upstream/openldap
1
0
Fork 0
mirror of https://git.openldap.org/openldap/openldap.git synced 2025-12-24 00:29:35 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

Move most of SLAPI frontend into overlay

Browse source
This commit is contained in:
Luke Howard 2005-07-21 16:35:20 +00:00
parent 3df0f16292
commit ffe20229dc
22 changed files with 902 additions and 1277 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

24
servers/slapd/acl.c
View file

@ -37,10 +37,6 @@
#include "lber_pvt.h"
#include "lutil.h"
#ifdef LDAP_SLAPI
#include "slapi/slapi.h"
#endif /* LDAPI_SLAPI */
#define ACL_BUF_SIZE 1024 /* use most appropriate size */
/*
@ -207,16 +203,6 @@ slap_access_allowed(
assert( attr != NULL );
#ifdef LDAP_SLAPI
if ( op->o_pb != NULL ) {
ret = slapi_int_access_allowed( op, e, desc, val, access, state );
if ( ret == 0 ) {
/* ACL plugin denied access */
goto done;
}
}
#endif /* LDAP_SLAPI */
/* grant database root access */
if ( be_isroot( op ) ) {
Debug( LDAP_DEBUG_ACL, "<= root access granted\n", 0, 0, 0 );
@ -580,16 +566,6 @@ access_allowed_mask(
}
assert( be != NULL );
#ifdef LDAP_SLAPI
if ( op->o_pb != NULL ) {
ret = slapi_int_access_allowed( op, e, desc, val, access, state );
if ( ret == 0 ) {
/* ACL plugin denied access */
goto done;
}
}
#endif /* LDAP_SLAPI */
/* grant database root access */
if ( be_isroot( op ) ) {
Debug( LDAP_DEBUG_ACL, "<= root access granted\n", 0, 0, 0 );

101
servers/slapd/add.c
View file

@ -32,15 +32,6 @@
#include "slap.h"
#ifdef LDAP_SLAPI
#include "slapi/slapi.h"
static void init_add_pblock( Operation *op, struct berval *dn, Entry *e,
int manageDSAit );
static int call_add_preop_plugins( Operation *op );
static void call_add_postop_plugins( Operation *op );
#endif /* LDAP_SLAPI */
int
do_add( Operation *op, SlapReply *rs )
{
@ -273,10 +264,6 @@ fe_op_add( Operation *op, SlapReply *rs )
goto done;
}
#ifdef LDAP_SLAPI
if ( op->o_pb ) init_add_pblock( op, &op->o_req_dn, op->ora_e, manageDSAit );
#endif /* LDAP_SLAPI */
/*
* do the add if 1 && (2 || 3)
* 1) there is an add function implemented in this backend;
@ -331,20 +318,6 @@ fe_op_add( Operation *op, SlapReply *rs )
goto done;
}
#ifdef LDAP_SLAPI
/*
* Call the preoperation plugin here, because the entry
* will actually contain something.
*/
if ( op->o_pb ) {
rs->sr_err = call_add_preop_plugins( op );
if ( rs->sr_err != LDAP_SUCCESS ) {
/* plugin will have sent result */
goto done;
}
}
#endif /* LDAP_SLAPI */
#ifdef SLAPD_MULTIMASTER
if ( !repl_user )
#endif
@ -364,19 +337,6 @@ fe_op_add( Operation *op, SlapReply *rs )
#ifndef SLAPD_MULTIMASTER
} else {
BerVarray defref = NULL;
#ifdef LDAP_SLAPI
/*
* SLAPI_ADD_ENTRY will be empty, but this may be acceptable
* on replicas (for now, it involves the minimum code intrusion).
*/
if ( op->o_pb ) {
rs->sr_err = call_add_preop_plugins( op );
if ( rs->sr_err != LDAP_SUCCESS ) {
/* plugin will have sent result */
goto done;
}
}
#endif /* LDAP_SLAPI */
defref = op->o_bd->be_update_refs
? op->o_bd->be_update_refs : default_referral;
@ -400,24 +360,11 @@ fe_op_add( Operation *op, SlapReply *rs )
#endif /* SLAPD_MULTIMASTER */
}
} else {
#ifdef LDAP_SLAPI
if ( op->o_pb ) {
rs->sr_err = call_add_preop_plugins( op );
if ( rs->sr_err != LDAP_SUCCESS ) {
/* plugin will have sent result */
goto done;
}
}
#endif
Debug( LDAP_DEBUG_ARGS, " do_add: no backend support\n", 0, 0, 0 );
send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM,
"operation not supported within namingContext" );
}
#ifdef LDAP_SLAPI
if ( op->o_pb ) call_add_postop_plugins( op );
#endif /* LDAP_SLAPI */
done:;
return rc;
}
@ -660,51 +607,3 @@ slap_entry2mods(
return LDAP_SUCCESS;
}
#ifdef LDAP_SLAPI
static void init_add_pblock( Operation *op,
struct berval *dn, Entry *e, int manageDSAit )
{
slapi_int_pblock_set_operation( op->o_pb, op );
slapi_pblock_set( op->o_pb, SLAPI_ADD_TARGET, (void *)dn->bv_val );
slapi_pblock_set( op->o_pb, SLAPI_ADD_ENTRY, (void *)e );
slapi_pblock_set( op->o_pb, SLAPI_MANAGEDSAIT, (void *)manageDSAit );
}
static int call_add_preop_plugins( Operation *op )
{
int rc;
rc = slapi_int_call_plugins( op->o_bd, SLAPI_PLUGIN_PRE_ADD_FN, op->o_pb );
if ( rc < 0 ) {
/*
* A preoperation plugin failure will abort the
* entire operation.
*/
Debug(LDAP_DEBUG_TRACE,
"do_add: add preoperation plugin failed.\n",
0, 0, 0);
if (( slapi_pblock_get( op->o_pb, SLAPI_RESULT_CODE,
(void *)&rc ) != 0 ) || rc == LDAP_SUCCESS )
{
rc = LDAP_OTHER;
}
} else {
rc = LDAP_SUCCESS;
}
return rc;
}
static void call_add_postop_plugins( Operation *op )
{
int rc;
rc = slapi_int_call_plugins( op->o_bd, SLAPI_PLUGIN_POST_ADD_FN, op->o_pb );
if ( rc < 0 ) {
Debug(LDAP_DEBUG_TRACE,
"do_add: add postoperation plugin failed\n",
0, 0, 0);
}
}
#endif /* LDAP_SLAPI */

207
servers/slapd/backend.c
View file

@ -37,15 +37,6 @@
#include "lutil.h"
#include "lber_pvt.h"
#ifdef LDAP_SLAPI
#include "slapi/slapi.h"
static void init_group_pblock( Operation *op, Entry *target,
Entry *e, struct berval *op_ndn, AttributeDescription *group_at );
static int call_group_preop_plugins( Operation *op );
static void call_group_postop_plugins( Operation *op );
#endif /* LDAP_SLAPI */
/*
* If a module is configured as dynamic, its header should not
* get included into slapd. While this is a general rule and does
@ -723,45 +714,13 @@ be_entry_release_rw(
int
backend_unbind( Operation *op, SlapReply *rs )
{
int i = 0;
BackendDB *be;
LDAP_STAILQ_FOREACH( be, &backendDB, be_next ) {
#if defined( LDAP_SLAPI )
if ( op->o_pb ) {
int rc;
if ( i == 0 ) slapi_int_pblock_set_operation( op->o_pb, op );
slapi_pblock_set( op->o_pb, SLAPI_BACKEND, (void *)be );
rc = slapi_int_call_plugins( be,
SLAPI_PLUGIN_PRE_UNBIND_FN, (Slapi_PBlock *)op->o_pb );
if ( rc < 0 ) {
/*
* A preoperation plugin failure will abort the
* entire operation.
*/
Debug(LDAP_DEBUG_TRACE,
"do_bind: Unbind preoperation plugin failed\n",
0, 0, 0);
return 0;
}
}
#endif /* defined( LDAP_SLAPI ) */
if ( be->be_unbind ) {
op->o_bd = be;
be->be_unbind( op, rs );
}
#if defined( LDAP_SLAPI )
if ( op->o_pb != NULL && slapi_int_call_plugins( be,
SLAPI_PLUGIN_POST_UNBIND_FN, (Slapi_PBlock *)op->o_pb ) < 0 )
{
Debug(LDAP_DEBUG_TRACE,
"do_unbind: Unbind postoperation plugins failed\n",
0, 0, 0);
}
#endif /* defined( LDAP_SLAPI ) */
i++;
}
return 0;
@ -1259,17 +1218,6 @@ backend_group(
rc = be_entry_get_rw( op, gr_ndn, group_oc, group_at, 0, &e );
}
if ( e ) {
#ifdef LDAP_SLAPI
if ( op->o_pb != NULL ) {
init_group_pblock( op, target, e, op_ndn, group_at );
rc = call_group_preop_plugins( op );
if ( rc == LDAP_SUCCESS ) {
goto done;
}
}
#endif /* LDAP_SLAPI */
a = attr_find( e->e_attrs, group_at );
if ( a ) {
/* If the attribute is a subtype of labeledURI, treat this as
@ -1379,10 +1327,6 @@ loopit:
rc = LDAP_NO_SUCH_OBJECT;
}
#ifdef LDAP_SLAPI
if ( op->o_pb ) call_group_postop_plugins( op );
#endif /* LDAP_SLAPI */
if ( op->o_tag != LDAP_REQ_BIND && !op->o_do_not_cache ) {
g = op->o_tmpalloc( sizeof( GroupAssertion ) + gr_ndn->bv_len,
op->o_tmpmemctx );
@ -1400,58 +1344,6 @@ done:
return rc;
}
#ifdef LDAP_SLAPI
static int backend_compute_output_attr(computed_attr_context *c, Slapi_Attr *a, Slapi_Entry *e)
{
BerVarray v;
int rc;
BerVarray *vals = (BerVarray *)c->cac_private;
Operation *op = NULL;
int i, j;
slapi_pblock_get( c->cac_pb, SLAPI_OPERATION, &op );
if ( op == NULL ) {
return 1;
}
if ( op->o_conn && access_allowed( op,
e, a->a_desc, NULL, ACL_AUTH,
&c->cac_acl_state ) == 0 ) {
return 1;
}
for ( i = 0; !BER_BVISNULL( &a->a_vals[i] ); i++ ) ;
v = op->o_tmpalloc( sizeof(struct berval) * (i+1),
op->o_tmpmemctx );
for ( i = 0, j = 0; !BER_BVISNULL( &a->a_vals[i] ); i++ ) {
if ( op->o_conn && access_allowed( op,
e, a->a_desc,
&a->a_nvals[i],
ACL_AUTH, &c->cac_acl_state ) == 0 ) {
continue;
}
ber_dupbv_x( &v[j],
&a->a_nvals[i], op->o_tmpmemctx );
if ( !BER_BVISNULL( &v[j] ) ) {
j++;
}
}
if ( j == 0 ) {
op->o_tmpfree( v, op->o_tmpmemctx );
*vals = NULL;
rc = 1;
} else {
BER_BVZERO( &v[j] );
*vals = v;
rc = 0;
}
return rc;
}
#endif /* LDAP_SLAPI */
int
backend_attribute(
Operation *op,
@ -1548,29 +1440,6 @@ backend_attribute(
rc = LDAP_SUCCESS;
}
}
#ifdef LDAP_SLAPI
else if ( op->o_pb ) {
/* try any computed attributes */
computed_attr_context ctx;
slapi_int_pblock_set_operation( op->o_pb, op );
ctx.cac_pb = op->o_pb;
ctx.cac_attrs = NULL;
ctx.cac_userattrs = 0;
ctx.cac_opattrs = 0;
ctx.cac_acl_state = acl_state;
ctx.cac_private = (void *)vals;
rc = compute_evaluator( &ctx, entry_at->ad_cname.bv_val, e, backend_compute_output_attr );
if ( rc == 1 ) {
rc = LDAP_INSUFFICIENT_ACCESS;
} else {
rc = LDAP_SUCCESS;
}
}
#endif /* LDAP_SLAPI */
freeit: if ( e != target ) {
be_entry_release_r( op, e );
}
@ -1583,21 +1452,6 @@ freeit: if ( e != target ) {
return rc;
}
#ifdef LDAP_SLAPI
static int backend_compute_output_attr_access(computed_attr_context *c, Slapi_Attr *a, Slapi_Entry *e)
{
struct berval *nval = (struct berval *)c->cac_private;
Operation *op = NULL;
slapi_pblock_get( c->cac_pb, SLAPI_OPERATION, &op );
if ( op == NULL ) {
return 1;
}
return access_allowed( op, e, a->a_desc, nval, ACL_AUTH, NULL ) == 0;
}
#endif /* LDAP_SLAPI */
int
backend_access(
Operation *op,
@ -1686,28 +1540,6 @@ backend_access(
}
rc = LDAP_SUCCESS;
}
#ifdef LDAP_SLAPI
else if ( op->o_pb ) {
/* try any computed attributes */
computed_attr_context ctx;
slapi_int_pblock_set_operation( op->o_pb, op );
ctx.cac_pb = op->o_pb;
ctx.cac_attrs = NULL;
ctx.cac_userattrs = 0;
ctx.cac_opattrs = 0;
ctx.cac_private = (void *)nval;
rc = compute_evaluator( &ctx, entry_at->ad_cname.bv_val, e, backend_compute_output_attr_access );
if ( rc == 1 ) {
rc = LDAP_INSUFFICIENT_ACCESS;
} else {
rc = LDAP_SUCCESS;
}
}
#endif /* LDAP_SLAPI */
}
freeit: if ( e != target ) {
be_entry_release_r( op, e );
@ -1769,42 +1601,3 @@ int backend_operational(
return rc;
}
#ifdef LDAP_SLAPI
static void init_group_pblock( Operation *op, Entry *target,
Entry *e, struct berval *op_ndn, AttributeDescription *group_at )
{
slapi_pblock_set( op->o_pb,
SLAPI_X_GROUP_ENTRY, (void *)e );
slapi_pblock_set( op->o_pb,
SLAPI_X_GROUP_OPERATION_DN, (void *)op_ndn->bv_val );
slapi_pblock_set( op->o_pb,
SLAPI_X_GROUP_ATTRIBUTE, (void *)group_at->ad_cname.bv_val );
slapi_pblock_set( op->o_pb,
SLAPI_X_GROUP_TARGET_ENTRY, (void *)target );
}
static int call_group_preop_plugins( Operation *op )
{
int rc;
rc = slapi_int_call_plugins( op->o_bd,
SLAPI_X_PLUGIN_PRE_GROUP_FN, op->o_pb );
if ( rc < 0 ) {
if (( slapi_pblock_get( op->o_pb, SLAPI_RESULT_CODE,
(void *)&rc ) != 0 ) || rc == LDAP_SUCCESS )
{
rc = LDAP_NO_SUCH_ATTRIBUTE;
}
} else {
rc = LDAP_SUCCESS;
}
return rc;
}
static void call_group_postop_plugins( Operation *op )
{
(void) slapi_int_call_plugins( op->o_bd, SLAPI_X_PLUGIN_POST_GROUP_FN, op->o_pb );
}
#endif /* LDAP_SLAPI */

113
servers/slapd/bind.c
View file

@ -32,10 +32,6 @@
#include <ac/socket.h>
#include "slap.h"
#ifdef LDAP_SLAPI
#include "slapi/slapi.h"
#endif
int
do_bind(
@ -327,27 +323,6 @@ fe_op_bind( Operation *op, SlapReply *rs )
op->o_conn->c_sasl_bind_in_progress = 0;
}
#ifdef LDAP_SLAPI
#define pb op->o_pb
/*
* Normally post-operation plugins are called only after the
* backend operation. Because the front-end performs SASL
* binds on behalf of the backend, we'll make a special
* exception to call the post-operation plugins after a
* SASL bind.
*/
if ( pb ) {
slapi_int_pblock_set_operation( pb, op );
slapi_pblock_set( pb, SLAPI_BIND_TARGET, (void *)op->o_req_dn.bv_val );
slapi_pblock_set( pb, SLAPI_BIND_METHOD, (void *)op->orb_method );
slapi_pblock_set( pb,
SLAPI_BIND_CREDENTIALS, (void *)&op->orb_cred );
slapi_pblock_set( pb, SLAPI_MANAGEDSAIT, (void *)(0) );
(void) slapi_int_call_plugins( op->o_bd,
SLAPI_PLUGIN_POST_BIND_FN, pb );
}
#endif /* LDAP_SLAPI */
ldap_pvt_thread_mutex_unlock( &op->o_conn->c_mutex );
goto cleanup;
@ -476,84 +451,6 @@ fe_op_bind( Operation *op, SlapReply *rs )
goto cleanup;
}
#ifdef LDAP_SLAPI
if ( pb ) {
int rc;
slapi_int_pblock_set_operation( pb, op );
slapi_pblock_set( pb, SLAPI_BIND_TARGET, (void *)op->o_req_dn.bv_val );
slapi_pblock_set( pb, SLAPI_BIND_METHOD, (void *)op->orb_method );
slapi_pblock_set( pb, SLAPI_BIND_CREDENTIALS, (void *)&op->orb_cred );
slapi_pblock_set( pb, SLAPI_MANAGEDSAIT, (void *)(0) );
slapi_pblock_set( pb, SLAPI_CONN_DN, (void *)(0) );
rc = slapi_int_call_plugins( op->o_bd, SLAPI_PLUGIN_PRE_BIND_FN, pb );
Debug(LDAP_DEBUG_TRACE,
"do_bind: Bind preoperation plugin returned %d.\n",
rs->sr_err, 0, 0);
switch ( rc ) {
case SLAPI_BIND_SUCCESS:
/* Continue with backend processing */
break;
case SLAPI_BIND_FAIL:
/* Failure, server sends result */
rs->sr_err = LDAP_INVALID_CREDENTIALS;
send_ldap_result( op, rs );
goto cleanup;
break;
case SLAPI_BIND_ANONYMOUS:
/* SLAPI_BIND_ANONYMOUS is undocumented XXX */
default:
/* Authoritative, plugin sent result, or no plugins called. */
if ( slapi_pblock_get( op->o_pb, SLAPI_RESULT_CODE,
(void *)&rs->sr_err) != 0 )
{
rs->sr_err = LDAP_OTHER;
}
BER_BVZERO( &op->orb_edn );
if ( rs->sr_err == LDAP_SUCCESS ) {
slapi_pblock_get( pb, SLAPI_CONN_DN,
(void *)&op->orb_edn.bv_val );
if ( BER_BVISNULL( &op->orb_edn ) ) {
if ( rc == 1 ) {
/* No plugins were called; continue. */
break;
}
} else {
op->orb_edn.bv_len = strlen( op->orb_edn.bv_val );
}
rs->sr_err = dnPrettyNormal( NULL, &op->orb_edn,
&op->o_req_dn, &op->o_req_ndn, op->o_tmpmemctx );
ldap_pvt_thread_mutex_lock( &op->o_conn->c_mutex );
ber_dupbv(&op->o_conn->c_dn, &op->o_req_dn);
ber_dupbv(&op->o_conn->c_ndn, &op->o_req_ndn);
op->o_tmpfree( op->o_req_dn.bv_val, op->o_tmpmemctx );
BER_BVZERO( &op->o_req_dn );
op->o_tmpfree( op->o_req_ndn.bv_val, op->o_tmpmemctx );
BER_BVZERO( &op->o_req_ndn );
if ( !BER_BVISEMPTY( &op->o_conn->c_dn ) ) {
ber_len_t max = sockbuf_max_incoming_auth;
ber_sockbuf_ctrl( op->o_conn->c_sb,
LBER_SB_OPT_SET_MAX_INCOMING, &max );
}
/* log authorization identity */
Statslog( LDAP_DEBUG_STATS,
"%s BIND dn=\"%s\" mech=%s (SLAPI) ssf=0\n",
op->o_log_prefix,
BER_BVISNULL( &op->o_conn->c_dn )
? "<empty>" : op->o_conn->c_dn.bv_val,
mech.bv_val, 0, 0 );
ldap_pvt_thread_mutex_unlock( &op->o_conn->c_mutex );
}
goto cleanup;
break;
}
}
#endif /* LDAP_SLAPI */
if( op->o_bd->be_bind ) {
rs->sr_err = (op->o_bd->be_bind)( op, rs );
@ -604,16 +501,6 @@ fe_op_bind( Operation *op, SlapReply *rs )
"operation not supported within naming context" );
}
#ifdef LDAP_SLAPI
if ( pb != NULL &&
slapi_int_call_plugins( op->o_bd, SLAPI_PLUGIN_POST_BIND_FN, pb ) < 0 )
{
Debug(LDAP_DEBUG_TRACE,
"do_bind: Bind postoperation plugins failed.\n",
0, 0, 0);
}
#endif /* LDAP_SLAPI */
cleanup:;
return rs->sr_err;
}

41
servers/slapd/compare.c
View file

@ -30,9 +30,6 @@
#include <ac/string.h>
#include "slap.h"
#ifdef LDAP_SLAPI
#include "slapi/slapi.h"
#endif
static int compare_entry(
Operation *op,
@ -240,35 +237,6 @@ fe_op_compare( Operation *op, SlapReply *rs )
op->o_log_prefix, op->o_req_dn.bv_val,
ava.aa_desc->ad_cname.bv_val, 0, 0 );
#if defined( LDAP_SLAPI )
#define pb op->o_pb
if ( pb ) {
slapi_int_pblock_set_operation( pb, op );
slapi_pblock_set( pb, SLAPI_COMPARE_TARGET, (void *)op->o_req_dn.bv_val );
slapi_pblock_set( pb, SLAPI_MANAGEDSAIT, (void *)manageDSAit );
slapi_pblock_set( pb, SLAPI_COMPARE_TYPE, (void *)ava.aa_desc->ad_cname.bv_val );
slapi_pblock_set( pb, SLAPI_COMPARE_VALUE, (void *)&ava.aa_value );
rs->sr_err = slapi_int_call_plugins( op->o_bd,
SLAPI_PLUGIN_PRE_COMPARE_FN, pb );
if ( rs->sr_err < 0 ) {
/*
* A preoperation plugin failure will abort the
* entire operation.
*/
Debug(LDAP_DEBUG_TRACE,
"do_compare: compare preoperation plugin failed\n",
0, 0, 0);
if ( ( slapi_pblock_get( op->o_pb, SLAPI_RESULT_CODE,
(void *)&rs->sr_err ) != 0 ) || rs->sr_err == LDAP_SUCCESS )
{
rs->sr_err = LDAP_OTHER;
}
goto cleanup;
}
}
#endif /* defined( LDAP_SLAPI ) */
op->orc_ava = &ava;
if ( ava.aa_desc == slap_schema.si_ad_entryDN ) {
send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM,
@ -395,15 +363,6 @@ fe_op_compare( Operation *op, SlapReply *rs )
}
}
#if defined( LDAP_SLAPI )
if ( pb != NULL && slapi_int_call_plugins( op->o_bd,
SLAPI_PLUGIN_POST_COMPARE_FN, pb ) < 0 )
{
Debug(LDAP_DEBUG_TRACE,
"do_compare: compare postoperation plugins failed\n", 0, 0, 0 );
}
#endif /* defined( LDAP_SLAPI ) */
cleanup:;
return rs->sr_err;
}

8
servers/slapd/connection.c
View file

@ -599,20 +599,20 @@ void connection2anonymous( Connection *c )
}
if(c->c_authmech.bv_val != NULL ) {
free(c->c_authmech.bv_val);
ch_free(c->c_authmech.bv_val);
}
BER_BVZERO( &c->c_authmech );
if(c->c_dn.bv_val != NULL) {
free(c->c_dn.bv_val);
ch_free(c->c_dn.bv_val);
}
BER_BVZERO( &c->c_dn );
if(c->c_ndn.bv_val != NULL) {
free(c->c_ndn.bv_val);
ch_free(c->c_ndn.bv_val);
}
BER_BVZERO( &c->c_ndn );
if(c->c_sasl_authz_dn.bv_val != NULL) {
free(c->c_sasl_authz_dn.bv_val);
ch_free(c->c_sasl_authz_dn.bv_val);
}
BER_BVZERO( &c->c_sasl_authz_dn );

41
servers/slapd/delete.c
View file

@ -34,10 +34,6 @@
#include "lutil.h"
#ifdef LDAP_SLAPI
#include "slapi/slapi.h"
#endif
int
do_delete(
Operation *op,
@ -156,33 +152,6 @@ fe_op_delete( Operation *op, SlapReply *rs )
goto cleanup;
}
#if defined( LDAP_SLAPI )
#define pb op->o_pb
if ( pb ) {
slapi_int_pblock_set_operation( pb, op );
slapi_pblock_set( pb, SLAPI_DELETE_TARGET, (void *)op->o_req_dn.bv_val );
slapi_pblock_set( pb, SLAPI_MANAGEDSAIT, (void *)manageDSAit );
rs->sr_err = slapi_int_call_plugins( op->o_bd,
SLAPI_PLUGIN_PRE_DELETE_FN, pb );
if ( rs->sr_err < 0 ) {
/*
* A preoperation plugin failure will abort the
* entire operation.
*/
Debug (LDAP_DEBUG_TRACE, "do_delete: "
"delete preoperation plugin failed.\n", 0, 0, 0);
if ( ( slapi_pblock_get( pb, SLAPI_RESULT_CODE,
(void *)&rs->sr_err ) != 0 ) ||
rs->sr_err == LDAP_SUCCESS )
{
rs->sr_err = LDAP_OTHER;
}
goto cleanup;
}
}
#endif /* defined( LDAP_SLAPI ) */
/*
* do the delete if 1 && (2 || 3)
* 1) there is a delete function implemented in this backend;
@ -281,16 +250,6 @@ fe_op_delete( Operation *op, SlapReply *rs )
"operation not supported within namingContext" );
}
#if defined( LDAP_SLAPI )
if ( pb != NULL && slapi_int_call_plugins( op->o_bd,
SLAPI_PLUGIN_POST_DELETE_FN, pb ) < 0)
{
Debug(LDAP_DEBUG_TRACE,
"do_delete: delete postoperation plugins failed\n",
0, 0, 0 );
}
#endif /* defined( LDAP_SLAPI ) */
cleanup:;
return rs->sr_err;
}

80
servers/slapd/extended.c
View file

@ -39,10 +39,6 @@
#include "slap.h"
#include "lber_pvt.h"
#ifdef LDAP_SLAPI
#include "slapi/slapi.h"
#endif
#define UNSUPPORTED_EXOP "unsupported extended operation"
@ -194,25 +190,11 @@ fe_extended( Operation *op, SlapReply *rs )
struct extop_list *ext = NULL;
struct berval reqdata = BER_BVNULL;
#if defined(LDAP_SLAPI)
Slapi_PBlock *pb = op->o_pb;
SLAPI_FUNC funcAddr = NULL;
int extop_rc;
int msg_sent = FALSE;
#endif /* defined(LDAP_SLAPI) */
if (op->ore_reqdata) {
reqdata = *op->ore_reqdata;
}
#ifdef LDAP_SLAPI
/* NS-SLAPI extended operation */
slapi_int_get_extop_plugin( &op->ore_reqoid, &funcAddr );
if( !funcAddr && !(ext = find_extop(supp_ext_list, &op->ore_reqoid )))
#else
if( !(ext = find_extop(supp_ext_list, &op->ore_reqoid )))
#endif
{
Debug( LDAP_DEBUG_ANY, "do_extended: unsupported operation \"%s\"\n",
op->ore_reqoid.bv_val, 0 ,0 );
@ -226,68 +208,6 @@ fe_extended( Operation *op, SlapReply *rs )
Debug( LDAP_DEBUG_ARGS, "do_extended: oid=%s\n",
op->ore_reqoid.bv_val, 0 ,0 );
#if defined(LDAP_SLAPI)
if ( funcAddr != NULL ) {
rs->sr_err = slapi_pblock_set( pb, SLAPI_EXT_OP_REQ_OID,
(void *)op->ore_reqoid.bv_val);
if ( rs->sr_err != LDAP_SUCCESS ) {
rs->sr_err = LDAP_OTHER;
goto done;
}
rs->sr_err = slapi_pblock_set( pb, SLAPI_EXT_OP_REQ_VALUE,
(void *)&reqdata);
if ( rs->sr_err != LDAP_SUCCESS ) {
rs->sr_err = LDAP_OTHER;
goto done;
}
rs->sr_err = slapi_int_pblock_set_operation( pb, op );
if ( rs->sr_err != LDAP_SUCCESS ) {
rs->sr_err = LDAP_OTHER;
goto done;
}
extop_rc = (*funcAddr)( pb );
if ( extop_rc == SLAPI_PLUGIN_EXTENDED_SENT_RESULT ) {
msg_sent = TRUE;
} else if ( extop_rc == SLAPI_PLUGIN_EXTENDED_NOT_HANDLED ) {
rs->sr_err = LDAP_PROTOCOL_ERROR;
rs->sr_text = UNSUPPORTED_EXOP;
} else {
rs->sr_err = slapi_pblock_get( pb, SLAPI_EXT_OP_RET_OID,
&rs->sr_rspoid);
if ( rs->sr_err != LDAP_SUCCESS ) {
goto done2;
}
rs->sr_err = slapi_pblock_get( pb, SLAPI_EXT_OP_RET_VALUE,
&rs->sr_rspdata);
if ( rs->sr_err != LDAP_SUCCESS ) {
goto done2;
}
rs->sr_err = extop_rc;
send_ldap_extended( op, rs );
msg_sent = TRUE;
}
done2:;
if ( rs->sr_err != LDAP_SUCCESS && msg_sent == FALSE ) {
send_ldap_result( op, rs );
}
if ( rs->sr_rspoid != NULL ) {
ch_free( (char *)rs->sr_rspoid );
}
if ( rs->sr_rspdata != NULL ) {
ber_bvfree( rs->sr_rspdata );
}
} else
#endif /* defined( LDAP_SLAPI ) */
{ /* start of OpenLDAP extended operation */
rs->sr_err = (ext->ext_main)( op, rs );

4
servers/slapd/frontend.c
View file

@ -38,10 +38,6 @@
#include "ldap_rq.h"
#ifdef LDAP_SLAPI
#include "slapi/slapi.h"
#endif
static BackendInfo slap_frontendInfo;
static BackendDB slap_frontendDB;
BackendDB *frontendDB;

74
servers/slapd/modify.c
View file

@ -32,9 +32,6 @@
#include <ac/time.h>
#include "slap.h"
#ifdef LDAP_SLAPI
#include "slapi/slapi.h"
#endif
#include "lutil.h"
@ -221,9 +218,6 @@ fe_op_modify( Operation *op, SlapReply *rs )
int manageDSAit;
Modifications *modlist = op->orm_modlist;
Modifications **modtail = &modlist;
#ifdef LDAP_SLAPI
LDAPMod **modv = NULL;
#endif
int increment = op->orm_increment;
BackendDB *op_be;
char textbuf[ SLAP_TEXT_BUFLEN ];
@ -365,61 +359,6 @@ fe_op_modify( Operation *op, SlapReply *rs )
"modify/increment not supported in context" );
}
#if defined( LDAP_SLAPI )
#define pb op->o_pb
if ( pb ) {
slapi_int_pblock_set_operation( pb, op );
slapi_pblock_set( pb, SLAPI_MODIFY_TARGET, (void *)op->o_req_dn.bv_val );
slapi_pblock_set( pb, SLAPI_MANAGEDSAIT, (void *)manageDSAit );
modv = slapi_int_modifications2ldapmods( &modlist );
slapi_pblock_set( pb, SLAPI_MODIFY_MODS, (void *)modv );
rs->sr_err = slapi_int_call_plugins( op->o_bd,
SLAPI_PLUGIN_PRE_MODIFY_FN, pb );
/*
* It's possible that the preoperation plugin changed the
* modification array, so we need to convert it back to
* a Modification list.
*
* Calling slapi_int_modifications2ldapmods() destroyed modlist so
* we don't need to free it.
*/
slapi_pblock_get( pb, SLAPI_MODIFY_MODS, (void **)&modv );
modlist = slapi_int_ldapmods2modifications( modv );
if ( rs->sr_err < 0 ) {
/*
* A preoperation plugin failure will abort the
* entire operation.
*/
Debug(LDAP_DEBUG_TRACE,
"do_modify: modify preoperation plugin failed.\n",
0, 0, 0);
if ( ( slapi_pblock_get( op->o_pb, SLAPI_RESULT_CODE,
(void *)&rs->sr_err ) != 0 ) || rs->sr_err == LDAP_SUCCESS )
{
rs->sr_err = LDAP_OTHER;
}
slapi_int_free_ldapmods( modv );
modv = NULL;
goto cleanup;
}
}
/*
* NB: it is valid for the plugin to return no modifications
* (for example, a plugin might store some attributes elsewhere
* and remove them from the modification list; if only those
* attribute types were included in the modification request,
* then slapi_int_ldapmods2modifications() above will return
* NULL).
*
* However, the post-operation plugin should still be
* called.
*/
#endif /* defined( LDAP_SLAPI ) */
/*
* do the modify if 1 && (2 || 3)
* 1) there is a modify function implemented in this backend;
@ -510,20 +449,7 @@ fe_op_modify( Operation *op, SlapReply *rs )
"operation not supported within namingContext" );
}
#if defined( LDAP_SLAPI )
if ( pb != NULL && slapi_int_call_plugins( op->o_bd,
SLAPI_PLUGIN_POST_MODIFY_FN, pb ) < 0 )
{
Debug(LDAP_DEBUG_TRACE,
"do_modify: modify postoperation plugins failed.\n", 0, 0, 0);
}
#endif /* defined( LDAP_SLAPI ) */
cleanup:;
#if defined( LDAP_SLAPI )
if ( modv != NULL ) slapi_int_free_ldapmods( modv );
#endif
return rs->sr_err;
}

38
servers/slapd/modrdn.c
View file

@ -39,9 +39,6 @@
#include <ac/string.h>
#include "slap.h"
#ifdef LDAP_SLAPI
#include "slapi/slapi.h"
#endif
int
do_modrdn(
@ -285,34 +282,6 @@ fe_op_modrdn( Operation *op, SlapReply *rs )
}
}
#if defined( LDAP_SLAPI )
#define pb op->o_pb
if ( pb ) {
slapi_int_pblock_set_operation( pb, op );
slapi_pblock_set( pb, SLAPI_MODRDN_TARGET, (void *)op->o_req_dn.bv_val );
slapi_pblock_set( pb, SLAPI_MODRDN_NEWRDN, (void *)op->orr_newrdn.bv_val );
slapi_pblock_set( pb, SLAPI_MODRDN_NEWSUPERIOR,
(void *)op->orr_newSup->bv_val );
slapi_pblock_set( pb, SLAPI_MODRDN_DELOLDRDN, (void *)op->orr_deleteoldrdn);
slapi_pblock_set( pb, SLAPI_MANAGEDSAIT, (void *)manageDSAit );
rs->sr_err = slapi_int_call_plugins( op->o_bd, SLAPI_PLUGIN_PRE_MODRDN_FN, pb );
if ( rs->sr_err < 0 ) {
/*
* A preoperation plugin failure will abort the
* entire operation.
*/
Debug(LDAP_DEBUG_TRACE, "do_modrdn: modrdn preoperation plugin "
"failed.\n", 0, 0, 0);
if ( ( slapi_pblock_get( pb, SLAPI_RESULT_CODE, (void *)&rs->sr_err ) != 0 ) ||
rs->sr_err == LDAP_SUCCESS ) {
rs->sr_err = LDAP_OTHER;
}
goto cleanup;
}
}
#endif /* defined( LDAP_SLAPI ) */
/*
* do the modrdn if 1 && (2 || 3)
* 1) there is a modrdn function implemented in this backend;
@ -403,13 +372,6 @@ fe_op_modrdn( Operation *op, SlapReply *rs )
"operation not supported within namingContext" );
}
#if defined( LDAP_SLAPI )
if ( pb != NULL && slapi_int_call_plugins( op->o_bd, SLAPI_PLUGIN_POST_MODRDN_FN, pb ) < 0 ) {
Debug(LDAP_DEBUG_TRACE, "do_modrdn: modrdn postoperation plugins "
"failed.\n", 0, 0, 0);
}
#endif /* defined( LDAP_SLAPI ) */
cleanup:;
return rs->sr_err;
}

6
servers/slapd/operation.c
View file

@ -69,13 +69,13 @@ slap_op_free( Operation *op )
ber_free( op->o_ber, 1 );
}
if ( !BER_BVISNULL( &op->o_dn ) ) {
free( op->o_dn.bv_val );
ch_free( op->o_dn.bv_val );
}
if ( !BER_BVISNULL( &op->o_ndn ) ) {
free( op->o_ndn.bv_val );
ch_free( op->o_ndn.bv_val );
}
if ( !BER_BVISNULL( &op->o_authmech ) ) {
free( op->o_authmech.bv_val );
ch_free( op->o_authmech.bv_val );
}
if ( op->o_ctrls != NULL ) {
slap_free_ctrls( op, op->o_ctrls );

19
servers/slapd/overlays/glue.c
View file

@ -153,13 +153,6 @@ glue_op_response ( Operation *op, SlapReply *rs )
return 0;
}
enum glue_which {
glue_op_modify = 0,
glue_op_modrdn,
glue_op_add,
glue_op_delete
};
static int
glue_op_func ( Operation *op, SlapReply *rs )
{
@ -167,20 +160,20 @@ glue_op_func ( Operation *op, SlapReply *rs )
BackendDB *b0 = op->o_bd;
BackendInfo *bi0 = op->o_bd->bd_info;
BI_op_modify **func;
enum glue_which which;
slap_operation_t which;
int rc;
op->o_bd = glue_back_select (b0, &op->o_req_ndn);
b0->bd_info = on->on_info->oi_orig;
switch(op->o_tag) {
case LDAP_REQ_ADD: which = glue_op_add; break;
case LDAP_REQ_DELETE: which = glue_op_delete; break;
case LDAP_REQ_MODIFY: which = glue_op_modify; break;
case LDAP_REQ_MODRDN: which = glue_op_modrdn; break;
case LDAP_REQ_ADD: which = op_add; break;
case LDAP_REQ_DELETE: which = op_delete; break;
case LDAP_REQ_MODIFY: which = op_modify; break;
case LDAP_REQ_MODRDN: which = op_modrdn; break;
}
func = &op->o_bd->bd_info->bi_op_modify;
func = &op->o_bd->bd_info->bi_op_bind;
if ( func[which] )
rc = func[which]( op, rs );
else

274
servers/slapd/result.c
View file

@ -37,14 +37,6 @@
#include "slap.h"
#ifdef LDAP_SLAPI
#include "slapi/slapi.h"
static int call_pre_result_plugins( Operation *, SlapReply * );
static int call_pre_referral_plugins( Operation *, SlapReply * );
static int call_pre_entry_plugins( Operation *, SlapReply *, int * );
#endif /* LDAP_SLAPI */
const struct berval slap_dummy_bv = BER_BVNULL;
int slap_null_cb( Operation *op, SlapReply *rs )
@ -250,36 +242,16 @@ static int
send_ldap_controls( Operation *o, BerElement *ber, LDAPControl **c )
{
int rc;
#ifdef LDAP_SLAPI
LDAPControl **sctrls = NULL;
/*
* Retrieve any additional controls that may be set by the
* plugin.
*/
if ( o->o_pb &&
slapi_pblock_get( o->o_pb, SLAPI_RESCONTROLS, &sctrls ) != 0 )
{
sctrls = NULL;
}
if ( c == NULL && sctrls == NULL ) return 0;
#else
if( c == NULL ) return 0;
#endif /* LDAP_SLAPI */
if( c == NULL )
return 0;
rc = ber_printf( ber, "t{"/*}*/, LDAP_TAG_CONTROLS );
if( rc == -1 ) return rc;
#ifdef LDAP_SLAPI
if ( c != NULL )
#endif /* LDAP_SLAPI */
{
for( ; *c != NULL; c++) {
rc = send_ldap_control( ber, *c );
if( rc == -1 ) return rc;
}
for( ; *c != NULL; c++) {
rc = send_ldap_control( ber, *c );
if( rc == -1 ) return rc;
}
#ifdef LDAP_DEVEL
@ -307,15 +279,6 @@ send_ldap_controls( Operation *o, BerElement *ber, LDAPControl **c )
}
#endif
#ifdef LDAP_SLAPI
if ( sctrls != NULL ) {
for ( c = sctrls; *c != NULL; c++ ) {
rc = send_ldap_control( ber, *c );
if( rc == -1 ) return rc;
}
}
#endif /* LDAP_SLAPI */
rc = ber_printf( ber, /*{*/"N}" );
return rc;
@ -480,15 +443,6 @@ send_ldap_response(
goto cleanup;
}
#ifdef LDAP_SLAPI
if ( op->o_pb ) {
slapi_pblock_set( op->o_pb, SLAPI_RESULT_CODE, (void *)rs->sr_err );
slapi_pblock_set( op->o_pb, SLAPI_RESULT_MATCHED,
(void *)rs->sr_matched );
slapi_pblock_set( op->o_pb, SLAPI_RESULT_TEXT, (void *)rs->sr_text );
}
#endif /* LDAP_SLAPI */
ldap_pvt_thread_mutex_lock( &slap_counters.sc_sent_mutex );
ldap_pvt_mp_add_ulong( slap_counters.sc_pdu, 1 );
ldap_pvt_mp_add_ulong( slap_counters.sc_bytes, (unsigned long)bytes );
@ -615,10 +569,6 @@ slap_send_ldap_result( Operation *op, SlapReply *rs )
}
}
#ifdef LDAP_SLAPI
(void) call_pre_result_plugins( op, rs );
#endif /* LDAP_SLAPI */
if ( op->o_protocol < LDAP_VERSION3 ) {
tmp = v2ref( rs->sr_ref, rs->sr_text );
rs->sr_text = tmp;
@ -707,11 +657,6 @@ slap_send_search_entry( Operation *op, SlapReply *rs )
char *edn;
int userattrs;
AccessControlState acl_state = ACL_STATE_INIT;
#ifdef LDAP_SLAPI
/* Support for computed attribute plugins */
computed_attr_context ctx;
AttributeName *anp;
#endif
int attrsonly;
AttributeDescription *ad_entry = slap_schema.si_ad_entry;
@ -767,14 +712,6 @@ slap_send_search_entry( Operation *op, SlapReply *rs )
attrsonly = op->ors_attrsonly;
#ifdef LDAP_SLAPI
rc = call_pre_entry_plugins( op, rs, &attrsonly );
if ( rc < 0 ) {
rc = 0;
goto error_return;
}
#endif /* LDAP_SLAPI */
if ( !access_allowed( op, rs->sr_entry, ad_entry, NULL, ACL_READ, NULL )) {
Debug( LDAP_DEBUG_ACL,
"send_search_entry: conn %lu access to entry (%s) not allowed\n",
@ -1125,46 +1062,6 @@ slap_send_search_entry( Operation *op, SlapReply *rs )
}
}
#ifdef LDAP_SLAPI
/*
* First, setup the computed attribute context that is
* passed to all plugins.
*/
if ( op->o_pb ) {
ctx.cac_pb = op->o_pb;
ctx.cac_attrs = rs->sr_attrs;
ctx.cac_attrsonly = attrsonly;
ctx.cac_userattrs = userattrs;
ctx.cac_opattrs = rs->sr_attr_flags;
ctx.cac_acl_state = acl_state;
ctx.cac_private = (void *)ber;
/*
* For each client requested attribute, call the plugins.
*/
if ( rs->sr_attrs != NULL ) {
for ( anp = rs->sr_attrs; anp->an_name.bv_val != NULL; anp++ ) {
rc = compute_evaluator( &ctx, anp->an_name.bv_val,
rs->sr_entry, slapi_int_compute_output_ber );
if ( rc == 1 ) break;
}
} else {
/*
* Technically we shouldn't be returning operational attributes
* when the user requested only user attributes. We'll let the
* plugin decide whether to be naughty or not.
*/
rc = compute_evaluator( &ctx, "*",
rs->sr_entry, slapi_int_compute_output_ber );
}
if ( rc == 1 ) {
if ( op->o_res_ber == NULL ) ber_free_buf( ber );
send_ldap_error( op, rs, LDAP_OTHER, "computed attribute error" );
goto error_return;
}
}
#endif /* LDAP_SLAPI */
/* free e_flags */
if ( e_flags ) {
slap_sl_free( e_flags, op->o_tmpmemctx );
@ -1318,12 +1215,6 @@ slap_send_search_reference( Operation *op, SlapReply *rs )
"=> send_search_reference: dn=\"%s\"\n",
rs->sr_entry ? rs->sr_entry->e_name.bv_val : "(null)", 0, 0 );
#ifdef notdef
rc = call_pre_referral_plugins( op, rs );
if ( rc < 0 )
goto rel;
#endif /* LDAP_SLAPI */
if ( rs->sr_entry && ! access_allowed( op, rs->sr_entry,
ad_entry, NULL, ACL_READ, NULL ) )
{
@ -1522,9 +1413,6 @@ int slap_read_controls(
BerElement *ber = (BerElement *) &berbuf;
LDAPControl c;
Operation myop;
#ifdef LDAP_SLAPI
Slapi_PBlock *pb;
#endif
Debug( LDAP_DEBUG_ANY, "slap_read_controls: (%s) %s\n",
oid->bv_val, e->e_dn, 0 );
@ -1543,15 +1431,8 @@ int slap_read_controls(
myop = *op;
myop.o_bd = NULL;
myop.o_res_ber = ber;
#ifdef LDAP_SLAPI
pb = myop.o_pb;
myop.o_pb = NULL;
#endif
rc = slap_send_search_entry( &myop, rs );
#ifdef LDAP_SLAPI
myop.o_pb = pb;
#endif
if( rc ) return rc;
rc = ber_flatten2( ber, &c.ldctl_value, 0 );
@ -1638,148 +1519,3 @@ slap_attr_flags( AttributeName *an )
return flags;
}
#ifdef LDAP_SLAPI
static AttributeName *charray2anlist( Operation *op, char **attrs )
{
AttributeName *an;
int i;
if ( attrs != NULL ) {
for ( i = 0; attrs[i] != NULL; i++ )
;
an = (AttributeName *)op->o_tmpalloc( (i + 1) * sizeof(AttributeName), op->o_tmpmemctx );
for ( i = 0; attrs[i] != NULL; i++ ) {
const char *dummy;
an[i].an_name.bv_val = attrs[i];
an[i].an_name.bv_len = strlen( attrs[i] );
an[i].an_oc = NULL;
an[i].an_oc_exclude = 0;
slap_bv2ad( &an[i].an_name, &an[i].an_desc, &dummy );
}
} else {
an = NULL;
}
return an;
}
/*
* Call pre-response plugins. To avoid infinite recursion plugins
* should just set SLAPI_RESULT_CODE rather than sending a
* result if they wish to change the result. Similarly, pre-entry
* plugins can either abort sending the entry or change the list
* of sent attributes, but they can't call send_search_entry().
*/
static int call_pre_entry_plugins( Operation *op, SlapReply *rs, int *pAttributesOnly )
{
int rc;
char **attrs = NULL;
char **filteredAttributes = NULL;
Slapi_PBlock *pb;
if ( op->o_callback != NULL || op->o_pb == NULL ) {
return 0;
}
/*
* A new parameter block is allocated to avoid trampling on the
* operation SLAPI state.
*/
pb = slapi_pblock_new();
slapi_int_pblock_set_operation( pb, op );
slapi_pblock_set( pb, SLAPI_RESCONTROLS, (void *)rs->sr_ctrls );
attrs = anlist2charray_x( op->ors_attrs, 0, op->o_tmpmemctx );
slapi_pblock_set( pb, SLAPI_SEARCH_ATTRS, (void *)attrs );
slapi_pblock_set( pb, SLAPI_SEARCH_ATTRSONLY, (void *)*pAttributesOnly );
slapi_pblock_set( pb, SLAPI_SEARCH_RESULT_ENTRY, (void *)rs->sr_entry );
rc = slapi_int_call_plugins( op->o_bd, SLAPI_PLUGIN_PRE_ENTRY_FN, pb );
if ( rc < 0 ) {
slapi_pblock_destroy( pb );
return rc;
}
slapi_pblock_get( pb, SLAPI_RESCONTROLS, (void **)&rs->sr_ctrls );
slapi_pblock_get( pb, SLAPI_SEARCH_ATTRS, (void **)&filteredAttributes );
slapi_pblock_get( pb, SLAPI_SEARCH_ATTRSONLY, (void **)pAttributesOnly );
slapi_pblock_get( pb, SLAPI_SEARCH_RESULT_ENTRY, (void **)&rs->sr_entry );
if ( filteredAttributes != attrs ) {
/*
* Support for filtering attributes; useful for implementing
* replication providers
*/
rs->sr_attrs = charray2anlist( op, filteredAttributes );
slapi_ch_free( (void **)&filteredAttributes );
}
slapi_pblock_set( pb, SLAPI_RESCONTROLS, NULL );
slapi_pblock_destroy( pb );
return rc;
}
static int call_pre_result_plugins( Operation *op, SlapReply *rs )
{
int rc;
if ( op->o_callback != NULL || op->o_pb == NULL ) {
return 0;
}
slapi_pblock_set( op->o_pb, SLAPI_RESCONTROLS, (void *)rs->sr_ctrls );
slapi_pblock_set( op->o_pb, SLAPI_RESULT_CODE, (void *)rs->sr_err );
slapi_pblock_set( op->o_pb, SLAPI_RESULT_TEXT, (void *)rs->sr_text );
slapi_pblock_set( op->o_pb, SLAPI_RESULT_MATCHED, (void *)rs->sr_matched );
rc = slapi_int_call_plugins( op->o_bd, SLAPI_PLUGIN_PRE_RESULT_FN, op->o_pb );
if ( rc < 0 ) {
return rc;
}
slapi_pblock_get( op->o_pb, SLAPI_RESCONTROLS, (void **)&rs->sr_ctrls );
slapi_pblock_get( op->o_pb, SLAPI_RESULT_CODE, (void **)&rs->sr_err );
slapi_pblock_get( op->o_pb, SLAPI_RESULT_TEXT, (void **)&rs->sr_text );
slapi_pblock_get( op->o_pb, SLAPI_RESULT_MATCHED, (void **)&rs->sr_matched );
slapi_pblock_set( op->o_pb, SLAPI_RESCONTROLS, NULL );
return rc;
}
static int call_pre_referral_plugins( Operation *op, SlapReply *rs )
{
int rc;
Slapi_PBlock *pb;
if ( op->o_callback != NULL || op->o_pb == NULL ) {
return 0;
}
/*
* A new parameter block is allocated to avoid trampling on the
* operation SLAPI state.
*/
pb = slapi_pblock_new();
slapi_int_pblock_set_operation( pb, op );
slapi_pblock_set( pb, SLAPI_RESCONTROLS, (void *)rs->sr_ctrls );
slapi_pblock_set( pb, SLAPI_SEARCH_RESULT_ENTRY, (void *)rs->sr_entry );
rc = slapi_int_call_plugins( op->o_bd, SLAPI_PLUGIN_PRE_REFERRAL_FN, pb );
if ( rc < 0 ) {
return rc;
}
slapi_pblock_get( pb, SLAPI_RESCONTROLS, (void **)&rs->sr_ctrls );
slapi_pblock_get( pb, SLAPI_SEARCH_RESULT_ENTRY, (void **)&rs->sr_entry );
slapi_pblock_set( pb, SLAPI_RESCONTROLS, NULL );
slapi_pblock_destroy( pb );
return rc;
}
#endif /* LDAP_SLAPI */

148
servers/slapd/search.c
View file

@ -33,15 +33,6 @@
#include "lutil.h"
#include "slap.h"
#ifdef LDAP_SLAPI
#include "slapi/slapi.h"
static void init_search_pblock( Operation *op, char **attrs, int managedsait );
static int call_search_preop_plugins( Operation *op );
static int call_search_rewrite_plugins( Operation *op );
static void call_search_postop_plugins( Operation *op );
#endif /* LDAPI_SLAPI */
int
do_search(
Operation *op, /* info about the op to which we're responding */
@ -247,9 +238,6 @@ fe_op_search( Operation *op, SlapReply *rs )
{
int manageDSAit;
int be_manageDSAit;
#ifdef LDAP_SLAPI
char **attrs = NULL;
#endif
manageDSAit = get_manageDSAit( op );
@ -270,15 +258,6 @@ fe_op_search( Operation *op, SlapReply *rs )
goto return_results;
}
#ifdef LDAP_SLAPI
if ( op->o_pb ) {
attrs = anlist2charray_x( op->ors_attrs, 0, op->o_tmpmemctx );
init_search_pblock( op, attrs, manageDSAit );
rs->sr_err = call_search_preop_plugins( op );
if ( rs->sr_err ) break;
call_search_rewrite_plugins( op );
}
#endif /* LDAP_SLAPI */
rs->sr_err = root_dse_info( op->o_conn, &entry, &rs->sr_text );
} else if ( bvmatch( &op->o_req_ndn, &frontendDB->be_schemandn ) ) {
@ -288,23 +267,11 @@ fe_op_search( Operation *op, SlapReply *rs )
goto return_results;
}
#ifdef LDAP_SLAPI
if ( op->o_pb ) {
attrs = anlist2charray_x( op->ors_attrs, 0, op->o_tmpmemctx );
init_search_pblock( op, attrs, manageDSAit );
rs->sr_err = call_search_preop_plugins( op );
if ( rs->sr_err ) break;
call_search_rewrite_plugins( op );
}
#endif /* LDAP_SLAPI */
rs->sr_err = schema_info( &entry, &rs->sr_text );
}
if( rs->sr_err != LDAP_SUCCESS ) {
send_ldap_result( op, rs );
#ifdef LDAP_SLAPI
if ( op->o_pb ) call_search_postop_plugins( op );
#endif /* LDAP_SLAPI */
goto return_results;
} else if ( entry != NULL ) {
@ -322,9 +289,6 @@ fe_op_search( Operation *op, SlapReply *rs )
rs->sr_err = LDAP_SUCCESS;
send_ldap_result( op, rs );
#ifdef LDAP_SLAPI
if ( op->o_pb ) call_search_postop_plugins( op );
#endif /* LDAP_SLAPI */
goto return_results;
}
break;
@ -374,19 +338,6 @@ fe_op_search( Operation *op, SlapReply *rs )
goto return_results;
}
#ifdef LDAP_SLAPI
if ( op->o_pb ) {
attrs = anlist2charray_x( op->ors_attrs, 0, op->o_tmpmemctx );
init_search_pblock( op, attrs, manageDSAit );
rs->sr_err = call_search_preop_plugins( op );
if ( rs->sr_err != LDAP_SUCCESS ) {
goto return_results;
}
call_search_rewrite_plugins( op );
}
#endif /* LDAP_SLAPI */
/* actually do the search and send the result(s) */
if ( op->o_bd->be_search ) {
if ( limits_check( op, rs ) == 0 ) {
@ -399,106 +350,7 @@ fe_op_search( Operation *op, SlapReply *rs )
"operation not supported within namingContext" );
}
#ifdef LDAP_SLAPI
if ( op->o_pb ) call_search_postop_plugins( op );
#endif /* LDAP_SLAPI */
#ifdef LDAP_SLAPI
if( attrs != NULL) op->o_tmpfree( attrs, op->o_tmpmemctx );
#endif /* LDAP_SLAPI */
return_results:;
return rs->sr_err;
}
#ifdef LDAP_SLAPI
static void init_search_pblock( Operation *op,
char **attrs, int managedsait )
{
slapi_int_pblock_set_operation( op->o_pb, op );
slapi_pblock_set( op->o_pb, SLAPI_SEARCH_TARGET, (void *)op->o_req_dn.bv_val );
slapi_pblock_set( op->o_pb, SLAPI_SEARCH_SCOPE, (void *)op->ors_scope );
slapi_pblock_set( op->o_pb, SLAPI_SEARCH_DEREF, (void *)op->ors_deref );
slapi_pblock_set( op->o_pb, SLAPI_SEARCH_SIZELIMIT, (void *)op->ors_slimit );
slapi_pblock_set( op->o_pb, SLAPI_SEARCH_TIMELIMIT, (void *)op->ors_tlimit );
slapi_pblock_set( op->o_pb, SLAPI_SEARCH_FILTER, (void *)op->ors_filter );
slapi_pblock_set( op->o_pb, SLAPI_SEARCH_STRFILTER, (void *)op->ors_filterstr.bv_val );
slapi_pblock_set( op->o_pb, SLAPI_SEARCH_ATTRS, (void *)attrs );
slapi_pblock_set( op->o_pb, SLAPI_SEARCH_ATTRSONLY, (void *)op->ors_attrsonly );
slapi_pblock_set( op->o_pb, SLAPI_MANAGEDSAIT, (void *)managedsait );
}
static int call_search_preop_plugins( Operation *op )
{
int rc;
rc = slapi_int_call_plugins( op->o_bd, SLAPI_PLUGIN_PRE_SEARCH_FN, op->o_pb );
if ( rc < 0 ) {
/*
* A preoperation plugin failure will abort the
* entire operation.
*/
Debug(LDAP_DEBUG_TRACE, "call_search_preop_plugins: search preoperation plugin "
"returned %d.\n", rc, 0, 0);
if ( ( slapi_pblock_get( op->o_pb, SLAPI_RESULT_CODE, (void *)&rc ) != 0 ) ||
rc == LDAP_SUCCESS ) {
rc = LDAP_OTHER;
}
} else {
rc = LDAP_SUCCESS;
}
return rc;
}
static int call_search_rewrite_plugins( Operation *op )
{
if ( slapi_int_call_plugins( op->o_bd, SLAPI_PLUGIN_COMPUTE_SEARCH_REWRITER_FN, op->o_pb ) == 0 ) {
int rc;
/*
* The plugin can set the SLAPI_SEARCH_FILTER.
* SLAPI_SEARCH_STRFILER is not normative.
*/
slapi_pblock_get( op->o_pb, SLAPI_SEARCH_FILTER, (void *)&op->ors_filter );
op->o_tmpfree( op->ors_filterstr.bv_val, op->o_tmpmemctx );
filter2bv_x( op, op->ors_filter, &op->ors_filterstr );
/*
* Also permit other search parameters to be reset. One thing
* this doesn't (yet) deal with is plugins that change a root
* DSE search to a non-root DSE search...
*/
slapi_pblock_get( op->o_pb, SLAPI_SEARCH_TARGET, (void **)&op->o_req_dn.bv_val );
op->o_req_dn.bv_len = strlen( op->o_req_dn.bv_val );
if( !BER_BVISNULL( &op->o_req_ndn ) ) {
slap_sl_free( op->o_req_ndn.bv_val, op->o_tmpmemctx );
}
rc = dnNormalize( 0, NULL, NULL, &op->o_req_dn, &op->o_req_ndn,
op->o_tmpmemctx );
if ( rc != LDAP_SUCCESS ) {
return rc;
}
slapi_pblock_get( op->o_pb, SLAPI_SEARCH_SCOPE, (void **)&op->ors_scope );
slapi_pblock_get( op->o_pb, SLAPI_SEARCH_DEREF, (void **)&op->ors_deref );
Debug( LDAP_DEBUG_ARGS, " after compute_rewrite_search filter: %s\n",
!BER_BVISEMPTY( &op->ors_filterstr ) ? op->ors_filterstr.bv_val : "empty", 0, 0 );
}
return LDAP_SUCCESS;
}
static void call_search_postop_plugins( Operation *op )
{
if ( slapi_int_call_plugins( op->o_bd, SLAPI_PLUGIN_POST_SEARCH_FN, op->o_pb ) < 0 ) {
Debug(LDAP_DEBUG_TRACE, "call_search_postop_plugins: search postoperation plugins "
"failed.\n", 0, 0, 0);
}
}
#endif /* LDAP_SLAPI */

8
servers/slapd/slap.h
View file

@ -1989,6 +1989,12 @@ typedef int (BI_has_subordinates) LDAP_P(( struct slap_op *op,
typedef int (BI_access_allowed) LDAP_P(( struct slap_op *op, Entry *e,
AttributeDescription *desc, struct berval *val, slap_access_t access,
AccessControlState *state, slap_mask_t *maskp ));
typedef int (BI_acl_group) LDAP_P(( struct slap_op *op, Entry *target,
struct berval *gr_ndn, struct berval *op_ndn,
ObjectClass *group_oc, AttributeDescription *group_at ));
typedef int (BI_acl_attribute) LDAP_P(( struct slap_op *op, Entry *target,
struct berval *entry_ndn, AttributeDescription *entry_at,
BerVarray *vals, slap_access_t access ));
#endif /* SLAP_OVERLAY_ACCESS */
typedef int (BI_connection_init) LDAP_P(( BackendDB *bd,
@ -2091,6 +2097,8 @@ struct slap_backend_info {
BI_has_subordinates *bi_has_subordinates;
#ifdef SLAP_OVERLAY_ACCESS
BI_access_allowed *bi_access_allowed;
BI_acl_group *bi_acl_group;
BI_acl_attribute *bi_acl_attribute;
#endif /* SLAP_OVERLAY_ACCESS */
BI_connection_init *bi_connection_init;

4
servers/slapd/slapi/Makefile.in
View file

@ -24,9 +24,9 @@ NT_OBJS = nt_err.lo
LIB_DEFS = -DSLAPI_LIBRARY
SRCS= plugin.c slapi_pblock.c slapi_utils.c printmsg.c slapi_ops.c slapi_ext.c \
SRCS= plugin.c slapi_pblock.c slapi_utils.c printmsg.c slapi_ops.c slapi_ext.c slapi_overlay.c \
$(@PLAT@_SRCS)
OBJS= plugin.lo slapi_pblock.lo slapi_utils.lo printmsg.lo slapi_ops.lo slapi_ext.lo \
OBJS= plugin.lo slapi_pblock.lo slapi_utils.lo printmsg.lo slapi_ops.lo slapi_ext.lo slapi_overlay.lo \
$(@PLAT@_SRCS)
XSRCS= version.c

11
servers/slapd/slapi/plugin.c
View file

@ -701,6 +701,14 @@ slapi_int_read_config(
fname, lineno );
return 1;
}
/* automatically instantiate overlay if necessary */
if ( !overlay_is_inst( be, "slapi" ) ) {
if ( overlay_config( be, "slapi" ) != 0 ) {
fprintf( stderr, "failed to instantiate SLAPI overlay\n");
return -1;
}
}
if ( strcasecmp( argv[1], "preoperation" ) == 0 ) {
iType = SLAPI_PLUGIN_PREOPERATION;
@ -813,6 +821,5 @@ slapi_int_initialize(void)
return -1;
}
return 0;
return slapi_int_overlay_init();
}

11
servers/slapd/slapi/slapi.h
View file

@ -83,15 +83,10 @@ typedef struct _ExtendedOp {
/* Computed attribute support */
struct _computed_attr_context {
/* slap_send_search_entry() argblock */
Slapi_PBlock *cac_pb;
AttributeName *cac_attrs;
int cac_attrsonly : 1;
int cac_userattrs : 1;
int cac_opattrs : 1;
AccessControlState cac_acl_state;
/* private data */
void *cac_private;
Operation *cac_op;
AccessControlState *cac_acl_state;
void *cac_private;
};
/* for slapi_attr_type_cmp() */

14
servers/slapd/slapi/slapi_ops.c
View file

@ -204,10 +204,10 @@ slapi_int_pblock_get_backend( Slapi_PBlock *pb, Operation *op )
}
static int
slapi_int_pblock_get_connection( Slapi_PBlock *pb, Connection *conn )
slapi_int_pblock_get_connection( Slapi_PBlock *pb, Operation *op )
{
char *connDn = NULL;
Operation *op;
Connection *conn = op->o_conn;
slapi_pblock_get( pb, SLAPI_X_CONN_SSF, (void **)&conn->c_ssf );
slapi_pblock_get( pb, SLAPI_X_CONN_SASL_CONTEXT, (void **)&conn->c_sasl_authctx );
@ -251,11 +251,6 @@ slapi_int_pblock_get_operation( Slapi_PBlock *pb, Operation *op, SlapReply *rs )
return rc;
}
rc = slapi_int_pblock_get_connection( pb, op->o_conn );
if ( rc != LDAP_SUCCESS ) {
return rc;
}
rc = slapi_int_pblock_get_backend( pb, op );
if ( rc != LDAP_SUCCESS ) {
return rc;
@ -276,6 +271,11 @@ slapi_int_pblock_get_operation( Slapi_PBlock *pb, Operation *op, SlapReply *rs )
op->o_dn = op->o_ndn;
}
rc = slapi_int_pblock_get_connection( pb, op );
if ( rc != LDAP_SUCCESS ) {
return rc;
}
slapi_pblock_get( pb, SLAPI_REQCONTROLS, (void **)&controls );
rc = slapi_int_get_ctrls( op, rs, controls );
if ( rc != LDAP_SUCCESS ) {

847
servers/slapd/slapi/slapi_overlay.c Normal file
View file

@ -0,0 +1,847 @@
/* glue.c - backend glue overlay */
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
* Copyright 2001-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted only as authorized by the OpenLDAP
* Public License.
*
* A copy of this license is available in the file LICENSE in the
* top-level directory of the distribution or, alternatively, at
* <http://www.OpenLDAP.org/license.html>.
*/
/* ACKNOWLEDGEMENTS:
* This work was initially developed by Luke Howard for inclusion
* in OpenLDAP Software.
*/
#include "portable.h"
#include <stdio.h>
#include <ac/string.h>
#include <ac/socket.h>
#include "slap.h"
#include "slapi.h"
#ifdef LDAP_SLAPI
static slap_overinst slapi;
static int
slapi_over_compute_output(
computed_attr_context *c,
Slapi_Attr *attribute,
Slapi_Entry *entry
)
{
int rc;
Attribute **a;
AttributeDescription *desc;
Operation *op = c->cac_op;
SlapReply *rs = (SlapReply *)c->cac_private;
if ( c == NULL || attribute == NULL || entry == NULL ) {
return 0;
}
assert( rs->sr_entry == entry );
desc = attribute->a_desc;
if ( rs->sr_attrs == NULL ) {
/* All attrs request, skip operational attributes */
if ( is_at_operational( desc->ad_type ) ) {
return 0;
}
} else {
/* Specific attributes requested */
if ( is_at_operational( desc->ad_type ) ) {
if ( !SLAP_OPATTRS( rs->sr_attr_flags ) &&
!ad_inlist( desc, rs->sr_attrs ) ) {
return 0;
}
} else {
if ( !SLAP_USERATTRS( rs->sr_attr_flags ) &&
!ad_inlist( desc, rs->sr_attrs ) ) {
return 0;
}
}
}
if ( !access_allowed( op, entry, desc, NULL, ACL_READ, c->cac_acl_state) ) {
slapi_log_error( SLAPI_LOG_ACL, "slapi_over_compute_output",
"acl: access to attribute %s not allowed\n",
desc->ad_cname.bv_val );
return 0;
}
for ( a = &rs->sr_operational_attrs; *a != NULL; a = &(*a)->a_next )
;
*a = attr_dup( attribute );
return 0;
}
static int
slapi_over_operational( Operation *op, SlapReply *rs )
{
/* Support for computed attribute plugins */
computed_attr_context ctx;
AttributeName *anp;
AccessControlState acl_state = ACL_STATE_INIT;
ctx.cac_pb = op->o_pb;
ctx.cac_op = op;
ctx.cac_private = rs;
ctx.cac_acl_state = &acl_state;
if ( rs->sr_entry != NULL ) {
/*
* For each client requested attribute, call the plugins.
*/
if ( rs->sr_attrs != NULL ) {
for ( anp = rs->sr_attrs; anp->an_name.bv_val != NULL; anp++ ) {
if ( compute_evaluator( &ctx, anp->an_name.bv_val,
rs->sr_entry, slapi_over_compute_output ) == 1 ) {
break;
}
}
} else {
/*
* Technically we shouldn't be returning operational attributes
* when the user requested only user attributes. We'll let the
* plugin decide whether to be naughty or not.
*/
compute_evaluator( &ctx, "*", rs->sr_entry, slapi_over_compute_output );
}
}
return SLAP_CB_CONTINUE;
}
static int
slapi_over_search( Operation *op, SlapReply *rs, int type )
{
int rc;
Slapi_PBlock *pb;
pb = slapi_pblock_new();
slapi_int_pblock_set_operation( pb, op );
slapi_pblock_set( pb, SLAPI_RESCONTROLS, (void *)rs->sr_ctrls );
slapi_pblock_set( pb, SLAPI_SEARCH_RESULT_ENTRY, (void *)rs->sr_entry );
rc = slapi_int_call_plugins( op->o_bd, type, pb );
if ( rc == 0 )
rc = SLAP_CB_CONTINUE;
if ( rs->sr_type == REP_SEARCH ) {
/* XXX we shouldn't need this here */
slapi_over_operational( op, rs );
}
slapi_pblock_set( op->o_pb, SLAPI_RESCONTROLS, NULL );
slapi_pblock_destroy(pb);
return rc;
}
static int
slapi_over_merge_controls( Operation *op, SlapReply *rs, Slapi_PBlock *pb)
{
LDAPControl **slapiControls = NULL, **resControls;
int nSlapiControls = 0;
int nResControls = 0;
int i;
/* merge in controls */
if ( rs->sr_ctrls != NULL ) {
for ( nResControls = 0; rs->sr_ctrls[nResControls] != NULL; nResControls++ )
;
}
slapi_pblock_get( op->o_pb, SLAPI_RESCONTROLS, (void **)&slapiControls );
if ( slapiControls != NULL ) {
for ( nSlapiControls = 0; slapiControls[nSlapiControls] != NULL; nSlapiControls++ )
;
}
/* XXX this is a bit tricky, rs->sr_ctrls may have been allocated on stack */
resControls = (LDAPControl **)op->o_tmpalloc( ( nResControls + nSlapiControls + 1 ) *
sizeof( LDAPControl *), op->o_tmpmemctx );
if ( resControls == NULL ) {
return LDAP_OTHER;
}
if ( rs->sr_ctrls != NULL ) {
for ( i = 0; i < nResControls; i++ )
resControls[i] = rs->sr_ctrls[i];
}
if ( slapiControls != NULL ) {
for ( i = 0; i < nSlapiControls; i++ )
resControls[nResControls + i] = slapiControls[i];
}
resControls[nResControls + nSlapiControls] = NULL;
if ( slapiControls != NULL ) {
slapi_ch_free( (void **)&slapiControls );
slapi_pblock_set( op->o_pb, SLAPI_RESCONTROLS, NULL ); /* don't free */
}
rs->sr_ctrls = resControls;
return LDAP_SUCCESS;
}
static int
slapi_over_result( Operation *op, SlapReply *rs )
{
int rc;
slapi_pblock_set( op->o_pb, SLAPI_RESULT_CODE, (void *)rs->sr_err );
slapi_pblock_set( op->o_pb, SLAPI_RESULT_TEXT, (void *)rs->sr_text );
slapi_pblock_set( op->o_pb, SLAPI_RESULT_MATCHED, (void *)rs->sr_matched );
rc = slapi_int_call_plugins( op->o_bd, SLAPI_PLUGIN_PRE_RESULT_FN, op->o_pb );
if ( rc < 0 ) {
return rc;
}
slapi_pblock_get( op->o_pb, SLAPI_RESULT_CODE, (void **)&rs->sr_err );
slapi_pblock_get( op->o_pb, SLAPI_RESULT_TEXT, (void **)&rs->sr_text );
slapi_pblock_get( op->o_pb, SLAPI_RESULT_MATCHED, (void **)&rs->sr_matched );
if ( rc == 0 ) {
rc = slapi_over_merge_controls( op, rs, op->o_pb );
}
if ( rc == 0 )
rc = SLAP_CB_CONTINUE;
return rc;
}
static int
slapi_op_add_init( Operation *op, SlapReply *rs, Slapi_PBlock *pb )
{
slapi_pblock_set( pb, SLAPI_ADD_ENTRY, (void *)op->ora_e );
return LDAP_SUCCESS;
}
static int
slapi_op_bind_init( Operation *op, SlapReply *rs, Slapi_PBlock *pb )
{
slapi_pblock_set( pb, SLAPI_BIND_TARGET, (void *)op->o_req_dn.bv_val );
slapi_pblock_set( pb, SLAPI_BIND_METHOD, (void *)op->orb_method );
slapi_pblock_set( pb, SLAPI_BIND_CREDENTIALS, (void *)&op->orb_cred );
slapi_pblock_set( pb, SLAPI_CONN_DN, NULL );
return LDAP_SUCCESS;
}
static int
slapi_op_bind_callback( Operation *op, SlapReply *rs, Slapi_PBlock *pb )
{
int rc = rs->sr_err;
switch ( rc ) {
case SLAPI_BIND_SUCCESS:
/* Continue with backend processing */
break;
case SLAPI_BIND_FAIL:
/* Failure, frontend (that's us) sends result */
rs->sr_err = LDAP_INVALID_CREDENTIALS;
send_ldap_result( op, rs );
return rs->sr_err;
break;
case SLAPI_BIND_ANONYMOUS: /* undocumented */
default:
/*
* Plugin sent authoritative result or no plugins were called
*/
if ( slapi_pblock_get( pb, SLAPI_RESULT_CODE, (void **)&rs->sr_err ) != 0 ) {
rs->sr_err = LDAP_OTHER;
}
BER_BVZERO( &op->orb_edn );
if ( rs->sr_err == LDAP_SUCCESS ) {
slapi_pblock_get( pb, SLAPI_CONN_DN, (void *)&op->orb_edn.bv_val );
if ( BER_BVISNULL( &op->orb_edn ) ) {
if ( rc == 1 ) {
/* No plugins were called; continue processing */
return LDAP_SUCCESS;
}
} else {
op->orb_edn.bv_len = strlen( op->orb_edn.bv_val );
}
rs->sr_err = dnPrettyNormal( NULL, &op->orb_edn,
&op->o_req_dn, &op->o_req_ndn, op->o_tmpmemctx );
ldap_pvt_thread_mutex_lock( &op->o_conn->c_mutex );
ber_dupbv(&op->o_conn->c_dn, &op->o_req_dn);
ber_dupbv(&op->o_conn->c_ndn, &op->o_req_ndn);
op->o_tmpfree( op->o_req_dn.bv_val, op->o_tmpmemctx );
BER_BVZERO( &op->o_req_dn );
op->o_tmpfree( op->o_req_ndn.bv_val, op->o_tmpmemctx );
BER_BVZERO( &op->o_req_ndn );
if ( !BER_BVISEMPTY( &op->o_conn->c_dn ) ) {
ber_len_t max = sockbuf_max_incoming_auth;
ber_sockbuf_ctrl( op->o_conn->c_sb,
LBER_SB_OPT_SET_MAX_INCOMING, &max );
}
/* log authorization identity */
Statslog( LDAP_DEBUG_STATS,
"%s BIND dn=\"%s\" mech=%s (SLAPI) ssf=0\n",
op->o_log_prefix,
BER_BVISNULL( &op->o_conn->c_dn )
? "<empty>" : op->o_conn->c_dn.bv_val,
op->orb_tmp_mech.bv_val, 0, 0 );
return -1;
}
break;
}
return rc;
}
static int
slapi_op_compare_init( Operation *op, SlapReply *rs, Slapi_PBlock *pb )
{
slapi_pblock_set( pb, SLAPI_COMPARE_TYPE, (void *)op->orc_ava->aa_desc->ad_cname.bv_val );
slapi_pblock_set( pb, SLAPI_COMPARE_VALUE, (void *)&op->orc_ava->aa_value );
return LDAP_SUCCESS;
}
static int
slapi_op_modify_init( Operation *op, SlapReply *rs, Slapi_PBlock *pb )
{
LDAPMod **modv = NULL;
modv = slapi_int_modifications2ldapmods( &op->orm_modlist );
slapi_pblock_set( pb, SLAPI_MODIFY_MODS, (void *)modv );
return LDAP_SUCCESS;
}
static int
slapi_op_modify_callback( Operation *op, SlapReply *rs, Slapi_PBlock *pb )
{
LDAPMod **modv = NULL;
/* check preoperation result code */
if ( rs->sr_err < 0 ) {
slapi_pblock_get( pb, SLAPI_RESULT_CODE, (void **)&rs->sr_err );
return rs->sr_err;
}
/*
* NB: it is valid for the plugin to return no modifications
* (for example, a plugin might store some attributes elsewhere
* and remove them from the modification list; if only those
* attribute types were included in the modification request,
* then slapi_int_ldapmods2modifications() above will return
* NULL).
*
* However, the post-operation plugin should still be
* called.
*/
slapi_pblock_get( pb, SLAPI_MODIFY_MODS, (void **)&modv );
op->orm_modlist = slapi_int_ldapmods2modifications( modv );
return LDAP_SUCCESS;
}
static int
slapi_op_modify_cleanup( Operation *op, SlapReply *rs, Slapi_PBlock *pb )
{
LDAPMod **modv = NULL;
slapi_pblock_get( pb, SLAPI_MODIFY_MODS, (void **)&modv );
if ( modv != NULL )
slapi_int_free_ldapmods( modv );
return LDAP_SUCCESS;
}
static int
slapi_op_modrdn_init( Operation *op, SlapReply *rs, Slapi_PBlock *pb )
{
slapi_pblock_set( pb, SLAPI_MODRDN_NEWRDN, (void *)op->orr_newrdn.bv_val );
slapi_pblock_set( pb, SLAPI_MODRDN_NEWSUPERIOR, (void *)op->orr_newSup->bv_val );
slapi_pblock_set( pb, SLAPI_MODRDN_DELOLDRDN, (void *)op->orr_deleteoldrdn );
return LDAP_SUCCESS;
}
static int
slapi_op_search_init( Operation *op, SlapReply *rs, Slapi_PBlock *pb )
{
char **attrs;
attrs = anlist2charray_x( op->ors_attrs, 0, op->o_tmpmemctx );
slapi_pblock_set( pb, SLAPI_SEARCH_SCOPE, (void *)op->ors_scope );
slapi_pblock_set( pb, SLAPI_SEARCH_DEREF, (void *)op->ors_deref );
slapi_pblock_set( pb, SLAPI_SEARCH_SIZELIMIT, (void *)op->ors_slimit );
slapi_pblock_set( pb, SLAPI_SEARCH_TIMELIMIT, (void *)op->ors_tlimit );
slapi_pblock_set( pb, SLAPI_SEARCH_FILTER, (void *)op->ors_filter );
slapi_pblock_set( pb, SLAPI_SEARCH_STRFILTER, (void *)op->ors_filterstr.bv_val );
slapi_pblock_set( pb, SLAPI_SEARCH_ATTRS, (void *)attrs );
slapi_pblock_set( pb, SLAPI_SEARCH_ATTRSONLY, (void *)op->ors_attrsonly );
return LDAP_SUCCESS;
}
static int
slapi_op_search_callback( Operation *op, SlapReply *rs, Slapi_PBlock *pb )
{
/* check preoperation result code */
if ( rs->sr_err < 0 ) {
slapi_pblock_get( pb, SLAPI_RESULT_CODE, (void **)&rs->sr_err );
return rs->sr_err;
}
if ( slapi_int_call_plugins( op->o_bd, SLAPI_PLUGIN_COMPUTE_SEARCH_REWRITER_FN, pb ) != 0 ) {
return LDAP_SUCCESS;
}
/*
* The plugin can set the SLAPI_SEARCH_FILTER.
* SLAPI_SEARCH_STRFILER is not normative.
*/
slapi_pblock_get( pb, SLAPI_SEARCH_FILTER, (void *)&op->ors_filter );
op->o_tmpfree( op->ors_filterstr.bv_val, op->o_tmpmemctx );
filter2bv_x( op, op->ors_filter, &op->ors_filterstr );
slapi_pblock_get( pb, SLAPI_SEARCH_TARGET, (void **)&op->o_req_dn.bv_val );
op->o_req_dn.bv_len = strlen( op->o_req_dn.bv_val );
if( !BER_BVISNULL( &op->o_req_ndn ) ) {
slap_sl_free( op->o_req_ndn.bv_val, op->o_tmpmemctx );
}
rs->sr_err = dnNormalize( 0, NULL, NULL, &op->o_req_dn, &op->o_req_ndn,
op->o_tmpmemctx );
if ( rs->sr_err != LDAP_SUCCESS ) {
send_ldap_result( op, rs );
return rs->sr_err;
}
slapi_pblock_get( pb, SLAPI_SEARCH_SCOPE, (void **)&op->ors_scope );
slapi_pblock_get( pb, SLAPI_SEARCH_DEREF, (void **)&op->ors_deref );
return LDAP_SUCCESS;
}
static int
slapi_op_search_cleanup( Operation *op, SlapReply *rs, Slapi_PBlock *pb )
{
char **attrs = NULL;
slapi_pblock_get( pb, SLAPI_SEARCH_ATTRS, (void *)&attrs );
if ( attrs != NULL )
op->o_tmpfree( attrs, op->o_tmpmemctx );
return LDAP_SUCCESS;
}
typedef int (slapi_over_callback)( Operation *, SlapReply *rs, Slapi_PBlock * );
struct slapi_op_info {
int soi_preop;
int soi_postop;
slapi_over_callback *soi_init;
slapi_over_callback *soi_callback;
slapi_over_callback *soi_cleanup;
} slapi_op_dispatch_table[] = {
{
SLAPI_PLUGIN_PRE_BIND_FN,
SLAPI_PLUGIN_POST_BIND_FN,
slapi_op_bind_init,
slapi_op_bind_callback,
NULL
},
{
SLAPI_PLUGIN_PRE_UNBIND_FN, /* UNBIND */
SLAPI_PLUGIN_POST_UNBIND_FN,
NULL,
NULL,
NULL
},
{
SLAPI_PLUGIN_PRE_SEARCH_FN,
SLAPI_PLUGIN_POST_SEARCH_FN,
slapi_op_search_init,
slapi_op_search_callback,
slapi_op_search_cleanup
},
{
SLAPI_PLUGIN_PRE_COMPARE_FN,
SLAPI_PLUGIN_POST_COMPARE_FN,
slapi_op_compare_init,
NULL,
NULL
},
{
SLAPI_PLUGIN_PRE_MODIFY_FN,
SLAPI_PLUGIN_POST_MODIFY_FN,
slapi_op_modify_init,
slapi_op_modify_callback,
slapi_op_modify_cleanup
},
{
SLAPI_PLUGIN_PRE_MODRDN_FN,
SLAPI_PLUGIN_POST_MODRDN_FN,
slapi_op_modrdn_init,
NULL,
NULL
},
{
SLAPI_PLUGIN_PRE_ADD_FN,
SLAPI_PLUGIN_POST_ADD_FN,
slapi_op_add_init,
NULL,
NULL
},
{
SLAPI_PLUGIN_PRE_DELETE_FN,
SLAPI_PLUGIN_POST_DELETE_FN,
NULL,
NULL,
NULL
},
{
SLAPI_PLUGIN_PRE_ABANDON_FN,
SLAPI_PLUGIN_POST_ABANDON_FN,
NULL,
NULL,
NULL
},
{
0,
0,
NULL,
NULL,
NULL
}
};
slap_operation_t
slapi_tag2op( ber_tag_t tag )
{
slap_operation_t op;
switch ( tag ) {
case LDAP_REQ_BIND:
op = op_bind;
break;
case LDAP_REQ_ADD:
op = op_add;
break;
case LDAP_REQ_DELETE:
op = op_compare;
break;
case LDAP_REQ_MODRDN:
op = op_modrdn;
break;
case LDAP_REQ_MODIFY:
op = op_modify;
break;
case LDAP_REQ_COMPARE:
op = op_compare;
break;
case LDAP_REQ_SEARCH:
op = op_search;
break;
case LDAP_REQ_UNBIND:
op = op_unbind;
break;
default:
op = op_last;
break;
}
return op;
}
static int
slapi_op_response( Operation *op, SlapReply *rs )
{
int rc;
switch ( rs->sr_type ) {
case REP_RESULT:
rc = slapi_over_result( op, rs );
break;
case REP_SEARCH:
rc = slapi_over_search( op, rs, SLAPI_PLUGIN_PRE_ENTRY_FN );
break;
case REP_SEARCHREF:
rc = slapi_over_search( op, rs, SLAPI_PLUGIN_PRE_REFERRAL_FN );
break;
default:
rc = SLAP_CB_CONTINUE;
break;
}
return rc;
}
static int
slapi_op_cleanup( Operation *op, SlapReply *rs )
{
struct slapi_op_info *opinfo;
Slapi_PBlock *pb = op->o_pb;
assert( pb != NULL );
if ( rs->sr_type != REP_RESULT ) {
return SLAP_CB_CONTINUE;
}
opinfo = (struct slapi_op_info *)op->o_callback->sc_private;
/* call post-operation plugins */
slapi_int_call_plugins( op->o_bd, opinfo->soi_postop, pb );
if ( opinfo->soi_cleanup != NULL ) {
(opinfo->soi_cleanup)( op, rs, pb );
}
return SLAP_CB_CONTINUE;
}
static int
slapi_op_func( Operation *op, SlapReply *rs )
{
Slapi_PBlock *pb = op->o_pb;
slap_operation_t which;
struct slapi_op_info *opinfo;
int rc, flags = 0;
slap_overinfo *oi;
slap_overinst *on;
slap_callback *cb;
/*
* We check for op->o_extensions to verify that we are not
* processing a SLAPI internal operation. XXX
*/
if ( op->o_pb == NULL || op->o_extensions == NULL ) {
return SLAP_CB_CONTINUE;
}
/*
* Find the SLAPI operation information for this LDAP
* operation; this will contain the preop and postop
* plugin types, as well as any additional information
* we need to complete.
*/
which = slapi_tag2op( op->o_tag );
if ( which >= op_last ) {
return SLAP_CB_CONTINUE;
}
opinfo = &slapi_op_dispatch_table[which];
if ( opinfo == NULL || opinfo->soi_preop == 0 ) {
return SLAP_CB_CONTINUE;
}
slapi_int_pblock_set_operation( pb, op );
/*
* soi_init is responsible for setting any operation-specific
* pblock parameters ("pre-preoperation plugin")
*/
if ( opinfo->soi_init != NULL ) {
rs->sr_err = (opinfo->soi_init)( op, rs, pb );
if ( rs->sr_err != LDAP_SUCCESS )
return rs->sr_err;
}
/*
* Call preoperation plugins
*/
rs->sr_err = slapi_int_call_plugins( op->o_bd, opinfo->soi_preop, pb );
/*
* Setup callback so postoperation plugins will get called;
* don't do this before, because if a preop plugin fails then
* the postop plugin shouldn't be called
*/
cb = op->o_tmpcalloc(1, sizeof(slap_callback), op->o_tmpmemctx);
cb->sc_response = slapi_op_response;
cb->sc_cleanup = slapi_op_cleanup;
cb->sc_private = opinfo;
cb->sc_next = op->o_callback;
op->o_callback = cb;
/*
* soi_callback is responsible for examining the result code
* of the preoperation plugin and determining whether to
* abort. This is needed because of special SLAPI behaviour
* with bind preoperation plugins.
*
* The soi_callback function is also used to reset any values
* returned from the preoperation plugin before calling the
* backend (for the success case).
*/
if ( opinfo->soi_callback == NULL ) {
if ( rs->sr_err < 0 ) {
slapi_pblock_get( pb, SLAPI_RESULT_CODE, (void **)&rs->sr_err );
return rs->sr_err;
}
} else {
rc = (opinfo->soi_callback)( op, rs, pb );
if ( rc )
return rs->sr_err;
}
if ( rs->sr_err == 0 ) {
rs->sr_err = SLAP_CB_CONTINUE;
}
return rs->sr_err;
}
static int
slapi_over_extended( Operation *op, SlapReply *rs )
{
Slapi_PBlock *pb = op->o_pb;
SLAPI_FUNC callback;
int sentResult = 0;
int rc;
struct berval reqdata = BER_BVNULL;
slapi_int_get_extop_plugin( &op->ore_reqoid, &callback );
if ( callback == NULL ) {
return SLAP_CB_CONTINUE;
}
slapi_int_pblock_set_operation( pb, op );
if ( op->ore_reqdata != NULL ) {
reqdata = *op->ore_reqdata;
}
slapi_pblock_set( pb, SLAPI_EXT_OP_REQ_OID, (void *)op->ore_reqoid.bv_val);
slapi_pblock_set( pb, SLAPI_EXT_OP_REQ_VALUE, (void *)&reqdata);
rc = (*callback)( pb );
if ( rc == SLAPI_PLUGIN_EXTENDED_SENT_RESULT ) {
return rc;
} else if ( rc == SLAPI_PLUGIN_EXTENDED_NOT_HANDLED ) {
return SLAP_CB_CONTINUE;
}
slapi_pblock_get( pb, SLAPI_EXT_OP_RET_OID, (void **)&rs->sr_rspoid );
slapi_pblock_get( pb, SLAPI_EXT_OP_RET_VALUE, (void **)&rs->sr_rspdata );
rs->sr_err = rc;
send_ldap_extended( op, rs );
if ( rs->sr_rspoid != NULL )
slapi_ch_free_string( (char **)&rs->sr_rspoid );
if ( rs->sr_rspdata != NULL )
ber_bvfree( rs->sr_rspdata );
return rs->sr_err;
}
static int
slapi_over_access_allowed(
Operation *op,
Entry *e,
AttributeDescription *desc,
struct berval *val,
slap_access_t access,
AccessControlState *state,
slap_mask_t *maskp )
{
int rc;
rc = slapi_int_access_allowed( op, e, desc, val, access, state );
if ( rc != 0 )
rc = SLAP_CB_CONTINUE;
return rc;
}
#if 0
static int
slapi_over_acl_group(
Operation *op,
Entry *target,
struct berval *gr_ndn,
struct berval *op_ndn,
ObjectClass *group_oc,
AttributeDescription *group_at )
{
slapi_pblock_set( op->o_pb, SLAPI_X_GROUP_ENTRY, (void *)e );
slapi_pblock_set( op->o_pb, SLAPI_X_GROUP_OPERATION_DN, (void *)op_ndn->bv_val );
slapi_pblock_set( op->o_pb, SLAPI_X_GROUP_ATTRIBUTE, (void *)group_at->ad_cname.bv_val );
slapi_pblock_set( op->o_pb, SLAPI_X_GROUP_TARGET_ENTRY, (void *)target );
}
static int
slapi_over_compute_output_attr_access(computed_attr_context *c, Slapi_Attr *a, Slapi_Entry *e)
{
struct berval *nval = (struct berval *)c->cac_private;
return access_allowed( c->cac_op, e, a->a_desc, nval, ACL_AUTH, NULL ) == 0;
}
static int
slapi_over_acl_attribute(
Operation *op,
Entry *target,
struct berval *entry_ndn,
AttributeDescription *entry_at,
BerVarray *vals,
slap_access_t access )
{
computed_attr_context ctx;
ctx.cac_pb = op->o_pb;
ctx.cac_op = op;
ctx.cac_acl_state = NULL;
ctx.cac_private = nval;
}
#endif
int
slapi_int_overlay_init()
{
memset( &slapi, 0, sizeof(slapi) );
slapi.on_bi.bi_type = "slapi";
slapi.on_bi.bi_op_bind = slapi_op_func;
slapi.on_bi.bi_op_unbind = slapi_op_func;
slapi.on_bi.bi_op_search = slapi_op_func;
slapi.on_bi.bi_op_compare = slapi_op_func;
slapi.on_bi.bi_op_modify = slapi_op_func;
slapi.on_bi.bi_op_modrdn = slapi_op_func;
slapi.on_bi.bi_op_add = slapi_op_func;
slapi.on_bi.bi_op_delete = slapi_op_func;
slapi.on_bi.bi_op_abandon = slapi_op_func;
slapi.on_bi.bi_op_cancel = slapi_op_func;
slapi.on_bi.bi_extended = slapi_over_extended;
slapi.on_bi.bi_access_allowed = slapi_over_access_allowed;
slapi.on_bi.bi_operational = slapi_over_operational;
return overlay_register( &slapi );
}
#endif /* LDAP_SLAPI */

106
servers/slapd/slapi/slapi_utils.c
View file

@ -2616,6 +2616,14 @@ int slapi_int_pblock_set_operation( Slapi_PBlock *pb, Operation *op )
if ( rc != LDAP_SUCCESS )
return rc;
rc = slapi_pblock_set( pb, SLAPI_TARGET_DN, (void *)op->o_req_dn.bv_val );
if ( rc != LDAP_SUCCESS )
return rc;
rc = slapi_pblock_set( pb, SLAPI_MANAGEDSAIT, (void *)get_manageDSAit( op ) );
if ( rc != LDAP_SUCCESS )
return rc;
rc = slapi_pblock_get( pb, SLAPI_CONN_AUTHMETHOD, (void *)&opAuthType );
if ( rc == LDAP_SUCCESS && opAuthType != NULL ) {
/* Not quite sure what the point of this is. */
@ -3670,104 +3678,6 @@ void slapi_int_free_ldapmods (LDAPMod **mods)
* useful thing indeed.
*/
/*
* Write the computed attribute to a BerElement. Complementary
* functions need to be defined for anything that replaces
* op->o_callback->sc_sendentry, if you wish to make computed
* attributes available to it.
*/
int slapi_int_compute_output_ber(computed_attr_context *c, Slapi_Attr *a, Slapi_Entry *e)
{
#ifdef LDAP_SLAPI
Operation *op = NULL;
BerElement *ber;
AttributeDescription *desc = NULL;
int rc;
int i;
if ( c == NULL ) {
return 1;
}
if ( a == NULL ) {
return 1;
}
if ( e == NULL ) {
return 1;
}
rc = slapi_pblock_get( c->cac_pb, SLAPI_OPERATION, (void *)&op );
if ( rc != 0 || op == NULL ) {
return rc;
}
ber = (BerElement *)c->cac_private;
desc = a->a_desc;
if ( c->cac_attrs == NULL ) {
/* All attrs request, skip operational attributes */
if ( is_at_operational( desc->ad_type ) ) {
return 0;
}
} else {
/* Specific attrs requested */
if ( is_at_operational( desc->ad_type ) ) {
if ( !c->cac_opattrs && !ad_inlist( desc, c->cac_attrs ) ) {
return 0;
}
} else {
if ( !c->cac_userattrs && !ad_inlist( desc, c->cac_attrs ) ) {
return 0;
}
}
}
if ( !access_allowed( op, e, desc, NULL, ACL_READ, &c->cac_acl_state) ) {
slapi_log_error( SLAPI_LOG_ACL, "slapi_int_compute_output_ber",
"acl: access to attribute %s not allowed\n",
desc->ad_cname.bv_val );
return 0;
}
rc = ber_printf( ber, "{O[" /*]}*/ , &desc->ad_cname );
if (rc == -1 ) {
slapi_log_error( SLAPI_LOG_BER, "slapi_int_compute_output_ber",
"ber_printf failed\n");
return 1;
}
if ( !c->cac_attrsonly && a->a_vals != NULL ) {
for ( i = 0; a->a_vals[i].bv_val != NULL; i++ ) {
if ( !access_allowed( op, e,
desc, &a->a_vals[i], ACL_READ, &c->cac_acl_state)) {
slapi_log_error( SLAPI_LOG_ACL, "slapi_int_compute_output_ber",
"conn %lu "
"acl: access to %s, value %d not allowed\n",
op->o_connid, desc->ad_cname.bv_val, i );
continue;
}
if (( rc = ber_printf( ber, "O", &a->a_vals[i] )) == -1 ) {
slapi_log_error( SLAPI_LOG_BER, "slapi_int_compute_output_ber",
"ber_printf failed\n");
return 1;
}
}
}
if (( rc = ber_printf( ber, /*{[*/ "]N}" )) == -1 ) {
slapi_log_error( SLAPI_LOG_BER, "slapi_int_compute_output_ber",
"ber_printf failed\n" );
return 1;
}
return 0;
#else
return 1;
#endif
}
/*
* For some reason Sun don't use the normal plugin mechanism
* registration path to register an "evaluator" function (an