From 59e68edcdef8ea19fb04294d89d7a43d8795034c Mon Sep 17 00:00:00 2001 From: Mark Reynolds Date: Wed, 18 Jun 2014 08:38:26 -0400 Subject: [PATCH] Ticket 47810 - investigate betxn plugins to ensure they return the correct error code Bug Description: Prior to backend transaction plugin types, postop error codes didn't really have an effect, so often times a success result was implicitly being returned. Fix Description: Alawys return the correct error code for all backend transaction plugins. https://fedorahosted.org/389/ticket/47810 Jenkins: Passed TET: Passed Reviewed by: ? --- ldap/servers/plugins/linkedattrs/linked_attrs.c | 174 +++++++++++++++------ ldap/servers/plugins/memberof/memberof.c | 165 ++++++++++++++++---- ldap/servers/plugins/mep/mep.c | 72 ++++++--- ldap/servers/plugins/pam_passthru/pam_ptpreop.c | 3 + ldap/servers/plugins/retrocl/retrocl_po.c | 195 +++++++++++++----------- 5 files changed, 416 insertions(+), 193 deletions(-) diff --git a/ldap/servers/plugins/linkedattrs/linked_attrs.c b/ldap/servers/plugins/linkedattrs/linked_attrs.c index 73247e5..20bb9fa 100644 --- a/ldap/servers/plugins/linkedattrs/linked_attrs.c +++ b/ldap/servers/plugins/linkedattrs/linked_attrs.c @@ -55,6 +55,8 @@ static Slapi_RWLock *g_config_lock; static void *_PluginID = NULL; static char *_PluginDN = NULL; int plugin_is_betxn = 0; +/* For future use - enforce all linked attribute operations succeed */ +static int strict_results = 0; static Slapi_PluginDesc pdesc = { LINK_FEATURE_DESC, VENDOR, @@ -106,13 +108,13 @@ static int linked_attrs_config_exists_reverse(struct configEntry *entry); static int linked_attrs_oktodo(Slapi_PBlock *pb); void linked_attrs_load_array(Slapi_Value **array, Slapi_Attr *attr); int linked_attrs_compare(const void *a, const void *b); -static void linked_attrs_add_backpointers(char *linkdn, struct configEntry *config, +static int linked_attrs_add_backpointers(char *linkdn, struct configEntry *config, Slapi_Mod *smod); -static void linked_attrs_del_backpointers(Slapi_PBlock *pb, char *linkdn, +static int linked_attrs_del_backpointers(Slapi_PBlock *pb, char *linkdn, struct configEntry *config, Slapi_Mod *smod); -static void linked_attrs_replace_backpointers(Slapi_PBlock *pb, char *linkdn, +static int linked_attrs_replace_backpointers(Slapi_PBlock *pb, char *linkdn, struct configEntry *config, Slapi_Mod *smod); -static void linked_attrs_mod_backpointers(char *linkdn, char *type, char *scope, +static int linked_attrs_mod_backpointers(char *linkdn, char *type, char *scope, int modop, Slapi_ValueSet *targetvals); /* @@ -1247,17 +1249,19 @@ linked_attrs_compare(const void *a, const void *b) * Adds backpointers pointing to dn to the entries referred to * by the values in smod. */ -static void +static int linked_attrs_add_backpointers(char *linkdn, struct configEntry *config, Slapi_Mod *smod) { Slapi_ValueSet *vals = slapi_valueset_new(); + int rc = LDAP_SUCCESS; slapi_valueset_set_from_smod(vals, smod); - linked_attrs_mod_backpointers(linkdn, config->managedtype, config->scope, + rc = linked_attrs_mod_backpointers(linkdn, config->managedtype, config->scope, LDAP_MOD_ADD, vals); slapi_valueset_free(vals); + return rc; } /* @@ -1266,11 +1270,12 @@ linked_attrs_add_backpointers(char *linkdn, struct configEntry *config, * Remove backpointers pointing to linkdn in the entries referred * to by the values in smod. */ -static void +static int linked_attrs_del_backpointers(Slapi_PBlock *pb, char *linkdn, struct configEntry *config, Slapi_Mod *smod) { Slapi_ValueSet *vals = NULL; + int rc = LDAP_SUCCESS; /* If no values are listed in the smod, we need to get * a list of all of the values that were deleted by @@ -1287,10 +1292,11 @@ linked_attrs_del_backpointers(Slapi_PBlock *pb, char *linkdn, slapi_valueset_set_from_smod(vals, smod); } - linked_attrs_mod_backpointers(linkdn, config->managedtype, config->scope, + rc = linked_attrs_mod_backpointers(linkdn, config->managedtype, config->scope, LDAP_MOD_DELETE, vals); - slapi_valueset_free(vals); + + return rc; } /* @@ -1301,7 +1307,7 @@ linked_attrs_del_backpointers(Slapi_PBlock *pb, char *linkdn, * for any new values that were added as a part of the * replace operation. */ -static void +static int linked_attrs_replace_backpointers(Slapi_PBlock *pb, char *linkdn, struct configEntry *config, Slapi_Mod *smod) { @@ -1309,6 +1315,7 @@ linked_attrs_replace_backpointers(Slapi_PBlock *pb, char *linkdn, Slapi_Entry *post_e = NULL; Slapi_Attr *pre_attr = 0; Slapi_Attr *post_attr = 0; + int rc = LDAP_SUCCESS; /* Get the pre and post copy of the entry to see * what values have been added and removed. */ @@ -1404,13 +1411,13 @@ linked_attrs_replace_backpointers(Slapi_PBlock *pb, char *linkdn, /* Perform the actual updates to the target entries. */ if (delvals) { - linked_attrs_mod_backpointers(linkdn, config->managedtype, + rc = linked_attrs_mod_backpointers(linkdn, config->managedtype, config->scope, LDAP_MOD_DELETE, delvals); slapi_valueset_free(delvals); } - if (addvals) { - linked_attrs_mod_backpointers(linkdn, config->managedtype, + if (rc == LDAP_SUCCESS && addvals) { + rc = linked_attrs_mod_backpointers(linkdn, config->managedtype, config->scope, LDAP_MOD_ADD, addvals); slapi_valueset_free(addvals); } @@ -1418,6 +1425,8 @@ linked_attrs_replace_backpointers(Slapi_PBlock *pb, char *linkdn, slapi_ch_free((void **)&pre_array); slapi_ch_free((void **)&post_array); } + + return rc; } /* @@ -1425,7 +1434,7 @@ linked_attrs_replace_backpointers(Slapi_PBlock *pb, char *linkdn, * * Performs backpointer management. */ -static void +static int linked_attrs_mod_backpointers(char *linkdn, char *type, char *scope, int modop, Slapi_ValueSet *targetvals) { @@ -1435,6 +1444,7 @@ linked_attrs_mod_backpointers(char *linkdn, char *type, LDAPMod mod; LDAPMod *mods[2]; Slapi_Value *targetval = NULL; + int rc = LDAP_SUCCESS; /* Setup the modify operation. Only the target will * change, so we only need to do this once. */ @@ -1481,7 +1491,14 @@ linked_attrs_mod_backpointers(char *linkdn, char *type, slapi_modify_internal_set_pb_ext(mod_pb, targetsdn, mods, 0, 0, linked_attrs_get_plugin_id(), 0); slapi_modify_internal_pb(mod_pb); - + if (strict_results){ + /* we are enforcing strict results, so return the error */ + slapi_pblock_get(mod_pb, SLAPI_PLUGIN_INTOP_RESULT, &rc); + if(rc != LDAP_SUCCESS){ + slapi_sdn_free(&targetsdn); + break; + } + } /* Initialize the pblock so we can reuse it. */ slapi_pblock_init(mod_pb); } @@ -1491,6 +1508,8 @@ linked_attrs_mod_backpointers(char *linkdn, char *type, } slapi_pblock_destroy(mod_pb); + + return rc; } @@ -1607,6 +1626,7 @@ linked_attrs_mod_post_op(Slapi_PBlock *pb) char *dn = NULL; struct configEntry *config = NULL; void *caller_id = NULL; + int rc = SLAPI_PLUGIN_SUCCESS; slapi_log_error(SLAPI_LOG_TRACE, LINK_PLUGIN_SUBSYSTEM, "--> linked_attrs_mod_post_op\n"); @@ -1662,27 +1682,36 @@ linked_attrs_mod_post_op(Slapi_PBlock *pb) case LDAP_MOD_ADD: /* Find the entries pointed to by the new * values and add the backpointers. */ - linked_attrs_add_backpointers(dn, config, smod); + rc = linked_attrs_add_backpointers(dn, config, smod); break; case LDAP_MOD_DELETE: /* Find the entries pointed to by the deleted * values and remove the backpointers. */ - linked_attrs_del_backpointers(pb, dn, config, smod); + rc = linked_attrs_del_backpointers(pb, dn, config, smod); break; case LDAP_MOD_REPLACE: /* Find the entries pointed to by the deleted * values and remove the backpointers. If * any new values are being added, find those * entries and add the backpointers. */ - linked_attrs_replace_backpointers(pb, dn, config, smod); + rc = linked_attrs_replace_backpointers(pb, dn, config, smod); break; default: slapi_log_error(SLAPI_LOG_PLUGIN, LINK_PLUGIN_SUBSYSTEM, "linked_attrs_mod_post_op: unknown mod type\n" ); + rc = SLAPI_PLUGIN_FAILURE; break; } slapi_unlock_mutex(config->lock); + if(rc != LDAP_SUCCESS){ + slapi_log_error(SLAPI_LOG_FATAL, LINK_PLUGIN_SUBSYSTEM, + "linked_attrs_mod_post_op - update failed (%d)\n",rc); + linked_attrs_unlock(); + slapi_mod_done(next_mod); + break; + } + } config = NULL; @@ -1695,10 +1724,14 @@ linked_attrs_mod_post_op(Slapi_PBlock *pb) slapi_mods_free(&smods); } + if (rc) { + slapi_pblock_set(pb, SLAPI_RESULT_CODE, &rc); + rc = SLAPI_PLUGIN_FAILURE; + } slapi_log_error(SLAPI_LOG_TRACE, LINK_PLUGIN_SUBSYSTEM, - "<-- linked_attrs_mod_post_op\n"); + "<-- linked_attrs_mod_post_op (%d)\n", rc); - return SLAPI_PLUGIN_SUCCESS; + return rc; } static int @@ -1706,6 +1739,7 @@ linked_attrs_add_post_op(Slapi_PBlock *pb) { Slapi_Entry *e = NULL; char *dn = NULL; + int rc = SLAPI_PLUGIN_SUCCESS; slapi_log_error(SLAPI_LOG_TRACE, LINK_PLUGIN_SUBSYSTEM, "--> linked_attrs_add_post_op\n"); @@ -1748,15 +1782,19 @@ linked_attrs_add_post_op(Slapi_PBlock *pb) Slapi_ValueSet *vals = NULL; slapi_attr_get_valueset(attr, &vals); - slapi_lock_mutex(config->lock); - linked_attrs_mod_backpointers(dn, config->managedtype, + rc = linked_attrs_mod_backpointers(dn, config->managedtype, config->scope, LDAP_MOD_ADD, vals); slapi_unlock_mutex(config->lock); - slapi_valueset_free(vals); + if(rc != LDAP_SUCCESS){ + slapi_log_error(SLAPI_LOG_FATAL, LINK_PLUGIN_SUBSYSTEM, + "linked_attrs_add_post_op: update failed (%d)\n",rc); + linked_attrs_unlock(); + break; + } } config = NULL; @@ -1770,10 +1808,14 @@ linked_attrs_add_post_op(Slapi_PBlock *pb) "retrieving post-op entry %s\n", dn); } + if (rc) { + slapi_pblock_set(pb, SLAPI_RESULT_CODE, &rc); + rc = SLAPI_PLUGIN_FAILURE; + } slapi_log_error(SLAPI_LOG_TRACE, LINK_PLUGIN_SUBSYSTEM, "<-- linked_attrs_add_post_op\n"); - return SLAPI_PLUGIN_SUCCESS; + return rc; } static int @@ -1781,13 +1823,14 @@ linked_attrs_del_post_op(Slapi_PBlock *pb) { char *dn = NULL; Slapi_Entry *e = NULL; + int rc = SLAPI_PLUGIN_SUCCESS; slapi_log_error(SLAPI_LOG_TRACE, LINK_PLUGIN_SUBSYSTEM, "--> linked_attrs_del_post_op\n"); /* Just bail if we aren't ready to service requests yet. */ if (!linked_attrs_oktodo(pb)){ - return SLAPI_PLUGIN_SUCCESS; + return rc; } /* Reload config if a config entry was deleted. */ @@ -1818,7 +1861,7 @@ linked_attrs_del_post_op(Slapi_PBlock *pb) /* Bail out if the plug-in close function was just called. */ if (!slapi_plugin_running(pb)) { linked_attrs_unlock(); - return SLAPI_PLUGIN_SUCCESS; + return rc; } linked_attrs_find_config(dn, type, &config); @@ -1828,15 +1871,19 @@ linked_attrs_del_post_op(Slapi_PBlock *pb) Slapi_ValueSet *vals = NULL; slapi_attr_get_valueset(attr, &vals); - slapi_lock_mutex(config->lock); - linked_attrs_mod_backpointers(dn, config->managedtype, + rc = linked_attrs_mod_backpointers(dn, config->managedtype, config->scope, LDAP_MOD_DELETE, vals); slapi_unlock_mutex(config->lock); - slapi_valueset_free(vals); + if (rc != LDAP_SUCCESS){ + slapi_log_error(SLAPI_LOG_FATAL, LINK_PLUGIN_SUBSYSTEM, + "linked_attrs_del_post_op - update failed (%d)\n",rc); + linked_attrs_unlock(); + break; + } } config = NULL; @@ -1855,18 +1902,23 @@ linked_attrs_del_post_op(Slapi_PBlock *pb) if (config) { Slapi_ValueSet *vals = slapi_valueset_new(); - slapi_valueset_add_value(vals, val); + slapi_valueset_add_value(vals, val); slapi_lock_mutex(config->lock); /* Delete forward link value. */ - linked_attrs_mod_backpointers(dn, config->linktype, - config->scope, LDAP_MOD_DELETE, vals); + rc = linked_attrs_mod_backpointers(dn, config->linktype, + config->scope, LDAP_MOD_DELETE, vals); slapi_unlock_mutex(config->lock); - slapi_valueset_free(vals); config = NULL; + if(rc != LDAP_SUCCESS){ + slapi_log_error(SLAPI_LOG_FATAL, LINK_PLUGIN_SUBSYSTEM, + "linked_attrs_del_post_op: update failed (%d)\n",rc); + linked_attrs_unlock(); + goto bail; + } } hint = slapi_attr_next_value(attr, hint, &val); @@ -1878,15 +1930,21 @@ linked_attrs_del_post_op(Slapi_PBlock *pb) slapi_entry_next_attr(e, attr, &attr); } } else { - slapi_log_error(SLAPI_LOG_PLUGIN, LINK_PLUGIN_SUBSYSTEM, + slapi_log_error(SLAPI_LOG_FATAL, LINK_PLUGIN_SUBSYSTEM, "linked_attrs_del_post_op: Error " "retrieving pre-op entry %s\n", dn); + rc = SLAPI_PLUGIN_FAILURE; } +bail: + if (rc) { + slapi_pblock_set(pb, SLAPI_RESULT_CODE, &rc); + rc = SLAPI_PLUGIN_FAILURE; + } slapi_log_error(SLAPI_LOG_TRACE, LINK_PLUGIN_SUBSYSTEM, "<-- linked_attrs_del_post_op\n"); - return SLAPI_PLUGIN_SUCCESS; + return rc; } static int @@ -1955,17 +2013,21 @@ linked_attrs_modrdn_post_op(Slapi_PBlock *pb) Slapi_ValueSet *vals = NULL; slapi_attr_get_valueset(attr, &vals); - slapi_lock_mutex(config->lock); /* Delete old dn value. */ - linked_attrs_mod_backpointers(old_dn, config->managedtype, + rc = linked_attrs_mod_backpointers(old_dn, config->managedtype, config->scope, LDAP_MOD_DELETE, vals); slapi_unlock_mutex(config->lock); - slapi_valueset_free(vals); config = NULL; + if(rc != LDAP_SUCCESS){ + slapi_log_error(SLAPI_LOG_FATAL, LINK_PLUGIN_SUBSYSTEM, + "linked_attrs_modrdn_post_op: update failed(old type) (%d)\n",rc); + linked_attrs_unlock(); + break; + } } linked_attrs_find_config(new_dn, type, &config); @@ -1978,17 +2040,21 @@ linked_attrs_modrdn_post_op(Slapi_PBlock *pb) Slapi_ValueSet *vals = NULL; slapi_attr_get_valueset(attr, &vals); - slapi_lock_mutex(config->lock); /* Add new dn value. */ - linked_attrs_mod_backpointers(new_dn, config->managedtype, - config->scope, LDAP_MOD_ADD, vals); + rc = linked_attrs_mod_backpointers(new_dn, config->managedtype, + config->scope, LDAP_MOD_ADD, vals); slapi_unlock_mutex(config->lock); - slapi_valueset_free(vals); config = NULL; + if(rc != LDAP_SUCCESS){ + slapi_log_error(SLAPI_LOG_FATAL, LINK_PLUGIN_SUBSYSTEM, + "linked_attrs_modrdn_post_op: update failed(new type) (%d)\n",rc); + linked_attrs_unlock(); + break; + } } /* See if any of the values for this attribute are managed @@ -2006,22 +2072,35 @@ linked_attrs_modrdn_post_op(Slapi_PBlock *pb) /* If the new DN is within scope, we should fixup the forward links. */ if (config && slapi_dn_issuffix(new_dn, (config->scope))) { Slapi_ValueSet *vals = slapi_valueset_new(); - slapi_valueset_add_value(vals, val); + slapi_valueset_add_value(vals, val); slapi_lock_mutex(config->lock); /* Delete old dn value. */ - linked_attrs_mod_backpointers(old_dn, config->linktype, + rc = linked_attrs_mod_backpointers(old_dn, config->linktype, config->scope, LDAP_MOD_DELETE, vals); + if(rc != LDAP_SUCCESS){ + slapi_log_error(SLAPI_LOG_FATAL, LINK_PLUGIN_SUBSYSTEM, + "linked_attrs_modrdn_post_op: update failed(old dn) (%d)\n",rc); + slapi_unlock_mutex(config->lock); + slapi_valueset_free(vals); + linked_attrs_unlock(); + goto done; + } /* Add new dn value. */ - linked_attrs_mod_backpointers(new_dn, config->linktype, - config->scope, LDAP_MOD_ADD, vals); + rc = linked_attrs_mod_backpointers(new_dn, config->linktype, + config->scope, LDAP_MOD_ADD, vals); slapi_unlock_mutex(config->lock); - slapi_valueset_free(vals); config = NULL; + if(rc != LDAP_SUCCESS){ + slapi_log_error(SLAPI_LOG_FATAL, LINK_PLUGIN_SUBSYSTEM, + "linked_attrs_modrdn_post_op: update failed(new dn) (%d)\n",rc); + linked_attrs_unlock(); + goto done; + } } hint = slapi_attr_next_value(attr, hint, &val); @@ -2032,6 +2111,7 @@ linked_attrs_modrdn_post_op(Slapi_PBlock *pb) slapi_entry_next_attr(post_e, attr, &attr); } + done: slapi_log_error(SLAPI_LOG_TRACE, LINK_PLUGIN_SUBSYSTEM, "<-- linked_attrs_modrdn_post_op\n"); diff --git a/ldap/servers/plugins/memberof/memberof.c b/ldap/servers/plugins/memberof/memberof.c index 1073b8e..11ac965 100644 --- a/ldap/servers/plugins/memberof/memberof.c +++ b/ldap/servers/plugins/memberof/memberof.c @@ -147,7 +147,7 @@ static void memberof_set_plugin_id(void * plugin_id); static int memberof_compare(MemberOfConfig *config, const void *a, const void *b); static int memberof_qsort_compare(const void *a, const void *b); static void memberof_load_array(Slapi_Value **array, Slapi_Attr *attr); -static void memberof_del_dn_from_groups(Slapi_PBlock *pb, MemberOfConfig *config, Slapi_DN *sdn); +static int memberof_del_dn_from_groups(Slapi_PBlock *pb, MemberOfConfig *config, Slapi_DN *sdn); static int memberof_call_foreach_dn(Slapi_PBlock *pb, Slapi_DN *sdn, char **types, plugin_search_entry_callback callback, void *callback_data); static int memberof_is_direct_member(MemberOfConfig *config, Slapi_Value *groupdn, @@ -162,7 +162,7 @@ static int memberof_test_membership(Slapi_PBlock *pb, MemberOfConfig *config, static int memberof_test_membership_callback(Slapi_Entry *e, void *callback_data); static int memberof_del_dn_type_callback(Slapi_Entry *e, void *callback_data); static int memberof_replace_dn_type_callback(Slapi_Entry *e, void *callback_data); -static void memberof_replace_dn_from_groups(Slapi_PBlock *pb, MemberOfConfig *config, +static int memberof_replace_dn_from_groups(Slapi_PBlock *pb, MemberOfConfig *config, Slapi_DN *pre_sdn, Slapi_DN *post_sdn); static int memberof_modop_one_replace_r(Slapi_PBlock *pb, MemberOfConfig *config, int mod_op, Slapi_DN *group_sdn, Slapi_DN *op_this_sdn, @@ -556,7 +556,14 @@ int memberof_postop_del(Slapi_PBlock *pb) /* remove this DN from the * membership lists of groups */ - memberof_del_dn_from_groups(pb, &configCopy, sdn); + if((ret = memberof_del_dn_from_groups(pb, &configCopy, sdn))){ + slapi_log_error(SLAPI_LOG_FATAL, MEMBEROF_PLUGIN_SUBSYSTEM, + "memberof_postop_del: error deleting dn (%s) from group. Error (%d)", + slapi_sdn_get_dn(sdn),ret); + memberof_unlock(); + memberof_free_config(&configCopy); + goto bail; + } /* is the entry of interest as a group? */ if(e && configCopy.group_filter && !slapi_filter_test_simple(e, configCopy.group_filter)) @@ -565,20 +572,28 @@ int memberof_postop_del(Slapi_PBlock *pb) Slapi_Attr *attr = 0; /* Loop through to find each grouping attribute separately. */ - for (i = 0; configCopy.groupattrs[i]; i++) + for (i = 0; configCopy.groupattrs[i] && ret == LDAP_SUCCESS; i++) { if (0 == slapi_entry_attr_find(e, configCopy.groupattrs[i], &attr)) { - memberof_del_attr_list(pb, &configCopy, sdn, attr); + if((ret = memberof_del_attr_list(pb, &configCopy, sdn, attr))){ + slapi_log_error( SLAPI_LOG_FATAL, MEMBEROF_PLUGIN_SUBSYSTEM, + "memberof_postop_del: error deleting attr list - dn (%s). Error (%d)", + slapi_sdn_get_dn(sdn),ret); + } + } } } - memberof_unlock(); - memberof_free_config(&configCopy); } +bail: + if(ret){ + slapi_pblock_set(pb, SLAPI_RESULT_CODE, &ret); + ret = SLAPI_PLUGIN_FAILURE; + } slapi_log_error( SLAPI_LOG_TRACE, MEMBEROF_PLUGIN_SUBSYSTEM, "<-- memberof_postop_del\n" ); return ret; @@ -591,28 +606,32 @@ typedef struct _memberof_del_dn_data } memberof_del_dn_data; /* Deletes a member dn from all groups that refer to it. */ -static void +static int memberof_del_dn_from_groups(Slapi_PBlock *pb, MemberOfConfig *config, Slapi_DN *sdn) { int i = 0; char *groupattrs[2] = {0, 0}; + int rc = LDAP_SUCCESS; /* Loop through each grouping attribute to find groups that have * dn as a member. For any matches, delete the dn value from the * same grouping attribute. */ - for (i = 0; config->groupattrs && config->groupattrs[i]; i++) + for (i = 0; config->groupattrs && config->groupattrs[i] && rc == LDAP_SUCCESS; i++) { memberof_del_dn_data data = {(char *)slapi_sdn_get_dn(sdn), config->groupattrs[i]}; groupattrs[0] = config->groupattrs[i]; - memberof_call_foreach_dn(pb, sdn, groupattrs, - memberof_del_dn_type_callback, &data); + rc = memberof_call_foreach_dn(pb, sdn, groupattrs, + memberof_del_dn_type_callback, &data); } + + return rc; } -int memberof_del_dn_type_callback(Slapi_Entry *e, void *callback_data) +int +memberof_del_dn_type_callback(Slapi_Entry *e, void *callback_data) { int rc = 0; LDAPMod mod; @@ -654,7 +673,8 @@ int memberof_del_dn_type_callback(Slapi_Entry *e, void *callback_data) * is a user, you'd want "type" to be "member". If "dn" is a group, you * could want type to be either "member" or "memberOf" depending on the case. */ -int memberof_call_foreach_dn(Slapi_PBlock *pb, Slapi_DN *sdn, +int +memberof_call_foreach_dn(Slapi_PBlock *pb, Slapi_DN *sdn, char **types, plugin_search_entry_callback callback, void *callback_data) { Slapi_PBlock *search_pb = NULL; @@ -763,6 +783,11 @@ int memberof_call_foreach_dn(Slapi_PBlock *pb, Slapi_DN *sdn, slapi_search_internal_set_pb(search_pb, slapi_sdn_get_dn(base_sdn), LDAP_SCOPE_SUBTREE, filter_str, 0, 0, 0, 0, memberof_get_plugin_id(), 0); slapi_search_internal_callback_pb(search_pb, callback_data, 0, callback, 0); + slapi_pblock_get(search_pb, SLAPI_PLUGIN_INTOP_RESULT, &rc); + if(rc != LDAP_SUCCESS){ + break; + } + if(!all_backends){ break; @@ -841,8 +866,12 @@ int memberof_postop_modrdn(Slapi_PBlock *pb) { if(0 == slapi_entry_attr_find(post_e, configCopy.groupattrs[i], &attr)) { - if(memberof_moddn_attr_list(pb, &configCopy, pre_sdn, - post_sdn, attr) != 0){ + if((ret = memberof_moddn_attr_list(pb, &configCopy, pre_sdn, + post_sdn, attr) != 0)) + { + slapi_log_error( SLAPI_LOG_FATAL, MEMBEROF_PLUGIN_SUBSYSTEM, + "memberof_postop_modrdn - update failed for (%s), error (%d)\n", + slapi_sdn_get_dn(pre_sdn), ret); break; } } @@ -852,13 +881,25 @@ int memberof_postop_modrdn(Slapi_PBlock *pb) /* It's possible that this is an entry who is a member * of other group entries. We need to update any member * attributes to refer to the new name. */ - if (pre_sdn && post_sdn) { + if (ret == LDAP_SUCCESS && pre_sdn && post_sdn) { if (entry_scope && !slapi_sdn_issuffix(post_sdn, entry_scope)) { memberof_del_dn_data del_data = {0, configCopy.memberof_attr}; - memberof_del_dn_from_groups(pb, &configCopy, pre_sdn); - memberof_del_dn_type_callback(post_e, &del_data); + if((ret = memberof_del_dn_from_groups(pb, &configCopy, pre_sdn))){ + slapi_log_error( SLAPI_LOG_FATAL, MEMBEROF_PLUGIN_SUBSYSTEM, + "memberof_postop_modrdn - delete dn failed for (%s), error (%d)\n", + slapi_sdn_get_dn(pre_sdn), ret); + } + if(ret == LDAP_SUCCESS && (ret = memberof_del_dn_type_callback(post_e, &del_data))){ + slapi_log_error( SLAPI_LOG_FATAL, MEMBEROF_PLUGIN_SUBSYSTEM, + "memberof_postop_modrdn - delete dn callback failed for (%s), error (%d)\n", + slapi_entry_get_dn(post_e), ret); + } } else { - memberof_replace_dn_from_groups(pb, &configCopy, pre_sdn, post_sdn); + if((ret = memberof_replace_dn_from_groups(pb, &configCopy, pre_sdn, post_sdn))){ + slapi_log_error( SLAPI_LOG_FATAL, MEMBEROF_PLUGIN_SUBSYSTEM, + "memberof_postop_modrdn - replace dne failed for (%s), error (%d)\n", + slapi_sdn_get_dn(pre_sdn), ret); + } } } @@ -866,6 +907,10 @@ int memberof_postop_modrdn(Slapi_PBlock *pb) memberof_free_config(&configCopy); } + if(ret){ + slapi_pblock_set(pb, SLAPI_RESULT_CODE, &ret); + ret = SLAPI_PLUGIN_FAILURE; + } slapi_log_error( SLAPI_LOG_TRACE, MEMBEROF_PLUGIN_SUBSYSTEM, "<-- memberof_postop_modrdn\n" ); return ret; @@ -881,12 +926,13 @@ typedef struct _replace_dn_data /* Finds any groups that have pre_dn as a member and modifies them to * to use post_dn instead. */ -static void +static int memberof_replace_dn_from_groups(Slapi_PBlock *pb, MemberOfConfig *config, Slapi_DN *pre_sdn, Slapi_DN *post_sdn) { int i = 0; char *groupattrs[2] = {0, 0}; + int ret = LDAP_SUCCESS; /* Loop through each grouping attribute to find groups that have * pre_dn as a member. For any matches, replace pre_dn with post_dn @@ -899,9 +945,15 @@ memberof_replace_dn_from_groups(Slapi_PBlock *pb, MemberOfConfig *config, groupattrs[0] = config->groupattrs[i]; - memberof_call_foreach_dn(pb, pre_sdn, groupattrs, - memberof_replace_dn_type_callback, &data); + if((ret = memberof_call_foreach_dn(pb, pre_sdn, groupattrs, + memberof_replace_dn_type_callback, + &data))) + { + break; + } } + + return ret; } @@ -1068,7 +1120,14 @@ int memberof_postop_modify(Slapi_PBlock *pb) case LDAP_MOD_ADD: { /* add group DN to targets */ - memberof_add_smod_list(pb, &configCopy, sdn, smod); + if((ret = memberof_add_smod_list(pb, &configCopy, sdn, smod))){ + slapi_log_error( SLAPI_LOG_FATAL, MEMBEROF_PLUGIN_SUBSYSTEM, + "memberof_postop_modify: failed to add dn (%s) to target. " + "Error (%d)\n", slapi_sdn_get_dn(sdn), ret ); + slapi_mod_done(next_mod); + memberof_unlock(); + goto bail; + } break; } @@ -1080,12 +1139,26 @@ int memberof_postop_modify(Slapi_PBlock *pb) * entry, which the replace code deals with. */ if (slapi_mod_get_num_values(smod) == 0) { - memberof_replace_list(pb, &configCopy, sdn); + if((ret = memberof_replace_list(pb, &configCopy, sdn))){ + slapi_log_error( SLAPI_LOG_FATAL, MEMBEROF_PLUGIN_SUBSYSTEM, + "memberof_postop_modify: failed to replace list (%s). " + "Error (%d)\n", slapi_sdn_get_dn(sdn), ret ); + slapi_mod_done(next_mod); + memberof_unlock(); + goto bail; + } } else { /* remove group DN from target values in smod*/ - memberof_del_smod_list(pb, &configCopy, sdn, smod); + if((ret = memberof_del_smod_list(pb, &configCopy, sdn, smod))){ + slapi_log_error( SLAPI_LOG_FATAL, MEMBEROF_PLUGIN_SUBSYSTEM, + "memberof_postop_modify: failed to remove dn (%s). " + "Error (%d)\n", slapi_sdn_get_dn(sdn), ret ); + slapi_mod_done(next_mod); + memberof_unlock(); + goto bail; + } } break; } @@ -1093,16 +1166,24 @@ int memberof_postop_modify(Slapi_PBlock *pb) case LDAP_MOD_REPLACE: { /* replace current values */ - memberof_replace_list(pb, &configCopy, sdn); + if((ret = memberof_replace_list(pb, &configCopy, sdn))){ + slapi_log_error( SLAPI_LOG_FATAL, MEMBEROF_PLUGIN_SUBSYSTEM, + "memberof_postop_modify: failed to replace values in dn (%s). " + "Error (%d)\n", slapi_sdn_get_dn(sdn), ret ); + slapi_mod_done(next_mod); + memberof_unlock(); + goto bail; + } break; } default: { slapi_log_error( - SLAPI_LOG_PLUGIN, + SLAPI_LOG_FATAL, MEMBEROF_PLUGIN_SUBSYSTEM, "memberof_postop_modify: unknown mod type\n" ); + ret = SLAPI_PLUGIN_FAILURE; break; } } @@ -1114,6 +1195,7 @@ int memberof_postop_modify(Slapi_PBlock *pb) smod = slapi_mods_get_next_smod(smods, next_mod); } +bail: if (config_copied) { memberof_free_config(&configCopy); @@ -1124,6 +1206,11 @@ int memberof_postop_modify(Slapi_PBlock *pb) } done: + if(ret){ + slapi_pblock_set(pb, SLAPI_RESULT_CODE, &ret); + ret = SLAPI_PLUGIN_FAILURE; + } + slapi_log_error( SLAPI_LOG_TRACE, MEMBEROF_PLUGIN_SUBSYSTEM, "<-- memberof_postop_modify\n" ); return ret; @@ -1186,7 +1273,12 @@ int memberof_postop_add(Slapi_PBlock *pb) { if(0 == slapi_entry_attr_find(e, configCopy.groupattrs[i], &attr)) { - memberof_add_attr_list(pb, &configCopy, sdn, attr); + if((ret = memberof_add_attr_list(pb, &configCopy, sdn, attr))){ + slapi_log_error( SLAPI_LOG_FATAL, MEMBEROF_PLUGIN_SUBSYSTEM, + "memberof_postop_add: failed to add dn(%s), error (%d)", + slapi_sdn_get_dn(sdn), ret); + break; + } } } @@ -1196,6 +1288,11 @@ int memberof_postop_add(Slapi_PBlock *pb) } } + if(ret){ + slapi_pblock_set(pb, SLAPI_RESULT_CODE, &ret); + ret = SLAPI_PLUGIN_FAILURE; + } + slapi_log_error( SLAPI_LOG_TRACE, MEMBEROF_PLUGIN_SUBSYSTEM, "<-- memberof_postop_add\n" ); @@ -1542,7 +1639,7 @@ memberof_modop_one_replace_r(Slapi_PBlock *pb, MemberOfConfig *config, if(LDAP_MOD_DELETE == mod_op || LDAP_MOD_ADD == mod_op) { /* find parent groups and replace our member attr */ - memberof_fix_memberof_callback(e, config); + rc = memberof_fix_memberof_callback(e, config); } else { /* single entry - do mod */ mod_pb = slapi_pblock_new(); @@ -1664,7 +1761,9 @@ int memberof_mod_smod_list(Slapi_PBlock *pb, MemberOfConfig *config, int mod, strncpy(dn_str, bv->bv_val, (size_t)bv->bv_len); slapi_sdn_set_dn_byref(sdn, dn_str); - memberof_modop_one(pb, config, mod, group_sdn, sdn); + if((rc = memberof_modop_one(pb, config, mod, group_sdn, sdn))){ + break; + } bv = slapi_mod_get_next_value(smod); } @@ -1743,7 +1842,7 @@ int memberof_mod_attr_list_r(Slapi_PBlock *pb, MemberOfConfig *config, int mod, op_this_val = slapi_value_new_string(slapi_sdn_get_ndn(op_this_sdn)); slapi_value_set_flags(op_this_val, SLAPI_ATTR_FLAG_NORMALIZED_CIS); - while(val) + while(val && rc == 0) { char *dn_str = 0; struct berval *bv = 0; @@ -1779,13 +1878,13 @@ int memberof_mod_attr_list_r(Slapi_PBlock *pb, MemberOfConfig *config, int mod, slapi_sdn_set_normdn_byref(sdn, dn_str); /* dn_str is normalized */ if(mod == LDAP_MOD_REPLACE) { - memberof_modop_one_replace_r(pb, config, mod, group_sdn, + rc = memberof_modop_one_replace_r(pb, config, mod, group_sdn, op_this_sdn, group_sdn, sdn, stack); } else { - memberof_modop_one_r(pb, config, mod, group_sdn, + rc = memberof_modop_one_r(pb, config, mod, group_sdn, op_this_sdn, sdn, stack); } } diff --git a/ldap/servers/plugins/mep/mep.c b/ldap/servers/plugins/mep/mep.c index 76ba827..f0b9bae 100644 --- a/ldap/servers/plugins/mep/mep.c +++ b/ldap/servers/plugins/mep/mep.c @@ -108,7 +108,7 @@ static Slapi_Entry *mep_create_managed_entry(struct configEntry *config, Slapi_Entry *origin); static int mep_add_managed_entry(struct configEntry *config, Slapi_Entry *origin); -static void mep_rename_managed_entry(Slapi_Entry *origin, +static int mep_rename_managed_entry(Slapi_Entry *origin, Slapi_DN *new_dn, Slapi_DN *old_dn); static Slapi_Mods *mep_get_mapped_mods(struct configEntry *config, Slapi_Entry *origin, char **mapped_dn); @@ -1450,9 +1450,8 @@ mep_add_managed_entry(struct configEntry *config, slapi_pblock_init(mod_pb); /* - * Add the origin entry objectclass. Do not check the result - * as we could be here because of a modrdn operation - in which - * case the objectclass already exists. + * Add the origin entry objectclass. A modrdn might result in + * an err 20 (type or value exists), in which case just ignore it. */ oc_vals[0] = MEP_ORIGIN_OC; oc_vals[1] = 0; @@ -1517,7 +1516,7 @@ bail: * Renames a managed entry and updates the pointer in the * origin entry. */ -static void +static int mep_rename_managed_entry(Slapi_Entry *origin, Slapi_DN *new_dn, Slapi_DN *old_dn) { @@ -1582,6 +1581,8 @@ mep_rename_managed_entry(Slapi_Entry *origin, bail: slapi_rdn_free(&srdn); slapi_pblock_destroy(mep_pb); + + return result; } /* @@ -2311,7 +2312,7 @@ mep_mod_post_op(Slapi_PBlock *pb) char *mapped_dn = NULL; Slapi_DN *mapped_sdn = NULL; struct configEntry *config = NULL; - int result = 0; + int result = SLAPI_PLUGIN_SUCCESS; LDAPMod **mods = NULL; int i, abort_mod = 1; @@ -2333,8 +2334,9 @@ mep_mod_post_op(Slapi_PBlock *pb) * backend, so don't treat the message as fatal. */ slapi_pblock_get(pb, SLAPI_ENTRY_POST_OP, &e); if (e == NULL) { - slapi_log_error(SLAPI_LOG_PLUGIN, MEP_PLUGIN_SUBSYSTEM, + slapi_log_error(SLAPI_LOG_FATAL, MEP_PLUGIN_SUBSYSTEM, "mep_mod_post_op: Unable to fetch postop entry.\n"); + result = SLAPI_PLUGIN_FAILURE; goto bail; } @@ -2408,12 +2410,12 @@ mep_mod_post_op(Slapi_PBlock *pb) } /* Check if we need to rename the managed entry. */ - if (mapped_dn) { + if (result == SLAPI_PLUGIN_SUCCESS && mapped_dn) { mapped_sdn = slapi_sdn_new_normdn_passin(mapped_dn); managed_sdn = slapi_sdn_new_normdn_byref(managed_dn); if (slapi_sdn_compare(managed_sdn, mapped_sdn) != 0) { - mep_rename_managed_entry(e, mapped_sdn, managed_sdn); + result = mep_rename_managed_entry(e, mapped_sdn, managed_sdn); } slapi_sdn_free(&mapped_sdn); @@ -2428,12 +2430,16 @@ mep_mod_post_op(Slapi_PBlock *pb) } } - bail: +bail: + if(result){ + slapi_pblock_set(pb, SLAPI_RESULT_CODE, &result); + result = SLAPI_PLUGIN_FAILURE; + } slapi_ch_free_string(&managed_dn); slapi_log_error(SLAPI_LOG_TRACE, MEP_PLUGIN_SUBSYSTEM, "<-- mep_mod_post_op\n"); - return SLAPI_PLUGIN_SUCCESS; + return result; } static int @@ -2514,6 +2520,7 @@ mep_del_post_op(Slapi_PBlock *pb) { Slapi_Entry *e = NULL; Slapi_DN *sdn = NULL; + int result = SLAPI_PLUGIN_SUCCESS; slapi_log_error(SLAPI_LOG_TRACE, MEP_PLUGIN_SUBSYSTEM, "--> mep_del_post_op\n"); @@ -2557,7 +2564,12 @@ mep_del_post_op(Slapi_PBlock *pb) slapi_delete_internal_set_pb(mep_pb, managed_dn, NULL, NULL, mep_get_plugin_id(), 0); slapi_delete_internal_pb(mep_pb); - + slapi_pblock_get(mep_pb, SLAPI_PLUGIN_INTOP_RESULT, &result); + if(result){ + slapi_log_error(SLAPI_LOG_FATAL, MEP_PLUGIN_SUBSYSTEM, + "mep_del_post_op: failed to delete managed entry " + "(%s) - error (%d)\n",managed_dn, result); + } slapi_ch_free_string(&managed_dn); slapi_pblock_destroy(mep_pb); } @@ -2567,10 +2579,15 @@ mep_del_post_op(Slapi_PBlock *pb) "retrieving pre-op entry %s\n", slapi_sdn_get_dn(sdn)); } + if(result){ + slapi_pblock_set(pb, SLAPI_RESULT_CODE, &result); + result = SLAPI_PLUGIN_FAILURE; + } + slapi_log_error(SLAPI_LOG_TRACE, MEP_PLUGIN_SUBSYSTEM, "<-- mep_del_post_op\n"); - return SLAPI_PLUGIN_SUCCESS; + return result; } static int @@ -2599,10 +2616,10 @@ mep_modrdn_post_op(Slapi_PBlock *pb) new_sdn = slapi_entry_get_sdn(post_e); new_dn = slapi_sdn_get_dn(new_sdn); } else { - slapi_log_error(SLAPI_LOG_PLUGIN, MEP_PLUGIN_SUBSYSTEM, + slapi_log_error(SLAPI_LOG_FATAL, MEP_PLUGIN_SUBSYSTEM, "mep_modrdn_post_op: Error " "retrieving post-op entry\n"); - return SLAPI_PLUGIN_SUCCESS; + return SLAPI_PLUGIN_FAILURE; } if ((old_sdn = mep_get_sdn(pb))) { @@ -2660,7 +2677,13 @@ mep_modrdn_post_op(Slapi_PBlock *pb) slapi_delete_internal_set_pb (mep_pb, managed_dn, NULL, NULL, mep_get_plugin_id(), 0); slapi_delete_internal_pb(mep_pb); - + slapi_pblock_get(mep_pb, SLAPI_PLUGIN_INTOP_RESULT, &result); + if(result){ + slapi_log_error(SLAPI_LOG_FATAL, MEP_PLUGIN_SUBSYSTEM, + "mep_modrdn_post_op: failed to delete managed entry " + "(%s) - error (%d)\n",managed_dn, result); + goto bailmod; + } /* Clear out the pblock for reuse. */ slapi_pblock_init(mep_pb); @@ -2760,9 +2783,12 @@ mep_modrdn_post_op(Slapi_PBlock *pb) "entry \"%s\".\n ", managed_dn, slapi_entry_get_dn(new_managed_entry), slapi_sdn_get_dn(old_sdn)); - mep_rename_managed_entry(post_e, + if((result = mep_rename_managed_entry(post_e, slapi_entry_get_sdn(new_managed_entry), - managed_sdn); + managed_sdn))) + { + goto bailmod; + } } /* Update all of the mapped attributes @@ -2824,18 +2850,22 @@ bailmod: if (config) { if(mep_add_managed_entry(config, post_e)){ char errtxt[SLAPI_DSE_RETURNTEXT_SIZE]; - int rc = LDAP_UNWILLING_TO_PERFORM; + result = LDAP_UNWILLING_TO_PERFORM; PR_snprintf(errtxt, SLAPI_DSE_RETURNTEXT_SIZE, "Managed Entry Plugin rejected modrdn operation (see errors log).\n"); slapi_pblock_set(pb, SLAPI_PB_RESULT_TEXT, &errtxt); - slapi_pblock_set(pb, SLAPI_RESULT_CODE, &rc); - result = SLAPI_PLUGIN_FAILURE; + } } mep_config_unlock(); } + + if(result){ + slapi_pblock_set(pb, SLAPI_RESULT_CODE, &result); + result = SLAPI_PLUGIN_FAILURE; + } slapi_log_error(SLAPI_LOG_TRACE, MEP_PLUGIN_SUBSYSTEM, "<-- mep_modrdn_post_op\n"); diff --git a/ldap/servers/plugins/pam_passthru/pam_ptpreop.c b/ldap/servers/plugins/pam_passthru/pam_ptpreop.c index a25b9fa..476d834 100644 --- a/ldap/servers/plugins/pam_passthru/pam_ptpreop.c +++ b/ldap/servers/plugins/pam_passthru/pam_ptpreop.c @@ -673,6 +673,7 @@ pam_passthru_postop(Slapi_PBlock *pb) /* Make sure the operation succeeded and bail if it didn't. */ slapi_pblock_get(pb, SLAPI_PLUGIN_OPRETURN, &oprc); if (oprc != 0) { + ret = oprc; goto bail; } @@ -681,6 +682,7 @@ pam_passthru_postop(Slapi_PBlock *pb) if (!sdn) { slapi_log_error(SLAPI_LOG_FATAL, PAM_PASSTHRU_PLUGIN_SUBSYSTEM, "pam_passthru_postop: unale to fetch target SDN.\n"); + ret = SLAPI_PLUGIN_FAILURE; goto bail; } @@ -695,6 +697,7 @@ pam_passthru_postop(Slapi_PBlock *pb) slapi_log_error(SLAPI_LOG_FATAL, PAM_PASSTHRU_PLUGIN_SUBSYSTEM, "pam_passthru_postop: unable to fetch post-op " "entry for rename operation.\n"); + ret = SLAPI_PLUGIN_FAILURE; goto bail; } } diff --git a/ldap/servers/plugins/retrocl/retrocl_po.c b/ldap/servers/plugins/retrocl/retrocl_po.c index 0e32d06..04687da 100644 --- a/ldap/servers/plugins/retrocl/retrocl_po.c +++ b/ldap/servers/plugins/retrocl/retrocl_po.c @@ -150,11 +150,11 @@ static lenstr *make_changes_string(LDAPMod **ldm, const char **includeattrs) * log_m - pointer to the actual change operation on a modify * flag - only used by modrdn operations - value of deleteoldrdn * curtime - the current time - * Returns: nothing + * Returns: error code * Description: Given a change, construct an entry which is to be added to the * changelog database. */ -static void +static int write_replog_db( Slapi_PBlock *pb, int optype, @@ -168,20 +168,21 @@ write_replog_db( const char *newsuperior ) { - char *edn; - struct berval *vals[ 2 ]; - struct berval val; - Slapi_Entry *e; - char chnobuf[ 20 ]; - int err; - Slapi_PBlock *newPb = NULL; + Slapi_PBlock *newPb = NULL; changeNumber changenum; - int i; - int extensibleObject = 0; + struct berval *vals[ 2 ]; + struct berval val; + Slapi_Entry *e; + char chnobuf[ 20 ]; + char *edn; + int extensibleObject = 0; + int err = 0; + int ret = LDAP_SUCCESS; + int i; if (!dn) { slapi_log_error( SLAPI_LOG_PLUGIN, RETROCL_PLUGIN_NAME, "write_replog_db: NULL dn\n"); - return; + return ret; } PR_Lock(retrocl_internal_lock); @@ -321,78 +322,79 @@ write_replog_db( * Finish constructing the entry. How to do it depends on the type * of modification being logged. */ - err = 0; switch ( optype ) { case OP_ADD: - if ( entry2reple( e, log_e, OP_ADD ) != 0 ) { - err = 1; - } - break; + if ( entry2reple( e, log_e, OP_ADD ) != 0 ) { + err = SLAPI_PLUGIN_FAILURE; + } + break; case OP_MODIFY: - if ( mods2reple( e, log_m ) != 0 ) { - err = 1; - } - break; + if ( mods2reple( e, log_m ) != 0 ) { + err = SLAPI_PLUGIN_FAILURE; + } + break; case OP_MODRDN: - if ( modrdn2reple( e, newrdn, flag, modrdn_mods, newsuperior ) != 0 ) { - err = 1; - } - break; + if ( modrdn2reple( e, newrdn, flag, modrdn_mods, newsuperior ) != 0 ) { + err = SLAPI_PLUGIN_FAILURE; + } + break; case OP_DELETE: - if (log_e) { - /* we have to log the full entry */ - if ( entry2reple( e, log_e, OP_DELETE ) != 0 ) { - err = 1; - } - } else { - /* Set the changetype attribute */ - val.bv_val = "delete"; - val.bv_len = 6; - slapi_entry_add_values( e, attr_changetype, vals ); - } - break; + if (log_e) { + /* we have to log the full entry */ + if ( entry2reple( e, log_e, OP_DELETE ) != 0 ) { + err = SLAPI_PLUGIN_FAILURE; + } + } else { + /* Set the changetype attribute */ + val.bv_val = "delete"; + val.bv_len = 6; + slapi_entry_add_values( e, attr_changetype, vals ); + } + break; + default: - slapi_log_error( SLAPI_LOG_FATAL, RETROCL_PLUGIN_NAME, "replog: Unknown LDAP operation type " - "%d.\n", optype ); - err = 1; + slapi_log_error( SLAPI_LOG_FATAL, RETROCL_PLUGIN_NAME, + "replog: Unknown LDAP operation type %d.\n", optype ); + err = SLAPI_PLUGIN_FAILURE; } /* Call the repl backend to add this entry */ if ( 0 == err ) { - int rc; - - newPb = slapi_pblock_new (); - slapi_add_entry_internal_set_pb( newPb, e, NULL /* controls */, - g_plg_identity[PLUGIN_RETROCL], - /* dont leave entry in cache if main oparation is aborted */ - SLAPI_OP_FLAG_NEVER_CACHE); - slapi_add_internal_pb (newPb); - slapi_pblock_get( newPb, SLAPI_PLUGIN_INTOP_RESULT, &rc ); - slapi_pblock_destroy(newPb); - if ( 0 != rc ) { - slapi_log_error( SLAPI_LOG_FATAL, RETROCL_PLUGIN_NAME, - "replog: an error occured while adding change " - "number %lu, dn = %s: %s. \n", - changenum, edn, ldap_err2string( rc )); - retrocl_release_changenumber(); - } else { - /* Tell the change numbering system this one's committed to disk */ - retrocl_commit_changenumber(); - } + newPb = slapi_pblock_new (); + slapi_add_entry_internal_set_pb( newPb, e, NULL /* controls */, + g_plg_identity[PLUGIN_RETROCL], + /* dont leave entry in cache if main oparation is aborted */ + SLAPI_OP_FLAG_NEVER_CACHE); + slapi_add_internal_pb (newPb); + slapi_pblock_get( newPb, SLAPI_PLUGIN_INTOP_RESULT, &ret ); + slapi_pblock_destroy(newPb); + if ( 0 != ret ) { + slapi_log_error( SLAPI_LOG_FATAL, RETROCL_PLUGIN_NAME, + "replog: an error occured while adding change " + "number %lu, dn = %s: %s. \n", + changenum, edn, ldap_err2string( ret )); + retrocl_release_changenumber(); + + } else { + /* Tell the change numbering system this one's committed to disk */ + retrocl_commit_changenumber(); + } } else { - slapi_log_error( SLAPI_LOG_FATAL, RETROCL_PLUGIN_NAME, - "An error occurred while constructing " - "change record number %ld.\n", changenum ); - retrocl_release_changenumber(); + slapi_log_error( SLAPI_LOG_FATAL, RETROCL_PLUGIN_NAME, + "An error occurred while constructing " + "change record number %ld.\n", changenum ); + retrocl_release_changenumber(); + ret = err; } PR_Unlock(retrocl_internal_lock); if ( NULL != edn ) { - slapi_ch_free((void **) &edn); + slapi_ch_free((void **) &edn); } + return ret; } @@ -585,7 +587,7 @@ int retrocl_postob (Slapi_PBlock *pb, int optype) Slapi_DN *newsuperior = NULL; Slapi_Backend *be = NULL; time_t curtime; - int rc; + int rc = SLAPI_PLUGIN_SUCCESS; /* * Check to see if the change was made to the replication backend db. @@ -608,10 +610,10 @@ int retrocl_postob (Slapi_PBlock *pb, int optype) if (rc != LDAP_SUCCESS) { LDAPDebug1Arg(LDAP_DEBUG_TRACE,"not applying change if op failed %d\n",rc); - /* this could also mean that the changenumber is no longer correct - * set a flag to check at next assignment - */ - retrocl_set_check_changenumber(); + /* this could also mean that the changenumber is no longer correct + * set a flag to check at next assignment + */ + retrocl_set_check_changenumber(); return SLAPI_PLUGIN_SUCCESS; } @@ -642,35 +644,44 @@ int retrocl_postob (Slapi_PBlock *pb, int optype) switch ( optype ) { case OP_MODIFY: - (void)slapi_pblock_get( pb, SLAPI_MODIFY_MODS, &log_m ); - break; + (void)slapi_pblock_get( pb, SLAPI_MODIFY_MODS, &log_m ); + break; case OP_ADD: - /* - * For adds, we want the unnormalized dn, so we can preserve - * spacing, case, when replicating it. - */ - (void)slapi_pblock_get( pb, SLAPI_ADD_ENTRY, &te ); - if ( NULL != te ) { - dn = slapi_entry_get_dn( te ); - } - break; + /* + * For adds, we want the unnormalized dn, so we can preserve + * spacing, case, when replicating it. + */ + (void)slapi_pblock_get( pb, SLAPI_ADD_ENTRY, &te ); + if ( NULL != te ) { + dn = slapi_entry_get_dn( te ); + } + break; case OP_DELETE: - if (retrocl_log_deleted) - (void)slapi_pblock_get(pb, SLAPI_ENTRY_PRE_OP, &te); + if (retrocl_log_deleted) + (void)slapi_pblock_get(pb, SLAPI_ENTRY_PRE_OP, &te); break; case OP_MODRDN: - /* newrdn is used just for logging; no need to be normalized */ - (void)slapi_pblock_get( pb, SLAPI_MODRDN_NEWRDN, &newrdn ); - (void)slapi_pblock_get( pb, SLAPI_MODRDN_DELOLDRDN, &flag ); - (void)slapi_pblock_get( pb, SLAPI_MODIFY_MODS, &modrdn_mods ); - (void)slapi_pblock_get( pb, SLAPI_MODRDN_NEWSUPERIOR_SDN, &newsuperior ); - break; + /* newrdn is used just for logging; no need to be normalized */ + (void)slapi_pblock_get( pb, SLAPI_MODRDN_NEWRDN, &newrdn ); + (void)slapi_pblock_get( pb, SLAPI_MODRDN_DELOLDRDN, &flag ); + (void)slapi_pblock_get( pb, SLAPI_MODIFY_MODS, &modrdn_mods ); + (void)slapi_pblock_get( pb, SLAPI_MODRDN_NEWSUPERIOR_SDN, &newsuperior ); + break; } /* check if we should log change to retro changelog, and * if so, do it here */ - write_replog_db( pb, optype, dn, log_m, flag, curtime, te, - newrdn, modrdn_mods, slapi_sdn_get_dn(newsuperior) ); + if((rc = write_replog_db( pb, optype, dn, log_m, flag, curtime, te, + newrdn, modrdn_mods, slapi_sdn_get_dn(newsuperior) ))) + { + slapi_log_error(SLAPI_LOG_FATAL, "retrocl-plugin", + "retrocl_postob: operation failure [%d]\n", rc); + if(rc < 0){ + rc = LDAP_OPERATIONS_ERROR; + } + slapi_pblock_set(pb, SLAPI_RESULT_CODE, &rc); + rc = SLAPI_PLUGIN_FAILURE; + } - return 0; + return rc; } -- 1.9.3