Commit ffe20229 authored by Luke Howard's avatar Luke Howard
Browse files

Move most of SLAPI frontend into overlay

parent 3df0f162
......@@ -37,10 +37,6 @@
#include "lber_pvt.h"
#include "lutil.h"
#ifdef LDAP_SLAPI
#include "slapi/slapi.h"
#endif /* LDAPI_SLAPI */
#define ACL_BUF_SIZE 1024 /* use most appropriate size */
/*
......@@ -207,16 +203,6 @@ slap_access_allowed(
assert( attr != NULL );
#ifdef LDAP_SLAPI
if ( op->o_pb != NULL ) {
ret = slapi_int_access_allowed( op, e, desc, val, access, state );
if ( ret == 0 ) {
/* ACL plugin denied access */
goto done;
}
}
#endif /* LDAP_SLAPI */
/* grant database root access */
if ( be_isroot( op ) ) {
Debug( LDAP_DEBUG_ACL, "<= root access granted\n", 0, 0, 0 );
......@@ -580,16 +566,6 @@ access_allowed_mask(
}
assert( be != NULL );
#ifdef LDAP_SLAPI
if ( op->o_pb != NULL ) {
ret = slapi_int_access_allowed( op, e, desc, val, access, state );
if ( ret == 0 ) {
/* ACL plugin denied access */
goto done;
}
}
#endif /* LDAP_SLAPI */
/* grant database root access */
if ( be_isroot( op ) ) {
Debug( LDAP_DEBUG_ACL, "<= root access granted\n", 0, 0, 0 );
......
......@@ -32,15 +32,6 @@
#include "slap.h"
#ifdef LDAP_SLAPI
#include "slapi/slapi.h"
static void init_add_pblock( Operation *op, struct berval *dn, Entry *e,
int manageDSAit );
static int call_add_preop_plugins( Operation *op );
static void call_add_postop_plugins( Operation *op );
#endif /* LDAP_SLAPI */
int
do_add( Operation *op, SlapReply *rs )
{
......@@ -273,10 +264,6 @@ fe_op_add( Operation *op, SlapReply *rs )
goto done;
}
#ifdef LDAP_SLAPI
if ( op->o_pb ) init_add_pblock( op, &op->o_req_dn, op->ora_e, manageDSAit );
#endif /* LDAP_SLAPI */
/*
* do the add if 1 && (2 || 3)
* 1) there is an add function implemented in this backend;
......@@ -331,20 +318,6 @@ fe_op_add( Operation *op, SlapReply *rs )
goto done;
}
#ifdef LDAP_SLAPI
/*
* Call the preoperation plugin here, because the entry
* will actually contain something.
*/
if ( op->o_pb ) {
rs->sr_err = call_add_preop_plugins( op );
if ( rs->sr_err != LDAP_SUCCESS ) {
/* plugin will have sent result */
goto done;
}
}
#endif /* LDAP_SLAPI */
#ifdef SLAPD_MULTIMASTER
if ( !repl_user )
#endif
......@@ -364,19 +337,6 @@ fe_op_add( Operation *op, SlapReply *rs )
#ifndef SLAPD_MULTIMASTER
} else {
BerVarray defref = NULL;
#ifdef LDAP_SLAPI
/*
* SLAPI_ADD_ENTRY will be empty, but this may be acceptable
* on replicas (for now, it involves the minimum code intrusion).
*/
if ( op->o_pb ) {
rs->sr_err = call_add_preop_plugins( op );
if ( rs->sr_err != LDAP_SUCCESS ) {
/* plugin will have sent result */
goto done;
}
}
#endif /* LDAP_SLAPI */
defref = op->o_bd->be_update_refs
? op->o_bd->be_update_refs : default_referral;
......@@ -400,24 +360,11 @@ fe_op_add( Operation *op, SlapReply *rs )
#endif /* SLAPD_MULTIMASTER */
}
} else {
#ifdef LDAP_SLAPI
if ( op->o_pb ) {
rs->sr_err = call_add_preop_plugins( op );
if ( rs->sr_err != LDAP_SUCCESS ) {
/* plugin will have sent result */
goto done;
}
}
#endif
Debug( LDAP_DEBUG_ARGS, " do_add: no backend support\n", 0, 0, 0 );
send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM,
"operation not supported within namingContext" );
}
#ifdef LDAP_SLAPI
if ( op->o_pb ) call_add_postop_plugins( op );
#endif /* LDAP_SLAPI */
done:;
return rc;
}
......@@ -660,51 +607,3 @@ slap_entry2mods(
return LDAP_SUCCESS;
}
#ifdef LDAP_SLAPI
static void init_add_pblock( Operation *op,
struct berval *dn, Entry *e, int manageDSAit )
{
slapi_int_pblock_set_operation( op->o_pb, op );
slapi_pblock_set( op->o_pb, SLAPI_ADD_TARGET, (void *)dn->bv_val );
slapi_pblock_set( op->o_pb, SLAPI_ADD_ENTRY, (void *)e );
slapi_pblock_set( op->o_pb, SLAPI_MANAGEDSAIT, (void *)manageDSAit );
}
static int call_add_preop_plugins( Operation *op )
{
int rc;
rc = slapi_int_call_plugins( op->o_bd, SLAPI_PLUGIN_PRE_ADD_FN, op->o_pb );
if ( rc < 0 ) {
/*
* A preoperation plugin failure will abort the
* entire operation.
*/
Debug(LDAP_DEBUG_TRACE,
"do_add: add preoperation plugin failed.\n",
0, 0, 0);
if (( slapi_pblock_get( op->o_pb, SLAPI_RESULT_CODE,
(void *)&rc ) != 0 ) || rc == LDAP_SUCCESS )
{
rc = LDAP_OTHER;
}
} else {
rc = LDAP_SUCCESS;
}
return rc;
}
static void call_add_postop_plugins( Operation *op )
{
int rc;
rc = slapi_int_call_plugins( op->o_bd, SLAPI_PLUGIN_POST_ADD_FN, op->o_pb );
if ( rc < 0 ) {
Debug(LDAP_DEBUG_TRACE,
"do_add: add postoperation plugin failed\n",
0, 0, 0);
}
}
#endif /* LDAP_SLAPI */
......@@ -37,15 +37,6 @@
#include "lutil.h"
#include "lber_pvt.h"
#ifdef LDAP_SLAPI
#include "slapi/slapi.h"
static void init_group_pblock( Operation *op, Entry *target,
Entry *e, struct berval *op_ndn, AttributeDescription *group_at );
static int call_group_preop_plugins( Operation *op );
static void call_group_postop_plugins( Operation *op );
#endif /* LDAP_SLAPI */
/*
* If a module is configured as dynamic, its header should not
* get included into slapd. While this is a general rule and does
......@@ -723,45 +714,13 @@ be_entry_release_rw(
int
backend_unbind( Operation *op, SlapReply *rs )
{
int i = 0;
BackendDB *be;
LDAP_STAILQ_FOREACH( be, &backendDB, be_next ) {
#if defined( LDAP_SLAPI )
if ( op->o_pb ) {
int rc;
if ( i == 0 ) slapi_int_pblock_set_operation( op->o_pb, op );
slapi_pblock_set( op->o_pb, SLAPI_BACKEND, (void *)be );
rc = slapi_int_call_plugins( be,
SLAPI_PLUGIN_PRE_UNBIND_FN, (Slapi_PBlock *)op->o_pb );
if ( rc < 0 ) {
/*
* A preoperation plugin failure will abort the
* entire operation.
*/
Debug(LDAP_DEBUG_TRACE,
"do_bind: Unbind preoperation plugin failed\n",
0, 0, 0);
return 0;
}
}
#endif /* defined( LDAP_SLAPI ) */
if ( be->be_unbind ) {
op->o_bd = be;
be->be_unbind( op, rs );
}
#if defined( LDAP_SLAPI )
if ( op->o_pb != NULL && slapi_int_call_plugins( be,
SLAPI_PLUGIN_POST_UNBIND_FN, (Slapi_PBlock *)op->o_pb ) < 0 )
{
Debug(LDAP_DEBUG_TRACE,
"do_unbind: Unbind postoperation plugins failed\n",
0, 0, 0);
}
#endif /* defined( LDAP_SLAPI ) */
i++;
}
return 0;
......@@ -1259,17 +1218,6 @@ backend_group(
rc = be_entry_get_rw( op, gr_ndn, group_oc, group_at, 0, &e );
}
if ( e ) {
#ifdef LDAP_SLAPI
if ( op->o_pb != NULL ) {
init_group_pblock( op, target, e, op_ndn, group_at );
rc = call_group_preop_plugins( op );
if ( rc == LDAP_SUCCESS ) {
goto done;
}
}
#endif /* LDAP_SLAPI */
a = attr_find( e->e_attrs, group_at );
if ( a ) {
/* If the attribute is a subtype of labeledURI, treat this as
......@@ -1379,10 +1327,6 @@ loopit:
rc = LDAP_NO_SUCH_OBJECT;
}
#ifdef LDAP_SLAPI
if ( op->o_pb ) call_group_postop_plugins( op );
#endif /* LDAP_SLAPI */
if ( op->o_tag != LDAP_REQ_BIND && !op->o_do_not_cache ) {
g = op->o_tmpalloc( sizeof( GroupAssertion ) + gr_ndn->bv_len,
op->o_tmpmemctx );
......@@ -1400,58 +1344,6 @@ done:
return rc;
}
#ifdef LDAP_SLAPI
static int backend_compute_output_attr(computed_attr_context *c, Slapi_Attr *a, Slapi_Entry *e)
{
BerVarray v;
int rc;
BerVarray *vals = (BerVarray *)c->cac_private;
Operation *op = NULL;
int i, j;
slapi_pblock_get( c->cac_pb, SLAPI_OPERATION, &op );
if ( op == NULL ) {
return 1;
}
if ( op->o_conn && access_allowed( op,
e, a->a_desc, NULL, ACL_AUTH,
&c->cac_acl_state ) == 0 ) {
return 1;
}
for ( i = 0; !BER_BVISNULL( &a->a_vals[i] ); i++ ) ;
v = op->o_tmpalloc( sizeof(struct berval) * (i+1),
op->o_tmpmemctx );
for ( i = 0, j = 0; !BER_BVISNULL( &a->a_vals[i] ); i++ ) {
if ( op->o_conn && access_allowed( op,
e, a->a_desc,
&a->a_nvals[i],
ACL_AUTH, &c->cac_acl_state ) == 0 ) {
continue;
}
ber_dupbv_x( &v[j],
&a->a_nvals[i], op->o_tmpmemctx );
if ( !BER_BVISNULL( &v[j] ) ) {
j++;
}
}
if ( j == 0 ) {
op->o_tmpfree( v, op->o_tmpmemctx );
*vals = NULL;
rc = 1;
} else {
BER_BVZERO( &v[j] );
*vals = v;
rc = 0;
}
return rc;
}
#endif /* LDAP_SLAPI */
int
backend_attribute(
Operation *op,
......@@ -1548,29 +1440,6 @@ backend_attribute(
rc = LDAP_SUCCESS;
}
}
#ifdef LDAP_SLAPI
else if ( op->o_pb ) {
/* try any computed attributes */
computed_attr_context ctx;
slapi_int_pblock_set_operation( op->o_pb, op );
ctx.cac_pb = op->o_pb;
ctx.cac_attrs = NULL;
ctx.cac_userattrs = 0;
ctx.cac_opattrs = 0;
ctx.cac_acl_state = acl_state;
ctx.cac_private = (void *)vals;
rc = compute_evaluator( &ctx, entry_at->ad_cname.bv_val, e, backend_compute_output_attr );
if ( rc == 1 ) {
rc = LDAP_INSUFFICIENT_ACCESS;
} else {
rc = LDAP_SUCCESS;
}
}
#endif /* LDAP_SLAPI */
freeit: if ( e != target ) {
be_entry_release_r( op, e );
}
......@@ -1583,21 +1452,6 @@ freeit: if ( e != target ) {
return rc;
}
#ifdef LDAP_SLAPI
static int backend_compute_output_attr_access(computed_attr_context *c, Slapi_Attr *a, Slapi_Entry *e)
{
struct berval *nval = (struct berval *)c->cac_private;
Operation *op = NULL;
slapi_pblock_get( c->cac_pb, SLAPI_OPERATION, &op );
if ( op == NULL ) {
return 1;
}
return access_allowed( op, e, a->a_desc, nval, ACL_AUTH, NULL ) == 0;
}
#endif /* LDAP_SLAPI */
int
backend_access(
Operation *op,
......@@ -1686,28 +1540,6 @@ backend_access(
}
rc = LDAP_SUCCESS;
}
#ifdef LDAP_SLAPI
else if ( op->o_pb ) {
/* try any computed attributes */
computed_attr_context ctx;
slapi_int_pblock_set_operation( op->o_pb, op );
ctx.cac_pb = op->o_pb;
ctx.cac_attrs = NULL;
ctx.cac_userattrs = 0;
ctx.cac_opattrs = 0;
ctx.cac_private = (void *)nval;
rc = compute_evaluator( &ctx, entry_at->ad_cname.bv_val, e, backend_compute_output_attr_access );
if ( rc == 1 ) {
rc = LDAP_INSUFFICIENT_ACCESS;
} else {
rc = LDAP_SUCCESS;
}
}
#endif /* LDAP_SLAPI */
}
freeit: if ( e != target ) {
be_entry_release_r( op, e );
......@@ -1769,42 +1601,3 @@ int backend_operational(
return rc;
}
#ifdef LDAP_SLAPI
static void init_group_pblock( Operation *op, Entry *target,
Entry *e, struct berval *op_ndn, AttributeDescription *group_at )
{
slapi_pblock_set( op->o_pb,
SLAPI_X_GROUP_ENTRY, (void *)e );
slapi_pblock_set( op->o_pb,
SLAPI_X_GROUP_OPERATION_DN, (void *)op_ndn->bv_val );
slapi_pblock_set( op->o_pb,
SLAPI_X_GROUP_ATTRIBUTE, (void *)group_at->ad_cname.bv_val );
slapi_pblock_set( op->o_pb,
SLAPI_X_GROUP_TARGET_ENTRY, (void *)target );
}
static int call_group_preop_plugins( Operation *op )
{
int rc;
rc = slapi_int_call_plugins( op->o_bd,
SLAPI_X_PLUGIN_PRE_GROUP_FN, op->o_pb );
if ( rc < 0 ) {
if (( slapi_pblock_get( op->o_pb, SLAPI_RESULT_CODE,
(void *)&rc ) != 0 ) || rc == LDAP_SUCCESS )
{
rc = LDAP_NO_SUCH_ATTRIBUTE;
}
} else {
rc = LDAP_SUCCESS;
}
return rc;
}
static void call_group_postop_plugins( Operation *op )
{
(void) slapi_int_call_plugins( op->o_bd, SLAPI_X_PLUGIN_POST_GROUP_FN, op->o_pb );
}
#endif /* LDAP_SLAPI */
......@@ -32,10 +32,6 @@
#include <ac/socket.h>
#include "slap.h"
#ifdef LDAP_SLAPI
#include "slapi/slapi.h"
#endif
int
do_bind(
......@@ -327,27 +323,6 @@ fe_op_bind( Operation *op, SlapReply *rs )
op->o_conn->c_sasl_bind_in_progress = 0;
}
#ifdef LDAP_SLAPI
#define pb op->o_pb
/*
* Normally post-operation plugins are called only after the
* backend operation. Because the front-end performs SASL
* binds on behalf of the backend, we'll make a special
* exception to call the post-operation plugins after a
* SASL bind.
*/
if ( pb ) {
slapi_int_pblock_set_operation( pb, op );
slapi_pblock_set( pb, SLAPI_BIND_TARGET, (void *)op->o_req_dn.bv_val );
slapi_pblock_set( pb, SLAPI_BIND_METHOD, (void *)op->orb_method );
slapi_pblock_set( pb,
SLAPI_BIND_CREDENTIALS, (void *)&op->orb_cred );
slapi_pblock_set( pb, SLAPI_MANAGEDSAIT, (void *)(0) );
(void) slapi_int_call_plugins( op->o_bd,
SLAPI_PLUGIN_POST_BIND_FN, pb );
}
#endif /* LDAP_SLAPI */
ldap_pvt_thread_mutex_unlock( &op->o_conn->c_mutex );
goto cleanup;
......@@ -476,84 +451,6 @@ fe_op_bind( Operation *op, SlapReply *rs )
goto cleanup;
}
#ifdef LDAP_SLAPI
if ( pb ) {
int rc;
slapi_int_pblock_set_operation( pb, op );
slapi_pblock_set( pb, SLAPI_BIND_TARGET, (void *)op->o_req_dn.bv_val );
slapi_pblock_set( pb, SLAPI_BIND_METHOD, (void *)op->orb_method );
slapi_pblock_set( pb, SLAPI_BIND_CREDENTIALS, (void *)&op->orb_cred );
slapi_pblock_set( pb, SLAPI_MANAGEDSAIT, (void *)(0) );
slapi_pblock_set( pb, SLAPI_CONN_DN, (void *)(0) );
rc = slapi_int_call_plugins( op->o_bd, SLAPI_PLUGIN_PRE_BIND_FN, pb );
Debug(LDAP_DEBUG_TRACE,
"do_bind: Bind preoperation plugin returned %d.\n",
rs->sr_err, 0, 0);
switch ( rc ) {
case SLAPI_BIND_SUCCESS:
/* Continue with backend processing */
break;
case SLAPI_BIND_FAIL:
/* Failure, server sends result */
rs->sr_err = LDAP_INVALID_CREDENTIALS;
send_ldap_result( op, rs );
goto cleanup;
break;
case SLAPI_BIND_ANONYMOUS:
/* SLAPI_BIND_ANONYMOUS is undocumented XXX */
default:
/* Authoritative, plugin sent result, or no plugins called. */
if ( slapi_pblock_get( op->o_pb, SLAPI_RESULT_CODE,
(void *)&rs->sr_err) != 0 )
{
rs->sr_err = LDAP_OTHER;
}
BER_BVZERO( &op->orb_edn );
if ( rs->sr_err == LDAP_SUCCESS ) {
slapi_pblock_get( pb, SLAPI_CONN_DN,
(void *)&op->orb_edn.bv_val );
if ( BER_BVISNULL( &op->orb_edn ) ) {
if ( rc == 1 ) {
/* No plugins were called; continue. */
break;
}
} else {
op->orb_edn.bv_len = strlen( op->orb_edn.bv_val );
}
rs->sr_err = dnPrettyNormal( NULL, &op->orb_edn,
&op->o_req_dn, &op->o_req_ndn, op->o_tmpmemctx );
ldap_pvt_thread_mutex_lock( &op->o_conn->c_mutex );
ber_dupbv(&op->o_conn->c_dn, &op->o_req_dn);
ber_dupbv(&op->o_conn->c_ndn, &op->o_req_ndn);
op->o_tmpfree( op->o_req_dn.bv_val, op->o_tmpmemctx );
BER_BVZERO( &op->o_req_dn );
op->o_tmpfree( op->o_req_ndn.bv_val, op->o_tmpmemctx );
BER_BVZERO( &op->o_req_ndn );
if ( !BER_BVISEMPTY( &op->o_conn->c_dn ) ) {
ber_len_t max = sockbuf_max_incoming_auth;
ber_sockbuf_ctrl( op->o_conn->c_sb,
LBER_SB_OPT_SET_MAX_INCOMING, &max );
}
/* log authorization identity */
Statslog( LDAP_DEBUG_STATS,
"%s BIND dn=\"%s\" mech=%s (SLAPI) ssf=0\n",
op->o_log_prefix,
BER_BVISNULL( &op->o_conn->c_dn )
? "<empty>" : op->o_conn->c_dn.bv_val,
mech.bv_val, 0, 0 );
ldap_pvt_thread_mutex_unlock( &op->o_conn->c_mutex );
}
goto cleanup;
break;
}
}
#endif /* LDAP_SLAPI */
if( op->o_bd->be_bind ) {
rs->sr_err = (op->o_bd->be_bind)( op, rs );
......@@ -604,16 +501,6 @@ fe_op_bind( Operation *op, SlapReply *rs )
"operation not supported within naming context" );
}
#ifdef LDAP_SLAPI
if ( pb != NULL &&
slapi_int_call_plugins( op->o_bd, SLAPI_PLUGIN_POST_BIND_FN, pb ) < 0 )
{
Debug(LDAP_DEBUG_TRACE,
"do_bind: Bind postoperation plugins failed.\n",
0, 0, 0);
}
#endif /* LDAP_SLAPI */
cleanup:;
return rs->sr_err;
}
......
......@@ -30,9 +30,6 @@
#include <ac/string.h>
#include "slap.h"
#ifdef LDAP_SLAPI
#include "slapi/slapi.h"
#endif
static int compare_entry(
Operation *op,
......@@ -240,35 +237,6 @@ fe_op_compare( Operation *op, SlapReply *rs )
op->o_log_prefix, op->o_req_dn.bv_val,
ava.aa_desc->ad_cname.bv_val, 0, 0 );
#if defined( LDAP_SLAPI )
#define pb op->o_pb
if ( pb ) {
slapi_int_pblock_set_operation( pb, op );
slapi_pblock_set( pb, SLAPI_COMPARE_TARGET, (void *)op->o_req_dn.bv_val );
slapi_pblock_set( pb, SLAPI_MANAGEDSAIT, (void *)manageDSAit );
slapi_pblock_set( pb, SLAPI_COMPARE_TYPE, (void *)ava.aa_desc->ad_cname.bv_val );