From e8f1dc6906fc7028034a87b79bbfce324e022613 Mon Sep 17 00:00:00 2001 From: Mark Valence Date: Sat, 10 Jun 2000 01:32:36 +0000 Subject: [PATCH] Add ldap_back_group routine. --- servers/slapd/back-ldap/Makefile.in | 4 +- servers/slapd/back-ldap/group.c | 109 ++++++++++++++++++++++++++++ servers/slapd/back-ldap/init.c | 2 +- 3 files changed, 112 insertions(+), 3 deletions(-) create mode 100644 servers/slapd/back-ldap/group.c diff --git a/servers/slapd/back-ldap/Makefile.in b/servers/slapd/back-ldap/Makefile.in index 90427925a3..99808c446e 100644 --- a/servers/slapd/back-ldap/Makefile.in +++ b/servers/slapd/back-ldap/Makefile.in @@ -1,9 +1,9 @@ # $OpenLDAP$ SRCS = init.c config.c search.c bind.c unbind.c add.c compare.c \ - delete.c modify.c modrdn.c + delete.c modify.c modrdn.c group.c OBJS = init.lo config.lo search.lo bind.lo unbind.lo add.lo compare.lo \ - delete.lo modify.lo modrdn.lo + delete.lo modify.lo modrdn.lo group.lo LDAP_INCDIR= ../../../include LDAP_LIBDIR= ../../../libraries diff --git a/servers/slapd/back-ldap/group.c b/servers/slapd/back-ldap/group.c new file mode 100644 index 0000000000..0864ad4d67 --- /dev/null +++ b/servers/slapd/back-ldap/group.c @@ -0,0 +1,109 @@ +/* group.c - ldap backend acl group routine */ +/* $OpenLDAP$ */ +/* + * Copyright 1998-1999 The OpenLDAP Foundation, All Rights Reserved. + * COPYING RESTRICTIONS APPLY, see COPYRIGHT file + */ + +#include "portable.h" + +#include + +#include +#include + +#include "slap.h" +#include "back-ldap.h" + + +/* return 0 IFF op_dn is a value in member attribute + * of entry with gr_dn AND that entry has an objectClass + * value of groupOfNames + */ +int +ldap_back_group( + Backend *be, + Entry *target, + const char *gr_ndn, + const char *op_ndn, + ObjectClass* group_oc, + AttributeDescription* group_at +) +{ + struct ldapinfo *li = (struct ldapinfo *) be->be_private; + int rc = 1; + Attribute *attr; + Entry *e; + struct berval bv; + LDAPMessage *result; + char *gattr[2]; + char *filter; + LDAP *ld; + + AttributeDescription *ad_objectClass = slap_schema.si_ad_objectClass; + const char *group_oc_name = NULL; + const char *group_at_name = group_at->ad_cname->bv_val; + + if( group_oc->soc_names && group_oc->soc_names[0] ) { + group_oc_name = group_oc->soc_names[0]; + } else { + group_oc_name = group_oc->soc_oid; + } + + if (target != NULL && strcmp(target->e_ndn, gr_ndn) == 0) { + /* we already have a copy of the entry */ + e = target; + + if( is_entry_objectclass( e, group_oc ) ) { + return(1); + } + + if ((attr = attr_find(e->e_attrs, group_at)) == NULL) + return(1); + + bv.bv_val = (char *) op_ndn; + bv.bv_len = strlen( op_ndn ); + if( value_find( group_at, attr->a_vals, &bv ) == 0 ) + return(1); + + } else { + filter = ch_malloc(sizeof("(&(objectclass=)(=))") + + strlen(group_oc_name) + + strlen(group_at_name) + + strlen(op_ndn) + 1); + if (filter == NULL) + return(1); + + if (ldap_initialize(&ld, li->url) != LDAP_SUCCESS) { + ch_free(filter); + return(1); + } + + if (ldap_bind_s(ld, li->binddn, li->bindpw, LDAP_AUTH_SIMPLE) == LDAP_SUCCESS) { + strcpy(filter, "(&(objectclass="); + strcat(filter, group_oc_name); + strcat(filter, ")("); + strcat(filter, group_at_name); + strcat(filter, "="); + strcat(filter, op_ndn); + strcat(filter, "))"); + + gattr[0] = "objectclass"; + gattr[1] = NULL; + if (ldap_search_ext_s(ld, gr_ndn, LDAP_SCOPE_BASE, filter, + gattr, 0, NULL, NULL, LDAP_NO_LIMIT, + LDAP_NO_LIMIT, &result) == LDAP_SUCCESS) + { + if (ldap_first_entry(ld, result) != NULL) + rc = 0; + ldap_msgfree(result); + } + } + ldap_unbind(ld); + ch_free(filter); + return(rc); + } + + return(0); +} + diff --git a/servers/slapd/back-ldap/init.c b/servers/slapd/back-ldap/init.c index 974559dc4e..7144c9331e 100644 --- a/servers/slapd/back-ldap/init.c +++ b/servers/slapd/back-ldap/init.c @@ -74,7 +74,7 @@ ldap_back_initialize( bi->bi_extended = 0; - bi->bi_acl_group = 0; + bi->bi_acl_group = ldap_back_group; #ifdef HAVE_CYRUS_SASL bi->bi_sasl_authorize = 0; -- 2.39.5