/* For preop search we do two things:
* 1) based on the search base, we preselect the acls.
* 2) also get hold of a acl_pblock for use
*/
static int
aclplugin_preop_search ( Slapi_PBlock *pb )
{
int scope;
const char *base = NULL;
Slapi_DN *sdn = NULL;
int optype;
int isRoot;
int isProxy = 0;
int rc = 0;
char *errtxt = NULL;
char *proxy_dn = NULL;
TNF_PROBE_0_DEBUG(aclplugin_preop_search_start ,"ACL","");
slapi_pblock_get ( pb, SLAPI_OPERATION_TYPE, &optype );
slapi_pblock_get ( pb, SLAPI_REQUESTOR_ISROOT, &isRoot );
if (LDAP_SUCCESS == proxyauth_get_dn(pb, &proxy_dn, &errtxt) && proxy_dn) {
isProxy = 1;
}
slapi_ch_free_string(&proxy_dn);
if ( isRoot && !isProxy) {
TNF_PROBE_1_DEBUG(aclplugin_preop_search_end ,"ACL","",
tnf_string,isroot,"");
return rc;
}
slapi_pblock_get( pb, SLAPI_SEARCH_TARGET_SDN, &sdn );
base = slapi_sdn_get_dn(sdn);
/* For anonymous client doing search nothing needs to be set up */
if ( optype == SLAPI_OPERATION_SEARCH && aclanom_is_client_anonymous ( pb ) &&
! slapi_dn_issuffix( base, "cn=monitor") ) {
TNF_PROBE_1_DEBUG(aclplugin_preop_search_end ,"ACL","",
tnf_string,anon,"");
return rc;
}
if ( 0 == ( rc = aclplugin_preop_common( pb ))) {
slapi_pblock_get( pb, SLAPI_SEARCH_SCOPE, &scope );
acllist_init_scan ( pb, scope, base );
}
TNF_PROBE_0_DEBUG(aclplugin_preop_search_end ,"ACL","");
return rc;
}
static int
linked_attrs_add_backlinks_callback(Slapi_Entry *e, void *callback_data)
{
int rc = 0;
char *linkdn = slapi_entry_get_dn(e);
struct configEntry *config = (struct configEntry *)callback_data;
Slapi_PBlock *pb = slapi_pblock_new();
int i = 0;
char **targets = NULL;
char *val[2];
LDAPMod mod;
LDAPMod *mods[2];
/* Setup the modify operation. Only the target will
* change, so we only need to do this once. */
val[0] = linkdn;
val[1] = 0;
mod.mod_op = LDAP_MOD_ADD;
mod.mod_type = config->managedtype;
mod.mod_values = val;
mods[0] = &mod;
mods[1] = 0;
targets = slapi_entry_attr_get_charray(e, config->linktype);
for (i = 0; targets && targets[i]; ++i) {
char *targetdn = (char *)targets[i];
int perform_update = 0;
Slapi_DN *targetsdn = NULL;
if (slapi_is_shutting_down()) {
rc = -1;
goto done;
}
targetsdn = slapi_sdn_new_normdn_byref(targetdn);
if (config->scope) {
/* Check if the target is within the scope. */
perform_update = slapi_dn_issuffix(targetdn, config->scope);
} else {
/* Find out the root suffix that the linkdn is in
* and see if the target is in the same backend. */
Slapi_Backend *be = NULL;
Slapi_DN *linksdn = slapi_sdn_new_normdn_byref(linkdn);
if ((be = slapi_be_select(linksdn))) {
perform_update = slapi_sdn_issuffix(targetsdn, slapi_be_getsuffix(be, 0));
}
slapi_sdn_free(&linksdn);
}
if (perform_update) {
slapi_log_error(SLAPI_LOG_PLUGIN, LINK_PLUGIN_SUBSYSTEM,
"Adding backpointer (%s) in entry (%s)\n",
linkdn, targetdn);
/* Perform the modify operation. */
slapi_modify_internal_set_pb_ext(pb, targetsdn, mods, 0, 0,
linked_attrs_get_plugin_id(), 0);
slapi_modify_internal_pb(pb);
/* Initialize the pblock so we can reuse it. */
slapi_pblock_init(pb);
}
slapi_sdn_free(&targetsdn);
}
done:
slapi_ch_array_free(targets);
slapi_pblock_destroy(pb);
return rc;
}
