diff options
Diffstat (limited to 'src/back-sch.c')
-rw-r--r-- | src/back-sch.c | 62 |
1 files changed, 52 insertions, 10 deletions
diff --git a/src/back-sch.c b/src/back-sch.c index 78f2627..1c388da 100644 --- a/src/back-sch.c +++ b/src/back-sch.c @@ -259,15 +259,6 @@ backend_set_config_read_config(struct plugin_state *state, Slapi_Entry *e, free(nsswitch_min_id); } - if (ret.check_nsswitch != SCH_NSSWITCH_NONE) { - /* If we're adding nsswitch-based entries to this map, make - * sure that we copy the schema-compat-origin and SID - * attributes, so that we can read the former during the BIND - * callback. */ - backend_shr_add_strlist(&ret.attribute_format, "objectClass=%ifeq(\"%{ipaNTSecurityIdentifier}\",\"\",\"\",\"extensibleObject\")"); - backend_shr_add_strlist(&ret.attribute_format, "ipaNTSecurityIdentifier=%{ipaNTSecurityIdentifier}"); - } - *pret = backend_copy_set_config(&ret); if (*pret == NULL) { if (strlen(container) > 0) { @@ -1005,6 +996,7 @@ backend_search_entry_cb(const char *domain, const char *map, bool_t secure, void *backend_data, void *cb_data) { Slapi_DN *sdn; + Slapi_Entry *entry; struct backend_search_cbdata *cbdata; struct backend_entry_data *entry_data; int result; @@ -1043,9 +1035,25 @@ backend_search_entry_cb(const char *domain, const char *map, bool_t secure, cbdata->state->plugin_desc->spd_id, "search matched %s\n", slapi_sdn_get_ndn(sdn)); - slapi_send_ldap_search_entry(cbdata->pb, entry_data->e, NULL, + entry = entry_data->e; +#ifdef USE_IPA_IDVIEWS + if (cbdata->idview != NULL) { + entry = slapi_entry_dup(entry_data->e); + idview_process_overrides(cbdata, key, map, domain, entry); + } + + if (slapi_entry_attr_exists(entry, IPA_IDVIEWS_ATTR_ANCHORUUID) == 1) { + slapi_entry_attr_delete(entry, IPA_IDVIEWS_ATTR_ANCHORUUID); + slapi_entry_delete_string(entry, "objectClass", "ipaOverrideTarget"); + } +#endif + slapi_send_ldap_search_entry(cbdata->pb, entry, NULL, cbdata->attrs, cbdata->attrsonly); cbdata->n_entries++; + + if (entry != entry_data->e) { + slapi_entry_free(entry); + } break; } @@ -1104,6 +1112,13 @@ backend_search_set_cb(const char *group, const char *set, bool_t flag, slapi_log_error(SLAPI_LOG_PLUGIN, cbdata->state->plugin_desc->spd_id, "search matched %s\n", ndn); +#ifdef USE_IPA_IDVIEWS + if (cbdata->idview != NULL) { + idview_process_overrides(cbdata, NULL, + set_data->common.set, + set_data->common.group, set_entry); + } +#endif slapi_send_ldap_search_entry(cbdata->pb, set_entry, NULL, cbdata->attrs, cbdata->attrsonly); @@ -1216,6 +1231,11 @@ backend_search_group_cb(const char *group, void *cb_data) slapi_log_error(SLAPI_LOG_PLUGIN, cbdata->state->plugin_desc->spd_id, "search matched %s\n", group); +#ifdef USE_IPA_IDVIEWS + if (cbdata->idview != NULL) { + idview_process_overrides(cbdata, NULL, NULL, group, group_entry); + } +#endif slapi_send_ldap_search_entry(cbdata->pb, group_entry, NULL, cbdata->attrs, cbdata->attrsonly); @@ -1313,11 +1333,16 @@ backend_search_cb(Slapi_PBlock *pb) cbdata.n_entries = 0; cbdata.staged = NULL; cbdata.cur_staged = NULL; + cbdata.idview = NULL; + cbdata.overrides = NULL; /* Okay, we can search. */ slapi_log_error(SLAPI_LOG_PLUGIN, cbdata.state->plugin_desc->spd_id, "searching from \"%s\" for \"%s\" with scope %d%s\n", cbdata.target, cbdata.strfilter, cbdata.scope, backend_sch_scope_as_string(cbdata.scope)); +#ifdef USE_IPA_IDVIEWS + idview_replace_target_dn(&cbdata.target, &cbdata.idview); +#endif cbdata.target_dn = slapi_sdn_new_dn_byval(cbdata.target); /* Check if there's a backend handling this search. */ if (!slapi_be_exist(cbdata.target_dn)) { @@ -1326,10 +1351,18 @@ backend_search_cb(Slapi_PBlock *pb) "slapi_be_exists(\"%s\") = 0, " "ignoring search\n", cbdata.target); slapi_sdn_free(&cbdata.target_dn); + slapi_ch_free_string(&cbdata.idview); +#ifdef USE_IPA_IDVIEWS + idview_free_overrides(&cbdata); +#endif return 0; } + /* Walk the list of groups. */ wrap_inc_call_level(); +#ifdef USE_IPA_IDVIEWS + idview_replace_filter(&cbdata); +#endif if (map_rdlock() == 0) { map_data_foreach_domain(cbdata.state, backend_search_group_cb, &cbdata); @@ -1468,6 +1501,10 @@ backend_search_cb(Slapi_PBlock *pb) cbdata.n_entries, NULL); } slapi_sdn_free(&cbdata.target_dn); + slapi_ch_free_string(&cbdata.idview); +#ifdef USE_IPA_IDVIEWS + idview_free_overrides(&cbdata); +#endif free(cbdata.closest_match); free(cbdata.text); return cbdata.answer ? -1 : 0; @@ -1525,6 +1562,7 @@ static void backend_locate(Slapi_PBlock *pb, struct backend_entry_data **data, const char **group, const char**set) { struct backend_locate_cbdata cbdata; + char *idview = NULL; slapi_pblock_get(pb, SLAPI_PLUGIN_PRIVATE, &cbdata.state); if (cbdata.state->plugin_base == NULL) { @@ -1533,6 +1571,9 @@ backend_locate(Slapi_PBlock *pb, struct backend_entry_data **data, const char ** return; } slapi_pblock_get(pb, SLAPI_TARGET_DN, &cbdata.target); +#ifdef USE_IPA_IDVIEWS + idview_replace_target_dn(&cbdata.target, &idview); +#endif cbdata.target_dn = slapi_sdn_new_dn_byval(cbdata.target); cbdata.entry_data = NULL; cbdata.entry_group = NULL; @@ -1542,6 +1583,7 @@ backend_locate(Slapi_PBlock *pb, struct backend_entry_data **data, const char ** *group = cbdata.entry_group; *set = cbdata.entry_set; slapi_sdn_free(&cbdata.target_dn); + slapi_ch_free_string(&idview); } /* Check if the target DN is part of this group's tree. If it is, return an |