diff options
-rw-r--r-- | configure.ac | 16 | ||||
-rw-r--r-- | doc/sch-plugin.ldif.in | 14 | ||||
-rw-r--r-- | src/back-nis.c | 57 | ||||
-rw-r--r-- | src/back-shr.c | 103 | ||||
-rw-r--r-- | src/back-shr.h | 49 | ||||
-rw-r--r-- | src/plug-sch.c | 2 |
6 files changed, 130 insertions, 111 deletions
diff --git a/configure.ac b/configure.ac index a43605e..da2ea01 100644 --- a/configure.ac +++ b/configure.ac @@ -151,12 +151,11 @@ schentryformatattr=schema-compat-entry-format AC_DEFINE_UNQUOTED(SCH_CONTAINER_CONFIGURATION_ENTRY_FORMAT_ATTR, "$schentryformatattr", [Define to name of the attribute which holds the format specifier used for constructing entries for a given container.]) -schgroupattr=schema-compat-container-group -AC_DEFINE_UNQUOTED(SCH_CONTAINER_CONFIGURATION_GROUP_ATTR,"$schgroupattr", +groupattr=schema-compat-container-group +AC_DEFINE_UNQUOTED(SCH_CONTAINER_CONFIGURATION_GROUP_ATTR,"$groupattr", [Define to name of the attribute which holds the name of the top-level container used for this set of compatibility containers.]) -schcontainerattr=schema-compat-container-name -AC_DEFINE_UNQUOTED(SCH_CONTAINER_CONFIGURATION_CONTAINER_ATTR, - "$schcontainerattr", +containerattr=schema-compat-container-name +AC_DEFINE_UNQUOTED(SCH_CONTAINER_CONFIGURATION_CONTAINER_ATTR,"$containerattr", [Define to name of the attribute which holds the value for the compatibility container's RDN.]) maxvalue_attr=nis-max-value-size @@ -185,6 +184,11 @@ AC_SUBST(maxdgram_attr) AC_SUBST(securenet_attr) AC_SUBST(tcpwrapname) AC_SUBST(port_attr) +AC_SUBST(schbaseattr) +AC_SUBST(schfilterattr) +AC_SUBST(schentryformatattr) +AC_SUBST(groupattr) +AC_SUBST(containerattr) AC_CONFIG_HEADER(config.h) -AC_OUTPUT(Makefile src/Makefile doc/nis-plugin.ldif) +AC_OUTPUT(Makefile src/Makefile doc/nis-plugin.ldif doc/sch-plugin.ldif) diff --git a/doc/sch-plugin.ldif.in b/doc/sch-plugin.ldif.in new file mode 100644 index 0000000..22bde7f --- /dev/null +++ b/doc/sch-plugin.ldif.in @@ -0,0 +1,14 @@ +dn: cn=Schema Compatibility, cn=plugins, cn=config +objectclass: top +objectclass: nsSlapdPlugin +objectclass: extensibleObject +cn: Schema Compatibility +nsslapd-pluginpath: @myplugindir@/schemacompat-plugin.so +nsslapd-plugininitfunc: schema_compat_plugin_init +nsslapd-plugintype: postoperation +nsslapd-pluginenabled: on +nsslapd-pluginid: schema-compat +nsslapd-version: @PACKAGE_VERSION@ +nsslapd-pluginvendor: redhat.com +nsslapd-plugindescription: Schema Compatibility Plugin + diff --git a/src/back-nis.c b/src/back-nis.c index 8a394f9..aec9ce9 100644 --- a/src/back-nis.c +++ b/src/back-nis.c @@ -952,63 +952,6 @@ backend_get_set_config(struct plugin_state *state, free(filter); } -/* Given a map configuration, return true if the entry is supposed to be in the - * map. */ -bool_t -backend_entry_matches_set(struct backend_set_data *set_data, - Slapi_PBlock *pb, Slapi_Entry *e) -{ - Slapi_DN *base_sdn; - const Slapi_DN *entry_sdn; - Slapi_Filter *filter; - int i; - /* Decide if the directory server entry belongs in this map. That - * means that it must be contained by one of the bases of the map. */ - entry_sdn = slapi_sdn_new_ndn_byref(slapi_entry_get_ndn(e)); - if (entry_sdn == NULL) { - return FALSE; - } else { - /* Check each base in turn. */ - for (i = 0; - (set_data->bases != NULL) && (set_data->bases[i] != NULL); - i++) { - base_sdn = slapi_sdn_new_dn_byval(set_data->bases[i]); - if (base_sdn == NULL) { - return FALSE; - } else { - if (slapi_sdn_scope_test(entry_sdn, - base_sdn, - LDAP_SCOPE_SUB) == 0) { - /* The entry is not contained by the - * base -- go on to try the next one. */ - slapi_sdn_free(&base_sdn); - continue; - } - /* The entry is contained by the base. */ - slapi_sdn_free(&base_sdn); - break; - } - } - /* If we ran out of bases to check, it doesn't match. */ - if ((set_data->bases == NULL) || (set_data->bases[i] == NULL)) { - return FALSE; - } - } - /* If it's contained by a search base, compare it to the filter. */ - filter = slapi_str2filter(set_data->entry_filter); - if (filter == NULL) { - return FALSE; - } else { - if (slapi_vattr_filter_test(pb, e, filter, 0) != 0) { - /* Didn't match -- return. */ - slapi_filter_free(filter, 1); - return FALSE; - } - slapi_filter_free(filter, 1); - } - return TRUE; -} - /* Given an entry, return true if it describes a NIS map. */ bool_t backend_entry_is_a_set(struct plugin_state *state, diff --git a/src/back-shr.c b/src/back-shr.c index 6af8883..acc010d 100644 --- a/src/back-shr.c +++ b/src/back-shr.c @@ -243,6 +243,52 @@ backend_shr_set_config_entry_set_one_dn(struct plugin_state *state, } } +/* Check if the given entry is somewhere beneath the NDN and matches the + * filter. */ +bool_t +backend_shr_entry_matches(Slapi_PBlock *pb, Slapi_Entry *e, + const char *containing_ndn, int scope, + const char *check_filter) +{ + struct plugin_state *state; + Slapi_DN *entry_sdn, *containing_sdn; + Slapi_Filter *filter; + bool_t ret; + + /* First, just do the scope test. The item should be a somewhere + * beneath the passed-in entry. */ + entry_sdn = slapi_sdn_new_ndn_byref(slapi_entry_get_ndn(e)); + if (entry_sdn == NULL) { + return FALSE; + } else { + containing_sdn = slapi_sdn_new_ndn_byval(containing_ndn); + if (containing_sdn == NULL) { + slapi_sdn_free(&entry_sdn); + return FALSE; + } + } + if (slapi_sdn_scope_test(entry_sdn, containing_sdn, scope) == 0) { + ret = FALSE; + } else { + ret = TRUE; + } + slapi_sdn_free(&containing_sdn); + slapi_sdn_free(&entry_sdn); + + /* If it's actually in our configuration tree, check if it's a valid + * entry. */ + if (ret) { + filter = slapi_str2filter((char *) check_filter); + if (filter != NULL) { + if (slapi_vattr_filter_test(pb, e, filter, 0) != 0) { + ret = FALSE; + } + slapi_filter_free(filter, 1); + } + } + return ret; +} + /* Given a directory server entry which represents a set's configuration, set * up and populate the set. */ static void @@ -444,59 +490,22 @@ bool_t backend_shr_entry_matches_set(struct backend_set_data *set_data, Slapi_PBlock *pb, Slapi_Entry *e) { - Slapi_DN *base_sdn; - const Slapi_DN *entry_sdn; - Slapi_Filter *filter; char **set_bases; char *set_filter; int i; - /* Decide if the directory server entry belongs in this map. That - * means that it must be contained by one of the bases of the map. */ - entry_sdn = slapi_sdn_new_ndn_byref(slapi_entry_get_ndn(e)); - if (entry_sdn == NULL) { - return FALSE; - } else { - /* Check each base in turn. */ - set_bases = backend_set_config_get_bases(set_data); - for (i = 0; - (set_bases != NULL) && (set_bases[i] != NULL); - i++) { - base_sdn = slapi_sdn_new_dn_byval(set_bases[i]); - if (base_sdn == NULL) { - return FALSE; - } else { - if (slapi_sdn_scope_test(entry_sdn, - base_sdn, - LDAP_SCOPE_SUB) == 0) { - /* The entry is not contained by the - * base -- go on to try the next one. */ - slapi_sdn_free(&base_sdn); - continue; - } - /* The entry is contained by the base. */ - slapi_sdn_free(&base_sdn); - break; - } - } - /* If we ran out of bases to check, it doesn't match. */ - if ((set_bases == NULL) || (set_bases[i] == NULL)) { - return FALSE; - } - } - /* If it's contained by a search base, compare it to the filter. */ + set_bases = backend_set_config_get_bases(set_data); set_filter = backend_set_config_get_filter(set_data); - filter = slapi_str2filter(set_filter); - if (filter == NULL) { - return FALSE; - } else { - if (slapi_vattr_filter_test(pb, e, filter, 0) != 0) { - /* Didn't match -- return. */ - slapi_filter_free(filter, 1); - return FALSE; + if (set_bases != NULL) { + for (i = 0; set_bases[i] != NULL; i++) { + if (backend_shr_entry_matches(pb, e, + set_bases[i], + LDAP_SCOPE_SUB, + set_filter)) { + return TRUE; + } } - slapi_filter_free(filter, 1); } - return TRUE; + return FALSE; } /* Given an entry, return true if it describes a set. */ diff --git a/src/back-shr.h b/src/back-shr.h new file mode 100644 index 0000000..2471676 --- /dev/null +++ b/src/back-shr.h @@ -0,0 +1,49 @@ +/* + * Copyright 2008 Red Hat, Inc. + * + * This Program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; version 2 of the License. + * + * This Program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this Program; if not, write to the + * + * Free Software Foundation, Inc. + * 59 Temple Place, Suite 330 + * Boston, MA 02111-1307 USA + * + */ + +#ifndef back_shr_h +#define back_shr_h + +struct plugin_state; + +void backend_shr_free_server_name(struct plugin_state *state, char *master); +int backend_shr_read_server_name(struct plugin_state *state, char **master); + +void backend_shr_free_strlist(char **strlist); +char **backend_shr_dup_strlist_n(char **strlist, int n); +char **backend_shr_dup_strlist(char **strlist); +void backend_shr_add_strlist(char ***strlist, const char *item); + +void backend_shr_startup(struct plugin_state *state, const char *set_filter); +void backend_shr_postop_init(Slapi_PBlock *pb, struct plugin_state *state); + +bool_t backend_shr_entry_matches(Slapi_PBlock *pb, Slapi_Entry *e, + const char *containing_ndn, int scope, + const char *check_filter); +int backend_shr_set_config_entry_add_one(struct plugin_state *state, + Slapi_Entry *e, + const char *group_name, + const char *set_name); +int backend_shr_set_config_entry_delete(struct plugin_state *state, + Slapi_Entry *e, + const char *group_attr, + const char *set_attr); +#endif diff --git a/src/plug-sch.c b/src/plug-sch.c index 0149003..b406893 100644 --- a/src/plug-sch.c +++ b/src/plug-sch.c @@ -60,7 +60,7 @@ /* the module initialization function */ static Slapi_PluginDesc plugin_description = { - .spd_id = "schema-plugin", + .spd_id = "schema-compat-plugin", .spd_vendor = "redhat.com", .spd_version = PACKAGE_VERSION, .spd_description = "Schema Compatibility Plugin", |