diff options
Diffstat (limited to 'plugin')
-rw-r--r-- | plugin/suffix.c | 186 |
1 files changed, 60 insertions, 126 deletions
diff --git a/plugin/suffix.c b/plugin/suffix.c index 6327994..e8aeeca 100644 --- a/plugin/suffix.c +++ b/plugin/suffix.c @@ -48,19 +48,18 @@ */ static const char *suffix_attribute = NULL; -static const char *suffix_delimiter = NULL; +static struct berval suffix_delimiter = { 0, NULL }; /* --------------------------------------------------------------------------------- * LDAP OPERATIONS */ -static char** +static struct berval** entry_values (Slapi_Entry *entry, const char *name) { - struct berval **values, **bv; - char **results, *result, **r; + struct berval **values; Slapi_Attr *attr; - int rc, num; + int rc; /* The attribute we're after */ rc = slapi_entry_attr_find (entry, (char*)name, &attr); @@ -72,42 +71,21 @@ entry_values (Slapi_Entry *entry, const char *name) rc = slapi_attr_get_values (attr, &values); return_val_if_fail (rc == 0, NULL); - /* How many values? */ - for (bv = values, num = 0; values && *bv; ++bv) - ++num; - - /* Allocate memory and copy over all values found */ - r = results = (char**)slapi_ch_calloc (num + 1, sizeof (char*)); - for (bv = values; values && *bv; ++bv) { - - /* Allocate a string for this value */ - result = slapi_ch_calloc ((*bv)->bv_len + 1, sizeof (char)); - if ((*bv)->bv_len) - memcpy (result, (*bv)->bv_val, (*bv)->bv_len); - result[(*bv)->bv_len] = 0; - - /* Add into array */ - *(r++) = result; - } - - /* Null terminate */ - *r = NULL; - - return results; + return values; } -static char** -lookup_values (const char *dn, const char *attr) +static struct berval** +lookup_values (const char *dn, const char *attr, Slapi_PBlock **pb) { Slapi_Entry **entries, *entry; - Slapi_PBlock *pb; LDAPControl *ctrl; char *attrs[2]; - char **results; + struct berval **results; int rc, code; assert (dn && dn[0]); - + assert (pb); + ctrl = NULL; /* No controls */ attrs[0] = (char*)attr; attrs[1] = NULL; @@ -115,23 +93,22 @@ lookup_values (const char *dn, const char *attr) trace ("performing internal lookup"); /* Do the actual search */ - pb = slapi_search_internal ((char*)dn, LDAP_SCOPE_BASE, "(objectClass=*)", &ctrl, attrs, 0); - return_val_if_fail (pb, NULL); + *pb = slapi_search_internal ((char*)dn, LDAP_SCOPE_BASE, "(objectClass=*)", &ctrl, attrs, 0); + return_val_if_fail (*pb, NULL); /* Was it successful? */ code = -1; - rc = slapi_pblock_get (pb, SLAPI_PLUGIN_INTOP_RESULT, &code); + rc = slapi_pblock_get (*pb, SLAPI_PLUGIN_INTOP_RESULT, &code); return_val_if_fail (rc >= 0, NULL); if (code != LDAP_SUCCESS) { log_plugin ("error loading attribute %s from %s (code %d)", attr, dn, code); - slapi_pblock_destroy (pb); trace ("failure"); return NULL; } /* Dig out all the entries */ entries = NULL; - slapi_pblock_get (pb, SLAPI_PLUGIN_INTOP_SEARCH_ENTRIES, &entries); + slapi_pblock_get (*pb, SLAPI_PLUGIN_INTOP_SEARCH_ENTRIES, &entries); return_val_if_fail (entries, NULL); /* The first entry is what we're after */ @@ -139,110 +116,72 @@ lookup_values (const char *dn, const char *attr) return_val_if_fail (entry, NULL); results = entry_values (entry, attr); - slapi_pblock_destroy (pb); trace ("success"); return results; } -static char** -mods_values (LDAPMod **mods, const char *name) -{ - char **results, *result, **r; - struct berval **bv; - LDAPMod *mod; - int num; - - assert (name); - - /* Count the number of values */ - for (mod = *mods; mod; mod = *(++mods)) { - if (mod->mod_op & LDAP_MOD_DELETE || - strcmp (mod->mod_type, name) != 0) - continue; - for (bv = mod->mod_bvalues; *bv; ++bv) - ++num; - } - - /* Allocate memory and copy over all values found */ - r = results = (char**)slapi_ch_calloc (num + 1, sizeof (char*)); - for (mod = *mods; mod; mod = *(++mods)) { - if (mod->mod_op & LDAP_MOD_DELETE || - strcmp (mod->mod_type, name) != 0) - continue; - for (bv = mod->mod_bvalues; *bv; ++bv) { - - /* Allocate a string for this value */ - result = slapi_ch_calloc ((*bv)->bv_len + 1, sizeof (char)); - if ((*bv)->bv_len) - memcpy (result, (*bv)->bv_val, (*bv)->bv_len); - result[(*bv)->bv_len] = 0; - - /* Add into array */ - *(r++) = result; - - } - } - - /* Null terminate */ - *r = NULL; - - return results; -} - static int -has_suffix (const char *value, const char *suffix, const char *delim) +has_suffix (struct berval *value, struct berval *suffix, struct berval *delim) { - size_t n_value, n_suffix, n_delim; + char *ptr; assert (value); assert (suffix); assert (delim); - n_value = strlen (value); - n_suffix = strlen (suffix); - n_delim =strlen (delim); - /* Must be long enough */ - if (n_value < n_suffix + n_delim) + if (value->bv_len < suffix->bv_len + delim->bv_len) return 0; + + ptr = value->bv_val; /* The delim must be in the right place */ - if (memcmp (value + (n_value - (n_suffix + n_delim)), delim, n_delim) != 0) + if (memcmp (ptr + (value->bv_len - (suffix->bv_len + delim->bv_len)), + delim, delim->bv_len) != 0) return 0; /* And the suffix must be in the right place */ - if (memcmp (value + (n_value - n_suffix), suffix, n_suffix) != 0) + if (memcmp (ptr + (value->bv_len - suffix->bv_len), + suffix, suffix->bv_len) != 0) return 0; return 1; } static int -check_suffix_constraints (Slapi_PBlock *pb, char **suffixes, char **values) +check_suffix_constraints (Slapi_PBlock *pb, struct berval **suffixes, struct berval **values) { - char **val, **suffix; + struct berval *value, *suffix; + char string[128]; char msg[512]; int found; assert (pb); + /* When parent has no suffixes, then any are allowed */ if (!values || !suffixes) return 0; - for (val = values; *val; ++val) { + for (value = *values; value; value = *(++values)) { found = 0; - for (suffix = suffixes; *suffix; ++suffix) { - if (has_suffix (*val, *suffix, suffix_delimiter)) { + for (suffix = *suffixes; suffix; suffix = *(++suffixes)) { + if (has_suffix (value, suffix, &suffix_delimiter)) { found = 1; break; } } if (!found) { + /* Null terminate the value for the message below */ + strncpy (string, value->bv_val, + value->bv_len >= sizeof (string) ? sizeof (string) : value->bv_len); + string[sizeof(string) - 1] = 0; + + /* Build and return our error message */ snprintf (msg, sizeof (msg), "The value '%s' for the %s attribute does not have a valid suffix", - *val, suffix_attribute); + string, suffix_attribute); slapi_send_ldap_result (pb, LDAP_CONSTRAINT_VIOLATION, NULL, msg, 0, NULL); return -1; } @@ -254,9 +193,10 @@ check_suffix_constraints (Slapi_PBlock *pb, char **suffixes, char **values) int suffix_pre_add (Slapi_PBlock *pb, const char *dn) { + struct berval **suffixes; + struct berval **values; + Slapi_PBlock *ipb = NULL; Slapi_Entry *entry; - char **suffixes; - char **values; char *parent; int rc = 0; @@ -266,15 +206,9 @@ suffix_pre_add (Slapi_PBlock *pb, const char *dn) parent = slapi_dn_parent (dn); return_val_if_fail (parent, -1); - suffixes = lookup_values (parent, suffix_attribute); + suffixes = lookup_values (parent, suffix_attribute, &ipb); slapi_ch_free_string (&parent); - - /* When parent has no suffixes, then any are allowed */ - if (!suffixes || !suffixes[0]) { - slapi_ch_array_free (suffixes); - return 0; - } - + /* The entry itself */ rc = slapi_pblock_get (pb, SLAPI_ADD_ENTRY, &entry); return_val_if_fail (rc >= 0 && entry, -1); @@ -283,8 +217,8 @@ suffix_pre_add (Slapi_PBlock *pb, const char *dn) values = entry_values (entry, suffix_attribute); rc = check_suffix_constraints (pb, suffixes, values); - slapi_ch_array_free (suffixes); - slapi_ch_array_free (values); + return_val_if_fail (ipb, -1); + slapi_pblock_destroy (ipb); return rc; } @@ -292,9 +226,9 @@ suffix_pre_add (Slapi_PBlock *pb, const char *dn) int suffix_pre_modify (Slapi_PBlock *pb, const char *dn) { - char **suffixes; - LDAPMod **mods; - char **values; + struct berval **suffixes; + Slapi_PBlock *ipb = NULL; + LDAPMod **mods, *mod; char *parent; int rc = 0; @@ -304,25 +238,22 @@ suffix_pre_modify (Slapi_PBlock *pb, const char *dn) parent = slapi_dn_parent (dn); return_val_if_fail (parent, -1); - suffixes = lookup_values (parent, suffix_attribute); + suffixes = lookup_values (parent, suffix_attribute, &ipb); slapi_ch_free_string (&parent); - /* When parent has no suffixes, then any are allowed */ - if (!suffixes || !suffixes[0]) { - slapi_ch_array_free (suffixes); - return 0; - } - /* The modifications being made */ rc = slapi_pblock_get (pb, SLAPI_MODIFY_MODS, &mods); return_val_if_fail (rc >= 0 && mods, -1); - - /* Extract the various values from the entry */ - values = mods_values (mods, suffix_attribute); - rc = check_suffix_constraints (pb, suffixes, values); - slapi_ch_array_free (suffixes); - slapi_ch_array_free (values); + /* Validate the values */ + for (mod = *mods; rc == 0 && mod; mod = *(++mods)) { + if (!(mod->mod_op & LDAP_MOD_DELETE) && + strcmp (mod->mod_type, suffix_attribute) == 0) + rc = check_suffix_constraints (pb, suffixes, mod->mod_bvalues); + } + + return_val_if_fail (ipb, -1); + slapi_pblock_destroy (ipb); return rc; } @@ -336,6 +267,9 @@ suffix_config (const char *name, const char *value) suffix_attribute = value; return 1; + } else if (strcmp ("suffix-delimiter", name) == 0 && value) { + suffix_delimiter.bv_val = (void*)value; + suffix_delimiter.bv_len = strlen (value); } return 0; |