[389-commits] 3 commits - configure configure.ac ldap/servers

configure | 7 configure.ac | 2 ldap/servers/slapd/extendop.c | 429 +++++++++++++++++++++----------------- ldap/servers/slapd/pblock.c | 32 ++ ldap/servers/slapd/plugin.c | 180 ++++++++++----- ldap/servers/slapd/proto-slap.h | 3 ldap/servers/slapd/slap.h | 31 +- ldap/servers/slapd/slapi-plugin.h | 3 8 files changed, 412 insertions(+), 275 deletions(-) New commits: commit 1d217feed941b97a9fac67a011f6e1b9dceeb266 Author: William Brown <firstyear(a)redhat.com&gt; Date: Fri Mar 18 14:14:39 2016 +1000 Ticket 48769 - Fix white space in extendedop.c Bug Description: The addition of the plugin type added white space differences Fix Description: This change extendop.c from hard tab to soft tab. https://fedorahosted.org/389/ticket/48769 Author: wibrown Review by: nhosoi (Thanks!) diff --git a/ldap/servers/slapd/extendop.c b/ldap/servers/slapd/extendop.c index 840a898..50506a5 100644 --- a/ldap/servers/slapd/extendop.c +++ b/ldap/servers/slapd/extendop.c @@ -78,37 +78,37 @@ static void extop_handle_import_start(Slapi_PBlock *pb, char *extoid, } slapi_pblock_set(pb, SLAPI_BACKEND, be); - slapi_pblock_set( pb, SLAPI_REQUESTOR_ISROOT, &pb->pb_op->o_isroot ); - - { - /* Access Control Check to see if the client is - * allowed to use task import - */ - char *dummyAttr = "dummy#attr"; - char *dummyAttrs[2] = { NULL, NULL }; - int rc = 0; - char dn[128]; - Slapi_Entry *feature; - - /* slapi_str2entry modify its dn parameter so we must copy - * this string each time we call it ! - */ - /* This dn is no need to be normalized. */ - PR_snprintf(dn, sizeof(dn), "dn: oid=%s,cn=features,cn=config", - EXTOP_BULK_IMPORT_START_OID); - - dummyAttrs[0] = dummyAttr; - feature = slapi_str2entry(dn, 0); - rc = plugin_call_acl_plugin (pb, feature, dummyAttrs, NULL, - SLAPI_ACL_WRITE, ACLPLUGIN_ACCESS_DEFAULT, NULL); - slapi_entry_free(feature); - if (rc != LDAP_SUCCESS) - { - /* Client isn't allowed to do this. */ - send_ldap_result(pb, rc, NULL, NULL, 0, NULL); - goto out; - } - } + slapi_pblock_set( pb, SLAPI_REQUESTOR_ISROOT, &pb->pb_op->o_isroot ); + + { + /* Access Control Check to see if the client is + * allowed to use task import + */ + char *dummyAttr = "dummy#attr"; + char *dummyAttrs[2] = { NULL, NULL }; + int rc = 0; + char dn[128]; + Slapi_Entry *feature; + + /* slapi_str2entry modify its dn parameter so we must copy + * this string each time we call it ! + */ + /* This dn is no need to be normalized. */ + PR_snprintf(dn, sizeof(dn), "dn: oid=%s,cn=features,cn=config", + EXTOP_BULK_IMPORT_START_OID); + + dummyAttrs[0] = dummyAttr; + feature = slapi_str2entry(dn, 0); + rc = plugin_call_acl_plugin (pb, feature, dummyAttrs, NULL, + SLAPI_ACL_WRITE, ACLPLUGIN_ACCESS_DEFAULT, NULL); + slapi_entry_free(feature); + if (rc != LDAP_SUCCESS) + { + /* Client isn't allowed to do this. */ + send_ldap_result(pb, rc, NULL, NULL, 0, NULL); + goto out; + } + } if (be->be_wire_import == NULL) { /* not supported by this backend */ @@ -204,135 +204,135 @@ static void extop_handle_import_done(Slapi_PBlock *pb, char *extoid, void do_extended( Slapi_PBlock *pb ) { - char *extoid = NULL, *errmsg; - struct berval extval = {0}; - int lderr, rc; - ber_len_t len; - ber_tag_t tag; - const char *name; - - LDAPDebug( LDAP_DEBUG_TRACE, "do_extended\n", 0, 0, 0 ); - - /* - * Parse the extended request. It looks like this: - * - * ExtendedRequest := [APPLICATION 23] SEQUENCE { - * requestName [0] LDAPOID, - * requestValue [1] OCTET STRING OPTIONAL - * } - */ - - if ( ber_scanf( pb->pb_op->o_ber, "{a", &extoid ) - == LBER_ERROR ) { - LDAPDebug( LDAP_DEBUG_ANY, - "ber_scanf failed (op=extended; params=OID)\n", - 0, 0, 0 ); - op_shared_log_error_access (pb, "EXT", "???", "decoding error: fail to get extension OID"); - send_ldap_result( pb, LDAP_PROTOCOL_ERROR, NULL, "decoding error", 0, - NULL ); - goto free_and_return; - } - tag = ber_peek_tag(pb->pb_op->o_ber, &len); - - if (tag == LDAP_TAG_EXOP_REQ_VALUE) { - if ( ber_scanf( pb->pb_op->o_ber, "o}", &extval ) == LBER_ERROR ) { - op_shared_log_error_access (pb, "EXT", "???", "decoding error: fail to get extension value"); - send_ldap_result( pb, LDAP_PROTOCOL_ERROR, NULL, "decoding error", 0, - NULL ); - goto free_and_return; - } - } else { - if ( ber_scanf( pb->pb_op->o_ber, "}") == LBER_ERROR ) { - op_shared_log_error_access (pb, "EXT", "???", "decoding error"); - send_ldap_result( pb, LDAP_PROTOCOL_ERROR, NULL, "decoding error", 0, - NULL ); - goto free_and_return; - } - } - if ( NULL == ( name = extended_op_oid2string( extoid ))) { - LDAPDebug( LDAP_DEBUG_ARGS, "do_extended: oid (%s)\n", extoid, 0, 0 ); - - slapi_log_access( LDAP_DEBUG_STATS, "conn=%" NSPRIu64 " op=%d EXT oid=\"%s\"\n", - pb->pb_conn->c_connid, pb->pb_op->o_opid, extoid ); - } else { - LDAPDebug( LDAP_DEBUG_ARGS, "do_extended: oid (%s-%s)\n", - extoid, name, 0 ); - - slapi_log_access( LDAP_DEBUG_STATS, - "conn=%" NSPRIu64 " op=%d EXT oid=\"%s\" name=\"%s\"\n", - pb->pb_conn->c_connid, pb->pb_op->o_opid, extoid, name ); - } - - /* during a bulk import, only BULK_IMPORT_DONE is allowed! - * (and this is the only time it's allowed) - */ - if (pb->pb_conn->c_flags & CONN_FLAG_IMPORT) { - if (strcmp(extoid, EXTOP_BULK_IMPORT_DONE_OID) != 0) { - send_ldap_result(pb, LDAP_PROTOCOL_ERROR, NULL, NULL, 0, NULL); - goto free_and_return; - } - extop_handle_import_done(pb, extoid, &extval); - goto free_and_return; - } - - if (strcmp(extoid, EXTOP_BULK_IMPORT_START_OID) == 0) { - extop_handle_import_start(pb, extoid, &extval); - goto free_and_return; - } - - if (strcmp(extoid, START_TLS_OID) != 0) { - int minssf = config_get_minssf(); - - /* If anonymous access is disabled and we haven't - * authenticated yet, only allow startTLS. */ - if ((config_get_anon_access_switch() != SLAPD_ANON_ACCESS_ON) && ((pb->pb_op->o_authtype == NULL) || - (strcasecmp(pb->pb_op->o_authtype, SLAPD_AUTH_NONE) == 0))) { - send_ldap_result( pb, LDAP_INAPPROPRIATE_AUTH, NULL, - "Anonymous access is not allowed.", 0, NULL ); - goto free_and_return; - } - - /* If the minssf is not met, only allow startTLS. */ - if ((pb->pb_conn->c_sasl_ssf < minssf) && (pb->pb_conn->c_ssl_ssf < minssf) && - (pb->pb_conn->c_local_ssf < minssf)) { - send_ldap_result( pb, LDAP_UNWILLING_TO_PERFORM, NULL, - "Minimum SSF not met.", 0, NULL ); - goto free_and_return; - } - } - - /* If a password change is required, only allow the password - * modify extended operation */ - if (!pb->pb_conn->c_isreplication_session && + char *extoid = NULL, *errmsg; + struct berval extval = {0}; + int lderr, rc; + ber_len_t len; + ber_tag_t tag; + const char *name; + + LDAPDebug( LDAP_DEBUG_TRACE, "do_extended\n", 0, 0, 0 ); + + /* + * Parse the extended request. It looks like this: + * + * ExtendedRequest := [APPLICATION 23] SEQUENCE { + * requestName [0] LDAPOID, + * requestValue [1] OCTET STRING OPTIONAL + * } + */ + + if ( ber_scanf( pb->pb_op->o_ber, "{a", &extoid ) + == LBER_ERROR ) { + LDAPDebug( LDAP_DEBUG_ANY, + "ber_scanf failed (op=extended; params=OID)\n", + 0, 0, 0 ); + op_shared_log_error_access (pb, "EXT", "???", "decoding error: fail to get extension OID"); + send_ldap_result( pb, LDAP_PROTOCOL_ERROR, NULL, "decoding error", 0, + NULL ); + goto free_and_return; + } + tag = ber_peek_tag(pb->pb_op->o_ber, &len); + + if (tag == LDAP_TAG_EXOP_REQ_VALUE) { + if ( ber_scanf( pb->pb_op->o_ber, "o}", &extval ) == LBER_ERROR ) { + op_shared_log_error_access (pb, "EXT", "???", "decoding error: fail to get extension value"); + send_ldap_result( pb, LDAP_PROTOCOL_ERROR, NULL, "decoding error", 0, + NULL ); + goto free_and_return; + } + } else { + if ( ber_scanf( pb->pb_op->o_ber, "}") == LBER_ERROR ) { + op_shared_log_error_access (pb, "EXT", "???", "decoding error"); + send_ldap_result( pb, LDAP_PROTOCOL_ERROR, NULL, "decoding error", 0, + NULL ); + goto free_and_return; + } + } + if ( NULL == ( name = extended_op_oid2string( extoid ))) { + LDAPDebug( LDAP_DEBUG_ARGS, "do_extended: oid (%s)\n", extoid, 0, 0 ); + + slapi_log_access( LDAP_DEBUG_STATS, "conn=%" NSPRIu64 " op=%d EXT oid=\"%s\"\n", + pb->pb_conn->c_connid, pb->pb_op->o_opid, extoid ); + } else { + LDAPDebug( LDAP_DEBUG_ARGS, "do_extended: oid (%s-%s)\n", + extoid, name, 0 ); + + slapi_log_access( LDAP_DEBUG_STATS, + "conn=%" NSPRIu64 " op=%d EXT oid=\"%s\" name=\"%s\"\n", + pb->pb_conn->c_connid, pb->pb_op->o_opid, extoid, name ); + } + + /* during a bulk import, only BULK_IMPORT_DONE is allowed! + * (and this is the only time it's allowed) + */ + if (pb->pb_conn->c_flags & CONN_FLAG_IMPORT) { + if (strcmp(extoid, EXTOP_BULK_IMPORT_DONE_OID) != 0) { + send_ldap_result(pb, LDAP_PROTOCOL_ERROR, NULL, NULL, 0, NULL); + goto free_and_return; + } + extop_handle_import_done(pb, extoid, &extval); + goto free_and_return; + } + + if (strcmp(extoid, EXTOP_BULK_IMPORT_START_OID) == 0) { + extop_handle_import_start(pb, extoid, &extval); + goto free_and_return; + } + + if (strcmp(extoid, START_TLS_OID) != 0) { + int minssf = config_get_minssf(); + + /* If anonymous access is disabled and we haven't + * authenticated yet, only allow startTLS. */ + if ((config_get_anon_access_switch() != SLAPD_ANON_ACCESS_ON) && ((pb->pb_op->o_authtype == NULL) || + (strcasecmp(pb->pb_op->o_authtype, SLAPD_AUTH_NONE) == 0))) { + send_ldap_result( pb, LDAP_INAPPROPRIATE_AUTH, NULL, + "Anonymous access is not allowed.", 0, NULL ); + goto free_and_return; + } + + /* If the minssf is not met, only allow startTLS. */ + if ((pb->pb_conn->c_sasl_ssf < minssf) && (pb->pb_conn->c_ssl_ssf < minssf) && + (pb->pb_conn->c_local_ssf < minssf)) { + send_ldap_result( pb, LDAP_UNWILLING_TO_PERFORM, NULL, + "Minimum SSF not met.", 0, NULL ); + goto free_and_return; + } + } + + /* If a password change is required, only allow the password + * modify extended operation */ + if (!pb->pb_conn->c_isreplication_session && pb->pb_conn->c_needpw && (strcmp(extoid, EXTOP_PASSWD_OID) != 0)) - { - char *dn = NULL; - slapi_pblock_get(pb, SLAPI_CONN_DN, &dn); + { + char *dn = NULL; + slapi_pblock_get(pb, SLAPI_CONN_DN, &dn); - (void)slapi_add_pwd_control ( pb, LDAP_CONTROL_PWEXPIRED, 0); - op_shared_log_error_access (pb, "EXT", dn ? dn : "", "need new password"); - send_ldap_result( pb, LDAP_UNWILLING_TO_PERFORM, NULL, NULL, 0, NULL ); + (void)slapi_add_pwd_control ( pb, LDAP_CONTROL_PWEXPIRED, 0); + op_shared_log_error_access (pb, "EXT", dn ? dn : "", "need new password"); + send_ldap_result( pb, LDAP_UNWILLING_TO_PERFORM, NULL, NULL, 0, NULL ); - slapi_ch_free_string(&dn); - goto free_and_return; - } + slapi_ch_free_string(&dn); + goto free_and_return; + } - /* decode the optional controls - put them in the pblock */ - if ( (lderr = get_ldapmessage_controls( pb, pb->pb_op->o_ber, NULL )) != 0 ) - { - char *dn = NULL; - slapi_pblock_get(pb, SLAPI_CONN_DN, &dn); + /* decode the optional controls - put them in the pblock */ + if ( (lderr = get_ldapmessage_controls( pb, pb->pb_op->o_ber, NULL )) != 0 ) + { + char *dn = NULL; + slapi_pblock_get(pb, SLAPI_CONN_DN, &dn); - op_shared_log_error_access (pb, "EXT", dn ? dn : "", "failed to decode LDAP controls"); - send_ldap_result( pb, lderr, NULL, NULL, 0, NULL ); + op_shared_log_error_access (pb, "EXT", dn ? dn : "", "failed to decode LDAP controls"); + send_ldap_result( pb, lderr, NULL, NULL, 0, NULL ); - slapi_ch_free_string(&dn); - goto free_and_return; - } + slapi_ch_free_string(&dn); + goto free_and_return; + } - slapi_pblock_set( pb, SLAPI_EXT_OP_REQ_OID, extoid ); - slapi_pblock_set( pb, SLAPI_EXT_OP_REQ_VALUE, &extval ); - slapi_pblock_set( pb, SLAPI_REQUESTOR_ISROOT, &pb->pb_op->o_isroot); + slapi_pblock_set( pb, SLAPI_EXT_OP_REQ_OID, extoid ); + slapi_pblock_set( pb, SLAPI_EXT_OP_REQ_VALUE, &extval ); + slapi_pblock_set( pb, SLAPI_REQUESTOR_ISROOT, &pb->pb_op->o_isroot); /* wibrown 201603 I want to rewrite this to get plugin p, and use that * rather than all these plugin_call_, that loop over the plugin lists @@ -340,10 +340,10 @@ do_extended( Slapi_PBlock *pb ) * then we just hand *p into the call functions. * much more efficient! :) */ - + slapi_log_error(SLAPI_LOG_TRACE, NULL, "extendop.c calling plugins ... \n"); - rc = plugin_call_exop_plugins( pb, extoid, SLAPI_PLUGIN_EXTENDEDOP); + rc = plugin_call_exop_plugins( pb, extoid, SLAPI_PLUGIN_EXTENDEDOP); slapi_log_error(SLAPI_LOG_TRACE, NULL, "extendop.c called exop, got %d \n", rc); @@ -391,37 +391,37 @@ do_extended( Slapi_PBlock *pb ) } /* if be */ } - if ( SLAPI_PLUGIN_EXTENDED_SENT_RESULT != rc ) { - if ( SLAPI_PLUGIN_EXTENDED_NOT_HANDLED == rc ) { - lderr = LDAP_PROTOCOL_ERROR; /* no plugin handled the op */ - errmsg = "unsupported extended operation"; - } else { - errmsg = NULL; - lderr = rc; - } - send_ldap_result( pb, lderr, NULL, errmsg, 0, NULL ); - } + if ( SLAPI_PLUGIN_EXTENDED_SENT_RESULT != rc ) { + if ( SLAPI_PLUGIN_EXTENDED_NOT_HANDLED == rc ) { + lderr = LDAP_PROTOCOL_ERROR; /* no plugin handled the op */ + errmsg = "unsupported extended operation"; + } else { + errmsg = NULL; + lderr = rc; + } + send_ldap_result( pb, lderr, NULL, errmsg, 0, NULL ); + } free_and_return: - if (extoid) - slapi_ch_free((void **)&extoid); - if (extval.bv_val) - slapi_ch_free((void **)&extval.bv_val); - return; + if (extoid) + slapi_ch_free((void **)&extoid); + if (extval.bv_val) + slapi_ch_free((void **)&extval.bv_val); + return; } static const char * extended_op_oid2string( const char *oid ) { - const char *rval = NULL; - - if ( 0 == strcmp(oid, EXTOP_BULK_IMPORT_START_OID)) { - rval = "Bulk Import Start"; - } else if ( 0 == strcmp(oid, EXTOP_BULK_IMPORT_DONE_OID)) { - rval = "Bulk Import End"; - } else { - rval = plugin_extended_op_oid2string( oid ); - } + const char *rval = NULL; + + if ( 0 == strcmp(oid, EXTOP_BULK_IMPORT_START_OID)) { + rval = "Bulk Import Start"; + } else if ( 0 == strcmp(oid, EXTOP_BULK_IMPORT_DONE_OID)) { + rval = "Bulk Import End"; + } else { + rval = plugin_extended_op_oid2string( oid ); + } - return( rval ); + return( rval ); } commit f2f1a90c11c0d36004811ba9dc3fbd94bae9e33a Author: William Brown <firstyear(a)redhat.com&gt; Date: Fri Mar 18 13:36:33 2016 +1000 Ticket 48769 - RFE: Be_txn extended operation plugin type Bug Description: In cases that plugins both use be_txn for pre or post operation, and extended operations this can lead to deadlock. Additionally plugin authors should not need to consider transactions in their code only focusing on solving the issue. Fix Description: This adds a new plugin type, betxnextendedop which automatically wraps extended operations in a transaction. https://fedorahosted.org/389/ticket/48769 Author: wibrown Review by: nhosoi (Thanks!) diff --git a/ldap/servers/slapd/extendop.c b/ldap/servers/slapd/extendop.c index 8d0b8fb..840a898 100644 --- a/ldap/servers/slapd/extendop.c +++ b/ldap/servers/slapd/extendop.c @@ -333,8 +333,63 @@ do_extended( Slapi_PBlock *pb ) slapi_pblock_set( pb, SLAPI_EXT_OP_REQ_OID, extoid ); slapi_pblock_set( pb, SLAPI_EXT_OP_REQ_VALUE, &extval ); slapi_pblock_set( pb, SLAPI_REQUESTOR_ISROOT, &pb->pb_op->o_isroot); + + /* wibrown 201603 I want to rewrite this to get plugin p, and use that + * rather than all these plugin_call_, that loop over the plugin lists + * We do "get plugin (oid). + * then we just hand *p into the call functions. + * much more efficient! :) + */ - rc = plugin_call_exop_plugins( pb, extoid ); + slapi_log_error(SLAPI_LOG_TRACE, NULL, "extendop.c calling plugins ... \n"); + + rc = plugin_call_exop_plugins( pb, extoid, SLAPI_PLUGIN_EXTENDEDOP); + + slapi_log_error(SLAPI_LOG_TRACE, NULL, "extendop.c called exop, got %d \n", rc); + + if (rc == SLAPI_PLUGIN_EXTENDED_NOT_HANDLED) { + slapi_log_error(SLAPI_LOG_TRACE, NULL, "extendop.c calling betxn plugins ... \n"); + /* Look up the correct backend to use. */ + Slapi_Backend *be = plugin_extended_op_getbackend( pb, extoid ); + + if ( be == NULL ) { + slapi_log_error(SLAPI_LOG_FATAL, NULL, "extendop.c plugin_extended_op_getbackend was unable to retrieve a backend!!!\n"); + rc = SLAPI_PLUGIN_EXTENDED_NO_BACKEND_AVAILABLE; + } else { + /* We need to make a new be pb here because when you set SLAPI_BACKEND + * you overwrite the plg parts of the pb. So if we re-use pb + * you actually nuke the request, and everything hangs. (����������)������ ��������� + */ + Slapi_PBlock *be_pb = NULL; + be_pb = slapi_pblock_new(); + slapi_pblock_set(be_pb, SLAPI_BACKEND, be); + + int txn_rc = slapi_back_transaction_begin(be_pb); + if (txn_rc) { + slapi_log_error(SLAPI_LOG_FATAL, NULL, "exendop.c Failed to start be_txn for plugin_call_exop_plugins %d\n", txn_rc); + } else { + rc = plugin_call_exop_plugins( pb, extoid, SLAPI_PLUGIN_BETXNEXTENDEDOP); + slapi_log_error(SLAPI_LOG_TRACE, NULL, "extendop.c called betxn exop, got %d \n", rc); + if (rc == LDAP_SUCCESS || rc == SLAPI_PLUGIN_EXTENDED_SENT_RESULT) { + /* commit */ + txn_rc = slapi_back_transaction_commit(be_pb); + if (txn_rc == 0) { + slapi_log_error(SLAPI_LOG_TRACE, NULL, "extendop.c commit with result %d \n", txn_rc); + } else { + slapi_log_error(SLAPI_LOG_FATAL, NULL, "extendop.c Unable to commit commit with result %d \n", txn_rc); + } + } else { + /* abort */ + txn_rc = slapi_back_transaction_abort(be_pb); + slapi_log_error(SLAPI_LOG_FATAL, NULL, "extendop.c abort with result %d \n", txn_rc); + } + } /* txn_rc */ + if (be_pb != NULL) { + slapi_pblock_destroy(be_pb); /* Clean up after ourselves */ + } + slapi_log_error(SLAPI_LOG_TRACE, NULL, "exendop.c plugin_call_exop_plugins rc final %d\n", rc); + } /* if be */ + } if ( SLAPI_PLUGIN_EXTENDED_SENT_RESULT != rc ) { if ( SLAPI_PLUGIN_EXTENDED_NOT_HANDLED == rc ) { diff --git a/ldap/servers/slapd/pblock.c b/ldap/servers/slapd/pblock.c index d373d99..d48c2d0 100644 --- a/ldap/servers/slapd/pblock.c +++ b/ldap/servers/slapd/pblock.c @@ -727,23 +727,33 @@ slapi_pblock_get( Slapi_PBlock *pblock, int arg, void *value ) /* extendedop plugin functions */ case SLAPI_PLUGIN_EXT_OP_FN: - if ( pblock->pb_plugin->plg_type != SLAPI_PLUGIN_EXTENDEDOP ) { + if ( pblock->pb_plugin->plg_type != SLAPI_PLUGIN_EXTENDEDOP && + pblock->pb_plugin->plg_type != SLAPI_PLUGIN_BETXNEXTENDEDOP ) { return( -1 ); } (*(IFP *)value) = pblock->pb_plugin->plg_exhandler; break; case SLAPI_PLUGIN_EXT_OP_OIDLIST: - if ( pblock->pb_plugin->plg_type != SLAPI_PLUGIN_EXTENDEDOP ) { + if ( pblock->pb_plugin->plg_type != SLAPI_PLUGIN_EXTENDEDOP && + pblock->pb_plugin->plg_type != SLAPI_PLUGIN_BETXNEXTENDEDOP ) { return( -1 ); } (*(char ***)value) = pblock->pb_plugin->plg_exoids; break; case SLAPI_PLUGIN_EXT_OP_NAMELIST: - if ( pblock->pb_plugin->plg_type != SLAPI_PLUGIN_EXTENDEDOP ) { + if ( pblock->pb_plugin->plg_type != SLAPI_PLUGIN_EXTENDEDOP && + pblock->pb_plugin->plg_type != SLAPI_PLUGIN_BETXNEXTENDEDOP ) { return( -1 ); } (*(char ***)value) = pblock->pb_plugin->plg_exnames; break; + case SLAPI_PLUGIN_EXT_OP_BACKEND_FN: + if ( pblock->pb_plugin->plg_type != SLAPI_PLUGIN_EXTENDEDOP && + pblock->pb_plugin->plg_type != SLAPI_PLUGIN_BETXNEXTENDEDOP ) { + return( -1 ); + } + (*(IFP *)value) = pblock->pb_plugin->plg_be_exhandler; + break; /* preoperation plugin functions */ case SLAPI_PLUGIN_PRE_BIND_FN: @@ -2353,24 +2363,34 @@ slapi_pblock_set( Slapi_PBlock *pblock, int arg, void *value ) /* extendedop plugin functions */ case SLAPI_PLUGIN_EXT_OP_FN: - if ( pblock->pb_plugin->plg_type != SLAPI_PLUGIN_EXTENDEDOP ) { + if ( pblock->pb_plugin->plg_type != SLAPI_PLUGIN_EXTENDEDOP && + pblock->pb_plugin->plg_type != SLAPI_PLUGIN_BETXNEXTENDEDOP ) { return( -1 ); } pblock->pb_plugin->plg_exhandler = (IFP) value; break; case SLAPI_PLUGIN_EXT_OP_OIDLIST: - if ( pblock->pb_plugin->plg_type != SLAPI_PLUGIN_EXTENDEDOP ) { + if ( pblock->pb_plugin->plg_type != SLAPI_PLUGIN_EXTENDEDOP && + pblock->pb_plugin->plg_type != SLAPI_PLUGIN_BETXNEXTENDEDOP ) { return( -1 ); } pblock->pb_plugin->plg_exoids = (char **) value; ldapi_register_extended_op( (char **)value ); break; case SLAPI_PLUGIN_EXT_OP_NAMELIST: - if ( pblock->pb_plugin->plg_type != SLAPI_PLUGIN_EXTENDEDOP ) { + if ( pblock->pb_plugin->plg_type != SLAPI_PLUGIN_EXTENDEDOP && + pblock->pb_plugin->plg_type != SLAPI_PLUGIN_BETXNEXTENDEDOP ) { return( -1 ); } pblock->pb_plugin->plg_exnames = (char **) value; break; + case SLAPI_PLUGIN_EXT_OP_BACKEND_FN: + if ( pblock->pb_plugin->plg_type != SLAPI_PLUGIN_EXTENDEDOP && + pblock->pb_plugin->plg_type != SLAPI_PLUGIN_BETXNEXTENDEDOP ) { + return( -1 ); + } + pblock->pb_plugin->plg_be_exhandler = (IFP) value; + break; /* preoperation plugin functions */ case SLAPI_PLUGIN_PRE_BIND_FN: diff --git a/ldap/servers/slapd/plugin.c b/ldap/servers/slapd/plugin.c index ddf2631..96169e6 100644 --- a/ldap/servers/slapd/plugin.c +++ b/ldap/servers/slapd/plugin.c @@ -485,44 +485,54 @@ plugin_call_entryfetch_plugins(char **entrystr, uint *size) * returned by the plugins we called). */ int -plugin_call_exop_plugins( Slapi_PBlock *pb, char *oid ) +plugin_call_exop_plugins( Slapi_PBlock *pb, char *oid, int whichtype ) { - struct slapdplugin *p; - int i, rc; - int lderr = SLAPI_PLUGIN_EXTENDED_NOT_HANDLED; - - for ( p = global_plugin_list[PLUGIN_LIST_EXTENDED_OPERATION]; p != NULL; p = p->plg_next ) { - if ( p->plg_exhandler != NULL ) { - if ( p->plg_exoids != NULL ) { - for ( i = 0; p->plg_exoids[i] != NULL; i++ ) { - if ( strcasecmp( oid, p->plg_exoids[i] ) - == 0 ) { - break; - } - } - if ( p->plg_exoids[i] == NULL ) { - continue; - } - } + struct slapdplugin *p; + int i, rc; + int list_type; + int lderr = SLAPI_PLUGIN_EXTENDED_NOT_HANDLED; + + if (whichtype == SLAPI_PLUGIN_EXTENDEDOP) { + list_type = PLUGIN_LIST_EXTENDED_OPERATION; + } else if (whichtype == SLAPI_PLUGIN_BETXNEXTENDEDOP) { + list_type = PLUGIN_LIST_BE_TXN_EXTENDED_OPERATION; + } else { + slapi_log_error(SLAPI_LOG_FATAL, NULL, "plugin_call_exop_plugins unknown plugin list type %d\n", whichtype); + return( lderr ); + } - slapi_pblock_set( pb, SLAPI_PLUGIN, p ); - set_db_default_result_handlers( pb ); - if ( (rc = (*p->plg_exhandler)( pb )) - == SLAPI_PLUGIN_EXTENDED_SENT_RESULT ) { - return( rc ); /* result sent */ - } else if ( rc != SLAPI_PLUGIN_EXTENDED_NOT_HANDLED ) { - /* - * simple merge: report last real error - */ - if ( lderr == SLAPI_PLUGIN_EXTENDED_NOT_HANDLED - || rc != LDAP_SUCCESS ) { - lderr = rc; - } - } - } - } + for ( p = global_plugin_list[list_type]; p != NULL; p = p->plg_next ) { + if ( p->plg_exhandler != NULL && p->plg_type == whichtype ) { + if ( p->plg_exoids != NULL ) { + for ( i = 0; p->plg_exoids[i] != NULL; i++ ) { + if ( strcasecmp( oid, p->plg_exoids[i] ) + == 0 ) { + break; + } + } + if ( p->plg_exoids[i] == NULL ) { + continue; + } + } + + slapi_pblock_set( pb, SLAPI_PLUGIN, p ); + set_db_default_result_handlers( pb ); + if ( (rc = (*p->plg_exhandler)( pb )) + == SLAPI_PLUGIN_EXTENDED_SENT_RESULT ) { + return( rc ); /* result sent */ + } else if ( rc != SLAPI_PLUGIN_EXTENDED_NOT_HANDLED ) { + /* + * simple merge: report last real error + */ + if ( lderr == SLAPI_PLUGIN_EXTENDED_NOT_HANDLED + || rc != LDAP_SUCCESS ) { + lderr = rc; + } + } + } + } - return( lderr ); + return( lderr ); } @@ -539,36 +549,77 @@ plugin_call_exop_plugins( Slapi_PBlock *pb, char *oid ) const char * plugin_extended_op_oid2string( const char *oid ) { - struct slapdplugin *p; - int i, j; - const char *rval = NULL; - - for ( p = global_plugin_list[PLUGIN_LIST_EXTENDED_OPERATION]; p != NULL; - p = p->plg_next ) { - if ( p->plg_exhandler != NULL && p->plg_exoids != NULL ) { - for ( i = 0; p->plg_exoids[i] != NULL; i++ ) { - if ( strcasecmp( oid, p->plg_exoids[i] ) == 0 ) { - if ( NULL != p->plg_exnames ) { - for ( j = 0; j < i && p->plg_exnames[j] != NULL; ++j ) { - ; - } - rval = p->plg_exnames[j]; /* OID-related name */ - } + struct slapdplugin *p; + int i, j, l, list_type; + const char *rval = NULL; + int list_types[] = {PLUGIN_LIST_EXTENDED_OPERATION, PLUGIN_LIST_BE_TXN_EXTENDED_OPERATION}; + + /* I feel there may be a better way to achieve this, but it works. */ + for ( l = 0; l < 2; ++l ) { + list_type = list_types[l]; + for ( p = global_plugin_list[list_type]; p != NULL; p = p->plg_next ) { + if ( p->plg_exhandler != NULL && p->plg_exoids != NULL ) { + for ( i = 0; p->plg_exoids[i] != NULL; i++ ) { + if ( strcasecmp( oid, p->plg_exoids[i] ) == 0 ) { + if ( NULL != p->plg_exnames ) { + for ( j = 0; j < i && p->plg_exnames[j] != NULL; ++j ) { + ; + } + rval = p->plg_exnames[j]; /* OID-related name */ + } + + if ( NULL == rval ) { + if ( NULL != p->plg_desc.spd_id ) { + rval = p->plg_desc.spd_id; /* short name */ + } else { + rval = p->plg_name; /* RDN */ + } + } + break; + } + } /* for */ + } /* If */ + } /* for p in global_plugin list */ + } /* list type */ - if ( NULL == rval ) { - if ( NULL != p->plg_desc.spd_id ) { - rval = p->plg_desc.spd_id; /* short name */ - } else { - rval = p->plg_name; /* RDN */ - } - } - break; - } - } - } - } + return( rval ); +} + + +Slapi_Backend * +plugin_extended_op_getbackend( Slapi_PBlock *pb, char *oid ) +{ + struct slapdplugin *p; + int i; + int rc; + /* This could be an error type, but for now we expect the caller to check + * that it's not null + */ + Slapi_Backend *result = NULL; + + for ( p = global_plugin_list[PLUGIN_LIST_BE_TXN_EXTENDED_OPERATION]; p != NULL; p = p->plg_next ) { + if ( p->plg_be_exhandler != NULL && p->plg_type == SLAPI_PLUGIN_BETXNEXTENDEDOP ) { + if ( p->plg_exoids != NULL ) { + for ( i = 0; p->plg_exoids[i] != NULL; i++ ) { + if ( strcasecmp( oid, p->plg_exoids[i] ) == 0 ) { + break; + } + } + if ( p->plg_exoids[i] == NULL ) { + continue; + } + } + + rc = (*p->plg_be_exhandler)( pb, &result ); + if (rc != LDAP_SUCCESS) { + /* Do we need to do anything? Or it is the parents job? */ + result = NULL; + } + break; + } + } - return( rval ); + return( result ); } static int @@ -2264,6 +2315,9 @@ plugin_get_type_and_list( } else if ( strcasecmp( plugintype, "index" ) == 0 ) { *type = SLAPI_PLUGIN_INDEX; plugin_list_index= PLUGIN_LIST_INDEX; + } else if ( strcasecmp( plugintype, "betxnextendedop" ) == 0 ) { + *type = SLAPI_PLUGIN_BETXNEXTENDEDOP; + plugin_list_index= PLUGIN_LIST_BE_TXN_EXTENDED_OPERATION; } else { return( 1 ); /* unknown plugin type - pass to backend */ } diff --git a/ldap/servers/slapd/proto-slap.h b/ldap/servers/slapd/proto-slap.h index ff5a7fd..e9b4618 100644 --- a/ldap/servers/slapd/proto-slap.h +++ b/ldap/servers/slapd/proto-slap.h @@ -877,7 +877,8 @@ void global_plugin_init(); int plugin_call_plugins( Slapi_PBlock *, int ); int plugin_setup(Slapi_Entry *plugin_entry, struct slapi_componentid *group, slapi_plugin_init_fnptr initfunc, int add_to_dit, char *returntext); -int plugin_call_exop_plugins( Slapi_PBlock *pb, char *oid ); +int plugin_call_exop_plugins( Slapi_PBlock *pb, char *oid, int whichtype ); +Slapi_Backend * plugin_extended_op_getbackend( Slapi_PBlock *pb, char *oid); const char *plugin_extended_op_oid2string( const char *oid ); void plugin_closeall(int close_backends, int close_globals); void plugin_startall(int argc, char **argv, char **plugin_list); diff --git a/ldap/servers/slapd/slap.h b/ldap/servers/slapd/slap.h index 4d392b0..57bed0e 100644 --- a/ldap/servers/slapd/slap.h +++ b/ldap/servers/slapd/slap.h @@ -681,22 +681,23 @@ struct matchingRuleList { #define PLUGIN_LIST_INTERNAL_PREOPERATION 5 #define PLUGIN_LIST_INTERNAL_POSTOPERATION 6 #define PLUGIN_LIST_EXTENDED_OPERATION 7 -#define PLUGIN_LIST_BACKEND_MAX 8 +#define PLUGIN_LIST_BE_TXN_EXTENDED_OPERATION 8 +#define PLUGIN_LIST_BACKEND_MAX 9 /* Global Plugins */ -#define PLUGIN_LIST_ACL 9 -#define PLUGIN_LIST_MATCHINGRULE 10 -#define PLUGIN_LIST_SYNTAX 11 -#define PLUGIN_LIST_ENTRY 12 -#define PLUGIN_LIST_OBJECT 13 -#define PLUGIN_LIST_PWD_STORAGE_SCHEME 14 -#define PLUGIN_LIST_VATTR_SP 15 /* DBDB */ -#define PLUGIN_LIST_REVER_PWD_STORAGE_SCHEME 16 -#define PLUGIN_LIST_LDBM_ENTRY_FETCH_STORE 17 -#define PLUGIN_LIST_INDEX 18 -#define PLUGIN_LIST_BETXNPREOPERATION 19 -#define PLUGIN_LIST_BETXNPOSTOPERATION 20 -#define PLUGIN_LIST_GLOBAL_MAX 21 +#define PLUGIN_LIST_ACL 10 +#define PLUGIN_LIST_MATCHINGRULE 11 +#define PLUGIN_LIST_SYNTAX 12 +#define PLUGIN_LIST_ENTRY 13 +#define PLUGIN_LIST_OBJECT 14 +#define PLUGIN_LIST_PWD_STORAGE_SCHEME 15 +#define PLUGIN_LIST_VATTR_SP 16 /* DBDB */ +#define PLUGIN_LIST_REVER_PWD_STORAGE_SCHEME 17 +#define PLUGIN_LIST_LDBM_ENTRY_FETCH_STORE 18 +#define PLUGIN_LIST_INDEX 19 +#define PLUGIN_LIST_BETXNPREOPERATION 20 +#define PLUGIN_LIST_BETXNPOSTOPERATION 21 +#define PLUGIN_LIST_GLOBAL_MAX 22 /* plugin configuration attributes */ #define ATTR_PLUGIN_PATH "nsslapd-pluginPath" @@ -900,10 +901,12 @@ struct slapdplugin { char **plg_un_pe_exoids; /* exop oids */ char **plg_un_pe_exnames; /* exop names (may be NULL) */ IFP plg_un_pe_exhandler; /* handler */ + IFP plg_un_pe_be_exhandler; /* handler to retrieve the be name for the operation */ } plg_un_pe; #define plg_exoids plg_un.plg_un_pe.plg_un_pe_exoids #define plg_exnames plg_un.plg_un_pe.plg_un_pe_exnames #define plg_exhandler plg_un.plg_un_pe.plg_un_pe_exhandler +#define plg_be_exhandler plg_un.plg_un_pe.plg_un_pe_be_exhandler /* pre-operation plugin structure */ diff --git a/ldap/servers/slapd/slapi-plugin.h b/ldap/servers/slapd/slapi-plugin.h index bf4e8c2..0dd10d9 100644 --- a/ldap/servers/slapd/slapi-plugin.h +++ b/ldap/servers/slapd/slapi-plugin.h @@ -6745,6 +6745,7 @@ time_t slapi_current_time( void ); #define SLAPI_PLUGIN_INDEX 18 #define SLAPI_PLUGIN_BETXNPREOPERATION 19 #define SLAPI_PLUGIN_BETXNPOSTOPERATION 20 +#define SLAPI_PLUGIN_BETXNEXTENDEDOP 21 /* * special return values for extended operation plugins (zero or positive @@ -6752,6 +6753,7 @@ time_t slapi_current_time( void ); */ #define SLAPI_PLUGIN_EXTENDED_SENT_RESULT -1 #define SLAPI_PLUGIN_EXTENDED_NOT_HANDLED -2 +#define SLAPI_PLUGIN_EXTENDED_NO_BACKEND_AVAILABLE -3 /* * Return values of plugins: @@ -6876,6 +6878,7 @@ typedef struct slapi_plugindesc { #define SLAPI_PLUGIN_EXT_OP_FN 300 #define SLAPI_PLUGIN_EXT_OP_OIDLIST 301 #define SLAPI_PLUGIN_EXT_OP_NAMELIST 302 +#define SLAPI_PLUGIN_EXT_OP_BACKEND_FN 1948 /* preoperation plugin functions */ #define SLAPI_PLUGIN_PRE_BIND_FN 401 commit ecaebe9c8f8755b9493fcbe67621620b3870589a Author: William Brown <firstyear(a)redhat.com&gt; Date: Mon Apr 4 13:19:42 2016 +1000 Ticket 48710 - auto-dn-suffix unrecognized option Bug Description: Configure would output the following error: configure: WARNING: unrecognized options: --enable-auto-dn-suffix However, the option was set correctly. Fix Description: The option was being registered with the name "autobind" so it was not correctly being check in autotools. https://fedorahosted.org/389/ticket/48710 Author: wibrown Contributors: Wes <wes(a)sol1.com.au&gt; (Thanks for finding the mistake!) Review by: nhosoi (Thanks!) diff --git a/configure b/configure index 6a03247..ecdc5ee 100755 --- a/configure +++ b/configure @@ -921,6 +921,7 @@ enable_pam_passthru enable_dna enable_ldapi enable_autobind +enable_auto_dn_suffix enable_bitwise enable_presence enable_acctpolicy @@ -17907,9 +17908,9 @@ if test -z "$enable_auto_dn_suffix" ; then fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking for --enable-auto-dn-suffix" >&5 $as_echo_n "checking for --enable-auto-dn-suffix... " >&6; } -# Check whether --enable-autobind was given. -if test "${enable_autobind+set}" = set; then : - enableval=$enable_autobind; +# Check whether --enable-auto-dn-suffix was given. +if test "${enable_auto_dn_suffix+set}" = set; then : + enableval=$enable_auto_dn_suffix; fi if test "$enable_ldapi" = yes -a "$enable_autobind" = yes -a "$enable_auto_dn_suffix" = "yes"; then diff --git a/configure.ac b/configure.ac index c520022..4be4613 100644 --- a/configure.ac +++ b/configure.ac @@ -185,7 +185,7 @@ if test -z "$enable_auto_dn_suffix" ; then enable_auto_dn_suffix=no # if not set on cmdline, set default fi AC_MSG_CHECKING(for --enable-auto-dn-suffix) -AC_ARG_ENABLE(autobind, +AC_ARG_ENABLE(auto-dn-suffix, AS_HELP_STRING([--enable-auto-dn-suffix], [enable auto bind with auto dn suffix over unix domain socket (LDAPI) support (default: no)])) if test "$enable_ldapi" = yes -a "$enable_autobind" = yes -a "$enable_auto_dn_suffix" = "yes"; then