSAIT, (void *)managedsait ); -} - -static int call_search_preop_plugins( Operation *op ) -{ - int rc; - - rc = slapi_int_call_plugins( op->o_bd, SLAPI_PLUGIN_PRE_SEARCH_FN, op->o_pb ); - if ( rc < 0 ) { - /* - * A preoperation plugin failure will abort the - * entire operation. - */ - Debug(LDAP_DEBUG_TRACE, "call_search_preop_plugins: search preoperation plugin " - "returned %d.\n", rc, 0, 0); - if ( ( slapi_pblock_get( op->o_pb, SLAPI_RESULT_CODE, (void *)&rc ) != 0 ) || - rc == LDAP_SUCCESS ) { - rc = LDAP_OTHER; - } - } else { - rc = LDAP_SUCCESS; - } - - return rc; -} - -static int call_search_rewrite_plugins( Operation *op ) -{ - if ( slapi_int_call_plugins( op->o_bd, SLAPI_PLUGIN_COMPUTE_SEARCH_REWRITER_FN, op->o_pb ) == 0 ) { - int rc; - - /* - * The plugin can set the SLAPI_SEARCH_FILTER. - * SLAPI_SEARCH_STRFILER is not normative. - */ - slapi_pblock_get( op->o_pb, SLAPI_SEARCH_FILTER, (void *)&op->ors_filter ); - op->o_tmpfree( op->ors_filterstr.bv_val, op->o_tmpmemctx ); - filter2bv_x( op, op->ors_filter, &op->ors_filterstr ); - - /* - * Also permit other search parameters to be reset. One thing - * this doesn't (yet) deal with is plugins that change a root - * DSE search to a non-root DSE search... - */ - slapi_pblock_get( op->o_pb, SLAPI_SEARCH_TARGET, (void **)&op->o_req_dn.bv_val ); - op->o_req_dn.bv_len = strlen( op->o_req_dn.bv_val ); - - if( !BER_BVISNULL( &op->o_req_ndn ) ) { - slap_sl_free( op->o_req_ndn.bv_val, op->o_tmpmemctx ); - } - rc = dnNormalize( 0, NULL, NULL, &op->o_req_dn, &op->o_req_ndn, - op->o_tmpmemctx ); - if ( rc != LDAP_SUCCESS ) { - return rc; - } - - slapi_pblock_get( op->o_pb, SLAPI_SEARCH_SCOPE, (void **)&op->ors_scope ); - slapi_pblock_get( op->o_pb, SLAPI_SEARCH_DEREF, (void **)&op->ors_deref ); - - Debug( LDAP_DEBUG_ARGS, " after compute_rewrite_search filter: %s\n", - !BER_BVISEMPTY( &op->ors_filterstr ) ? op->ors_filterstr.bv_val : "empty", 0, 0 ); - } - - return LDAP_SUCCESS; -} - -static void call_search_postop_plugins( Operation *op ) -{ - if ( slapi_int_call_plugins( op->o_bd, SLAPI_PLUGIN_POST_SEARCH_FN, op->o_pb ) < 0 ) { - Debug(LDAP_DEBUG_TRACE, "call_search_postop_plugins: search postoperation plugins " - "failed.\n", 0, 0, 0); - } -} - -#endif /* LDAP_SLAPI */ - diff --git a/servers/slapd/slap.h b/servers/slapd/slap.h index f17dce544f..c55b5c7d12 100644 --- a/servers/slapd/slap.h +++ b/servers/slapd/slap.h @@ -1989,6 +1989,12 @@ typedef int (BI_has_subordinates) LDAP_P(( struct slap_op *op, typedef int (BI_access_allowed) LDAP_P(( struct slap_op *op, Entry *e, AttributeDescription *desc, struct berval *val, slap_access_t access, AccessControlState *state, slap_mask_t *maskp )); +typedef int (BI_acl_group) LDAP_P(( struct slap_op *op, Entry *target, + struct berval *gr_ndn, struct berval *op_ndn, + ObjectClass *group_oc, AttributeDescription *group_at )); +typedef int (BI_acl_attribute) LDAP_P(( struct slap_op *op, Entry *target, + struct berval *entry_ndn, AttributeDescription *entry_at, + BerVarray *vals, slap_access_t access )); #endif /* SLAP_OVERLAY_ACCESS */ typedef int (BI_connection_init) LDAP_P(( BackendDB *bd, @@ -2091,6 +2097,8 @@ struct slap_backend_info { BI_has_subordinates *bi_has_subordinates; #ifdef SLAP_OVERLAY_ACCESS BI_access_allowed *bi_access_allowed; + BI_acl_group *bi_acl_group; + BI_acl_attribute *bi_acl_attribute; #endif /* SLAP_OVERLAY_ACCESS */ BI_connection_init *bi_connection_init; diff --git a/servers/slapd/slapi/Makefile.in b/servers/slapd/slapi/Makefile.in index c2b9a594d2..d85e87cee4 100644 --- a/servers/slapd/slapi/Makefile.in +++ b/servers/slapd/slapi/Makefile.in @@ -24,9 +24,9 @@ NT_OBJS = nt_err.lo LIB_DEFS = -DSLAPI_LIBRARY -SRCS= plugin.c slapi_pblock.c slapi_utils.c printmsg.c slapi_ops.c slapi_ext.c \ +SRCS= plugin.c slapi_pblock.c slapi_utils.c printmsg.c slapi_ops.c slapi_ext.c slapi_overlay.c \ $(@PLAT@_SRCS) -OBJS= plugin.lo slapi_pblock.lo slapi_utils.lo printmsg.lo slapi_ops.lo slapi_ext.lo \ +OBJS= plugin.lo slapi_pblock.lo slapi_utils.lo printmsg.lo slapi_ops.lo slapi_ext.lo slapi_overlay.lo \ $(@PLAT@_SRCS) XSRCS= version.c diff --git a/servers/slapd/slapi/plugin.c b/servers/slapd/slapi/plugin.c index 65dd9094b4..200c8ca429 100644 --- a/servers/slapd/slapi/plugin.c +++ b/servers/slapd/slapi/plugin.c @@ -701,6 +701,14 @@ slapi_int_read_config( fname, lineno ); return 1; } + + /* automatically instantiate overlay if necessary */ + if ( !overlay_is_inst( be, "slapi" ) ) { + if ( overlay_config( be, "slapi" ) != 0 ) { + fprintf( stderr, "failed to instantiate SLAPI overlay\n"); + return -1; + } + } if ( strcasecmp( argv[1], "preoperation" ) == 0 ) { iType = SLAPI_PLUGIN_PREOPERATION; @@ -813,6 +821,5 @@ slapi_int_initialize(void) return -1; } - return 0; + return slapi_int_overlay_init(); } - diff --git a/servers/slapd/slapi/slapi.h b/servers/slapd/slapi/slapi.h index c564a148df..fd3ddc8bd8 100644 --- a/servers/slapd/slapi/slapi.h +++ b/servers/slapd/slapi/slapi.h @@ -83,15 +83,10 @@ typedef struct _ExtendedOp { /* Computed attribute support */ struct _computed_attr_context { - /* slap_send_search_entry() argblock */ Slapi_PBlock *cac_pb; - AttributeName *cac_attrs; - int cac_attrsonly : 1; - int cac_userattrs : 1; - int cac_opattrs : 1; - AccessControlState cac_acl_state; - /* private data */ - void *cac_private; + Operation *cac_op; + AccessControlState *cac_acl_state; + void *cac_private; }; /* for slapi_attr_type_cmp() */ diff --git a/servers/slapd/slapi/slapi_ops.c b/servers/slapd/slapi/slapi_ops.c index 5a3bb7e74f..191b31b6df 100644 --- a/servers/slapd/slapi/slapi_ops.c +++ b/servers/slapd/slapi/slapi_ops.c @@ -204,10 +204,10 @@ slapi_int_pblock_get_backend( Slapi_PBlock *pb, Operation *op ) } static int -slapi_int_pblock_get_connection( Slapi_PBlock *pb, Connection *conn ) +slapi_int_pblock_get_connection( Slapi_PBlock *pb, Operation *op ) { char *connDn = NULL; - Operation *op; + Connection *conn = op->o_conn; slapi_pblock_get( pb, SLAPI_X_CONN_SSF, (void **)&conn->c_ssf ); slapi_pblock_get( pb, SLAPI_X_CONN_SASL_CONTEXT, (void **)&conn->c_sasl_authctx ); @@ -251,11 +251,6 @@ slapi_int_pblock_get_operation( Slapi_PBlock *pb, Operation *op, SlapReply *rs ) return rc; } - rc = slapi_int_pblock_get_connection( pb, op->o_conn ); - if ( rc != LDAP_SUCCESS ) { - return rc; - } - rc = slapi_int_pblock_get_backend( pb, op ); if ( rc != LDAP_SUCCESS ) { return rc; @@ -276,6 +271,11 @@ slapi_int_pblock_get_operation( Slapi_PBlock *pb, Operation *op, SlapReply *rs ) op->o_dn = op->o_ndn; } + rc = slapi_int_pblock_get_connection( pb, op ); + if ( rc != LDAP_SUCCESS ) { + return rc; + } + slapi_pblock_get( pb, SLAPI_REQCONTROLS, (void **)&controls ); rc = slapi_int_get_ctrls( op, rs, controls ); if ( rc != LDAP_SUCCESS ) { diff --git a/servers/slapd/slapi/slapi_overlay.c b/servers/slapd/slapi/slapi_overlay.c new file mode 100644 index 0000000000..f38a0bece6 --- /dev/null +++ b/servers/slapd/slapi/slapi_overlay.c @@ -0,0 +1,847 @@ +/* glue.c - backend glue overlay */ +/* $OpenLDAP$ */ +/* This work is part of OpenLDAP Software . + * + * Copyright 2001-2005 The OpenLDAP Foundation. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted only as authorized by the OpenLDAP + * Public License. + * + * A copy of this license is available in the file LICENSE in the + * top-level directory of the distribution or, alternatively, at + * . + */ +/* ACKNOWLEDGEMENTS: + * This work was initially developed by Luke Howard for inclusion + * in OpenLDAP Software. + */ + +#include "portable.h" + +#include + +#include +#include + +#include "slap.h" +#include "slapi.h" + +#ifdef LDAP_SLAPI + +static slap_overinst slapi; + +static int +slapi_over_compute_output( + computed_attr_context *c, + Slapi_Attr *attribute, + Slapi_Entry *entry +) +{ + int rc; + Attribute **a; + AttributeDescription *desc; + Operation *op = c->cac_op; + SlapReply *rs = (SlapReply *)c->cac_private; + + if ( c == NULL || attribute == NULL || entry == NULL ) { + return 0; + } + + assert( rs->sr_entry == entry ); + + desc = attribute->a_desc; + + if ( rs->sr_attrs == NULL ) { + /* All attrs request, skip operational attributes */ + if ( is_at_operational( desc->ad_type ) ) { + return 0; + } + } else { + /* Specific attributes requested */ + if ( is_at_operational( desc->ad_type ) ) { + if ( !SLAP_OPATTRS( rs->sr_attr_flags ) && + !ad_inlist( desc, rs->sr_attrs ) ) { + return 0; + } + } else { + if ( !SLAP_USERATTRS( rs->sr_attr_flags ) && + !ad_inlist( desc, rs->sr_attrs ) ) { + return 0; + } + } + } + + if ( !access_allowed( op, entry, desc, NULL, ACL_READ, c->cac_acl_state) ) { + slapi_log_error( SLAPI_LOG_ACL, "slapi_over_compute_output", + "acl: access to attribute %s not allowed\n", + desc->ad_cname.bv_val ); + return 0; + } + + for ( a = &rs->sr_operational_attrs; *a != NULL; a = &(*a)->a_next ) + ; + + *a = attr_dup( attribute ); + + return 0; +} + +static int +slapi_over_operational( Operation *op, SlapReply *rs ) +{ + /* Support for computed attribute plugins */ + computed_attr_context ctx; + AttributeName *anp; + AccessControlState acl_state = ACL_STATE_INIT; + + ctx.cac_pb = op->o_pb; + ctx.cac_op = op; + ctx.cac_private = rs; + ctx.cac_acl_state = &acl_state; + + if ( rs->sr_entry != NULL ) { + /* + * For each client requested attribute, call the plugins. + */ + if ( rs->sr_attrs != NULL ) { + for ( anp = rs->sr_attrs; anp->an_name.bv_val != NULL; anp++ ) { + if ( compute_evaluator( &ctx, anp->an_name.bv_val, + rs->sr_entry, slapi_over_compute_output ) == 1 ) { + break; + } + } + } else { + /* + * Technically we shouldn't be returning operational attributes + * when the user requested only user attributes. We'll let the + * plugin decide whether to be naughty or not. + */ + compute_evaluator( &ctx, "*", rs->sr_entry, slapi_over_compute_output ); + } + } + + return SLAP_CB_CONTINUE; +} + +static int +slapi_over_search( Operation *op, SlapReply *rs, int type ) +{ + int rc; + Slapi_PBlock *pb; + + pb = slapi_pblock_new(); + + slapi_int_pblock_set_operation( pb, op ); + slapi_pblock_set( pb, SLAPI_RESCONTROLS, (void *)rs->sr_ctrls ); + slapi_pblock_set( pb, SLAPI_SEARCH_RESULT_ENTRY, (void *)rs->sr_entry ); + + rc = slapi_int_call_plugins( op->o_bd, type, pb ); + if ( rc == 0 ) + rc = SLAP_CB_CONTINUE; + + if ( rs->sr_type == REP_SEARCH ) { + /* XXX we shouldn't need this here */ + slapi_over_operational( op, rs ); + } + + slapi_pblock_set( op->o_pb, SLAPI_RESCONTROLS, NULL ); + slapi_pblock_destroy(pb); + + return rc; +} + +static int +slapi_over_merge_controls( Operation *op, SlapReply *rs, Slapi_PBlock *pb) +{ + LDAPControl **slapiControls = NULL, **resControls; + int nSlapiControls = 0; + int nResControls = 0; + int i; + + /* merge in controls */ + if ( rs->sr_ctrls != NULL ) { + for ( nResControls = 0; rs->sr_ctrls[nResControls] != NULL; nResControls++ ) + ; + } + slapi_pblock_get( op->o_pb, SLAPI_RESCONTROLS, (void **)&slapiControls ); + if ( slapiControls != NULL ) { + for ( nSlapiControls = 0; slapiControls[nSlapiControls] != NULL; nSlapiControls++ ) + ; + } + + /* XXX this is a bit tricky, rs->sr_ctrls may have been allocated on stack */ + resControls = (LDAPControl **)op->o_tmpalloc( ( nResControls + nSlapiControls + 1 ) * + sizeof( LDAPControl *), op->o_tmpmemctx ); + if ( resControls == NULL ) { + return LDAP_OTHER; + } + + if ( rs->sr_ctrls != NULL ) { + for ( i = 0; i < nResControls; i++ ) + resControls[i] = rs->sr_ctrls[i]; + } + if ( slapiControls != NULL ) { + for ( i = 0; i < nSlapiControls; i++ ) + resControls[nResControls + i] = slapiControls[i]; + } + resControls[nResControls + nSlapiControls] = NULL; + + if ( slapiControls != NULL ) { + slapi_ch_free( (void **)&slapiControls ); + slapi_pblock_set( op->o_pb, SLAPI_RESCONTROLS, NULL ); /* don't free */ + } + + rs->sr_ctrls = resControls; + + return LDAP_SUCCESS; +} + +static int +slapi_over_result( Operation *op, SlapReply *rs ) +{ + int rc; + + slapi_pblock_set( op->o_pb, SLAPI_RESULT_CODE, (void *)rs->sr_err ); + slapi_pblock_set( op->o_pb, SLAPI_RESULT_TEXT, (void *)rs->sr_text ); + slapi_pblock_set( op->o_pb, SLAPI_RESULT_MATCHED, (void *)rs->sr_matched ); + + rc = slapi_int_call_plugins( op->o_bd, SLAPI_PLUGIN_PRE_RESULT_FN, op->o_pb ); + if ( rc < 0 ) { + return rc; + } + + slapi_pblock_get( op->o_pb, SLAPI_RESULT_CODE, (void **)&rs->sr_err ); + slapi_pblock_get( op->o_pb, SLAPI_RESULT_TEXT, (void **)&rs->sr_text ); + slapi_pblock_get( op->o_pb, SLAPI_RESULT_MATCHED, (void **)&rs->sr_matched ); + + if ( rc == 0 ) { + rc = slapi_over_merge_controls( op, rs, op->o_pb ); + } + + if ( rc == 0 ) + rc = SLAP_CB_CONTINUE; + + return rc; +} + +static int +slapi_op_add_init( Operation *op, SlapReply *rs, Slapi_PBlock *pb ) +{ + slapi_pblock_set( pb, SLAPI_ADD_ENTRY, (void *)op->ora_e ); + + return LDAP_SUCCESS; +} + +static int +slapi_op_bind_init( Operation *op, SlapReply *rs, Slapi_PBlock *pb ) +{ + slapi_pblock_set( pb, SLAPI_BIND_TARGET, (void *)op->o_req_dn.bv_val ); + slapi_pblock_set( pb, SLAPI_BIND_METHOD, (void *)op->orb_method ); + slapi_pblock_set( pb, SLAPI_BIND_CREDENTIALS, (void *)&op->orb_cred ); + slapi_pblock_set( pb, SLAPI_CONN_DN, NULL ); + + return LDAP_SUCCESS; +} + +static int +slapi_op_bind_callback( Operation *op, SlapReply *rs, Slapi_PBlock *pb ) +{ + int rc = rs->sr_err; + + switch ( rc ) { + case SLAPI_BIND_SUCCESS: + /* Continue with backend processing */ + break; + case SLAPI_BIND_FAIL: + /* Failure, frontend (that's us) sends result */ + rs->sr_err = LDAP_INVALID_CREDENTIALS; + send_ldap_result( op, rs ); + return rs->sr_err; + break; + case SLAPI_BIND_ANONYMOUS: /* undocumented */ + default: + /* + * Plugin sent authoritative result or no plugins were called + */ + if ( slapi_pblock_get( pb, SLAPI_RESULT_CODE, (void **)&rs->sr_err ) != 0 ) { + rs->sr_err = LDAP_OTHER; + } + + BER_BVZERO( &op->orb_edn ); + + if ( rs->sr_err == LDAP_SUCCESS ) { + slapi_pblock_get( pb, SLAPI_CONN_DN, (void *)&op->orb_edn.bv_val ); + if ( BER_BVISNULL( &op->orb_edn ) ) { + if ( rc == 1 ) { + /* No plugins were called; continue processing */ + return LDAP_SUCCESS; + } + } else { + op->orb_edn.bv_len = strlen( op->orb_edn.bv_val ); + } + rs->sr_err = dnPrettyNormal( NULL, &op->orb_edn, + &op->o_req_dn, &op->o_req_ndn, op->o_tmpmemctx ); + ldap_pvt_thread_mutex_lock( &op->o_conn->c_mutex ); + ber_dupbv(&op->o_conn->c_dn, &op->o_req_dn); + ber_dupbv(&op->o_conn->c_ndn, &op->o_req_ndn); + op->o_tmpfree( op->o_req_dn.bv_val, op->o_tmpmemctx ); + BER_BVZERO( &op->o_req_dn ); + op->o_tmpfree( op->o_req_ndn.bv_val, op->o_tmpmemctx ); + BER_BVZERO( &op->o_req_ndn ); + if ( !BER_BVISEMPTY( &op->o_conn->c_dn ) ) { + ber_len_t max = sockbuf_max_incoming_auth; + ber_sockbuf_ctrl( op->o_conn->c_sb, + LBER_SB_OPT_SET_MAX_INCOMING, &max ); + } + /* log authorization identity */ + Statslog( LDAP_DEBUG_STATS, + "%s BIND dn=\"%s\" mech=%s (SLAPI) ssf=0\n", + op->o_log_prefix, + BER_BVISNULL( &op->o_conn->c_dn ) + ? "" : op->o_conn->c_dn.bv_val, + op->orb_tmp_mech.bv_val, 0, 0 ); + + return -1; + } + break; + } + + return rc; +} + +static int +slapi_op_compare_init( Operation *op, SlapReply *rs, Slapi_PBlock *pb ) +{ + slapi_pblock_set( pb, SLAPI_COMPARE_TYPE, (void *)op->orc_ava->aa_desc->ad_cname.bv_val ); + slapi_pblock_set( pb, SLAPI_COMPARE_VALUE, (void *)&op->orc_ava->aa_value ); + + return LDAP_SUCCESS; +} + +static int +slapi_op_modify_init( Operation *op, SlapReply *rs, Slapi_PBlock *pb ) +{ + LDAPMod **modv = NULL; + + modv = slapi_int_modifications2ldapmods( &op->orm_modlist ); + slapi_pblock_set( pb, SLAPI_MODIFY_MODS, (void *)modv ); + + return LDAP_SUCCESS; +} + +static int +slapi_op_modify_callback( Operation *op, SlapReply *rs, Slapi_PBlock *pb ) +{ + LDAPMod **modv = NULL; + + /* check preoperation result code */ + if ( rs->sr_err < 0 ) { + slapi_pblock_get( pb, SLAPI_RESULT_CODE, (void **)&rs->sr_err ); + return rs->sr_err; + } + + /* + * NB: it is valid for the plugin to return no modifications + * (for example, a plugin might store some attributes elsewhere + * and remove them from the modification list; if only those + * attribute types were included in the modification request, + * then slapi_int_ldapmods2modifications() above will return + * NULL). + * + * However, the post-operation plugin should still be + * called. + */ + + slapi_pblock_get( pb, SLAPI_MODIFY_MODS, (void **)&modv ); + op->orm_modlist = slapi_int_ldapmods2modifications( modv ); + + return LDAP_SUCCESS; +} + +static int +slapi_op_modify_cleanup( Operation *op, SlapReply *rs, Slapi_PBlock *pb ) +{ + LDAPMod **modv = NULL; + + slapi_pblock_get( pb, SLAPI_MODIFY_MODS, (void **)&modv ); + + if ( modv != NULL ) + slapi_int_free_ldapmods( modv ); + + return LDAP_SUCCESS; +} + +static int +slapi_op_modrdn_init( Operation *op, SlapReply *rs, Slapi_PBlock *pb ) +{ + slapi_pblock_set( pb, SLAPI_MODRDN_NEWRDN, (void *)op->orr_newrdn.bv_val ); + slapi_pblock_set( pb, SLAPI_MODRDN_NEWSUPERIOR, (void *)op->orr_newSup->bv_val ); + slapi_pblock_set( pb, SLAPI_MODRDN_DELOLDRDN, (void *)op->orr_deleteoldrdn ); + + return LDAP_SUCCESS; +} + +static int +slapi_op_search_init( Operation *op, SlapReply *rs, Slapi_PBlock *pb ) +{ + char **attrs; + + attrs = anlist2charray_x( op->ors_attrs, 0, op->o_tmpmemctx ); + + slapi_pblock_set( pb, SLAPI_SEARCH_SCOPE, (void *)op->ors_scope ); + slapi_pblock_set( pb, SLAPI_SEARCH_DEREF, (void *)op->ors_deref ); + slapi_pblock_set( pb, SLAPI_SEARCH_SIZELIMIT, (void *)op->ors_slimit ); + slapi_pblock_set( pb, SLAPI_SEARCH_TIMELIMIT, (void *)op->ors_tlimit ); + slapi_pblock_set( pb, SLAPI_SEARCH_FILTER, (void *)op->ors_filter ); + slapi_pblock_set( pb, SLAPI_SEARCH_STRFILTER, (void *)op->ors_filterstr.bv_val ); + slapi_pblock_set( pb, SLAPI_SEARCH_ATTRS, (void *)attrs ); + slapi_pblock_set( pb, SLAPI_SEARCH_ATTRSONLY, (void *)op->ors_attrsonly ); + + return LDAP_SUCCESS; +} + +static int +slapi_op_search_callback( Operation *op, SlapReply *rs, Slapi_PBlock *pb ) +{ + /* check preoperation result code */ + if ( rs->sr_err < 0 ) { + slapi_pblock_get( pb, SLAPI_RESULT_CODE, (void **)&rs->sr_err ); + return rs->sr_err; + } + + if ( slapi_int_call_plugins( op->o_bd, SLAPI_PLUGIN_COMPUTE_SEARCH_REWRITER_FN, pb ) != 0 ) { + return LDAP_SUCCESS; + } + + /* + * The plugin can set the SLAPI_SEARCH_FILTER. + * SLAPI_SEARCH_STRFILER is not normative. + */ + slapi_pblock_get( pb, SLAPI_SEARCH_FILTER, (void *)&op->ors_filter ); + op->o_tmpfree( op->ors_filterstr.bv_val, op->o_tmpmemctx ); + filter2bv_x( op, op->ors_filter, &op->ors_filterstr ); + + slapi_pblock_get( pb, SLAPI_SEARCH_TARGET, (void **)&op->o_req_dn.bv_val ); + op->o_req_dn.bv_len = strlen( op->o_req_dn.bv_val ); + + if( !BER_BVISNULL( &op->o_req_ndn ) ) { + slap_sl_free( op->o_req_ndn.bv_val, op->o_tmpmemctx ); + } + rs->sr_err = dnNormalize( 0, NULL, NULL, &op->o_req_dn, &op->o_req_ndn, + op->o_tmpmemctx ); + if ( rs->sr_err != LDAP_SUCCESS ) { + send_ldap_result( op, rs ); + return rs->sr_err; + } + + slapi_pblock_get( pb, SLAPI_SEARCH_SCOPE, (void **)&op->ors_scope ); + slapi_pblock_get( pb, SLAPI_SEARCH_DEREF, (void **)&op->ors_deref ); + + return LDAP_SUCCESS; +} + +static int +slapi_op_search_cleanup( Operation *op, SlapReply *rs, Slapi_PBlock *pb ) +{ + char **attrs = NULL; + + slapi_pblock_get( pb, SLAPI_SEARCH_ATTRS, (void *)&attrs ); + + if ( attrs != NULL ) + op->o_tmpfree( attrs, op->o_tmpmemctx ); + + return LDAP_SUCCESS; +} + +typedef int (slapi_over_callback)( Operation *, SlapReply *rs, Slapi_PBlock * ); + +struct slapi_op_info { + int soi_preop; + int soi_postop; + slapi_over_callback *soi_init; + slapi_over_callback *soi_callback; + slapi_over_callback *soi_cleanup; +} slapi_op_dispatch_table[] = { + { + SLAPI_PLUGIN_PRE_BIND_FN, + SLAPI_PLUGIN_POST_BIND_FN, + slapi_op_bind_init, + slapi_op_bind_callback, + NULL + }, + { + SLAPI_PLUGIN_PRE_UNBIND_FN, /* UNBIND */ + SLAPI_PLUGIN_POST_UNBIND_FN, + NULL, + NULL, + NULL + }, + { + SLAPI_PLUGIN_PRE_SEARCH_FN, + SLAPI_PLUGIN_POST_SEARCH_FN, + slapi_op_search_init, + slapi_op_search_callback, + slapi_op_search_cleanup + }, + { + SLAPI_PLUGIN_PRE_COMPARE_FN, + SLAPI_PLUGIN_POST_COMPARE_FN, + slapi_op_compare_init, + NULL, + NULL + }, + { + SLAPI_PLUGIN_PRE_MODIFY_FN, + SLAPI_PLUGIN_POST_MODIFY_FN, + slapi_op_modify_init, + slapi_op_modify_callback, + slapi_op_modify_cleanup + }, + { + SLAPI_PLUGIN_PRE_MODRDN_FN, + SLAPI_PLUGIN_POST_MODRDN_FN, + slapi_op_modrdn_init, + NULL, + NULL + }, + { + SLAPI_PLUGIN_PRE_ADD_FN, + SLAPI_PLUGIN_POST_ADD_FN, + slapi_op_add_init, + NULL, + NULL + }, + { + SLAPI_PLUGIN_PRE_DELETE_FN, + SLAPI_PLUGIN_POST_DELETE_FN, + NULL, + NULL, + NULL + }, + { + SLAPI_PLUGIN_PRE_ABANDON_FN, + SLAPI_PLUGIN_POST_ABANDON_FN, + NULL, + NULL, + NULL + }, + { + 0, + 0, + NULL, + NULL, + NULL + } +}; + +slap_operation_t +slapi_tag2op( ber_tag_t tag ) +{ + slap_operation_t op; + + switch ( tag ) { + case LDAP_REQ_BIND: + op = op_bind; + break; + case LDAP_REQ_ADD: + op = op_add; + break; + case LDAP_REQ_DELETE: + op = op_compare; + break; + case LDAP_REQ_MODRDN: + op = op_modrdn; + break; + case LDAP_REQ_MODIFY: + op = op_modify; + break; + case LDAP_REQ_COMPARE: + op = op_compare; + break; + case LDAP_REQ_SEARCH: + op = op_search; + break; + case LDAP_REQ_UNBIND: + op = op_unbind; + break; + default: + op = op_last; + break; + } + + return op; +} + +static int +slapi_op_response( Operation *op, SlapReply *rs ) +{ + int rc; + + switch ( rs->sr_type ) { + case REP_RESULT: + rc = slapi_over_result( op, rs ); + break; + case REP_SEARCH: + rc = slapi_over_search( op, rs, SLAPI_PLUGIN_PRE_ENTRY_FN ); + break; + case REP_SEARCHREF: + rc = slapi_over_search( op, rs, SLAPI_PLUGIN_PRE_REFERRAL_FN ); + break; + default: + rc = SLAP_CB_CONTINUE; + break; + } + + return rc; +} + +static int +slapi_op_cleanup( Operation *op, SlapReply *rs ) +{ + struct slapi_op_info *opinfo; + Slapi_PBlock *pb = op->o_pb; + + assert( pb != NULL ); + + if ( rs->sr_type != REP_RESULT ) { + return SLAP_CB_CONTINUE; + } + + opinfo = (struct slapi_op_info *)op->o_callback->sc_private; + + /* call post-operation plugins */ + slapi_int_call_plugins( op->o_bd, opinfo->soi_postop, pb ); + + if ( opinfo->soi_cleanup != NULL ) { + (opinfo->soi_cleanup)( op, rs, pb ); + } + + return SLAP_CB_CONTINUE; +} + +static int +slapi_op_func( Operation *op, SlapReply *rs ) +{ + Slapi_PBlock *pb = op->o_pb; + slap_operation_t which; + struct slapi_op_info *opinfo; + int rc, flags = 0; + slap_overinfo *oi; + slap_overinst *on; + slap_callback *cb; + + /* + * We check for op->o_extensions to verify that we are not + * processing a SLAPI internal operation. XXX + */ + if ( op->o_pb == NULL || op->o_extensions == NULL ) { + return SLAP_CB_CONTINUE; + } + + /* + * Find the SLAPI operation information for this LDAP + * operation; this will contain the preop and postop + * plugin types, as well as any additional information + * we need to complete. + */ + which = slapi_tag2op( op->o_tag ); + if ( which >= op_last ) { + return SLAP_CB_CONTINUE; + } + + opinfo = &slapi_op_dispatch_table[which]; + if ( opinfo == NULL || opinfo->soi_preop == 0 ) { + return SLAP_CB_CONTINUE; + } + + slapi_int_pblock_set_operation( pb, op ); + + /* + * soi_init is responsible for setting any operation-specific + * pblock parameters ("pre-preoperation plugin") + */ + if ( opinfo->soi_init != NULL ) { + rs->sr_err = (opinfo->soi_init)( op, rs, pb ); + if ( rs->sr_err != LDAP_SUCCESS ) + return rs->sr_err; + } + + /* + * Call preoperation plugins + */ + rs->sr_err = slapi_int_call_plugins( op->o_bd, opinfo->soi_preop, pb ); + + /* + * Setup callback so postoperation plugins will get called; + * don't do this before, because if a preop plugin fails then + * the postop plugin shouldn't be called + */ + cb = op->o_tmpcalloc(1, sizeof(slap_callback), op->o_tmpmemctx); + cb->sc_response = slapi_op_response; + cb->sc_cleanup = slapi_op_cleanup; + cb->sc_private = opinfo; + cb->sc_next = op->o_callback; + op->o_callback = cb; + + /* + * soi_callback is responsible for examining the result code + * of the preoperation plugin and determining whether to + * abort. This is needed because of special SLAPI behaviour + * with bind preoperation plugins. + * + * The soi_callback function is also used to reset any values + * returned from the preoperation plugin before calling the + * backend (for the success case). + */ + if ( opinfo->soi_callback == NULL ) { + if ( rs->sr_err < 0 ) { + slapi_pblock_get( pb, SLAPI_RESULT_CODE, (void **)&rs->sr_err ); + return rs->sr_err; + } + } else { + rc = (opinfo->soi_callback)( op, rs, pb ); + if ( rc ) + return rs->sr_err; + } + + if ( rs->sr_err == 0 ) { + rs->sr_err = SLAP_CB_CONTINUE; + } + + return rs->sr_err; +} + +static int +slapi_over_extended( Operation *op, SlapReply *rs ) +{ + Slapi_PBlock *pb = op->o_pb; + SLAPI_FUNC callback; + int sentResult = 0; + int rc; + struct berval reqdata = BER_BVNULL; + + slapi_int_get_extop_plugin( &op->ore_reqoid, &callback ); + if ( callback == NULL ) { + return SLAP_CB_CONTINUE; + } + + slapi_int_pblock_set_operation( pb, op ); + + if ( op->ore_reqdata != NULL ) { + reqdata = *op->ore_reqdata; + } + + slapi_pblock_set( pb, SLAPI_EXT_OP_REQ_OID, (void *)op->ore_reqoid.bv_val); + slapi_pblock_set( pb, SLAPI_EXT_OP_REQ_VALUE, (void *)&reqdata); + + rc = (*callback)( pb ); + if ( rc == SLAPI_PLUGIN_EXTENDED_SENT_RESULT ) { + return rc; + } else if ( rc == SLAPI_PLUGIN_EXTENDED_NOT_HANDLED ) { + return SLAP_CB_CONTINUE; + } + + slapi_pblock_get( pb, SLAPI_EXT_OP_RET_OID, (void **)&rs->sr_rspoid ); + slapi_pblock_get( pb, SLAPI_EXT_OP_RET_VALUE, (void **)&rs->sr_rspdata ); + + rs->sr_err = rc; + send_ldap_extended( op, rs ); + + if ( rs->sr_rspoid != NULL ) + slapi_ch_free_string( (char **)&rs->sr_rspoid ); + + if ( rs->sr_rspdata != NULL ) + ber_bvfree( rs->sr_rspdata ); + + return rs->sr_err; +} + +static int +slapi_over_access_allowed( + Operation *op, + Entry *e, + AttributeDescription *desc, + struct berval *val, + slap_access_t access, + AccessControlState *state, + slap_mask_t *maskp ) +{ + int rc; + + rc = slapi_int_access_allowed( op, e, desc, val, access, state ); + if ( rc != 0 ) + rc = SLAP_CB_CONTINUE; + + return rc; +} + +#if 0 +static int +slapi_over_acl_group( + Operation *op, + Entry *target, + struct berval *gr_ndn, + struct berval *op_ndn, + ObjectClass *group_oc, + AttributeDescription *group_at ) +{ + slapi_pblock_set( op->o_pb, SLAPI_X_GROUP_ENTRY, (void *)e ); + slapi_pblock_set( op->o_pb, SLAPI_X_GROUP_OPERATION_DN, (void *)op_ndn->bv_val ); + slapi_pblock_set( op->o_pb, SLAPI_X_GROUP_ATTRIBUTE, (void *)group_at->ad_cname.bv_val ); + slapi_pblock_set( op->o_pb, SLAPI_X_GROUP_TARGET_ENTRY, (void *)target ); +} + +static int +slapi_over_compute_output_attr_access(computed_attr_context *c, Slapi_Attr *a, Slapi_Entry *e) +{ + struct berval *nval = (struct berval *)c->cac_private; + + return access_allowed( c->cac_op, e, a->a_desc, nval, ACL_AUTH, NULL ) == 0; +} + +static int +slapi_over_acl_attribute( + Operation *op, + Entry *target, + struct berval *entry_ndn, + AttributeDescription *entry_at, + BerVarray *vals, + slap_access_t access ) +{ + computed_attr_context ctx; + + ctx.cac_pb = op->o_pb; + ctx.cac_op = op; + ctx.cac_acl_state = NULL; + ctx.cac_private = nval; +} +#endif + +int +slapi_int_overlay_init() +{ + memset( &slapi, 0, sizeof(slapi) ); + + slapi.on_bi.bi_type = "slapi"; + + slapi.on_bi.bi_op_bind = slapi_op_func; + slapi.on_bi.bi_op_unbind = slapi_op_func; + slapi.on_bi.bi_op_search = slapi_op_func; + slapi.on_bi.bi_op_compare = slapi_op_func; + slapi.on_bi.bi_op_modify = slapi_op_func; + slapi.on_bi.bi_op_modrdn = slapi_op_func; + slapi.on_bi.bi_op_add = slapi_op_func; + slapi.on_bi.bi_op_delete = slapi_op_func; + slapi.on_bi.bi_op_abandon = slapi_op_func; + slapi.on_bi.bi_op_cancel = slapi_op_func; + + slapi.on_bi.bi_extended = slapi_over_extended; + slapi.on_bi.bi_access_allowed = slapi_over_access_allowed; + slapi.on_bi.bi_operational = slapi_over_operational; + + return overlay_register( &slapi ); +} + +#endif /* LDAP_SLAPI */ diff --git a/servers/slapd/slapi/slapi_utils.c b/servers/slapd/slapi/slapi_utils.c index 59cda7f190..844438d919 100644 --- a/servers/slapd/slapi/slapi_utils.c +++ b/servers/slapd/slapi/slapi_utils.c @@ -2616,6 +2616,14 @@ int slapi_int_pblock_set_operation( Slapi_PBlock *pb, Operation *op ) if ( rc != LDAP_SUCCESS ) return rc; + rc = slapi_pblock_set( pb, SLAPI_TARGET_DN, (void *)op->o_req_dn.bv_val ); + if ( rc != LDAP_SUCCESS ) + return rc; + + rc = slapi_pblock_set( pb, SLAPI_MANAGEDSAIT, (void *)get_manageDSAit( op ) ); + if ( rc != LDAP_SUCCESS ) + return rc; + rc = slapi_pblock_get( pb, SLAPI_CONN_AUTHMETHOD, (void *)&opAuthType ); if ( rc == LDAP_SUCCESS && opAuthType != NULL ) { /* Not quite sure what the point of this is. */ @@ -3670,104 +3678,6 @@ void slapi_int_free_ldapmods (LDAPMod **mods) * useful thing indeed. */ -/* - * Write the computed attribute to a BerElement. Complementary - * functions need to be defined for anything that replaces - * op->o_callback->sc_sendentry, if you wish to make computed - * attributes available to it. - */ -int slapi_int_compute_output_ber(computed_attr_context *c, Slapi_Attr *a, Slapi_Entry *e) -{ -#ifdef LDAP_SLAPI - Operation *op = NULL; - BerElement *ber; - AttributeDescription *desc = NULL; - int rc; - int i; - - if ( c == NULL ) { - return 1; - } - - if ( a == NULL ) { - return 1; - } - - if ( e == NULL ) { - return 1; - } - - rc = slapi_pblock_get( c->cac_pb, SLAPI_OPERATION, (void *)&op ); - if ( rc != 0 || op == NULL ) { - return rc; - } - - ber = (BerElement *)c->cac_private; - desc = a->a_desc; - - if ( c->cac_attrs == NULL ) { - /* All attrs request, skip operational attributes */ - if ( is_at_operational( desc->ad_type ) ) { - return 0; - } - } else { - /* Specific attrs requested */ - if ( is_at_operational( desc->ad_type ) ) { - if ( !c->cac_opattrs && !ad_inlist( desc, c->cac_attrs ) ) { - return 0; - } - } else { - if ( !c->cac_userattrs && !ad_inlist( desc, c->cac_attrs ) ) { - return 0; - } - } - } - - if ( !access_allowed( op, e, desc, NULL, ACL_READ, &c->cac_acl_state) ) { - slapi_log_error( SLAPI_LOG_ACL, "slapi_int_compute_output_ber", - "acl: access to attribute %s not allowed\n", - desc->ad_cname.bv_val ); - return 0; - } - - rc = ber_printf( ber, "{O[" /*]}*/ , &desc->ad_cname ); - if (rc == -1 ) { - slapi_log_error( SLAPI_LOG_BER, "slapi_int_compute_output_ber", - "ber_printf failed\n"); - return 1; - } - - if ( !c->cac_attrsonly && a->a_vals != NULL ) { - for ( i = 0; a->a_vals[i].bv_val != NULL; i++ ) { - if ( !access_allowed( op, e, - desc, &a->a_vals[i], ACL_READ, &c->cac_acl_state)) { - slapi_log_error( SLAPI_LOG_ACL, "slapi_int_compute_output_ber", - "conn %lu " - "acl: access to %s, value %d not allowed\n", - op->o_connid, desc->ad_cname.bv_val, i ); - continue; - } - - if (( rc = ber_printf( ber, "O", &a->a_vals[i] )) == -1 ) { - slapi_log_error( SLAPI_LOG_BER, "slapi_int_compute_output_ber", - "ber_printf failed\n"); - return 1; - } - } - } - - if (( rc = ber_printf( ber, /*{[*/ "]N}" )) == -1 ) { - slapi_log_error( SLAPI_LOG_BER, "slapi_int_compute_output_ber", - "ber_printf failed\n" ); - return 1; - } - - return 0; -#else - return 1; -#endif -} - /* * For some reason Sun don't use the normal plugin mechanism * registration path to register an "evaluator" function (an