32 changes: 18 additions & 14 deletions ldap/servers/slapd/modrdn.c
Original file line number Diff line number Diff line change
Expand Up @@ -40,6 +40,7 @@ void
do_modrdn( Slapi_PBlock *pb )
{
Slapi_Operation *operation;
Connection *pb_conn;
BerElement *ber;
char *rawdn = NULL, *rawnewsuperior = NULL;
const char *dn = NULL, *newsuperior = NULL;
Expand All @@ -59,6 +60,7 @@ do_modrdn( Slapi_PBlock *pb )

slapi_pblock_get( pb, SLAPI_OPERATION, &operation);
ber = operation->o_ber;
slapi_pblock_get(pb, SLAPI_CONNECTION, &pb_conn);

slapi_sdn_init(&sdn);
slapi_sdn_init(&snewdn);
Expand Down Expand Up @@ -86,7 +88,7 @@ do_modrdn( Slapi_PBlock *pb )

if ( ber_peek_tag( ber, &len ) == LDAP_TAG_NEWSUPERIOR ) {
/* This "len" is not used... */
if ( pb->pb_conn->c_ldapversion < LDAP_VERSION3 ) {
if ( pb_conn->c_ldapversion < LDAP_VERSION3 ) {
slapi_log_err(SLAPI_LOG_ERR, "do_modrdn",
"Got newSuperior in LDAPv2 modrdn op\n");
op_shared_log_error_access (pb, "MODRDN",
Expand Down Expand Up @@ -211,7 +213,7 @@ do_modrdn( Slapi_PBlock *pb )
"do_modrd", "dn (%s) newrdn (%s) deloldrdn (%d)\n", dn, newrdn,
deloldrdn );

slapi_pblock_set( pb, SLAPI_REQUESTOR_ISROOT, &pb->pb_op->o_isroot );
slapi_pblock_set( pb, SLAPI_REQUESTOR_ISROOT, &operation->o_isroot );
/* dn, newrdn and newsuperior are all normalized */
slapi_pblock_set( pb, SLAPI_ORIGINAL_TARGET,
(void *)slapi_sdn_get_udn(&sdn) );
Expand Down Expand Up @@ -245,7 +247,7 @@ slapi_modrdn_internal(const char *iodn, const char *inewrdn, int deloldrdn, LDAP
Slapi_PBlock *
slapi_rename_internal(const char *iodn, const char *inewrdn, const char *inewsuperior, int deloldrdn, LDAPControl **controls, int dummy __attribute__((unused)))
{
Slapi_PBlock pb = {0};
Slapi_PBlock *pb = slapi_pblock_new();
Slapi_PBlock *result_pb = NULL;
int opresult= 0;
Slapi_DN sdn;
Expand All @@ -254,20 +256,20 @@ slapi_rename_internal(const char *iodn, const char *inewrdn, const char *inewsup
slapi_sdn_init_dn_byref(&sdn, iodn);
slapi_sdn_init_dn_byref(&newsuperiorsdn, inewsuperior);

slapi_rename_internal_set_pb_ext(&pb, &sdn, inewrdn, &newsuperiorsdn,
slapi_rename_internal_set_pb_ext(pb, &sdn, inewrdn, &newsuperiorsdn,
deloldrdn, controls, NULL,
plugin_get_default_component_id(), 0);
rename_internal_pb (&pb);
rename_internal_pb (pb);

result_pb = slapi_pblock_new();
if (result_pb) {
slapi_pblock_get(&pb, SLAPI_PLUGIN_INTOP_RESULT, &opresult);
slapi_pblock_get(pb, SLAPI_PLUGIN_INTOP_RESULT, &opresult);
slapi_pblock_set(result_pb, SLAPI_PLUGIN_INTOP_RESULT, &opresult);
}

slapi_sdn_done(&sdn);
slapi_sdn_done(&newsuperiorsdn);
pblock_done(&pb);
slapi_pblock_destroy(pb);

return result_pb;
}
Expand Down Expand Up @@ -399,6 +401,7 @@ op_shared_rename(Slapi_PBlock *pb, int passin_args)
char *errtext = NULL;
Slapi_DN *sdn = NULL;
Slapi_DN *newsuperiorsdn = NULL;
Connection *pb_conn;

slapi_pblock_get(pb, SLAPI_ORIGINAL_TARGET, &dn);
slapi_pblock_get(pb, SLAPI_MODRDN_NEWRDN, &newrdn);
Expand All @@ -408,6 +411,7 @@ op_shared_rename(Slapi_PBlock *pb, int passin_args)
slapi_pblock_get (pb, SLAPI_OPERATION, &operation);
slapi_pblock_get(pb, SLAPI_MODRDN_TARGET_SDN, &origsdn);
internal_op= operation_is_flag_set(operation, OP_FLAG_INTERNAL);
slapi_pblock_get(pb, SLAPI_CONNECTION, &pb_conn);

/*
* If ownership has not been passed to this function, we replace the
Expand Down Expand Up @@ -464,8 +468,8 @@ op_shared_rename(Slapi_PBlock *pb, int passin_args)
{
slapi_log_access(LDAP_DEBUG_STATS,
"conn=%" PRIu64 " op=%d MODRDN dn=\"%s\" newrdn=\"%s\" newsuperior=\"%s\"%s\n",
pb->pb_conn->c_connid,
pb->pb_op->o_opid,
pb_conn->c_connid,
operation->o_opid,
dn,
newrdn ? newrdn : "(null)",
newsuperior ? newsuperior : "(null)",
Expand Down Expand Up @@ -498,8 +502,8 @@ op_shared_rename(Slapi_PBlock *pb, int passin_args)
if ( !internal_op ) {
slapi_log_err(SLAPI_LOG_ARGS, "op_shared_rename",
"conn=%" PRIu64 " op=%d MODRDN invalid new RDN (\"%s\")\n",
pb->pb_conn->c_connid,
pb->pb_op->o_opid,
pb_conn->c_connid,
operation->o_opid,
(NULL == newrdn) ? "(null)" : newrdn);
} else {
slapi_log_err(SLAPI_LOG_ARGS, "op_shared_rename",
Expand Down Expand Up @@ -532,8 +536,8 @@ op_shared_rename(Slapi_PBlock *pb, int passin_args)
if (!internal_op) {
slapi_log_err(SLAPI_LOG_ARGS, "op_shared_rename",
"conn=%" PRIu64 " op=%d MODRDN invalid new superior (\"%s\")",
pb->pb_conn->c_connid,
pb->pb_op->o_opid,
pb_conn->c_connid,
operation->o_opid,
newsuperior ? newsuperior : "(null)");
} else {
slapi_log_err(SLAPI_LOG_ARGS, "op_shared_rename",
Expand All @@ -553,7 +557,7 @@ op_shared_rename(Slapi_PBlock *pb, int passin_args)
}

/* target spec is used to decide which plugins are applicable for the operation */
operation_set_target_spec (pb->pb_op, sdn);
operation_set_target_spec (operation, sdn);

/*
* Construct the new DN (code sdn from backend
Expand Down
27 changes: 15 additions & 12 deletions ldap/servers/slapd/operation.c
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@
int
slapi_is_operation_abandoned( Slapi_Operation *op )
{
if (op) {
if (op != NULL) {
return( op->o_status == SLAPI_OP_STATUS_ABANDONED );
}
return 0;
Expand All @@ -32,22 +32,25 @@ slapi_is_operation_abandoned( Slapi_Operation *op )
int
slapi_op_abandoned( Slapi_PBlock *pb )
{
int op_status;

if (pb && pb->pb_op) {
op_status = pb->pb_op->o_status;
return( op_status == SLAPI_OP_STATUS_ABANDONED );
}
return 0;
if (pb != NULL) {
Operation *pb_op;
slapi_pblock_get(pb, SLAPI_OPERATION, &pb_op);
return slapi_is_operation_abandoned(pb_op);
}
return 0;
}

int
slapi_op_internal( Slapi_PBlock *pb )
{
if (pb && pb->pb_op) {
return operation_is_flag_set(pb->pb_op, OP_FLAG_INTERNAL);
}
return 0;
if (pb) {
Operation *pb_op;
slapi_pblock_get(pb, SLAPI_OPERATION, &pb_op);
if (pb_op) {
return operation_is_flag_set(pb_op, OP_FLAG_INTERNAL);
}
}
return 0;
}

void
Expand Down
129 changes: 70 additions & 59 deletions ldap/servers/slapd/opshared.c

Large diffs are not rendered by default.

7 changes: 5 additions & 2 deletions ldap/servers/slapd/pagedresults.c
Original file line number Diff line number Diff line change
Expand Up @@ -54,14 +54,17 @@ pagedresults_parse_control_value( Slapi_PBlock *pb,
{
int rc = LDAP_SUCCESS;
struct berval cookie = {0};
Connection *conn = pb->pb_conn;
Operation *op = pb->pb_op;
Connection *conn = NULL;
Operation *op = NULL;
BerElement *ber = NULL;
PagedResults *prp = NULL;
time_t ctime = current_time();
int i;
int maxreqs = config_get_maxsimplepaged_per_conn();

slapi_pblock_get(pb, SLAPI_OPERATION, &op);
slapi_pblock_get(pb, SLAPI_CONNECTION, &conn);

slapi_log_err(SLAPI_LOG_TRACE, "pagedresults_parse_control_value", "=>\n");
if ( NULL == conn || NULL == op || NULL == pagesize || NULL == index ) {
slapi_log_err(SLAPI_LOG_ERR,
Expand Down
32 changes: 19 additions & 13 deletions ldap/servers/slapd/passwd_extop.c
Original file line number Diff line number Diff line change
Expand Up @@ -118,7 +118,6 @@ static int
passwd_apply_mods(Slapi_PBlock *pb_orig, const Slapi_DN *sdn, Slapi_Mods *mods,
LDAPControl **req_controls, LDAPControl ***resp_controls)
{
Slapi_PBlock pb;
LDAPControl **req_controls_copy = NULL;
LDAPControl **pb_resp_controls = NULL;
int ret=0;
Expand All @@ -133,8 +132,8 @@ passwd_apply_mods(Slapi_PBlock *pb_orig, const Slapi_DN *sdn, Slapi_Mods *mods,
slapi_add_controls(&req_controls_copy, req_controls, 1);
}

pblock_init(&pb);
slapi_modify_internal_set_pb_ext (&pb, sdn,
Slapi_PBlock *pb = slapi_pblock_new();
slapi_modify_internal_set_pb_ext (pb, sdn,
slapi_mods_get_ldapmods_byref(mods),
req_controls_copy, NULL, /* UniqueID */
plugin_get_default_component_id(), /* PluginID */
Expand All @@ -146,19 +145,21 @@ passwd_apply_mods(Slapi_PBlock *pb_orig, const Slapi_DN *sdn, Slapi_Mods *mods,
* that the password change was initiated by the user who
* sent the extended operation instead of always assuming
* that it was done by the root DN. */
pb.pb_conn = pb_orig->pb_conn;
Connection *pb_conn = NULL;
slapi_pblock_get(pb_orig, SLAPI_CONNECTION, &pb_conn);
slapi_pblock_set(pb, SLAPI_CONNECTION, pb_conn);

ret =slapi_modify_internal_pb (&pb);
ret =slapi_modify_internal_pb (pb);

/* We now clean up the connection that we copied into the
* new pblock. We want to leave it untouched. */
pb.pb_conn = NULL;
slapi_pblock_set(pb, SLAPI_CONNECTION, NULL);

slapi_pblock_get(&pb, SLAPI_PLUGIN_INTOP_RESULT, &ret);
slapi_pblock_get(pb, SLAPI_PLUGIN_INTOP_RESULT, &ret);

/* Retrieve and duplicate the response controls since they will be
* destroyed along with the pblock used for the internal operation. */
slapi_pblock_get(&pb, SLAPI_RESCONTROLS, &pb_resp_controls);
slapi_pblock_get(pb, SLAPI_RESCONTROLS, &pb_resp_controls);
if (pb_resp_controls) {
slapi_add_controls(resp_controls, pb_resp_controls, 1);
}
Expand All @@ -169,7 +170,7 @@ passwd_apply_mods(Slapi_PBlock *pb_orig, const Slapi_DN *sdn, Slapi_Mods *mods,
ret, slapi_sdn_get_dn(sdn));
}

pblock_done(&pb);
slapi_pblock_destroy(pb);
}

slapi_log_err(SLAPI_LOG_TRACE, "passwd_apply_mods", "<= %d\n", ret);
Expand Down Expand Up @@ -478,7 +479,7 @@ passwd_modify_extop( Slapi_PBlock *pb )
#ifdef LDAP_EXTOP_PASSMOD_CONN_SECURE
/* Allow password modify only for SSL/TLS established connections and
* connections using SASL privacy layers */
conn = pb->pb_conn;
slapi_pblock_get(pb, SLAPI_CONNECTION, &conn);
if ( slapi_pblock_get(pb, SLAPI_CONN_SASL_SSF, &sasl_ssf) != 0) {
errMesg = "Could not get SASL SSF from connection\n";
rc = LDAP_OPERATIONS_ERROR;
Expand Down Expand Up @@ -719,9 +720,11 @@ passwd_modify_extop( Slapi_PBlock *pb )
leak any useful information to the client such as current password
wrong, etc.
*/
Operation *pb_op = NULL;
slapi_pblock_get(pb, SLAPI_OPERATION, &pb_op);

operation_set_target_spec (pb->pb_op, slapi_entry_get_sdn(targetEntry));
slapi_pblock_set( pb, SLAPI_REQUESTOR_ISROOT, &pb->pb_op->o_isroot );
operation_set_target_spec (pb_op, slapi_entry_get_sdn(targetEntry));
slapi_pblock_set( pb, SLAPI_REQUESTOR_ISROOT, &pb_op->o_isroot );

/* In order to perform the access control check , we need to select a backend (even though
* we don't actually need it otherwise).
Expand Down Expand Up @@ -768,7 +771,10 @@ passwd_modify_extop( Slapi_PBlock *pb )
/* Check if password policy allows users to change their passwords. We need to do
* this here since the normal modify code doesn't perform this check for
* internal operations. */
if (!pb->pb_op->o_isroot && !pb->pb_conn->c_needpw && !pwpolicy->pw_change) {

Connection *pb_conn;
slapi_pblock_get(pb, SLAPI_CONNECTION, &pb_conn);
if (!pb_op->o_isroot && !pb_conn->c_needpw && !pwpolicy->pw_change) {
if (NULL == bindSDN) {
bindSDN = slapi_sdn_new_normdn_byref(bindDN);
}
Expand Down
102 changes: 79 additions & 23 deletions ldap/servers/slapd/pblock.c
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@
#include <stdio.h>
#include <string.h>
#include <sys/types.h>
#include "slap.h"
#include "pblock_v3.h"
#include "cert.h"

#ifdef PBLOCK_ANALYTICS
Expand Down Expand Up @@ -208,6 +208,15 @@ slapi_pblock_destroy( Slapi_PBlock* pb )
}
}

Slapi_PBlock *
slapi_pblock_clone(Slapi_PBlock *pb)
{
Slapi_PBlock *new_pb = slapi_pblock_new();
/* Perform a shallow copy. */
*new_pb = *pb;
return new_pb;
}

/* JCM - when pb_o_params is used, check the operation type. */
/* JCM - when pb_o_results is used, check the operation type. */

Expand All @@ -222,21 +231,8 @@ if ( PBLOCK ->pb_plugin->plg_type != TYPE) return( -1 )
#define SLAPI_PBLOCK_GET_PLUGIN_RELATED_POINTER( pb, element ) \
((pb)->pb_plugin == NULL ? NULL : (pb)->pb_plugin->element)

/*
* This ifdef is needed to resolve a gcc 6 issue which throws a false positive
* here. See also: https://bugzilla.redhat.com/show_bug.cgi?id=1386445
*
* It's a good idea to run this in EL7 to check the overflows etc, but with
* GCC 6 and lsan to find memory leaks ....
*/

int
slapi_pblock_get( Slapi_PBlock *pblock, int arg, void *value )
#if defined(__has_feature)
# if __has_feature(address_sanitizer) && __GNUC__ == 6
__attribute__((no_sanitize("address")))
# endif
#endif
{

#ifdef PBLOCK_ANALYTICS
Expand Down Expand Up @@ -1759,7 +1755,7 @@ __attribute__((no_sanitize("address")))

/* ldif2db arguments */
case SLAPI_LDIF2DB_FILE:
(*(char ***)value) = pblock->pb_ldif_files;
(*(char ***)value) = pblock->pb_ldif_files;
break;
case SLAPI_LDIF2DB_REMOVEDUPVALS:
(*(int *)value) = pblock->pb_removedupvals;
Expand Down Expand Up @@ -2103,8 +2099,11 @@ __attribute__((no_sanitize("address")))
break;

default:
slapi_log_err(SLAPI_LOG_ERR, "slapi_pblock_get",
"Unknown parameter block argument %d\n", arg);
slapi_log_err(SLAPI_LOG_ERR, "slapi_pblock_get", "Unknown parameter block argument %d\n", arg);
#ifdef DEBUG
Slapi_PBlock *boom = NULL;
void *x = (void *)boom->pb_plugin;
#endif
return( -1 );
}

Expand All @@ -2121,11 +2120,6 @@ __attribute__((no_sanitize("address")))

int
slapi_pblock_set( Slapi_PBlock *pblock, int arg, void *value )
#if defined(__has_feature)
# if __has_feature(address_sanitizer) && __GNUC__ == 6
__attribute__((no_sanitize("address")))
# endif
#endif
{
#ifdef PBLOCK_ANALYTICS
pblock_analytics_record(pblock, arg);
Expand Down Expand Up @@ -3460,7 +3454,7 @@ __attribute__((no_sanitize("address")))

/* ldif2db arguments */
case SLAPI_LDIF2DB_FILE:
pblock->pb_ldif_file = (char *) value;
pblock->pb_ldif_files = (char **) value;
break;
case SLAPI_LDIF2DB_REMOVEDUPVALS:
pblock->pb_removedupvals = *((int *)value);
Expand All @@ -3471,6 +3465,12 @@ __attribute__((no_sanitize("address")))
case SLAPI_LDIF2DB_NOATTRINDEXES:
pblock->pb_ldif2db_noattrindexes = *((int *)value);
break;
case SLAPI_LDIF2DB_INCLUDE:
pblock->pb_ldif_include = (char **)value;
break;
case SLAPI_LDIF2DB_EXCLUDE:
pblock->pb_ldif_exclude = (char **)value;
break;
case SLAPI_LDIF2DB_GENERATE_UNIQUEID:
pblock->pb_ldif_generate_uniqueid = *((int *)value);
break;
Expand All @@ -3485,6 +3485,9 @@ __attribute__((no_sanitize("address")))
case SLAPI_DB2LDIF_DUMP_UNIQUEID:
pblock->pb_ldif_dump_uniqueid = *((int *)value);
break;
case SLAPI_DB2LDIF_FILE:
pblock->pb_ldif_file = (char *)value;
break;

/* db2ldif/ldif2db/db2bak/bak2db arguments */
case SLAPI_BACKEND_INSTANCE_NAME:
Expand Down Expand Up @@ -3741,6 +3744,10 @@ __attribute__((no_sanitize("address")))
default:
slapi_log_err(SLAPI_LOG_ERR, "slapi_pblock_set",
"Unknown parameter block argument %d\n", arg);
#ifdef DEBUG
Slapi_PBlock *boom = NULL;
void *x = (void *)boom->pb_plugin;
#endif
return( -1 );
}

Expand Down Expand Up @@ -3814,6 +3821,55 @@ bind_credentials_clear( Connection *conn, PRBool lock_conn,

}

struct slapi_entry *
slapi_pblock_get_pw_entry(Slapi_PBlock *pb) {
return pb->pb_pw_entry;
}

void
slapi_pblock_set_pw_entry(Slapi_PBlock *pb, struct slapi_entry *entry) {
pb->pb_pw_entry = entry;
}

passwdPolicy *
slapi_pblock_get_pwdpolicy(Slapi_PBlock *pb) {
return pb->pwdpolicy;
}

void
slapi_pblock_set_pwdpolicy(Slapi_PBlock *pb, passwdPolicy *pwdpolicy) {
pb->pwdpolicy = pwdpolicy;
}

int32_t
slapi_pblock_get_ldif_dump_replica(Slapi_PBlock *pb) {
return pb->pb_ldif_dump_replica;
}

void
slapi_pblock_set_ldif_dump_replica(Slapi_PBlock *pb, int32_t dump_replica) {
pb->pb_ldif_dump_replica = dump_replica;
}

void *
slapi_pblock_get_vattr_context(Slapi_PBlock *pb) {
return pb->pb_vattr_context;
}

void
slapi_pblock_set_vattr_context(Slapi_PBlock *pb, void *vattr_ctx) {
pb->pb_vattr_context = vattr_ctx;
}

void *
slapi_pblock_get_op_stack_elem(Slapi_PBlock *pb) {
return pb->op_stack_elem;
}

void
slapi_pblock_set_op_stack_elem(Slapi_PBlock *pb, void *stack_elem) {
pb->op_stack_elem = stack_elem;
}

/*
* Clear and then set the bind DN and related credentials for the
Expand Down
186 changes: 186 additions & 0 deletions ldap/servers/slapd/pblock_v3.h
Original file line number Diff line number Diff line change
@@ -0,0 +1,186 @@
/** BEGIN COPYRIGHT BLOCK
* Copyright (C) 2017 Red Hat, Inc.
* All rights reserved.
*
* License: GPL (version 3 or any later version).
* See LICENSE for details.
* END COPYRIGHT BLOCK **/

/* Hide the pblock implementtation types to keep it truly private */

#pragma once

#ifdef HAVE_CONFIG_H
# include <config.h>
#endif

#include "slap.h"

typedef struct slapi_pblock {
/* common */
Slapi_Backend *pb_backend;
Connection *pb_conn;
Operation *pb_op;
struct slapdplugin *pb_plugin; /* plugin being called */
int pb_opreturn;
void* pb_object; /* points to data private to plugin */
IFP pb_destroy_fn;
int pb_requestor_isroot;
/* config file */
char *pb_config_fname;
int pb_config_lineno;
int pb_config_argc;
char **pb_config_argv;
int plugin_tracking;

/* [pre|post]add arguments */
struct slapi_entry *pb_target_entry; /* JCM - Duplicated */
struct slapi_entry *pb_existing_dn_entry;
struct slapi_entry *pb_existing_uniqueid_entry;
struct slapi_entry *pb_parent_entry;
struct slapi_entry *pb_newparent_entry;

/* state of entry before and after add/delete/modify/moddn/modrdn */
struct slapi_entry *pb_pre_op_entry;
struct slapi_entry *pb_post_op_entry;
/* seq access arguments */
int pb_seq_type;
char *pb_seq_attrname;
char *pb_seq_val;
/* dbverify argument */
char *pb_dbverify_dbdir;
/* ldif2db arguments */
char *pb_ldif_file;
int pb_removedupvals;
char **pb_db2index_attrs;
int pb_ldif2db_noattrindexes;
/* db2ldif arguments */
int pb_ldif_printkey;
/* ldif2db/db2ldif/db2bak/bak2db args */
char *pb_instance_name;
Slapi_Task *pb_task;
int pb_task_flags;
/* matching rule arguments */
mrFilterMatchFn pb_mr_filter_match_fn;
IFP pb_mr_filter_index_fn;
IFP pb_mr_filter_reset_fn;
IFP pb_mr_index_fn; /* values and keys are struct berval ** */
char* pb_mr_oid;
char* pb_mr_type;
struct berval* pb_mr_value;
struct berval** pb_mr_values;
struct berval** pb_mr_keys;
unsigned int pb_mr_filter_reusable;
int pb_mr_query_operator;
unsigned int pb_mr_usage;

/* arguments for password storage scheme (kexcoff) */
char *pb_pwd_storage_scheme_user_passwd;
char *pb_pwd_storage_scheme_db_passwd;

/* controls we know about */
int pb_managedsait;

/* additional fields for plugin_internal_ldap_ops */
/* result code of internal ldap_operation */
int pb_internal_op_result;
/* pointer to array of results returned on search */
Slapi_Entry **pb_plugin_internal_search_op_entries;
char **pb_plugin_internal_search_op_referrals;
void *pb_plugin_identity; /* identifies plugin for internal operation */
char *pb_plugin_config_area; /* optional config area */
void *pb_parent_txn; /* parent transaction ID */
void *pb_txn; /* transaction ID */
IFP pb_txn_ruv_mods_fn; /* Function to fetch RUV mods for txn */

/* Size of the database on disk, in kilobytes */
unsigned int pb_dbsize;

/* THINGS BELOW THIS LINE EXIST ONLY IN SLAPI v2 (slapd 4.0+) */

/* ldif2db: array of files to import all at once */
char **pb_ldif_files;

char **pb_ldif_include;
char **pb_ldif_exclude;
int pb_ldif_dump_replica;
int pb_ldif_dump_uniqueid; /* dump uniqueid during db2ldif */
int pb_ldif_generate_uniqueid; /* generate uniqueid during db2ldif */
char* pb_ldif_namespaceid; /* used for name based uniqueid generation */
int pb_ldif_encrypt; /* used to enable encrypt/decrypt on import and export */
/*
* notes to log with RESULT line in the access log
* these are actually stored as a bitmap; see slapi-plugin.h for
* defined notes.
*/
unsigned int pb_operation_notes;
/*
* slapd command line arguments
*/
int pb_slapd_argc;
char** pb_slapd_argv;
char *pb_slapd_configdir; /* the config directory passed to slapd on the command line */
LDAPControl **pb_ctrls_arg; /* allows to pass controls as arguments before
operation object is created */
int pb_dse_dont_add_write; /* if true, the dse is not written when an entry is added */
int pb_dse_add_merge; /* if true, if a duplicate entry is found when adding, the
new values are merged into the old entry */
int pb_dse_dont_check_dups; /* if false, use the "enhanced" version of str2entry to catch
more errors when adding dse entries; this can only be done
after the schema and syntax and matching rule plugins are
running */
int pb_dse_is_primary_file; /* for read callbacks: non-zero for primary file */
int pb_schema_flags; /* schema flags */
/* . check/load info (schema reload task) */
/* . refresh user defined schema */

/* NEW in 5.0 for getting back the backend result in frontend */
int pb_result_code; /* operation result code */
char * pb_result_text; /* result text when available */
char * pb_result_matched; /* macthed dn when NO SUCH OBJECT error */
int pb_nentries; /* number of entries to be returned */
struct berval **urls; /* urls of referrals to be returned */

/*
* wire import (fast replica init) arguments
*/
struct slapi_entry *pb_import_entry;
int pb_import_state;

int pb_destroy_content; /* flag to indicate that pblock content should be
destroyed when pblock is destroyed */
int pb_dse_reapply_mods; /* if true, dse_modify will reapply mods after modify callback */
char * pb_urp_naming_collision_dn; /* replication naming conflict removal */
char * pb_urp_tombstone_uniqueid; /* replication change tombstone */
int pb_server_running; /* indicate that server is running */
int pb_backend_count; /* instance count involved in the op */

/* For password policy control */
int pb_pwpolicy_ctrl;
void *pb_vattr_context; /* hold the vattr_context for roles/cos */

int *pb_substrlens; /* user specified minimum substr search key lengths:
* nsSubStrBegin, nsSubStrMiddle, nsSubStrEnd
*/
int pb_plugin_enabled; /* nsslapd-pluginEnabled: on|off */
/* used in plugin init; pb_plugin is not ready, then */
LDAPControl **pb_search_ctrls; /* for search operations, allows plugins to provide
controls to pass for each entry or referral returned */
IFP pb_mr_index_sv_fn; /* values and keys are Slapi_Value ** */
int pb_syntax_filter_normalized; /* the syntax filter types/values are already normalized */
void *pb_syntax_filter_data; /* extra data to pass to a syntax plugin function */
int pb_paged_results_index; /* stash SLAPI_PAGED_RESULTS_INDEX */
int pb_paged_results_cookie; /* stash SLAPI_PAGED_RESULTS_COOKIE */
passwdPolicy *pwdpolicy;
void *op_stack_elem;

/* For ACI Target Check */
int pb_aci_target_check; /* this flag prevents duplicate checking of ACI's target existence */

struct slapi_entry *pb_pw_entry; /* stash dup'ed entry that shadow info is added/replaced */
#ifdef PBLOCK_ANALYTICS
uint32_t analytics_init;
PLHashTable *analytics;
#endif
} slapi_pblock;

199 changes: 112 additions & 87 deletions ldap/servers/slapd/plugin.c

Large diffs are not rendered by default.

43 changes: 23 additions & 20 deletions ldap/servers/slapd/plugin_internal_op.c
Original file line number Diff line number Diff line change
Expand Up @@ -202,7 +202,6 @@ slapi_seq_callback( const char *ibase,
plugin_referral_entry_callback ref_callback)
{
int r;
Slapi_PBlock pb = {0};

if (ibase == NULL)
{
Expand All @@ -211,11 +210,13 @@ slapi_seq_callback( const char *ibase,
return -1;
}

slapi_seq_internal_set_pb(&pb, (char *)ibase, type, attrname, val, attrs, attrsonly, controls,
Slapi_PBlock *pb = slapi_pblock_new();

slapi_seq_internal_set_pb(pb, (char *)ibase, type, attrname, val, attrs, attrsonly, controls,
plugin_get_default_component_id(), 0);

r= seq_internal_callback_pb (&pb, callback_data, res_callback, srch_callback, ref_callback);
pblock_done(&pb);
r= seq_internal_callback_pb (pb, callback_data, res_callback, srch_callback, ref_callback);
slapi_pblock_destroy(pb);
return r;
}

Expand Down Expand Up @@ -440,17 +441,15 @@ slapi_search_internal_callback(const char *ibase,
plugin_search_entry_callback srch_callback,
plugin_referral_entry_callback ref_callback)
{
Slapi_PBlock pb;
Slapi_PBlock *pb = slapi_pblock_new();
int rc = 0;

pblock_init(&pb);

slapi_search_internal_set_pb (&pb, ibase, scope, ifstr, attrs, attrsonly,
slapi_search_internal_set_pb (pb, ibase, scope, ifstr, attrs, attrsonly,
controls, NULL, plugin_get_default_component_id(), 0);

rc = search_internal_callback_pb (&pb, callback_data, res_callback,
rc = search_internal_callback_pb (pb, callback_data, res_callback,
srch_callback, ref_callback);
pblock_done(&pb);
slapi_pblock_destroy(pb);
return (rc);
}

Expand Down Expand Up @@ -482,30 +481,34 @@ slapi_search_internal(const char *base,
void
slapi_free_search_results_internal(Slapi_PBlock *pb)
{
int i;

if(pb == NULL)
{
return;
}

if(pb->pb_plugin_internal_search_op_entries != NULL)
Slapi_Entry **op_entries = NULL;
slapi_pblock_get(pb, SLAPI_PLUGIN_INTOP_SEARCH_ENTRIES, &op_entries);

if(op_entries != NULL)
{
for(i=0; pb->pb_plugin_internal_search_op_entries[i] != NULL; i++)
for(size_t i = 0; op_entries[i] != NULL; i++)
{
slapi_entry_free(pb->pb_plugin_internal_search_op_entries[i]);
slapi_entry_free(op_entries[i]);
}
slapi_ch_free((void**)&(pb->pb_plugin_internal_search_op_entries));
slapi_ch_free((void**)&(op_entries));
}

char **op_referrals = NULL;
slapi_pblock_get(pb, SLAPI_PLUGIN_INTOP_SEARCH_REFERRALS, &op_referrals);

/* free v3 referrals made from result handler */
if(pb->pb_plugin_internal_search_op_referrals != NULL)
if(op_referrals != NULL)
{
for(i=0; pb->pb_plugin_internal_search_op_referrals[i] != NULL; i++)
for(size_t i = 0; op_referrals[i] != NULL; i++)
{
slapi_ch_free((void**)&(pb->pb_plugin_internal_search_op_referrals[i]));
slapi_ch_free((void**)&(op_referrals[i]));
}
slapi_ch_free((void**)&(pb->pb_plugin_internal_search_op_referrals));
slapi_ch_free((void**)&(op_referrals));
}
}

Expand Down
144 changes: 93 additions & 51 deletions ldap/servers/slapd/plugin_mr.c
Original file line number Diff line number Diff line change
Expand Up @@ -167,45 +167,86 @@ slapi_mr_indexer_create (Slapi_PBlock* opb)
{
/* call each plugin, until one is able to handle this request. */
rc = LDAP_UNAVAILABLE_CRITICAL_EXTENSION;
for (mrp = get_plugin_list(PLUGIN_LIST_MATCHINGRULE); mrp != NULL; mrp = mrp->plg_next)
{
IFP indexFn = NULL;
IFP indexSvFn = NULL;
Slapi_PBlock pb;
memcpy (&pb, opb, sizeof(Slapi_PBlock));
slapi_pblock_set(&pb, SLAPI_PLUGIN, mrp);
if (slapi_pblock_get(&pb, SLAPI_PLUGIN_MR_INDEXER_CREATE_FN, &createFn)) {
/* plugin not a matchingrule type */
continue;
}
if (createFn && !createFn(&pb)) {
slapi_pblock_get(&pb, SLAPI_PLUGIN_MR_INDEX_FN, &indexFn);
slapi_pblock_get(&pb, SLAPI_PLUGIN_MR_INDEX_SV_FN, &indexSvFn);
if (indexFn || indexSvFn) {
/* Success: this plugin can handle it. */
memcpy(opb, &pb, sizeof (Slapi_PBlock));
plugin_mr_bind(oid, mrp); /* for future reference */
rc = 0; /* success */
break;
}

}
}
if (rc != 0) {
/* look for a new syntax-style mr plugin */
struct slapdplugin *pi = plugin_mr_find(oid);
if (pi) {
Slapi_PBlock pb;
memcpy (&pb, opb, sizeof(Slapi_PBlock));
slapi_pblock_set(&pb, SLAPI_PLUGIN, pi);
rc = default_mr_indexer_create(&pb);
if (!rc) {
memcpy (opb, &pb, sizeof(Slapi_PBlock));
plugin_mr_bind (oid, pi); /* for future reference */
}
}
}
}
// We need to get the type and usage from the caller.
char *type;
uint32_t usage;
slapi_pblock_get(opb, SLAPI_PLUGIN_MR_TYPE, &type);
slapi_pblock_get(opb, SLAPI_PLUGIN_MR_USAGE, &usage);
for (mrp = get_plugin_list(PLUGIN_LIST_MATCHINGRULE); mrp != NULL; mrp = mrp->plg_next)
{

Slapi_PBlock *pb = slapi_pblock_new();
slapi_pblock_set(pb, SLAPI_PLUGIN, mrp);
/* From filtercmp.c and matchrule.c, these are the values we need to set. into pb */
slapi_pblock_set(pb, SLAPI_PLUGIN_MR_OID, oid);
slapi_pblock_set(pb, SLAPI_PLUGIN_MR_TYPE, type);
slapi_pblock_set(pb, SLAPI_PLUGIN_MR_USAGE, &usage);

/* This is associated with the pb_plugin struct, so it comes with mrp */
if (slapi_pblock_get(pb, SLAPI_PLUGIN_MR_INDEXER_CREATE_FN, &createFn)) {
/* plugin not a matchingrule type */
slapi_pblock_destroy(pb);
continue;
}

if (createFn && !createFn(pb)) {
IFP indexFn = NULL;
IFP indexSvFn = NULL;
/* These however, are in the pblock direct, so we need to copy them. */
slapi_pblock_get(opb, SLAPI_PLUGIN_MR_INDEX_FN, &indexFn);
slapi_pblock_get(opb, SLAPI_PLUGIN_MR_INDEX_SV_FN, &indexSvFn);
slapi_pblock_set(pb, SLAPI_PLUGIN_MR_INDEX_FN, indexFn);
slapi_pblock_set(pb, SLAPI_PLUGIN_MR_INDEX_SV_FN, indexSvFn);
if (indexFn || indexSvFn) {
/* Success: this plugin can handle it. */
/* call create on the opb? */
createFn(opb);
plugin_mr_bind(oid, mrp); /* for future reference */
rc = 0; /* success */
slapi_pblock_destroy(pb);
break;
}
}
slapi_pblock_destroy(pb);
}
if (rc != 0) {
/* look for a new syntax-style mr plugin */
struct slapdplugin *pi = plugin_mr_find(oid);
if (pi) {
Slapi_PBlock *pb = slapi_pblock_new();
slapi_pblock_set(pb, SLAPI_PLUGIN_MR_OID, oid);
slapi_pblock_set(pb, SLAPI_PLUGIN_MR_TYPE, type);
slapi_pblock_set(pb, SLAPI_PLUGIN_MR_USAGE, &usage);
slapi_pblock_set(pb, SLAPI_PLUGIN, pi);
rc = default_mr_indexer_create(pb);
if (!rc) {
/* On success, copy the needed values in. These are added by default_mr_indexer_create */
void *pb_object = NULL;
IFP destroy_fn = NULL;
IFP index_fn = NULL;
IFP index_sv_fn = NULL;

slapi_pblock_get(pb, SLAPI_PLUGIN_OBJECT, &pb_object);
slapi_pblock_get(pb, SLAPI_PLUGIN_DESTROY_FN, &destroy_fn);
slapi_pblock_get(pb, SLAPI_PLUGIN_MR_INDEX_FN, &index_fn);
slapi_pblock_get(pb, SLAPI_PLUGIN_MR_INDEX_SV_FN, &index_sv_fn);

/* SLAPI_PLUGIN_MR_INDEXER_CREATE_FN, and SLAPI_PLUGIN_MR_FILTER_CREATE_FN, are part of pb_plugin */
slapi_pblock_set(opb, SLAPI_PLUGIN, pi);
slapi_pblock_set(opb, SLAPI_PLUGIN_MR_OID, oid);
slapi_pblock_set(opb, SLAPI_PLUGIN_MR_TYPE, type);
slapi_pblock_set(opb, SLAPI_PLUGIN_MR_USAGE, &usage);
slapi_pblock_set(opb, SLAPI_PLUGIN_OBJECT, pb_object);
slapi_pblock_set(opb, SLAPI_PLUGIN_DESTROY_FN, destroy_fn);
slapi_pblock_set(opb, SLAPI_PLUGIN_MR_INDEX_FN, index_fn);
slapi_pblock_set(opb, SLAPI_PLUGIN_MR_INDEX_SV_FN, index_sv_fn);

plugin_mr_bind (oid, pi); /* for future reference */
}
slapi_pblock_destroy(pb);
}
}
}
}
return rc;
}
Expand Down Expand Up @@ -574,18 +615,18 @@ plugin_mr_filter_create (mr_filter_t* f)
{
int rc = LDAP_UNAVAILABLE_CRITICAL_EXTENSION;
struct slapdplugin* mrp = plugin_mr_find_registered (f->mrf_oid);
Slapi_PBlock pb = {0};
Slapi_PBlock *pb = slapi_pblock_new();

if (mrp != NULL)
{
rc = attempt_mr_filter_create (f, mrp, &pb);
rc = attempt_mr_filter_create (f, mrp, pb);
}
else
{
/* call each plugin, until one is able to handle this request. */
for (mrp = get_plugin_list(PLUGIN_LIST_MATCHINGRULE); mrp != NULL; mrp = mrp->plg_next)
{
if (!(rc = attempt_mr_filter_create (f, mrp, &pb)))
if (!(rc = attempt_mr_filter_create (f, mrp, pb)))
{
plugin_mr_bind (f->mrf_oid, mrp); /* for future reference */
break;
Expand All @@ -599,10 +640,10 @@ plugin_mr_filter_create (mr_filter_t* f)
if (mrp)
{
/* set the default index create fn */
slapi_pblock_set(&pb, SLAPI_PLUGIN, mrp);
slapi_pblock_set(&pb, SLAPI_PLUGIN_MR_FILTER_CREATE_FN, default_mr_filter_create);
slapi_pblock_set(&pb, SLAPI_PLUGIN_MR_INDEXER_CREATE_FN, default_mr_indexer_create);
if (!(rc = attempt_mr_filter_create (f, mrp, &pb)))
slapi_pblock_set(pb, SLAPI_PLUGIN, mrp);
slapi_pblock_set(pb, SLAPI_PLUGIN_MR_FILTER_CREATE_FN, default_mr_filter_create);
slapi_pblock_set(pb, SLAPI_PLUGIN_MR_INDEXER_CREATE_FN, default_mr_indexer_create);
if (!(rc = attempt_mr_filter_create (f, mrp, pb)))
{
plugin_mr_bind (f->mrf_oid, mrp); /* for future reference */
}
Expand All @@ -611,12 +652,13 @@ plugin_mr_filter_create (mr_filter_t* f)
if (!rc)
{
/* This plugin has created the desired filter. */
slapi_pblock_get (&pb, SLAPI_PLUGIN_MR_FILTER_INDEX_FN, &(f->mrf_index));
slapi_pblock_get (&pb, SLAPI_PLUGIN_MR_FILTER_REUSABLE, &(f->mrf_reusable));
slapi_pblock_get (&pb, SLAPI_PLUGIN_MR_FILTER_RESET_FN, &(f->mrf_reset));
slapi_pblock_get (&pb, SLAPI_PLUGIN_OBJECT, &(f->mrf_object));
slapi_pblock_get (&pb, SLAPI_PLUGIN_DESTROY_FN, &(f->mrf_destroy));
slapi_pblock_get (pb, SLAPI_PLUGIN_MR_FILTER_INDEX_FN, &(f->mrf_index));
slapi_pblock_get (pb, SLAPI_PLUGIN_MR_FILTER_REUSABLE, &(f->mrf_reusable));
slapi_pblock_get (pb, SLAPI_PLUGIN_MR_FILTER_RESET_FN, &(f->mrf_reset));
slapi_pblock_get (pb, SLAPI_PLUGIN_OBJECT, &(f->mrf_object));
slapi_pblock_get (pb, SLAPI_PLUGIN_DESTROY_FN, &(f->mrf_destroy));
}
slapi_pblock_destroy(pb);
return rc;
}

Expand Down
94 changes: 52 additions & 42 deletions ldap/servers/slapd/plugin_syntax.c
Original file line number Diff line number Diff line change
Expand Up @@ -98,7 +98,6 @@ plugin_call_syntax_filter_ava_sv(
)
{
int rc;
Slapi_PBlock pipb;
IFP ava_fn = NULL;

slapi_log_err(SLAPI_LOG_FILTER,
Expand All @@ -118,14 +117,14 @@ plugin_call_syntax_filter_ava_sv(
return( LDAP_PROTOCOL_ERROR ); /* syntax unkonwn */
}

pblock_init( &pipb );
slapi_pblock_set( &pipb, SLAPI_PLUGIN, (void *) a->a_plugin );
Slapi_PBlock *pipb = slapi_pblock_new();
slapi_pblock_set( pipb, SLAPI_PLUGIN, (void *) a->a_plugin );
if (ava->ava_private) {
int filter_normalized = 0;
int f_flags = 0;
f_flags = *(int *)ava->ava_private;
filter_normalized = f_flags | SLAPI_FILTER_NORMALIZED_VALUE;
slapi_pblock_set( &pipb, SLAPI_PLUGIN_SYNTAX_FILTER_NORMALIZED, &filter_normalized );
slapi_pblock_set( pipb, SLAPI_PLUGIN_SYNTAX_FILTER_NORMALIZED, &filter_normalized );
}

rc = -1; /* does not match by default */
Expand All @@ -144,10 +143,10 @@ plugin_call_syntax_filter_ava_sv(
/* if the attribute has an ordering matching rule plugin, use that,
otherwise, just use the syntax plugin */
if (a->a_mr_ord_plugin != NULL) {
slapi_pblock_set( &pipb, SLAPI_PLUGIN, (void *) a->a_mr_ord_plugin );
slapi_pblock_set( pipb, SLAPI_PLUGIN, (void *) a->a_mr_ord_plugin );
ava_fn = a->a_mr_ord_plugin->plg_mr_filter_ava;
} else {
slapi_pblock_set( &pipb, SLAPI_PLUGIN, (void *) a->a_plugin );
slapi_pblock_set( pipb, SLAPI_PLUGIN, (void *) a->a_plugin );
ava_fn = a->a_plugin->plg_syntax_filter_ava;
}
/* FALLTHROUGH */
Expand All @@ -157,10 +156,10 @@ plugin_call_syntax_filter_ava_sv(
/* if we have an equality matching rule plugin, use that,
otherwise, just use the syntax plugin */
if (a->a_mr_eq_plugin) {
slapi_pblock_set( &pipb, SLAPI_PLUGIN, (void *) a->a_mr_eq_plugin );
slapi_pblock_set( pipb, SLAPI_PLUGIN, (void *) a->a_mr_eq_plugin );
ava_fn = a->a_mr_eq_plugin->plg_mr_filter_ava;
} else {
slapi_pblock_set( &pipb, SLAPI_PLUGIN, (void *) a->a_plugin );
slapi_pblock_set( pipb, SLAPI_PLUGIN, (void *) a->a_plugin );
ava_fn = a->a_plugin->plg_syntax_filter_ava;
}
}
Expand All @@ -174,7 +173,7 @@ plugin_call_syntax_filter_ava_sv(
va= valueset_get_valuearray(&a->a_present_values);
}
if(va!=NULL) {
rc = (*ava_fn)( &pipb, &ava->ava_value, va, ftype, retVal );
rc = (*ava_fn)( pipb, &ava->ava_value, va, ftype, retVal );
}
} else {
slapi_log_err(SLAPI_LOG_FILTER,
Expand All @@ -191,6 +190,7 @@ plugin_call_syntax_filter_ava_sv(

slapi_log_err(SLAPI_LOG_FILTER,
"plugin_call_syntax_filter_ava", "<= %d\n", rc);
slapi_pblock_destroy(pipb);
return( rc );
}

Expand All @@ -211,7 +211,6 @@ plugin_call_syntax_filter_sub_sv(
struct subfilt *fsub
)
{
Slapi_PBlock pipb;
int rc;
IFP sub_fn = NULL;
int filter_normalized = 0;
Expand All @@ -230,20 +229,20 @@ plugin_call_syntax_filter_sub_sv(
return( -1 ); /* syntax unkonwn - does not match */
}

pblock_init( &pipb );
Slapi_PBlock *pipb = slapi_pblock_new();
if (pb) {
slapi_pblock_get( pb, SLAPI_PLUGIN_SYNTAX_FILTER_NORMALIZED, &filter_normalized );
slapi_pblock_set( &pipb, SLAPI_PLUGIN_SYNTAX_FILTER_NORMALIZED, &filter_normalized );
slapi_pblock_set( pipb, SLAPI_PLUGIN_SYNTAX_FILTER_NORMALIZED, &filter_normalized );
}
slapi_pblock_set( &pipb, SLAPI_PLUGIN_SYNTAX_FILTER_DATA, fsub );
slapi_pblock_set( pipb, SLAPI_PLUGIN_SYNTAX_FILTER_DATA, fsub );

/* use the substr matching rule plugin if available, otherwise, use
the syntax plugin */
if (a->a_mr_sub_plugin) {
slapi_pblock_set( &pipb, SLAPI_PLUGIN, (void *) a->a_mr_sub_plugin );
slapi_pblock_set( pipb, SLAPI_PLUGIN, (void *) a->a_mr_sub_plugin );
sub_fn = a->a_mr_sub_plugin->plg_mr_filter_sub;
} else {
slapi_pblock_set( &pipb, SLAPI_PLUGIN, (void *) a->a_plugin );
slapi_pblock_set( pipb, SLAPI_PLUGIN, (void *) a->a_plugin );
sub_fn = a->a_plugin->plg_syntax_filter_sub;
}

Expand All @@ -255,15 +254,18 @@ plugin_call_syntax_filter_sub_sv(
Operation *op = NULL;
/* to pass SLAPI_SEARCH_TIMELIMIT & SLAPI_OPINITATED_TIME */
slapi_pblock_get( pb, SLAPI_OPERATION, &op );
slapi_pblock_set( &pipb, SLAPI_OPERATION, op );
slapi_pblock_set( pipb, SLAPI_OPERATION, op );
}
rc = (*sub_fn)( &pipb, fsub->sf_initial, fsub->sf_any, fsub->sf_final, va);
rc = (*sub_fn)( pipb, fsub->sf_initial, fsub->sf_any, fsub->sf_final, va);
} else {
rc = -1;
}

slapi_log_err(SLAPI_LOG_FILTER, "plugin_call_syntax_filter_sub_sv", "<= %d\n",
rc);
/* Operation is owned by our caller: We need to null it now, to prevent the free */
slapi_pblock_set( pipb, SLAPI_OPERATION, NULL );
slapi_pblock_destroy(pipb);
return( rc );
}

Expand Down Expand Up @@ -559,20 +561,21 @@ slapi_call_syntax_values2keys_sv(
)
{
int rc;
Slapi_PBlock pipb;
Slapi_PBlock *pipb = slapi_pblock_new();
struct slapdplugin *pi = vpi;

slapi_log_err(SLAPI_LOG_FILTER, "slapi_call_syntax_values2keys_sv", "=>\n");

pblock_init( &pipb );
slapi_pblock_set( &pipb, SLAPI_PLUGIN, vpi );
slapi_pblock_set( pipb, SLAPI_PLUGIN, vpi );

*ivals = NULL;
rc = -1; /* means no values2keys function */
if ( pi != NULL && pi->plg_syntax_values2keys != NULL ) {
rc = pi->plg_syntax_values2keys( &pipb, vals, ivals, ftype );
rc = pi->plg_syntax_values2keys( pipb, vals, ivals, ftype );
}

slapi_pblock_destroy(pipb);

slapi_log_err(SLAPI_LOG_FILTER,
"slapi_call_syntax_values2keys_sv", "<= %d\n", rc);
return( rc );
Expand Down Expand Up @@ -646,9 +649,11 @@ slapi_attr_values2keys_sv(
int ftype
)
{
Slapi_PBlock pb;
pblock_init(&pb);
return slapi_attr_values2keys_sv_pb(sattr, vals, ivals, ftype, &pb);
int result = 0;
Slapi_PBlock *pb = slapi_pblock_new();
result = slapi_attr_values2keys_sv_pb(sattr, vals, ivals, ftype, pb);
slapi_pblock_destroy(pb);
return result;
}

SLAPI_DEPRECATED int
Expand Down Expand Up @@ -729,20 +734,20 @@ slapi_call_syntax_assertion2keys_ava_sv(
)
{
int rc;
Slapi_PBlock pipb;
Slapi_PBlock *pipb = slapi_pblock_new();
struct slapdplugin *pi = vpi;

slapi_log_err(SLAPI_LOG_FILTER,
"slapi_call_syntax_assertion2keys_ava_sv" , "=>\n");

pblock_init( &pipb );
slapi_pblock_set( &pipb, SLAPI_PLUGIN, vpi );
slapi_pblock_set( pipb, SLAPI_PLUGIN, vpi );

rc = -1; /* means no assertion2keys function */
if ( pi->plg_syntax_assertion2keys_ava != NULL ) {
rc = pi->plg_syntax_assertion2keys_ava( &pipb, val, ivals, ftype );
rc = pi->plg_syntax_assertion2keys_ava( pipb, val, ivals, ftype );
}

slapi_pblock_destroy(pipb);
slapi_log_err(SLAPI_LOG_FILTER,
"slapi_call_syntax_assertion2keys_ava_sv", "<= %d\n", rc);
return( rc );
Expand All @@ -757,7 +762,6 @@ slapi_attr_assertion2keys_ava_sv(
)
{
int rc;
Slapi_PBlock pipb;
struct slapdplugin *pi = NULL;
IFP a2k_fn = NULL;

Expand Down Expand Up @@ -787,13 +791,14 @@ slapi_attr_assertion2keys_ava_sv(
goto done;
}

pblock_init( &pipb );
slapi_pblock_set( &pipb, SLAPI_PLUGIN, pi );
Slapi_PBlock *pipb = slapi_pblock_new();
slapi_pblock_set( pipb, SLAPI_PLUGIN, pi );

rc = -1; /* means no assertion2keys function */
if ( a2k_fn != NULL ) {
rc = (*a2k_fn)( &pipb, val, ivals, ftype );
rc = (*a2k_fn)( pipb, val, ivals, ftype );
}
slapi_pblock_destroy(pipb);
done:
slapi_log_err(SLAPI_LOG_FILTER,
"slapi_attr_assertion2keys_ava_sv", "=> %d\n", rc);
Expand Down Expand Up @@ -846,22 +851,23 @@ slapi_call_syntax_assertion2keys_sub_sv(
)
{
int rc;
Slapi_PBlock pipb;
Slapi_PBlock *pipb = slapi_pblock_new();
struct slapdplugin *pi = vpi;

slapi_log_err(SLAPI_LOG_FILTER,
"slapi_call_syntax_assertion2keys_sub_sv", "=>\n");

pblock_init( &pipb );
slapi_pblock_set( &pipb, SLAPI_PLUGIN, vpi );
slapi_pblock_set( pipb, SLAPI_PLUGIN, vpi );

rc = -1; /* means no assertion2keys function */
*ivals = NULL;
if ( pi->plg_syntax_assertion2keys_sub != NULL ) {
rc = pi->plg_syntax_assertion2keys_sub( &pipb, initial, any,
rc = pi->plg_syntax_assertion2keys_sub( pipb, initial, any,
final, ivals );
}

slapi_pblock_destroy(pipb);

slapi_log_err(SLAPI_LOG_FILTER,
"slapi_call_syntax_assertion2keys_sub_sv", "<= %d\n", rc);
return( rc );
Expand Down Expand Up @@ -890,7 +896,8 @@ slapi_attr_assertion2keys_sub_sv_pb(
)
{
int rc;
Slapi_PBlock pipb;
Slapi_PBlock *pipb = NULL;
Slapi_PBlock *work_pb = NULL;
struct slapdplugin *pi = NULL;
struct slapdplugin *origpi = NULL;
IFP a2k_fn = NULL;
Expand All @@ -910,21 +917,24 @@ slapi_attr_assertion2keys_sub_sv_pb(
a2k_fn = sattr->a_plugin->plg_syntax_assertion2keys_sub;
}
if (NULL == pb) {
pblock_init( &pipb );
pb = &pipb;
pipb = slapi_pblock_new();
work_pb = pipb;
} else {
/* back up the original slapdplugin if any */
slapi_pblock_get(pb, SLAPI_PLUGIN, &origpi);
work_pb = pb;
}
slapi_pblock_set(pb, SLAPI_PLUGIN, pi);
slapi_pblock_set(work_pb, SLAPI_PLUGIN, pi);

rc = -1; /* means no assertion2keys function */
*ivals = NULL;
if ( a2k_fn != NULL ) {
rc = (*a2k_fn)( pb, initial, any, final, ivals );
rc = (*a2k_fn)( work_pb, initial, any, final, ivals );
}

if (pb != &pipb) {
if (pb == NULL) {
slapi_pblock_destroy(pipb);
} else {
/* restore the original slapdplugin if pb is not local. */
slapi_pblock_set(pb, SLAPI_PLUGIN, origpi);
}
Expand Down
49 changes: 25 additions & 24 deletions ldap/servers/slapd/psearch.c
Original file line number Diff line number Diff line change
Expand Up @@ -141,14 +141,6 @@ ps_stop_psearch_system()
}
}

static Slapi_PBlock *
pblock_copy(Slapi_PBlock *src)
{
Slapi_PBlock *dest = slapi_pblock_new();
*dest = *src;
return dest;
}

/*
* Add the given pblock to the list of outstanding persistent searches.
* Then, start a thread to send the results to the client as they
Expand All @@ -163,7 +155,7 @@ ps_add( Slapi_PBlock *pb, ber_int_t changetypes, int send_entchg_controls )
if ( PS_IS_INITIALIZED() && NULL != pb ) {
/* Create the new node */
ps = psearch_alloc();
ps->ps_pblock = pblock_copy(pb);
ps->ps_pblock = slapi_pblock_clone(pb);
ps->ps_changetypes = changetypes;
ps->ps_send_entchg_controls = send_entchg_controls;

Expand Down Expand Up @@ -272,29 +264,34 @@ ps_send_results( void *arg )
char **pbattrs = NULL;
int conn_acq_flag = 0;
Slapi_Connection *conn = NULL;
Connection *pb_conn = NULL;
Operation *pb_op = NULL;

g_incr_active_threadcnt();

slapi_pblock_get(ps->ps_pblock, SLAPI_CONNECTION, &pb_conn);
slapi_pblock_get(ps->ps_pblock, SLAPI_OPERATION, &pb_op);

/* need to acquire a reference to this connection so that it will not
be released or cleaned up out from under us */
PR_EnterMonitor(ps->ps_pblock->pb_conn->c_mutex);
conn_acq_flag = connection_acquire_nolock(ps->ps_pblock->pb_conn);
PR_ExitMonitor(ps->ps_pblock->pb_conn->c_mutex);
PR_EnterMonitor(pb_conn->c_mutex);
conn_acq_flag = connection_acquire_nolock(pb_conn);
PR_ExitMonitor(pb_conn->c_mutex);

if (conn_acq_flag) {
slapi_log_err(SLAPI_LOG_CONNS, "ps_send_results",
"conn=%" PRIu64 " op=%d Could not acquire the connection - psearch aborted\n",
ps->ps_pblock->pb_conn->c_connid, ps->ps_pblock->pb_op->o_opid);
pb_conn->c_connid, pb_op->o_opid);
}

PR_Lock( psearch_list->pl_cvarlock );

while ( (conn_acq_flag == 0) && !ps->ps_complete ) {
/* Check for an abandoned operation */
if ( ps->ps_pblock->pb_op == NULL || slapi_op_abandoned( ps->ps_pblock ) ) {
if ( pb_op == NULL || slapi_op_abandoned( ps->ps_pblock ) ) {
slapi_log_err(SLAPI_LOG_CONNS, "ps_send_results",
"conn=%" PRIu64 " op=%d The operation has been abandoned\n",
ps->ps_pblock->pb_conn->c_connid, ps->ps_pblock->pb_op->o_opid);
pb_conn->c_connid, pb_op->o_opid);
break;
}
if ( NULL == ps->ps_eq_head ) {
Expand Down Expand Up @@ -352,8 +349,8 @@ ps_send_results( void *arg )
if (rc) {
slapi_log_err(SLAPI_LOG_CONNS, "ps_send_results",
"conn=%" PRIu64 " op=%d Error %d sending entry %s with op status %d\n",
ps->ps_pblock->pb_conn->c_connid, ps->ps_pblock->pb_op->o_opid,
rc, slapi_entry_get_dn_const(ec), ps->ps_pblock->pb_op->o_status);
pb_conn->c_connid, pb_op->o_opid,
rc, slapi_entry_get_dn_const(ec), pb_op->o_status);
}
}

Expand Down Expand Up @@ -395,15 +392,15 @@ ps_send_results( void *arg )
slapi_pblock_set(ps->ps_pblock, SLAPI_SEARCH_FILTER, NULL );
slapi_filter_free(filter, 1);

conn = ps->ps_pblock->pb_conn; /* save to release later - connection_remove_operation_ext will NULL the pb_conn */
conn = pb_conn; /* save to release later - connection_remove_operation_ext will NULL the pb_conn */
/* Clean up the connection structure */
PR_EnterMonitor(conn->c_mutex);

slapi_log_err(SLAPI_LOG_CONNS, "ps_send_results",
"conn=%" PRIu64 " op=%d Releasing the connection and operation\n",
conn->c_connid, ps->ps_pblock->pb_op->o_opid);
conn->c_connid, pb_op->o_opid);
/* Delete this op from the connection's list */
connection_remove_operation_ext( ps->ps_pblock, conn, ps->ps_pblock->pb_op );
connection_remove_operation_ext( ps->ps_pblock, conn, pb_op );

/* Decrement the connection refcnt */
if (conn_acq_flag == 0) { /* we acquired it, so release it */
Expand Down Expand Up @@ -524,21 +521,25 @@ ps_service_persistent_searches( Slapi_Entry *e, Slapi_Entry *eprev, ber_int_t ch
Slapi_DN *base = NULL;
Slapi_Filter *f;
int scope;
Connection *pb_conn = NULL;
Operation *pb_op = NULL;

slapi_pblock_get(ps->ps_pblock, SLAPI_OPERATION, &pb_op);
slapi_pblock_get(ps->ps_pblock, SLAPI_CONNECTION, &pb_conn);

/* Skip the node that doesn't meet the changetype,
* or is unable to use the change in ps_send_results()
*/
if (( ps->ps_changetypes & chgtype ) == 0 ||
ps->ps_pblock->pb_op == NULL ||
if (( ps->ps_changetypes & chgtype ) == 0 || pb_op == NULL ||
slapi_op_abandoned( ps->ps_pblock ) ) {
continue;
}

slapi_log_err(SLAPI_LOG_CONNS, "ps_service_persistent_searches",
"conn=%" PRIu64 " op=%d entry %s with chgtype %d "
"matches the ps changetype %d\n",
ps->ps_pblock->pb_conn->c_connid,
ps->ps_pblock->pb_op->o_opid,
pb_conn->c_connid,
pb_op->o_opid,
edn, chgtype, ps->ps_changetypes);

slapi_pblock_get( ps->ps_pblock, SLAPI_SEARCH_FILTER, &f );
Expand Down
57 changes: 36 additions & 21 deletions ldap/servers/slapd/pw.c
Original file line number Diff line number Diff line change
Expand Up @@ -594,6 +594,7 @@ int
update_pw_info ( Slapi_PBlock *pb , char *old_pw)
{
Slapi_Operation *operation = NULL;
Connection *pb_conn;
Slapi_Entry *e = NULL;
Slapi_DN *sdn = NULL;
Slapi_Mods smods;
Expand All @@ -605,6 +606,7 @@ update_pw_info ( Slapi_PBlock *pb , char *old_pw)
int internal_op = 0;

slapi_pblock_get( pb, SLAPI_OPERATION, &operation);
slapi_pblock_get(pb, SLAPI_CONNECTION, &pb_conn);
slapi_pblock_get( pb, SLAPI_TARGET_SDN, &sdn );
slapi_pblock_get( pb, SLAPI_REQUESTOR_NDN, &bind_dn);
slapi_pblock_get( pb, SLAPI_ENTRY_PRE_OP, &e);
Expand Down Expand Up @@ -666,7 +668,7 @@ update_pw_info ( Slapi_PBlock *pb , char *old_pw)
* we stuff the actual user who initiated the password change in pb_conn. We check
* for this special case to ensure we reset the expiration date properly.
*/
if ((internal_op && pwpolicy->pw_must_change && (!pb->pb_conn || strcasecmp(target_dn, pb->pb_conn->c_dn))) ||
if ((internal_op && pwpolicy->pw_must_change && (!pb_conn || strcasecmp(target_dn, pb_conn->c_dn))) ||
(!internal_op && pwpolicy->pw_must_change &&
((target_dn && bind_dn && strcasecmp(target_dn, bind_dn)) && pw_is_pwp_admin(pb, pwpolicy)))) {
pw_exp_date = NO_TIME;
Expand Down Expand Up @@ -719,9 +721,9 @@ update_pw_info ( Slapi_PBlock *pb , char *old_pw)

pw_apply_mods(sdn, &smods);
slapi_mods_done(&smods);
if (pb->pb_conn) { /* no conn for internal op */
if (pb_conn) { /* no conn for internal op */
/* reset c_needpw to 0 */
pb->pb_conn->c_needpw = 0;
pb_conn->c_needpw = 0;
}
return 0;
}
Expand All @@ -732,11 +734,13 @@ check_pw_minage ( Slapi_PBlock *pb, const Slapi_DN *sdn, struct berval **vals __
char *dn= (char*)slapi_sdn_get_ndn(sdn); /* jcm - Had to cast away const */
passwdPolicy *pwpolicy=NULL;
int pwresponse_req = 0;
Operation *pb_op;

pwpolicy = new_passwdPolicy(pb, dn);
slapi_pblock_get ( pb, SLAPI_PWPOLICY, &pwresponse_req );
slapi_pblock_get(pb, SLAPI_OPERATION, &pb_op);

if (!pb->pb_op->o_isroot && pwpolicy->pw_minage) {
if (!pb_op->o_isroot && pwpolicy->pw_minage) {

Slapi_Entry *e;
char *passwordAllowChangeTime;
Expand Down Expand Up @@ -800,6 +804,7 @@ check_pw_syntax_ext ( Slapi_PBlock *pb, const Slapi_DN *sdn, Slapi_Value **vals,
char *p = NULL;
passwdPolicy *pwpolicy = NULL;
Slapi_Operation *operation = NULL;
Connection *pb_conn;
char errormsg[SLAPI_DSE_RETURNTEXT_SIZE] = {0};

/*
Expand Down Expand Up @@ -831,6 +836,7 @@ check_pw_syntax_ext ( Slapi_PBlock *pb, const Slapi_DN *sdn, Slapi_Value **vals,
slapi_log_err(SLAPI_LOG_ERR, "check_pw_syntax_ext", "No slapi operation\n");
return -1;
}
slapi_pblock_get(pb, SLAPI_CONNECTION, &pb_conn);
internal_op = slapi_operation_is_flag_set(operation, SLAPI_OP_FLAG_INTERNAL);

/*
Expand All @@ -843,7 +849,7 @@ check_pw_syntax_ext ( Slapi_PBlock *pb, const Slapi_DN *sdn, Slapi_Value **vals,
for ( i = 0; vals[ i ] != NULL; ++i ){
if (slapi_is_encoded((char *)slapi_value_get_string(vals[i]))) {
if (!is_replication && !config_get_allow_hashed_pw() &&
((internal_op && pb->pb_conn && !slapi_dn_isroot(pb->pb_conn->c_dn)) ||
((internal_op && pb_conn && !slapi_dn_isroot(pb_conn->c_dn)) ||
(!internal_op && !pw_is_pwp_admin(pb, pwpolicy)))) {
PR_snprintf( errormsg, sizeof(errormsg) - 1, "invalid password syntax - passwords with storage scheme are not allowed");
if ( pwresponse_req == 1 ) {
Expand Down Expand Up @@ -1158,7 +1164,7 @@ update_pw_history( Slapi_PBlock *pb, const Slapi_DN *sdn, char *old_pw )
Slapi_Entry *e = NULL;
LDAPMod attribute;
LDAPMod *list_of_mods[2];
Slapi_PBlock mod_pb;
Slapi_PBlock *mod_pb;
char *str = NULL;
passwdPolicy *pwpolicy = NULL;
const char *dn = slapi_sdn_get_dn(sdn);
Expand Down Expand Up @@ -1231,15 +1237,15 @@ update_pw_history( Slapi_PBlock *pb, const Slapi_DN *sdn, char *old_pw )
list_of_mods[0] = &attribute;
list_of_mods[1] = NULL;

pblock_init(&mod_pb);
slapi_modify_internal_set_pb_ext(&mod_pb, sdn, list_of_mods, NULL, NULL, pw_get_componentID(), 0);
slapi_modify_internal_pb(&mod_pb);
slapi_pblock_get(&mod_pb, SLAPI_PLUGIN_INTOP_RESULT, &res);
mod_pb = slapi_pblock_new();
slapi_modify_internal_set_pb_ext(mod_pb, sdn, list_of_mods, NULL, NULL, pw_get_componentID(), 0);
slapi_modify_internal_pb(mod_pb);
slapi_pblock_get(mod_pb, SLAPI_PLUGIN_INTOP_RESULT, &res);
if (res != LDAP_SUCCESS){
slapi_log_err(SLAPI_LOG_ERR, "update_pw_history",
"Modify error %d on entry '%s'\n", res, dn);
}
pblock_done(&mod_pb);
slapi_pblock_destroy(mod_pb);
slapi_ch_free_string(&str);
bail:
slapi_ch_array_free(values_replace);
Expand Down Expand Up @@ -1557,8 +1563,11 @@ pw_is_pwp_admin(Slapi_PBlock *pb, passwdPolicy *pwp){
Slapi_DN *bind_sdn = NULL;
int i;

int is_requestor_root = 0;
slapi_pblock_get(pb, SLAPI_REQUESTOR_ISROOT, &is_requestor_root);

/* first check if it's root */
if(pb->pb_requestor_isroot){
if(is_requestor_root){
return 1;
}
/* now check if it's a Password Policy Administrator */
Expand Down Expand Up @@ -1669,9 +1678,12 @@ new_passwdPolicy(Slapi_PBlock *pb, const char *dn)
int optype = -1;

/* If we already allocated a pw policy, return it */
if(pb && pb->pwdpolicy){
return pb->pwdpolicy;
}
if (pb != NULL) {
passwdPolicy *pwdpolicy = slapi_pblock_get_pwdpolicy(pb);
if (pwdpolicy != NULL) {
return pwdpolicy;
}
}

if (g_get_active_threadcnt() == 0){
/*
Expand Down Expand Up @@ -2006,7 +2018,7 @@ new_passwdPolicy(Slapi_PBlock *pb, const char *dn)
}
}
if (pb) {
pb->pwdpolicy = pwdpolicy;
slapi_pblock_set_pwdpolicy(pb, pwdpolicy);
}
return pwdpolicy;
} else if ( e ) {
Expand All @@ -2026,9 +2038,9 @@ new_passwdPolicy(Slapi_PBlock *pb, const char *dn)
pwdpolicy->pw_storagescheme = pwdscheme;
pwdpolicy->pw_admin = slapi_sdn_dup(slapdFrontendConfig->pw_policy.pw_admin);
pw_get_admin_users(pwdpolicy);
if(pb){
pb->pwdpolicy = pwdpolicy;
}
if (pb) {
slapi_pblock_set_pwdpolicy(pb, pwdpolicy);
}

return pwdpolicy;

Expand Down Expand Up @@ -2822,6 +2834,7 @@ pw_get_ext_size(Slapi_Entry *entry, size_t *size)
int
add_shadow_ext_password_attrs(Slapi_PBlock *pb, Slapi_Entry **e)
{
Operation *pb_op;
const char *dn = NULL;
passwdPolicy *pwpolicy = NULL;
long long shadowval = -1;
Expand All @@ -2845,7 +2858,9 @@ add_shadow_ext_password_attrs(Slapi_PBlock *pb, Slapi_Entry **e)
/* Not a shadowAccount; nothing to do. */
return rc;
}
if (operation_is_flag_set(pb->pb_op, OP_FLAG_INTERNAL)) {

slapi_pblock_get(pb, SLAPI_OPERATION, &pb_op);
if (operation_is_flag_set(pb_op, OP_FLAG_INTERNAL)) {
/* external only */
return rc;
}
Expand Down Expand Up @@ -2943,7 +2958,7 @@ add_shadow_ext_password_attrs(Slapi_PBlock *pb, Slapi_Entry **e)
if (mods) {
Slapi_Entry *sentry = slapi_entry_dup(*e);
rc = slapi_entry_apply_mods(sentry, mods);
pb->pb_pw_entry = sentry;
slapi_pblock_set_pw_entry(pb, sentry);
*e = sentry;
}
slapi_mods_free(&smods);
Expand Down
27 changes: 16 additions & 11 deletions ldap/servers/slapd/pw_mgmt.c
Original file line number Diff line number Diff line change
Expand Up @@ -37,6 +37,7 @@ need_new_pw( Slapi_PBlock *pb, long *t, Slapi_Entry *e, int pwresponse_req )
passwdPolicy *pwpolicy = NULL;
int pwdGraceUserTime = 0;
char graceUserTime[16] = {0};
Connection *pb_conn = NULL;

if (NULL == e) {
return (-1);
Expand Down Expand Up @@ -86,14 +87,16 @@ need_new_pw( Slapi_PBlock *pb, long *t, Slapi_Entry *e, int pwresponse_req )

slapi_ch_free_string(&passwordExpirationTime);

slapi_pblock_get(pb, SLAPI_CONNECTION, &pb_conn);

/* Check if password has been reset */
if ( pw_exp_date == NO_TIME ) {

/* check if changing password is required */
if ( pwpolicy->pw_must_change ) {
/* set c_needpw for this connection to be true. this client
now can only change its own password */
pb->pb_conn->c_needpw = 1;
pb_conn->c_needpw = 1;
*t=0;
/* We need to include "changeafterreset" error in
* passwordpolicy response control. So, we will not be
Expand All @@ -115,7 +118,7 @@ need_new_pw( Slapi_PBlock *pb, long *t, Slapi_Entry *e, int pwresponse_req )
/* if password never expires, don't need to go on; return 0 */
if ( pwpolicy->pw_exp == 0 ) {
/* check for "changeafterreset" condition */
if (pb->pb_conn->c_needpw == 1) {
if (pb_conn->c_needpw == 1) {
if (pwresponse_req) {
slapi_pwpolicy_make_response_control ( pb, -1, -1, LDAP_PWPOLICY_CHGAFTERRESET );
}
Expand Down Expand Up @@ -144,7 +147,7 @@ need_new_pw( Slapi_PBlock *pb, long *t, Slapi_Entry *e, int pwresponse_req )
slapi_mods_done(&smods);
if (pwresponse_req) {
/* check for "changeafterreset" condition */
if (pb->pb_conn->c_needpw == 1) {
if (pb_conn->c_needpw == 1) {
slapi_pwpolicy_make_response_control( pb, -1,
((pwpolicy->pw_gracelimit) - pwdGraceUserTime),
LDAP_PWPOLICY_CHGAFTERRESET);
Expand All @@ -155,7 +158,7 @@ need_new_pw( Slapi_PBlock *pb, long *t, Slapi_Entry *e, int pwresponse_req )
}
}

if (pb->pb_conn->c_needpw == 1) {
if (pb_conn->c_needpw == 1) {
slapi_add_pwd_control ( pb, LDAP_CONTROL_PWEXPIRED, 0);
}
return ( 0 );
Expand All @@ -176,10 +179,12 @@ need_new_pw( Slapi_PBlock *pb, long *t, Slapi_Entry *e, int pwresponse_req )
do_unbind() checking for those. We might need to
create a pb for unbind operation. Also do_unbind calls
pre and post ops. Maybe we don't want to call them */
if (pb->pb_conn && (LDAP_VERSION2 == pb->pb_conn->c_ldapversion)) {
if (pb_conn && (LDAP_VERSION2 == pb_conn->c_ldapversion)) {
Operation *pb_op = NULL;
slapi_pblock_get(pb, SLAPI_OPERATION, &pb_op);
/* We close the connection only with LDAPv2 connections */
disconnect_server( pb->pb_conn, pb->pb_op->o_connid,
pb->pb_op->o_opid, SLAPD_DISCONNECT_UNBIND, 0);
disconnect_server( pb_conn, pb_op->o_connid,
pb_op->o_opid, SLAPD_DISCONNECT_UNBIND, 0);
}
/* Apply current modifications */
pw_apply_mods(sdn, &smods);
Expand All @@ -202,7 +207,7 @@ need_new_pw( Slapi_PBlock *pb, long *t, Slapi_Entry *e, int pwresponse_req )
/* reset the expiration time to current + warning time
* and set passwordExpWarned to true
*/
if (pb->pb_conn->c_needpw != 1) {
if (pb_conn->c_needpw != 1) {
pw_exp_date = time_plus_sec(cur_time, pwpolicy->pw_warning);
}

Expand All @@ -222,7 +227,7 @@ need_new_pw( Slapi_PBlock *pb, long *t, Slapi_Entry *e, int pwresponse_req )
slapi_mods_done(&smods);
if (pwresponse_req) {
/* check for "changeafterreset" condition */
if (pb->pb_conn->c_needpw == 1) {
if (pb_conn->c_needpw == 1) {
slapi_pwpolicy_make_response_control( pb, *t, -1,
LDAP_PWPOLICY_CHGAFTERRESET);
} else {
Expand All @@ -231,7 +236,7 @@ need_new_pw( Slapi_PBlock *pb, long *t, Slapi_Entry *e, int pwresponse_req )
}
}

if (pb->pb_conn->c_needpw == 1) {
if (pb_conn->c_needpw == 1) {
slapi_add_pwd_control ( pb, LDAP_CONTROL_PWEXPIRED, 0);
}
return (2);
Expand All @@ -245,7 +250,7 @@ need_new_pw( Slapi_PBlock *pb, long *t, Slapi_Entry *e, int pwresponse_req )
pw_apply_mods(sdn, &smods);
slapi_mods_done(&smods);
/* Leftover from "changeafterreset" condition */
if (pb->pb_conn->c_needpw == 1) {
if (pb_conn->c_needpw == 1) {
slapi_add_pwd_control ( pb, LDAP_CONTROL_PWEXPIRED, 0);
}
/* passes checking, return 0 */
Expand Down
11 changes: 5 additions & 6 deletions ldap/servers/slapd/pw_retry.c
Original file line number Diff line number Diff line change
Expand Up @@ -226,30 +226,29 @@ Slapi_Entry *get_entry ( Slapi_PBlock *pb, const char *dn)
void
pw_apply_mods(const Slapi_DN *sdn, Slapi_Mods *mods)
{
Slapi_PBlock pb;
int res;

if (mods && (slapi_mods_get_num_mods(mods) > 0))
{
pblock_init(&pb);
Slapi_PBlock *pb = slapi_pblock_new();
/* We don't want to overwrite the modifiersname, etc. attributes,
* so we set a flag for this operation */
slapi_modify_internal_set_pb_ext (&pb, sdn,
slapi_modify_internal_set_pb_ext (pb, sdn,
slapi_mods_get_ldapmods_byref(mods),
NULL, /* Controls */
NULL, /* UniqueID */
pw_get_componentID(), /* PluginID */
OP_FLAG_SKIP_MODIFIED_ATTRS); /* Flags */
slapi_modify_internal_pb (&pb);
slapi_modify_internal_pb (pb);

slapi_pblock_get(&pb, SLAPI_PLUGIN_INTOP_RESULT, &res);
slapi_pblock_get(pb, SLAPI_PLUGIN_INTOP_RESULT, &res);
if (res != LDAP_SUCCESS){
slapi_log_err(SLAPI_LOG_WARNING,
"pw_apply_mods", "Modify error %d on entry '%s'\n",
res, slapi_sdn_get_dn(sdn));
}

pblock_done(&pb);
slapi_pblock_destroy(pb);
}

return;
Expand Down
6 changes: 4 additions & 2 deletions ldap/servers/slapd/referral.c
Original file line number Diff line number Diff line change
Expand Up @@ -475,9 +475,11 @@ get_data_source(Slapi_PBlock *pb, const Slapi_DN *sdn, int orc, void *cfrp)
return (NULL);
}

Connection *pb_conn;
slapi_pblock_get(pb, SLAPI_CONNECTION, &pb_conn);

/* Fix for 310968 --- return an SSL referral to an SSL client */
if ( 0 != ( pb->pb_conn->c_flags & CONN_FLAG_SSL )) {
/* Fix for 310968 --- return an SSL referral to an SSL client */
if ( 0 != ( pb_conn->c_flags & CONN_FLAG_SSL )) {
/* SSL connection */
char * old_referral_string = NULL;
char * new_referral_string = NULL;
Expand Down
60 changes: 38 additions & 22 deletions ldap/servers/slapd/result.c
Original file line number Diff line number Diff line change
Expand Up @@ -338,7 +338,7 @@ send_ldap_result_ext(
{
Slapi_Operation *operation;
passwdPolicy *pwpolicy = NULL;
Connection *conn = pb->pb_conn;
Connection *conn = NULL;
Slapi_DN *sdn = NULL;
const char *dn = NULL;
ber_tag_t tag;
Expand All @@ -349,6 +349,7 @@ send_ldap_result_ext(

slapi_pblock_get (pb, SLAPI_BIND_METHOD, &bind_method);
slapi_pblock_get (pb, SLAPI_OPERATION, &operation);
slapi_pblock_get(pb, SLAPI_CONNECTION, &conn);

if (operation->o_status == SLAPI_OP_STATUS_RESULT_SENT) {
return; /* result already sent */
Expand Down Expand Up @@ -656,7 +657,8 @@ process_read_entry_controls(Slapi_PBlock *pb, char *oid)
if (slapi_control_present(req_ctls, oid, &req_value, &iscritical))
{
BerElement *req_ber = NULL;
Operation *op = pb->pb_op;
Operation *op = NULL;
slapi_pblock_get(pb, SLAPI_OPERATION, &op);

if(strcmp(oid,LDAP_CONTROL_PRE_READ_ENTRY) == 0){
/* first verify this is the correct operation for a pre-read entry control */
Expand Down Expand Up @@ -811,19 +813,22 @@ send_ldapv3_referral(
struct berval **urls
)
{
Connection *conn = pb->pb_conn;
Connection *conn = NULL;
BerElement *ber;
int i, rc, logit = 0;
Slapi_Operation *operation;
Slapi_Backend *pb_backend;

slapi_pblock_get (pb, SLAPI_OPERATION, &operation);
slapi_pblock_get(pb, SLAPI_CONNECTION, &conn);
slapi_pblock_get(pb, SLAPI_BACKEND, &pb_backend);

slapi_log_err(SLAPI_LOG_TRACE, "send_ldapv3_referral", "=>\n");

if ( conn == NULL ) {
if ( operation->o_search_referral_handler != NULL ) {
if (( rc = (*operation->o_search_referral_handler)(
pb->pb_backend, conn, operation, urls )) == 0 ) {
pb_backend, conn, operation, urls )) == 0 ) {
logit = 1;
}
goto log_and_return;
Expand Down Expand Up @@ -904,6 +909,8 @@ send_ldap_referral (
char *refAttr = "ref";
char *attrs[2] = { NULL, NULL };

Connection *pb_conn;

/* count the referral */
slapi_counter_increment(g_get_global_snmp_vars()->ops_tbl.dsReferrals);

Expand All @@ -914,7 +921,7 @@ send_ldap_referral (
!= LDAP_SUCCESS ) {
return( 0 );
}
if ( pb->pb_conn && pb->pb_conn->c_ldapversion > LDAP_VERSION2 ) {
if ( pb_conn && pb_conn->c_ldapversion > LDAP_VERSION2 ) {
/*
* v3 connection - send the referral(s) in a
* SearchResultReference packet right now.
Expand Down Expand Up @@ -1473,8 +1480,7 @@ send_ldap_search_entry_ext(
struct berval **urls
)
{
Connection *conn = pb->pb_conn;
Operation *op = pb->pb_op;
Connection *conn = NULL;
BerElement *ber = NULL;
int i, rc = 0, logit = 0;
int alluserattrs;
Expand All @@ -1489,6 +1495,7 @@ send_ldap_search_entry_ext(
LDAPControl **searchctrlp = NULL;


slapi_pblock_get(pb, SLAPI_CONNECTION, &conn);
slapi_pblock_get (pb, SLAPI_OPERATION, &operation);

slapi_log_err(SLAPI_LOG_TRACE, "send_ldap_search_entry_ext", "=> (%s)\n",
Expand All @@ -1515,9 +1522,12 @@ send_ldap_search_entry_ext(
slapi_pblock_get(pb, SLAPI_SEARCH_CTRLS, &searchctrlp);

if ( conn == NULL && e ) {
if ( op->o_search_entry_handler != NULL ) {
if (( rc = (*op->o_search_entry_handler)(
pb->pb_backend, conn, op, e )) == 0 ) {
Slapi_Backend *pb_backend;
slapi_pblock_get(pb, SLAPI_BACKEND, &pb_backend);

if ( operation->o_search_entry_handler != NULL ) {
if (( rc = (*operation->o_search_entry_handler)(
pb_backend, conn, operation, e )) == 0 ) {
logit = 1;
goto log_and_return;
} else {
Expand Down Expand Up @@ -1550,7 +1560,7 @@ send_ldap_search_entry_ext(
goto cleanup;
}

rc = ber_printf( ber, "{it{s{", op->o_msgid,
rc = ber_printf( ber, "{it{s{", operation->o_msgid,
LDAP_RES_SEARCH_ENTRY, slapi_entry_get_dn_const(e) );

if ( rc == -1 ) {
Expand Down Expand Up @@ -1620,13 +1630,13 @@ send_ldap_search_entry_ext(

/* look through each attribute in the entry */
if ( alluserattrs || alloperationalattrs ) {
rc = send_all_attrs(e, attrs, op, pb, ber, attrsonly, conn->c_ldapversion,
rc = send_all_attrs(e, attrs, operation, pb, ber, attrsonly, conn->c_ldapversion,
real_attrs_only, some_named_attrs, alloperationalattrs, alluserattrs);
}

/* if the client explicitly specified a list of attributes look through each attribute requested */
if( (rc == 0) && (attrs!=NULL) && !noattrs) {
rc = send_specific_attrs(e,attrs,op,pb,ber,attrsonly,conn->c_ldapversion,real_attrs_only);
rc = send_specific_attrs(e,attrs,operation,pb,ber,attrsonly,conn->c_ldapversion,real_attrs_only);
}

/* Append effective rights to the stream of attribute list */
Expand Down Expand Up @@ -1682,20 +1692,20 @@ send_ldap_search_entry_ext(
}

/* write only one pdu at a time - wait til it's our turn */
if ( (rc = flush_ber( pb, conn, op, ber, _LDAP_SEND_ENTRY )) == 0 ) {
if ( (rc = flush_ber( pb, conn, operation, ber, _LDAP_SEND_ENTRY )) == 0 ) {
logit = 1;
}
ber = NULL; /* flush_ber will always free the ber */

log_and_return:
if ( logit && operation_is_flag_set(operation, OP_FLAG_ACTION_LOG_ACCESS)) {

log_entry( op, e );
log_entry( operation, e );

if (send_result) {
ber_tag_t tag;

switch ( op->o_tag ) {
switch ( operation->o_tag ) {
case LBER_DEFAULT:
tag = LBER_SEQUENCE;
break;
Expand All @@ -1716,11 +1726,11 @@ send_ldap_search_entry_ext(
/* FALLTHROUGH */

default:
tag = op->o_tag + 1;
tag = operation->o_tag + 1;
break;
}

log_result( pb, op, LDAP_SUCCESS, tag, nentries );
log_result( pb, operation, LDAP_SUCCESS, tag, nentries );
}
}
cleanup:
Expand Down Expand Up @@ -1939,6 +1949,7 @@ log_result( Slapi_PBlock *pb, Operation *op, int err, ber_tag_t tag, int nentrie
char etime[ETIME_BUFSIZ];
int pr_idx = -1;
int pr_cookie = -1;
uint32_t operation_notes;

slapi_pblock_get(pb, SLAPI_PAGED_RESULTS_INDEX, &pr_idx);
slapi_pblock_get(pb, SLAPI_PAGED_RESULTS_COOKIE, &pr_cookie);
Expand All @@ -1953,12 +1964,14 @@ log_result( Slapi_PBlock *pb, Operation *op, int err, ber_tag_t tag, int nentrie
PR_snprintf(etime, ETIME_BUFSIZ, "%ld", current_time() - op->o_time);
}

if ( 0 == pb->pb_operation_notes ) {
slapi_pblock_get(pb, SLAPI_OPERATION_NOTES, &operation_notes);

if ( 0 == operation_notes ) {
notes_str = "";
} else {
notes_str = notes_buf;
*notes_buf = ' ';
notes2str( pb->pb_operation_notes, notes_buf + 1, sizeof( notes_buf ) - 1 );
notes2str( operation_notes, notes_buf + 1, sizeof( notes_buf ) - 1 );
}

csn_str[0] = '\0';
Expand Down Expand Up @@ -2187,8 +2200,8 @@ log_referral( Operation *op )
static struct berval *
encode_read_entry (Slapi_PBlock *pb, Slapi_Entry *e, char **attrs, int alluserattrs, int attr_count)
{
Slapi_Operation *op = pb->pb_op;
Connection*conn = pb->pb_conn;
Slapi_Operation *op = NULL;
Connection *conn = NULL;
LDAPControl **ctrlp = NULL;
struct berval *bv = NULL;
BerElement *ber = NULL;
Expand All @@ -2200,6 +2213,9 @@ encode_read_entry (Slapi_PBlock *pb, Slapi_Entry *e, char **attrs, int alluserat
goto cleanup;
}

slapi_pblock_get(pb, SLAPI_OPERATION, &op);
slapi_pblock_get(pb, SLAPI_CONNECTION, &conn);

/* Start the ber encoding with the DN */
rc = ber_printf( ber, "t{s{", LDAP_RES_SEARCH_ENTRY, slapi_entry_get_dn_const(e) );
if ( rc == -1 ) {
Expand Down
78 changes: 45 additions & 33 deletions ldap/servers/slapd/saslbind.c
Original file line number Diff line number Diff line change
Expand Up @@ -757,21 +757,28 @@ char **ids_sasl_listmech(Slapi_PBlock *pb)
const char *str;
char *dupstr;
sasl_conn_t *sasl_conn;
Connection *pb_conn = NULL;

slapi_log_err(SLAPI_LOG_TRACE, "ids_sasl_listmech", "=>\n");

PR_ASSERT(pb);

slapi_pblock_get(pb, SLAPI_CONNECTION, &pb_conn);

/* hard-wired mechanisms and slapi plugin registered mechanisms */
ret = slapi_get_supported_saslmechanisms_copy();

if (pb->pb_conn == NULL) return ret;
if (pb_conn == NULL) {
return ret;
}

sasl_conn = (sasl_conn_t*)pb->pb_conn->c_sasl_conn;
if (sasl_conn == NULL) return ret;
sasl_conn = (sasl_conn_t*)pb_conn->c_sasl_conn;
if (sasl_conn == NULL) {
return ret;
}

/* sasl library mechanisms are connection dependent */
PR_EnterMonitor(pb->pb_conn->c_mutex);
PR_EnterMonitor(pb_conn->c_mutex);
if (sasl_listmech(sasl_conn,
NULL, /* username */
"", ",", "",
Expand All @@ -784,7 +791,7 @@ char **ids_sasl_listmech(Slapi_PBlock *pb)
charray_free(others);
slapi_ch_free((void**)&dupstr);
}
PR_ExitMonitor(pb->pb_conn->c_mutex);
PR_ExitMonitor(pb_conn->c_mutex);

slapi_log_err(SLAPI_LOG_TRACE, "ids_sasl_listmech", "<=\n");

Expand All @@ -804,7 +811,10 @@ ids_sasl_mech_supported(Slapi_PBlock *pb, const char *mech)
char *dupstr;
const char *str;
int sasl_result = 0;
sasl_conn_t *sasl_conn = (sasl_conn_t *)pb->pb_conn->c_sasl_conn;
Connection *pb_conn = NULL;
slapi_pblock_get(pb, SLAPI_CONNECTION, &pb_conn);

sasl_conn_t *sasl_conn = (sasl_conn_t *)pb_conn->c_sasl_conn;

slapi_log_err(SLAPI_LOG_TRACE, "ids_sasl_mech_supported", "=>\n");

Expand Down Expand Up @@ -860,19 +870,21 @@ void ids_sasl_check_bind(Slapi_PBlock *pb)
char authtype[256]; /* >26 (strlen(SLAPD_AUTH_SASL)+SASL_MECHNAMEMAX+1) */
Slapi_Entry *bind_target_entry = NULL, *referral = NULL;
Slapi_Backend *be = NULL;
Connection *pb_conn = NULL;

slapi_log_err(SLAPI_LOG_TRACE, "ids_sasl_check_bind", "=>\n");

PR_ASSERT(pb);
PR_ASSERT(pb->pb_conn);
slapi_pblock_get(pb, SLAPI_CONNECTION, &pb_conn);
PR_ASSERT(pb_conn);

PR_EnterMonitor(pb->pb_conn->c_mutex); /* BIG LOCK */
continuing = pb->pb_conn->c_flags & CONN_FLAG_SASL_CONTINUE;
pb->pb_conn->c_flags &= ~CONN_FLAG_SASL_CONTINUE; /* reset flag */
PR_EnterMonitor(pb_conn->c_mutex); /* BIG LOCK */
continuing = pb_conn->c_flags & CONN_FLAG_SASL_CONTINUE;
pb_conn->c_flags &= ~CONN_FLAG_SASL_CONTINUE; /* reset flag */

sasl_conn = (sasl_conn_t*)pb->pb_conn->c_sasl_conn;
sasl_conn = (sasl_conn_t*)pb_conn->c_sasl_conn;
if (sasl_conn == NULL) {
PR_ExitMonitor(pb->pb_conn->c_mutex); /* BIG LOCK */
PR_ExitMonitor(pb_conn->c_mutex); /* BIG LOCK */
send_ldap_result( pb, LDAP_AUTH_METHOD_NOT_SUPPORTED, NULL,
"sasl library unavailable", 0, NULL );
return;
Expand Down Expand Up @@ -934,28 +946,28 @@ void ids_sasl_check_bind(Slapi_PBlock *pb)
* using the new mechanism. We also need to do this if the
* mechanism changed in the middle of the SASL authentication
* process. */
if ((pb->pb_conn->c_flags & CONN_FLAG_SASL_COMPLETE) || continuing) {
if ((pb_conn->c_flags & CONN_FLAG_SASL_COMPLETE) || continuing) {
Slapi_Operation *operation;
slapi_pblock_get( pb, SLAPI_OPERATION, &operation);
slapi_log_err(SLAPI_LOG_CONNS, "ids_sasl_check_bind",
"cleaning up sasl IO conn=%" PRIu64 " op=%d complete=%d continuing=%d\n",
pb->pb_conn->c_connid, operation->o_opid,
(pb->pb_conn->c_flags & CONN_FLAG_SASL_COMPLETE), continuing);
pb_conn->c_connid, operation->o_opid,
(pb_conn->c_flags & CONN_FLAG_SASL_COMPLETE), continuing);
/* reset flag */
pb->pb_conn->c_flags &= ~CONN_FLAG_SASL_COMPLETE;
pb_conn->c_flags &= ~CONN_FLAG_SASL_COMPLETE;

/* remove any SASL I/O from the connection */
connection_set_io_layer_cb(pb->pb_conn, NULL, sasl_io_cleanup, NULL);
connection_set_io_layer_cb(pb_conn, NULL, sasl_io_cleanup, NULL);

/* dispose of sasl_conn and create a new sasl_conn */
sasl_dispose(&sasl_conn);
ids_sasl_server_new(pb->pb_conn);
sasl_conn = (sasl_conn_t*)pb->pb_conn->c_sasl_conn;
ids_sasl_server_new(pb_conn);
sasl_conn = (sasl_conn_t*)pb_conn->c_sasl_conn;

if (sasl_conn == NULL) {
send_ldap_result( pb, LDAP_AUTH_METHOD_NOT_SUPPORTED, NULL,
"sasl library unavailable", 0, NULL );
PR_ExitMonitor(pb->pb_conn->c_mutex); /* BIG LOCK */
PR_ExitMonitor(pb_conn->c_mutex); /* BIG LOCK */
return;
}
}
Expand All @@ -971,7 +983,7 @@ void ids_sasl_check_bind(Slapi_PBlock *pb)
/* retrieve the authenticated username */
if (sasl_getprop(sasl_conn, SASL_USERNAME,
(const void**)&username) != SASL_OK) {
PR_ExitMonitor(pb->pb_conn->c_mutex); /* BIG LOCK */
PR_ExitMonitor(pb_conn->c_mutex); /* BIG LOCK */
send_ldap_result(pb, LDAP_OPERATIONS_ERROR, NULL,
"could not obtain sasl username", 0, NULL);
break;
Expand All @@ -992,7 +1004,7 @@ void ids_sasl_check_bind(Slapi_PBlock *pb)
}
}
if (dn == NULL) {
PR_ExitMonitor(pb->pb_conn->c_mutex); /* BIG LOCK */
PR_ExitMonitor(pb_conn->c_mutex); /* BIG LOCK */
send_ldap_result(pb, LDAP_OPERATIONS_ERROR, NULL,
"could not get auth dn from sasl", 0, NULL);
break;
Expand All @@ -1015,7 +1027,7 @@ void ids_sasl_check_bind(Slapi_PBlock *pb)
}

/* Set a flag to signify that sasl bind is complete */
pb->pb_conn->c_flags |= CONN_FLAG_SASL_COMPLETE;
pb_conn->c_flags |= CONN_FLAG_SASL_COMPLETE;
/* note - we set this here in case there are pre-bind
plugins that want to know what the negotiated
ssf is - but this happens before we actually set
Expand All @@ -1024,16 +1036,16 @@ void ids_sasl_check_bind(Slapi_PBlock *pb)
encryption on the connection after the pre-bind
plugin has been called, and sasl encryption fails
and the operation returns an error */
pb->pb_conn->c_sasl_ssf = (unsigned)*ssfp;
pb_conn->c_sasl_ssf = (unsigned)*ssfp;

/* set the connection bind credentials */
PR_snprintf(authtype, sizeof(authtype), "%s%s", SLAPD_AUTH_SASL, mech);
/* normdn is consumed by bind_credentials_set_nolock */
bind_credentials_set_nolock(pb->pb_conn, authtype,
bind_credentials_set_nolock(pb_conn, authtype,
slapi_ch_strdup(normdn),
NULL, NULL, NULL, bind_target_entry);

PR_ExitMonitor(pb->pb_conn->c_mutex); /* BIG LOCK */
PR_ExitMonitor(pb_conn->c_mutex); /* BIG LOCK */

if (plugin_call_plugins( pb, SLAPI_PLUGIN_PRE_BIND_FN ) != 0){
break;
Expand Down Expand Up @@ -1108,9 +1120,9 @@ void ids_sasl_check_bind(Slapi_PBlock *pb)
/* see if we negotiated a security layer */
if (*ssfp > 0) {
/* Enable SASL I/O on the connection */
PR_EnterMonitor(pb->pb_conn->c_mutex);
connection_set_io_layer_cb(pb->pb_conn, sasl_io_enable, NULL, NULL);
PR_ExitMonitor(pb->pb_conn->c_mutex);
PR_EnterMonitor(pb_conn->c_mutex);
connection_set_io_layer_cb(pb_conn, sasl_io_enable, NULL, NULL);
PR_ExitMonitor(pb_conn->c_mutex);
}

/* send successful result */
Expand All @@ -1122,8 +1134,8 @@ void ids_sasl_check_bind(Slapi_PBlock *pb)
break;

case SASL_CONTINUE: /* another step needed */
pb->pb_conn->c_flags |= CONN_FLAG_SASL_CONTINUE;
PR_ExitMonitor(pb->pb_conn->c_mutex); /* BIG LOCK */
pb_conn->c_flags |= CONN_FLAG_SASL_CONTINUE;
PR_ExitMonitor(pb_conn->c_mutex); /* BIG LOCK */

if (plugin_call_plugins( pb, SLAPI_PLUGIN_PRE_BIND_FN ) != 0){
break;
Expand All @@ -1145,15 +1157,15 @@ void ids_sasl_check_bind(Slapi_PBlock *pb)

case SASL_NOMECH:

PR_ExitMonitor(pb->pb_conn->c_mutex); /* BIG LOCK */
PR_ExitMonitor(pb_conn->c_mutex); /* BIG LOCK */
send_ldap_result(pb, LDAP_AUTH_METHOD_NOT_SUPPORTED, NULL,
"sasl mechanism not supported", 0, NULL);
break;

default: /* other error */
errstr = sasl_errdetail(sasl_conn);

PR_ExitMonitor(pb->pb_conn->c_mutex); /* BIG LOCK */
PR_ExitMonitor(pb_conn->c_mutex); /* BIG LOCK */
slapi_pblock_set(pb, SLAPI_PB_RESULT_TEXT, (void *)errstr);
send_ldap_result(pb, LDAP_INVALID_CREDENTIALS, NULL, NULL, 0, NULL);
break;
Expand Down
25 changes: 13 additions & 12 deletions ldap/servers/slapd/schema.c
Original file line number Diff line number Diff line change
Expand Up @@ -2422,18 +2422,17 @@ refresh_user_defined_schema( Slapi_PBlock *pb,
{
int rc;
Slapi_PBlock *mypbptr = pb;
Slapi_PBlock mypb;
Slapi_PBlock *mypb = NULL;
const CSN *schema_csn;
PRUint32 schema_flags = DSE_SCHEMA_USER_DEFINED_ONLY;

pblock_init(&mypb);

slapi_entry_attr_delete( pschema_info_e, "objectclasses");
slapi_entry_attr_delete( pschema_info_e, "attributetypes");

/* for write callbacks, no pb is supplied, so use our own */
if (!mypbptr) {
mypbptr = &mypb;
mypb = slapi_pblock_new();
mypbptr = mypb;
}

slapi_pblock_set(mypbptr, SLAPI_SCHEMA_FLAGS, &schema_flags);
Expand All @@ -2445,8 +2444,9 @@ refresh_user_defined_schema( Slapi_PBlock *pb,
csn_as_string(schema_csn, PR_FALSE, csn_str);
slapi_entry_add_string(pschema_info_e, "nsschemacsn", csn_str);
}
pblock_done(&mypb);

if (mypb != NULL) {
slapi_pblock_destroy(mypb);
}
return rc;
}

Expand Down Expand Up @@ -5346,15 +5346,15 @@ init_schema_dse_ext(char *schemadir, Slapi_Backend *be,
int dont_write = 1;
int merge = 1;
int dont_dup_check = 1;
Slapi_PBlock pb = {0};
Slapi_PBlock *pb = slapi_pblock_new();
/* don't write out the file when reading */
slapi_pblock_set(&pb, SLAPI_DSE_DONT_WRITE_WHEN_ADDING, (void*)&dont_write);
slapi_pblock_set(pb, SLAPI_DSE_DONT_WRITE_WHEN_ADDING, (void*)&dont_write);
/* duplicate entries are allowed */
slapi_pblock_set(&pb, SLAPI_DSE_MERGE_WHEN_ADDING, (void*)&merge);
slapi_pblock_set(pb, SLAPI_DSE_MERGE_WHEN_ADDING, (void*)&merge);
/* use the non duplicate checking str2entry */
slapi_pblock_set(&pb, SLAPI_DSE_DONT_CHECK_DUPS, (void*)&dont_dup_check);
slapi_pblock_set(pb, SLAPI_DSE_DONT_CHECK_DUPS, (void*)&dont_dup_check);
/* borrow the task flag space */
slapi_pblock_set(&pb, SLAPI_SCHEMA_FLAGS, (void*)&schema_flags);
slapi_pblock_set(pb, SLAPI_SCHEMA_FLAGS, (void*)&schema_flags);

/* add the objectclass attribute so we can do some basic schema
checking during initialization; this will be overridden when
Expand Down Expand Up @@ -5388,7 +5388,8 @@ init_schema_dse_ext(char *schemadir, Slapi_Backend *be,
errorbuf);
}

rc = dse_read_file(*local_pschemadse, &pb);
rc = dse_read_file(*local_pschemadse, pb);
slapi_pblock_destroy(pb);
}

if (rc && !(schema_flags & DSE_SCHEMA_NO_BACKEND))
Expand Down
17 changes: 12 additions & 5 deletions ldap/servers/slapd/search.c
Original file line number Diff line number Diff line change
Expand Up @@ -54,6 +54,7 @@ do_search( Slapi_PBlock *pb )
int strict = 0;
int minssf_exclude_rootdse = 0;
int filter_normalized = 0;
Connection *pb_conn = NULL;

slapi_log_err(SLAPI_LOG_TRACE, "do_search", "=>\n");

Expand Down Expand Up @@ -124,6 +125,8 @@ do_search( Slapi_PBlock *pb )
goto free_and_return;
}

slapi_pblock_get(pb, SLAPI_CONNECTION, &pb_conn);

/*
* If nsslapd-minssf-exclude-rootdse is on, the minssf check has been
* postponed till this moment since we need to know whether the basedn
Expand All @@ -138,9 +141,9 @@ do_search( Slapi_PBlock *pb )
int minssf = 0;
/* Check if the minimum SSF requirement has been met. */
minssf = config_get_minssf();
if ((pb->pb_conn->c_sasl_ssf < minssf) &&
(pb->pb_conn->c_ssl_ssf < minssf) &&
(pb->pb_conn->c_local_ssf < minssf)) {
if ((pb_conn->c_sasl_ssf < minssf) &&
(pb_conn->c_ssl_ssf < minssf) &&
(pb_conn->c_local_ssf < minssf)) {
op_shared_log_error_access(pb, "SRCH", rawbase?rawbase:"",
"Minimum SSF not met");
send_ldap_result(pb, LDAP_UNWILLING_TO_PERFORM, NULL,
Expand Down Expand Up @@ -179,7 +182,7 @@ do_search( Slapi_PBlock *pb )
/* filter - returns a "normalized" version */
filter = NULL;
fstr = NULL;
if ( (err = get_filter( pb->pb_conn, ber, scope, &filter, &fstr )) != 0 ) {
if ( (err = get_filter( pb_conn, ber, scope, &filter, &fstr )) != 0 ) {
char *errtxt;

if ( LDAP_UNWILLING_TO_PERFORM == err ) {
Expand Down Expand Up @@ -379,9 +382,13 @@ free_and_return:;

static void log_search_access (Slapi_PBlock *pb, const char *base, int scope, const char *fstr, const char *msg)
{
Operation *pb_op;
Connection *pb_conn;
slapi_pblock_get(pb, SLAPI_CONNECTION, &pb_conn);
slapi_pblock_get(pb, SLAPI_OPERATION, &pb_op);
slapi_log_access(LDAP_DEBUG_STATS,
"conn=%" PRIu64 " op=%d SRCH base=\"%s\" scope=%d filter=\"%s\", %s\n",
pb->pb_conn->c_connid, pb->pb_op->o_opid,
pb_conn->c_connid, pb_op->o_opid,
base, scope, fstr, msg ? msg : "");

}
182 changes: 15 additions & 167 deletions ldap/servers/slapd/slap.h
Original file line number Diff line number Diff line change
Expand Up @@ -1753,173 +1753,20 @@ typedef struct passwordpolicyarray {
Slapi_DN **pw_admin_user;
} passwdPolicy;

typedef struct slapi_pblock {
/* common */
Slapi_Backend *pb_backend;
Connection *pb_conn;
Operation *pb_op;
struct slapdplugin *pb_plugin; /* plugin being called */
int pb_opreturn;
void* pb_object; /* points to data private to plugin */
IFP pb_destroy_fn;
int pb_requestor_isroot;
/* config file */
char *pb_config_fname;
int pb_config_lineno;
int pb_config_argc;
char **pb_config_argv;
int plugin_tracking;

/* [pre|post]add arguments */
struct slapi_entry *pb_target_entry; /* JCM - Duplicated */
struct slapi_entry *pb_existing_dn_entry;
struct slapi_entry *pb_existing_uniqueid_entry;
struct slapi_entry *pb_parent_entry;
struct slapi_entry *pb_newparent_entry;

/* state of entry before and after add/delete/modify/moddn/modrdn */
struct slapi_entry *pb_pre_op_entry;
struct slapi_entry *pb_post_op_entry;
/* seq access arguments */
int pb_seq_type;
char *pb_seq_attrname;
char *pb_seq_val;
/* dbverify argument */
char *pb_dbverify_dbdir;
/* ldif2db arguments */
char *pb_ldif_file;
int pb_removedupvals;
char **pb_db2index_attrs;
int pb_ldif2db_noattrindexes;
/* db2ldif arguments */
int pb_ldif_printkey;
/* ldif2db/db2ldif/db2bak/bak2db args */
char *pb_instance_name;
Slapi_Task *pb_task;
int pb_task_flags;
/* matching rule arguments */
mrFilterMatchFn pb_mr_filter_match_fn;
IFP pb_mr_filter_index_fn;
IFP pb_mr_filter_reset_fn;
IFP pb_mr_index_fn; /* values and keys are struct berval ** */
char* pb_mr_oid;
char* pb_mr_type;
struct berval* pb_mr_value;
struct berval** pb_mr_values;
struct berval** pb_mr_keys;
unsigned int pb_mr_filter_reusable;
int pb_mr_query_operator;
unsigned int pb_mr_usage;

/* arguments for password storage scheme (kexcoff) */
char *pb_pwd_storage_scheme_user_passwd;
char *pb_pwd_storage_scheme_db_passwd;

/* controls we know about */
int pb_managedsait;

/* additional fields for plugin_internal_ldap_ops */
/* result code of internal ldap_operation */
int pb_internal_op_result;
/* pointer to array of results returned on search */
Slapi_Entry **pb_plugin_internal_search_op_entries;
char **pb_plugin_internal_search_op_referrals;
void *pb_plugin_identity; /* identifies plugin for internal operation */
char *pb_plugin_config_area; /* optional config area */
void *pb_parent_txn; /* parent transaction ID */
void *pb_txn; /* transaction ID */
IFP pb_txn_ruv_mods_fn; /* Function to fetch RUV mods for txn */

/* Size of the database on disk, in kilobytes */
unsigned int pb_dbsize;

/* THINGS BELOW THIS LINE EXIST ONLY IN SLAPI v2 (slapd 4.0+) */

/* ldif2db: array of files to import all at once */
char **pb_ldif_files;

char **pb_ldif_include;
char **pb_ldif_exclude;
int pb_ldif_dump_replica;
int pb_ldif_dump_uniqueid; /* dump uniqueid during db2ldif */
int pb_ldif_generate_uniqueid; /* generate uniqueid during db2ldif */
char* pb_ldif_namespaceid; /* used for name based uniqueid generation */
int pb_ldif_encrypt; /* used to enable encrypt/decrypt on import and export */
/*
* notes to log with RESULT line in the access log
* these are actually stored as a bitmap; see slapi-plugin.h for
* defined notes.
*/
unsigned int pb_operation_notes;
/*
* slapd command line arguments
*/
int pb_slapd_argc;
char** pb_slapd_argv;
char *pb_slapd_configdir; /* the config directory passed to slapd on the command line */
LDAPControl **pb_ctrls_arg; /* allows to pass controls as arguments before
operation object is created */
int pb_dse_dont_add_write; /* if true, the dse is not written when an entry is added */
int pb_dse_add_merge; /* if true, if a duplicate entry is found when adding, the
new values are merged into the old entry */
int pb_dse_dont_check_dups; /* if false, use the "enhanced" version of str2entry to catch
more errors when adding dse entries; this can only be done
after the schema and syntax and matching rule plugins are
running */
int pb_dse_is_primary_file; /* for read callbacks: non-zero for primary file */
int pb_schema_flags; /* schema flags */
/* . check/load info (schema reload task) */
/* . refresh user defined schema */

/* NEW in 5.0 for getting back the backend result in frontend */
int pb_result_code; /* operation result code */
char * pb_result_text; /* result text when available */
char * pb_result_matched; /* macthed dn when NO SUCH OBJECT error */
int pb_nentries; /* number of entries to be returned */
struct berval **urls; /* urls of referrals to be returned */

/*
* wire import (fast replica init) arguments
*/
struct slapi_entry *pb_import_entry;
int pb_import_state;

int pb_destroy_content; /* flag to indicate that pblock content should be
destroyed when pblock is destroyed */
int pb_dse_reapply_mods; /* if true, dse_modify will reapply mods after modify callback */
char * pb_urp_naming_collision_dn; /* replication naming conflict removal */
char * pb_urp_tombstone_uniqueid; /* replication change tombstone */
int pb_server_running; /* indicate that server is running */
int pb_backend_count; /* instance count involved in the op */

/* For password policy control */
int pb_pwpolicy_ctrl;
void *pb_vattr_context; /* hold the vattr_context for roles/cos */

int *pb_substrlens; /* user specified minimum substr search key lengths:
* nsSubStrBegin, nsSubStrMiddle, nsSubStrEnd
*/
int pb_plugin_enabled; /* nsslapd-pluginEnabled: on|off */
/* used in plugin init; pb_plugin is not ready, then */
LDAPControl **pb_search_ctrls; /* for search operations, allows plugins to provide
controls to pass for each entry or referral returned */
IFP pb_mr_index_sv_fn; /* values and keys are Slapi_Value ** */
int pb_syntax_filter_normalized; /* the syntax filter types/values are already normalized */
void *pb_syntax_filter_data; /* extra data to pass to a syntax plugin function */
int pb_paged_results_index; /* stash SLAPI_PAGED_RESULTS_INDEX */
int pb_paged_results_cookie; /* stash SLAPI_PAGED_RESULTS_COOKIE */
passwdPolicy *pwdpolicy;
void *op_stack_elem;

/* For ACI Target Check */
int pb_aci_target_check; /* this flag prevents duplicate checking of ACI's target existence */

struct slapi_entry *pb_pw_entry; /* stash dup'ed entry that shadow info is added/replaced */
#ifdef PBLOCK_ANALYTICS
uint32_t analytics_init;
PLHashTable *analytics;
#endif
} slapi_pblock;
Slapi_PBlock * slapi_pblock_clone(Slapi_PBlock *pb) __attribute__((deprecated));

passwdPolicy * slapi_pblock_get_pwdpolicy(Slapi_PBlock *pb);
void slapi_pblock_set_pwdpolicy(Slapi_PBlock *pb, passwdPolicy *pwdpolicy);

int32_t slapi_pblock_get_ldif_dump_replica(Slapi_PBlock *pb);
void slapi_pblock_set_ldif_dump_replica(Slapi_PBlock *pb, int32_t dump_replica);

void * slapi_pblock_get_vattr_context(Slapi_PBlock *pb);
void slapi_pblock_set_vattr_context(Slapi_PBlock *pb, void *vattr_ctx);


void * slapi_pblock_get_op_stack_elem(Slapi_PBlock *pb);
void slapi_pblock_set_op_stack_elem(Slapi_PBlock *pb, void *stack_elem);

/* index if substrlens */
#define INDEX_SUBSTRBEGIN 0
Expand Down Expand Up @@ -2762,4 +2609,5 @@ extern char *attr_dataversion;
#define _SEC_PER_DAY 86400
#define _MAX_SHADOW 99999


#endif /* _slap_h_ */
5 changes: 4 additions & 1 deletion ldap/servers/slapd/slapi-plugin.h
Original file line number Diff line number Diff line change
Expand Up @@ -528,7 +528,10 @@ NSPR_API(PRUint32) PR_fprintf(struct PRFileDesc* fd, const char *fmt, ...)
* The available parameters that you can use depends on the type of plug-in function
* you are writing.
*/
typedef struct slapi_pblock Slapi_PBlock;
// Shadow pointer for pblock
struct slapi_pblock;

typedef struct slapi_pblock Slapi_PBlock;

/**
* Represents an entry in the directory.
Expand Down
4 changes: 4 additions & 0 deletions ldap/servers/slapd/slapi-private.h
Original file line number Diff line number Diff line change
Expand Up @@ -1410,6 +1410,10 @@ long util_get_hardware_threads(void);
*/
void slapi_create_errormsg(char *errorbuf, size_t len, const char *fmt, ...);

struct slapi_entry * slapi_pblock_get_pw_entry(Slapi_PBlock *pb);
void slapi_pblock_set_pw_entry(Slapi_PBlock *pb, struct slapi_entry *entry);


#ifdef __cplusplus
}
#endif
Expand Down
12 changes: 6 additions & 6 deletions ldap/servers/slapd/sort.c
Original file line number Diff line number Diff line change
Expand Up @@ -25,18 +25,18 @@ sort_make_sort_response_control ( Slapi_PBlock *pb, int code, char *error_type)
int rc = -1;
ber_int_t control_code;
int pr_idx = -1;
Connection *pb_conn;
Slapi_Operation *operation;

slapi_pblock_get(pb, SLAPI_PAGED_RESULTS_INDEX, &pr_idx);
slapi_pblock_get(pb, SLAPI_CONNECTION, &pb_conn);
slapi_pblock_get(pb, SLAPI_OPERATION, &operation);

if (code == CONN_GET_SORT_RESULT_CODE) {
code = pagedresults_get_sort_result_code(pb->pb_conn,
pb->pb_op, pr_idx);
code = pagedresults_get_sort_result_code(pb_conn, operation, pr_idx);
} else {
Slapi_Operation *operation;
slapi_pblock_get (pb, SLAPI_OPERATION, &operation);
if (op_is_pagedresults(operation)) {
pagedresults_set_sort_result_code(pb->pb_conn,
pb->pb_op, code, pr_idx);
pagedresults_set_sort_result_code(pb_conn, operation, code, pr_idx);
}
}

Expand Down
8 changes: 4 additions & 4 deletions ldap/servers/slapd/ssl.c
Original file line number Diff line number Diff line change
Expand Up @@ -939,7 +939,7 @@ freeChildren( char **list ) {
static void
entrySetValue(Slapi_DN *sdn, char *type, char *value)
{
Slapi_PBlock mypb = {0};
Slapi_PBlock *mypb = slapi_pblock_new();
LDAPMod attr;
LDAPMod *mods[2];
char *values[2];
Expand All @@ -955,9 +955,9 @@ entrySetValue(Slapi_DN *sdn, char *type, char *value)
mods[0] = &attr;
mods[1] = NULL;

slapi_modify_internal_set_pb_ext(&mypb, sdn, mods, NULL, NULL, (void *)plugin_get_default_component_id(), 0);
slapi_modify_internal_pb(&mypb);
pblock_done(&mypb);
slapi_modify_internal_set_pb_ext(mypb, sdn, mods, NULL, NULL, (void *)plugin_get_default_component_id(), 0);
slapi_modify_internal_pb(mypb);
slapi_pblock_destroy(mypb);
}

/* Logs a warning and returns 1 if cert file doesn't exist. You
Expand Down
17 changes: 11 additions & 6 deletions ldap/servers/slapd/start_tls_extop.c
Original file line number Diff line number Diff line change
Expand Up @@ -127,6 +127,7 @@ start_tls( Slapi_PBlock *pb )

char *oid;
Connection *conn;
Operation *pb_op;
int ldaprc = LDAP_SUCCESS;
char *ldapmsg = NULL;

Expand Down Expand Up @@ -171,7 +172,7 @@ start_tls( Slapi_PBlock *pb )

/* At least we know that the request was indeed an Start TLS one. */

conn = pb->pb_conn;
slapi_pblock_get(pb, SLAPI_CONNECTION, &conn);
PR_EnterMonitor(conn->c_mutex);
/* cannot call slapi_send_ldap_result with mutex locked - will deadlock if ber_flush returns error */
if ( conn->c_prfd == (PRFileDesc *) NULL ) {
Expand All @@ -182,8 +183,10 @@ start_tls( Slapi_PBlock *pb )
goto unlock_and_return;
}

slapi_pblock_get(pb, SLAPI_OPERATION, &pb_op);

/* Check whether the Start TLS request can be accepted. */
if ( connection_operations_pending( conn, pb->pb_op,
if ( connection_operations_pending( conn, pb_op,
1 /* check for ops where result not yet sent */ )) {
slapi_log_err(SLAPI_LOG_PLUGIN, "start_tls",
"Other operations are still pending on the connection.\n" );
Expand Down Expand Up @@ -270,13 +273,14 @@ start_tls_graceful_closure( Connection *c, Slapi_PBlock * pb, int is_initiator )
struct slapdplugin *plugin;
int secure = 0;
PRFileDesc *ssl_fd;
Operation *pb_op = NULL;

if ( pblock == NULL ) {
pblock = slapi_pblock_new();
plugin = (struct slapdplugin *) slapi_ch_calloc( 1, sizeof( struct slapdplugin ) );
pblock->pb_plugin = plugin;
pblock->pb_conn = c;
pblock->pb_op = c->c_ops;
slapi_pblock_set(pb, SLAPI_PLUGIN, plugin);
slapi_pblock_set(pb, SLAPI_CONNECTION, c);
slapi_pblock_set(pb, SLAPI_OPERATION, c->c_ops);
set_db_default_result_handlers( pblock );
if ( slapi_pblock_set( pblock, SLAPI_EXT_OP_RET_OID, START_TLS_OID ) != 0 ) {
slapi_log_err(SLAPI_LOG_PLUGIN, "start_tls",
Expand All @@ -288,10 +292,11 @@ start_tls_graceful_closure( Connection *c, Slapi_PBlock * pb, int is_initiator )
slapi_ch_free( (void **) &plugin );
}

slapi_pblock_get(pblock, SLAPI_OPERATION, &pb_op);
/* First thing to do is to finish with whatever operation may be hanging on the
* encrypted session.
*/
while ( connection_operations_pending( c, pblock->pb_op,
while ( connection_operations_pending( c, pb_op,
0 /* wait for all other ops to full complete */ )) {
slapi_log_err(SLAPI_LOG_PLUGIN, "start_tls",
"Still %d operations to be completed before closing the SSL connection.\n",
Expand Down
Loading