Commit 05fbf1cc authored by Pierangelo Masarati's avatar Pierangelo Masarati
Browse files

add restrictedOperation to databases; modification to come soon

parent 25a054a4
......@@ -104,6 +104,7 @@ struct monitorinfo {
AttributeDescription *mi_ad_l;
AttributeDescription *mi_ad_labeledURI;
AttributeDescription *mi_ad_readOnly;
AttributeDescription *mi_ad_restrictedOperation;
};
/*
......
......@@ -36,6 +36,64 @@ static int monitor_back_add_plugin( Backend *be, Entry *e );
#include "../back-ldap/back-ldap.h"
#endif /* defined(SLAPD_LDAP) */
static struct restrict_ops_t {
struct berval op;
unsigned int tag;
} restrict_ops[] = {
{ BER_BVC( "add" ), SLAP_RESTRICT_OP_ADD },
{ BER_BVC( "bind" ), SLAP_RESTRICT_OP_BIND },
{ BER_BVC( "compare" ), SLAP_RESTRICT_OP_COMPARE },
{ BER_BVC( "delete" ), SLAP_RESTRICT_OP_DELETE },
{ BER_BVC( "extended" ), SLAP_RESTRICT_OP_EXTENDED },
{ BER_BVC( "modify" ), SLAP_RESTRICT_OP_MODIFY },
{ BER_BVC( "rename" ), SLAP_RESTRICT_OP_RENAME },
{ BER_BVC( "search" ), SLAP_RESTRICT_OP_SEARCH },
{ BER_BVNULL, 0 }
}, restrict_exops[] = {
{ BER_BVC( LDAP_EXOP_START_TLS ), SLAP_RESTRICT_EXOP_START_TLS },
{ BER_BVC( LDAP_EXOP_MODIFY_PASSWD ), SLAP_RESTRICT_EXOP_MODIFY_PASSWD },
{ BER_BVC( LDAP_EXOP_X_WHO_AM_I ), SLAP_RESTRICT_EXOP_WHOAMI },
{ BER_BVC( LDAP_EXOP_X_CANCEL ), SLAP_RESTRICT_EXOP_CANCEL },
{ BER_BVNULL, 0 }
};
static int
init_readOnly( struct monitorinfo *mi, Entry *e, slap_mask_t restrictops )
{
struct berval *tf = ( ( restrictops & SLAP_RESTRICT_OP_MASK ) == SLAP_RESTRICT_OP_WRITES ) ?
(struct berval *)&slap_true_bv : (struct berval *)&slap_false_bv;
return attr_merge_one( e, mi->mi_ad_readOnly, tf, tf );
}
static int
init_restrictedOperation( struct monitorinfo *mi, Entry *e, slap_mask_t restrictops )
{
int i, rc;
for ( i = 0; restrict_ops[ i ].op.bv_val; i++ ) {
if ( restrictops & restrict_ops[ i ].tag ) {
rc = attr_merge_one( e, mi->mi_ad_restrictedOperation,
&restrict_ops[ i ].op, &restrict_ops[ i ].op );
if ( rc ) {
return rc;
}
}
}
for ( i = 0; restrict_exops[ i ].op.bv_val; i++ ) {
if ( restrictops & restrict_exops[ i ].tag ) {
rc = attr_merge_one( e, mi->mi_ad_restrictedOperation,
&restrict_exops[ i ].op, &restrict_exops[ i ].op );
if ( rc ) {
return rc;
}
}
}
return LDAP_SUCCESS;
}
int
monitor_subsys_database_init(
BackendDB *be
......@@ -45,7 +103,6 @@ monitor_subsys_database_init(
Entry *e, *e_database, *e_tmp;
int i;
struct monitorentrypriv *mp;
struct berval *tf;
assert( be != NULL );
......@@ -68,9 +125,9 @@ monitor_subsys_database_init(
#endif
return( -1 );
}
tf = (global_restrictops & SLAP_RESTRICT_OP_WRITES) ?
(struct berval *)&slap_true_bv : (struct berval *)&slap_false_bv ;
attr_merge_one( e_database, mi->mi_ad_readOnly, tf, tf );
(void)init_readOnly( mi, e_database, global_restrictops );
(void)init_restrictedOperation( mi, e_database, global_restrictops );
e_tmp = NULL;
for ( i = nBackendDB; i--; ) {
......@@ -141,9 +198,9 @@ monitor_subsys_database_init(
attr_merge( e_database, slap_schema.si_ad_namingContexts,
be->be_suffix, be->be_nsuffix );
}
tf = (be->be_restrictops & SLAP_RESTRICT_OP_WRITES) ?
(struct berval *)&slap_true_bv : (struct berval *)&slap_false_bv ;
attr_merge_one( e, mi->mi_ad_readOnly, tf, tf );
(void)init_readOnly( mi, e, be->be_restrictops );
(void)init_restrictedOperation( mi, e, be->be_restrictops );
if ( oi != NULL ) {
slap_overinst *on = oi->oi_list;
......@@ -319,6 +376,10 @@ monitor_subsys_database_modify(
if ( rc ) {
break;
}
} else if ( mod->sm_desc == mi->mi_ad_restrictedOperation ) {
/* TODO */
} else if ( is_at_operational( mod->sm_desc->ad_type )) {
/* accept all operational attributes */
attr_delete( &e->e_attrs, mod->sm_desc );
......@@ -328,11 +389,13 @@ monitor_subsys_database_modify(
rc = LDAP_OTHER;
break;
}
} else {
rc = LDAP_UNWILLING_TO_PERFORM;
break;
}
}
if ( gotval == 1 && cur >= 0 ) {
struct berval *tf;
tf = cur ? (struct berval *)&slap_true_bv : (struct berval *)&slap_false_bv;
......
......@@ -393,6 +393,11 @@ monitor_back_db_init(
"SINGLE-VALUE "
"USAGE directoryOperation )", SLAP_AT_HIDE,
offsetof(struct monitorinfo, mi_ad_readOnly) },
{ "restrictedOperation", "( 1.3.6.1.4.1.4203.666.1.32 "
"NAME 'restrictedOperation' "
"DESC 'name of restricted operation for a given database' "
"SUP managedInfo )", SLAP_AT_HIDE,
offsetof(struct monitorinfo, mi_ad_restrictedOperation ) },
#ifdef INTEGRATE_CORE_SCHEMA
{ NULL, NULL, 0, -1 }, /* description */
{ NULL, NULL, 0, -1 }, /* seeAlso */
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment