dyngroup.c 5.88 KB
Newer Older
Howard Chu's avatar
Howard Chu committed
1
2
/* dyngroup.c - Demonstration of overlay code */
/* $OpenLDAP$ */
Kurt Zeilenga's avatar
Kurt Zeilenga committed
3
4
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
 *
Quanah Gibson-Mount's avatar
Quanah Gibson-Mount committed
5
 * Copyright 2003-2020 The OpenLDAP Foundation.
Howard Chu's avatar
Howard Chu committed
6
 * Copyright 2003 by Howard Chu.
Kurt Zeilenga's avatar
Kurt Zeilenga committed
7
8
9
10
11
12
13
14
15
 * All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted only as authorized by the OpenLDAP
 * Public License.
 *
 * A copy of this license is available in the file LICENSE in the
 * top-level directory of the distribution or, alternatively, at
 * <http://www.OpenLDAP.org/license.html>.
Howard Chu's avatar
Howard Chu committed
16
 */
Kurt Zeilenga's avatar
Kurt Zeilenga committed
17
18
19
20
/* ACKNOWLEDGEMENTS:
 * This work was initially developed by Howard Chu for inclusion in
 * OpenLDAP Software.
 */
Howard Chu's avatar
Howard Chu committed
21
22
23

#include "portable.h"

Howard Chu's avatar
Howard Chu committed
24
25
#ifdef SLAPD_OVER_DYNGROUP

Howard Chu's avatar
Howard Chu committed
26
27
28
29
30
#include <stdio.h>

#include <ac/string.h>
#include <ac/socket.h>

Howard Chu's avatar
Howard Chu committed
31
#include "lutil.h"
Howard Chu's avatar
Howard Chu committed
32
#include "slap.h"
33
#include "config.h"
Howard Chu's avatar
Howard Chu committed
34
35
36
37
38
39
40
41
42
43
44
45
46
47

/* This overlay extends the Compare operation to detect members of a
 * dynamic group. It has no effect on any other operations. It must
 * be configured with a pair of attributes to trigger on, e.g.
 *	attrpair member memberURL
 * will cause compares on "member" to trigger a compare on "memberURL".
 */

typedef struct adpair {
	struct adpair *ap_next;
	AttributeDescription *ap_mem;
	AttributeDescription *ap_uri;
} adpair;

Howard Chu's avatar
Howard Chu committed
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
static int dgroup_cf( ConfigArgs *c )
{
	slap_overinst *on = (slap_overinst *)c->bi;
	int rc = 1;

	switch( c->op ) {
	case SLAP_CONFIG_EMIT:
		{
		adpair *ap;
		for ( ap = on->on_bi.bi_private; ap; ap = ap->ap_next ) {
			struct berval bv;
			char *ptr;
			bv.bv_len = ap->ap_mem->ad_cname.bv_len + 1 +
				ap->ap_uri->ad_cname.bv_len;
			bv.bv_val = ch_malloc( bv.bv_len + 1 );
			ptr = lutil_strcopy( bv.bv_val, ap->ap_mem->ad_cname.bv_val );
			*ptr++ = ' ';
			strcpy( ptr, ap->ap_uri->ad_cname.bv_val );
			ber_bvarray_add( &c->rvalue_vals, &bv );
			rc = 0;
		}
		}
		break;
	case LDAP_MOD_DELETE:
		if ( c->valx == -1 ) {
			adpair *ap;
			while (( ap = on->on_bi.bi_private )) {
				on->on_bi.bi_private = ap->ap_next;
				ch_free( ap );
			}
		} else {
			adpair **app, *ap;
			int i;
			app = (adpair **)&on->on_bi.bi_private;
			for (i=0; i<=c->valx; i++, app = &ap->ap_next) {
				ap = *app;
			}
			*app = ap->ap_next;
			ch_free( ap );
		}
		rc = 0;
		break;
	case SLAP_CONFIG_ADD:
	case LDAP_MOD_ADD:
		{
		adpair ap = { NULL, NULL, NULL }, *a2;
		const char *text;
		if ( slap_str2ad( c->argv[1], &ap.ap_mem, &text ) ) {
			snprintf( c->cr_msg, sizeof( c->cr_msg ), "%s attribute description unknown: \"%s\"",
				c->argv[0], c->argv[1] );
			Debug( LDAP_DEBUG_CONFIG|LDAP_DEBUG_NONE,
99
				"%s: %s\n", c->log, c->cr_msg );
Howard Chu's avatar
Howard Chu committed
100
101
102
103
104
105
			return ARG_BAD_CONF;
		}
		if ( slap_str2ad( c->argv[2], &ap.ap_uri, &text ) ) {
			snprintf( c->cr_msg, sizeof( c->cr_msg ), "%s attribute description unknown: \"%s\"",
				c->argv[0], c->argv[2] );
			Debug( LDAP_DEBUG_CONFIG|LDAP_DEBUG_NONE,
106
				"%s: %s\n", c->log, c->cr_msg );
Howard Chu's avatar
Howard Chu committed
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
			return ARG_BAD_CONF;
		}
		/* The on->on_bi.bi_private pointer can be used for
		 * anything this instance of the overlay needs.
		 */
		a2 = ch_malloc( sizeof(adpair) );
		a2->ap_next = on->on_bi.bi_private;
		a2->ap_mem = ap.ap_mem;
		a2->ap_uri = ap.ap_uri;
		on->on_bi.bi_private = a2;
		rc = 0;
		}
	}
	return rc;
}

static ConfigTable dgroupcfg[] = {
	{ "attrpair", "member-attribute> <URL-attribute", 3, 3, 0,
	  ARG_MAGIC, dgroup_cf,
126
	  "( OLcfgOvAt:17.1 NAME ( 'olcDynGroupAttrPair' 'olcDGAttrPair' ) "
127
	  "EQUALITY caseIgnoreMatch "
Howard Chu's avatar
Howard Chu committed
128
129
130
131
132
133
134
	  "DESC 'Member and MemberURL attribute pair' "
	  "SYNTAX OMsDirectoryString )", NULL, NULL },
	{ NULL, NULL, 0, 0, 0, ARG_IGNORED }
};

static ConfigOCs dgroupocs[] = {
	{ "( OLcfgOvOc:17.1 "
135
	  "NAME ( 'olcDynGroupConfig' 'olcDGConfig' ) "
Howard Chu's avatar
Howard Chu committed
136
137
	  "DESC 'Dynamic Group configuration' "
	  "SUP olcOverlayConfig "
138
	  "MAY olcDynGroupAttrPair)",
Howard Chu's avatar
Howard Chu committed
139
140
141
142
	  Cft_Overlay, dgroupcfg },
	{ NULL, 0, NULL }
};

Howard Chu's avatar
Howard Chu committed
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
static int
dyngroup_response( Operation *op, SlapReply *rs )
{
	slap_overinst *on = (slap_overinst *) op->o_bd->bd_info;
	adpair *ap = on->on_bi.bi_private;

	/* If we've been configured and the current response is
	 * what we're looking for...
	 */
	if ( ap && op->o_tag == LDAP_REQ_COMPARE &&
		rs->sr_err == LDAP_NO_SUCH_ATTRIBUTE ) {

		for (;ap;ap=ap->ap_next) {
			if ( op->oq_compare.rs_ava->aa_desc == ap->ap_mem ) {
				/* This compare is for one of the attributes we're
				 * interested in. We'll use slapd's existing dyngroup
				 * evaluator to get the answer we want.
				 */
				int cache = op->o_do_not_cache;
				
				op->o_do_not_cache = 1;
164
165
				rs->sr_err = backend_group( op, NULL, &op->o_req_ndn,
					&op->oq_compare.rs_ava->aa_value, NULL, ap->ap_uri );
Howard Chu's avatar
Howard Chu committed
166
				op->o_do_not_cache = cache;
167
168
				switch ( rs->sr_err ) {
				case LDAP_SUCCESS:
169
					rs->sr_err = LDAP_COMPARE_TRUE;
170
171
172
173
174
175
					break;

				case LDAP_NO_SUCH_OBJECT:
					rs->sr_err = LDAP_COMPARE_FALSE;
					break;
				}
Howard Chu's avatar
Howard Chu committed
176
177
178
179
180
181
182
183
184
				break;
			}
		}
	}
	/* Default is to just fall through to the normal processing */
	return SLAP_CB_CONTINUE;
}

static int
185
dyngroup_destroy(
186
	BackendDB *be,
187
	ConfigReply *cr
Howard Chu's avatar
Howard Chu committed
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
)
{
	slap_overinst *on = (slap_overinst *) be->bd_info;
	adpair *ap, *a2;

	for ( ap = on->on_bi.bi_private; ap; ap = a2 ) {
		a2 = ap->ap_next;
		ch_free( ap );
	}
	return 0;
}

static slap_overinst dyngroup;

/* This overlay is set up for dynamic loading via moduleload. For static
 * configuration, you'll need to arrange for the slap_overinst to be
 * initialized and registered by some other function inside slapd.
 */

207
int dyngroup_initialize() {
Howard Chu's avatar
Howard Chu committed
208
209
	int code;

Howard Chu's avatar
Howard Chu committed
210
	dyngroup.on_bi.bi_type = "dyngroup";
211
	dyngroup.on_bi.bi_flags = SLAPO_BFLAG_SINGLE;
212
	dyngroup.on_bi.bi_db_destroy = dyngroup_destroy;
Howard Chu's avatar
Howard Chu committed
213
214
	dyngroup.on_response = dyngroup_response;

Howard Chu's avatar
Howard Chu committed
215
216
217
218
	dyngroup.on_bi.bi_cf_ocs = dgroupocs;
	code = config_register_schema( dgroupcfg, dgroupocs );
	if ( code ) return code;

Howard Chu's avatar
Howard Chu committed
219
220
	return overlay_register( &dyngroup );
}
Howard Chu's avatar
Howard Chu committed
221
222

#if SLAPD_OVER_DYNGROUP == SLAPD_MOD_DYNAMIC
223
224
225
226
int
init_module( int argc, char *argv[] )
{
	return dyngroup_initialize();
Howard Chu's avatar
Howard Chu committed
227
228
229
230
}
#endif

#endif /* defined(SLAPD_OVER_DYNGROUP) */