Login
[x]
Log in using an account from:
Fedora Account System
Red Hat Associate
Red Hat Customer
Or login using a Red Hat Bugzilla account
Forgot Password
Login:
Hide Forgot
Create an Account
Red Hat Bugzilla – Attachment 309023 Details for
Bug 450989
memberOf: Make group and memberOf attributes configurable
[?]
New
Simple Search
Advanced Search
My Links
Browse
Requests
Reports
Current State
Search
Tabular reports
Graphical reports
Duplicates
Other Reports
User Changes
Plotly Reports
Bug Status
Bug Severity
Non-Defaults
|
Product Dashboard
Help
Page Help!
Bug Writing Guidelines
What's new
Browser Support Policy
5.0.4.rh83 Release notes
FAQ
Guides index
User guide
Web Services
Contact
Legal
This site requires JavaScript to be enabled to function correctly, please enable it.
[patch]
CVS Diffs
diffs.txt (text/plain), 21.33 KB, created by
Nathan Kinder
on 2008-06-12 04:14:54 UTC
(
hide
)
Description:
CVS Diffs
Filename:
MIME Type:
Creator:
Nathan Kinder
Created:
2008-06-12 04:14:54 UTC
Size:
21.33 KB
patch
obsolete
>Index: Makefile.am >=================================================================== >RCS file: /cvs/dirsec/ldapserver/Makefile.am,v >retrieving revision 1.69 >diff -u -5 -t -r1.69 Makefile.am >--- Makefile.am 10 Jun 2008 20:24:01 -0000 1.69 >+++ Makefile.am 12 Jun 2008 03:52:39 -0000 >@@ -649,11 +649,12 @@ > libcollation_plugin_la_LINK = $(CXXLINK) > > #------------------------ > # libmemberof-plugin > #------------------------ >-libmemberof_plugin_la_SOURCES= ldap/servers/plugins/memberof/memberof.c >+libmemberof_plugin_la_SOURCES= ldap/servers/plugins/memberof/memberof.c \ >+ ldap/servers/plugins/memberof/memberof_config.c > > libmemberof_plugin_la_CPPFLAGS = $(PLUGIN_CPPFLAGS) > libmemberof_plugin_la_LDFLAGS = -avoid-version > > #------------------------ >Index: ldap/ldif/template-dse.ldif.in >=================================================================== >RCS file: /cvs/dirsec/ldapserver/ldap/ldif/template-dse.ldif.in,v >retrieving revision 1.7 >diff -u -5 -t -r1.7 template-dse.ldif.in >--- ldap/ldif/template-dse.ldif.in 5 Jun 2008 19:11:50 -0000 1.7 >+++ ldap/ldif/template-dse.ldif.in 12 Jun 2008 03:53:23 -0000 >@@ -406,10 +406,12 @@ > nsslapd-pluginpath: libmemberof-plugin > nsslapd-plugininitfunc: memberof_postop_init > nsslapd-plugintype: postoperation > nsslapd-pluginenabled: off > nsslapd-plugin-depends-on-type: database >+memberOfGroupAttr: member >+memberOfAttr: memberOf > > dn: cn=Multimaster Replication Plugin,cn=plugins,cn=config > objectclass: top > objectclass: nsSlapdPlugin > objectclass: extensibleObject >Index: ldap/servers/plugins/memberof/memberof.c >=================================================================== >RCS file: /cvs/dirsec/ldapserver/ldap/servers/plugins/memberof/memberof.c,v >retrieving revision 1.8 >diff -u -5 -t -r1.8 memberof.c >--- ldap/servers/plugins/memberof/memberof.c 9 Jun 2008 21:43:59 -0000 1.8 >+++ ldap/servers/plugins/memberof/memberof.c 12 Jun 2008 03:53:24 -0000 >@@ -70,22 +70,17 @@ > #include <dirlite_strings.h> /* PLUGIN_MAGIC_VENDOR_STR */ > > #include "string.h" > #include "nspr.h" > >-#define MEMBEROF_GROUP_ATTR "member" >-#define MEMBEROF_ATTR "memberof" >-#define MEMBEROF_GROUP_ATTR_IS_DN 1 >-#define MEMBEROF_GROUP_FILTER "(" MEMBEROF_GROUP_ATTR "=*)" >+#include "memberof.h" > >-#define MEMBEROF_PLUGIN_SUBSYSTEM "memberof-plugin" /* used for logging */ > static Slapi_PluginDesc pdesc = { "memberof", PLUGIN_MAGIC_VENDOR_STR, > PRODUCTTEXT, "memberof plugin" }; > > static void* _PluginID = NULL; >-static Slapi_Filter *memberof_group_filter = NULL; >-static Slapi_Mutex *memberof_operation_lock = 0; >+Slapi_Mutex *memberof_operation_lock = 0; > > typedef struct _memberofstringll > { > const char *dn; > void *next; >@@ -127,11 +122,10 @@ > static int memberof_replace_list(Slapi_PBlock *pb, char *group_dn); > static void memberof_set_plugin_id(void * plugin_id); > static void *memberof_get_plugin_id(); > static int memberof_compare(const void *a, const void *b); > static void memberof_load_array(Slapi_Value **array, Slapi_Attr *attr); >-static Slapi_Filter *memberof_string2filter(char *strfilter); > static int memberof_is_legit_member(Slapi_PBlock *pb, char *group_dn, > char *op_this, char *op_to, memberofstringll *stack); > static int memberof_del_dn_from_groups(Slapi_PBlock *pb, char *dn); > static int memberof_call_foreach_dn(Slapi_PBlock *pb, char *dn, > char *type, plugin_search_entry_callback callback, void *callback_data); >@@ -142,12 +136,10 @@ > static int memberof_del_dn_type_callback(Slapi_Entry *e, void *callback_data); > static int memberof_replace_dn_type_callback(Slapi_Entry *e, void *callback_data); > static int memberof_replace_dn_from_groups(Slapi_PBlock *pb, char *pre_dn, char *post_dn); > static int memberof_modop_one_replace_r(Slapi_PBlock *pb, int mod_op, char *group_dn, > char *op_this, char *replace_with, char *op_to, memberofstringll *stack); >-static void memberof_lock(); >-static void memberof_unlock(); > static int memberof_add_groups_search_callback(Slapi_Entry *e, void *callback_data); > static int memberof_add_membership(Slapi_PBlock *pb, char *op_this, char *op_to); > static int memberof_task_add(Slapi_PBlock *pb, Slapi_Entry *e, > Slapi_Entry *eAfter, int *returncode, char *returntext, > void *arg); >@@ -221,24 +213,35 @@ > * > */ > int memberof_postop_start(Slapi_PBlock *pb) > { > int rc = 0; >+ Slapi_Entry *config_e = NULL; /* entry containing plugin config */ > > slapi_log_error( SLAPI_LOG_TRACE, MEMBEROF_PLUGIN_SUBSYSTEM, > "--> memberof_postop_start\n" ); > >- memberof_group_filter = memberof_string2filter(MEMBEROF_GROUP_FILTER); >- > memberof_operation_lock = slapi_new_mutex(); >- >- if(0 == memberof_group_filter || 0 == memberof_operation_lock) >+ if(0 == memberof_operation_lock) > { > rc = -1; > goto bail; > } > >+ if ( slapi_pblock_get( pb, SLAPI_ADD_ENTRY, &config_e ) != 0 ) { >+ slapi_log_error( SLAPI_LOG_FATAL, MEMBEROF_PLUGIN_SUBSYSTEM, >+ "missing config entry\n" ); >+ rc = -1; >+ goto bail; >+ } >+ >+ if (( rc = memberof_config( config_e )) != LDAP_SUCCESS ) { >+ slapi_log_error( SLAPI_LOG_FATAL, MEMBEROF_PLUGIN_SUBSYSTEM, >+ "configuration failed (%s)\n", ldap_err2string( rc )); >+ return( -1 ); >+ } >+ > rc = slapi_task_register_handler("memberof task", memberof_task_add); > if(rc) > { > goto bail; > } >@@ -309,15 +312,15 @@ > * membership lists of groups > */ > memberof_del_dn_from_groups(pb, dn); > > /* is the entry of interest as a group? */ >- if(e && !slapi_filter_test_simple(e, memberof_group_filter)) >+ if(e && !slapi_filter_test_simple(e, theConfig.group_filter)) > { > Slapi_Attr *attr = 0; > >- if(0 == slapi_entry_attr_find(e, MEMBEROF_GROUP_ATTR, &attr)) >+ if(0 == slapi_entry_attr_find(e, theConfig.groupattr, &attr)) > { > memberof_del_attr_list(pb, dn, attr); > } > } > >@@ -335,14 +338,14 @@ > char *type; > } del_dn_data; > > int memberof_del_dn_from_groups(Slapi_PBlock *pb, char *dn) > { >- del_dn_data data = {dn, MEMBEROF_GROUP_ATTR}; >+ del_dn_data data = {dn, theConfig.groupattr}; > > return memberof_call_foreach_dn(pb, dn, >- MEMBEROF_GROUP_ATTR, memberof_del_dn_type_callback, &data); >+ theConfig.groupattr, memberof_del_dn_type_callback, &data); > } > > int memberof_del_dn_type_callback(Slapi_Entry *e, void *callback_data) > { > int rc = 0; >@@ -465,19 +468,19 @@ > post_dn = slapi_entry_get_ndn(post_e); > } > > /* is the entry of interest? */ > if(pre_dn && post_dn && >- !slapi_filter_test_simple(post_e, memberof_group_filter)) >+ !slapi_filter_test_simple(post_e, theConfig.group_filter)) > { > Slapi_Attr *attr = 0; > > memberof_lock(); > > /* get a list of member attributes present in the group > * entry that is being renamed. */ >- if(0 == slapi_entry_attr_find(post_e, MEMBEROF_GROUP_ATTR, &attr)) >+ if(0 == slapi_entry_attr_find(post_e, theConfig.groupattr, &attr)) > { > memberof_moddn_attr_list(pb, pre_dn, post_dn, attr); > } > > /* modrdn must change the dns in groups that have >@@ -503,13 +506,13 @@ > char *type; > } replace_dn_data; > > int memberof_replace_dn_from_groups(Slapi_PBlock *pb, char *pre_dn, char *post_dn) > { >- replace_dn_data data = {pre_dn, post_dn, MEMBEROF_GROUP_ATTR}; >+ replace_dn_data data = {pre_dn, post_dn, theConfig.groupattr}; > >- return memberof_call_foreach_dn(pb, pre_dn, MEMBEROF_GROUP_ATTR, >+ return memberof_call_foreach_dn(pb, pre_dn, theConfig.groupattr, > memberof_replace_dn_type_callback, &data); > } > > > int memberof_replace_dn_type_callback(Slapi_Entry *e, void *callback_data) >@@ -598,11 +601,11 @@ > while(smod) > { > char *type = (char *)slapi_mod_get_type(smod); > > /* we only care about the group attribute */ >- if(slapi_attr_types_equivalent(type,MEMBEROF_GROUP_ATTR)) >+ if(slapi_attr_types_equivalent(type,theConfig.groupattr)) > { > int op = slapi_mod_get_operation(smod); > > memberof_lock(); > >@@ -687,17 +690,17 @@ > struct slapi_entry *e = NULL; > > slapi_pblock_get( pb, SLAPI_ENTRY_POST_OP, &e ); > > /* is the entry of interest? */ >- if(e && !slapi_filter_test_simple(e, memberof_group_filter)) >+ if(e && !slapi_filter_test_simple(e, theConfig.group_filter)) > { > Slapi_Attr *attr = 0; > > memberof_lock(); > >- if(0 == slapi_entry_attr_find(e, MEMBEROF_GROUP_ATTR, &attr)) >+ if(0 == slapi_entry_attr_find(e, theConfig.groupattr, &attr)) > { > memberof_add_attr_list(pb, dn, attr); > } > > memberof_unlock(); >@@ -803,19 +806,18 @@ > LDAPMod replace_mod; > LDAPMod *mods[3]; > char *val[2]; > char *replace_val[2]; > Slapi_PBlock *mod_pb = 0; >- char *attrlist[2] = {MEMBEROF_GROUP_ATTR,0}; >+ char *attrlist[2] = {theConfig.groupattr,0}; > Slapi_DN *op_to_sdn = 0; > Slapi_Entry *e = 0; > memberofstringll *ll = 0; > char *op_str = 0; > Slapi_Value *to_dn_val = slapi_value_new_string(op_to); > Slapi_Value *this_dn_val = slapi_value_new_string(op_this); > >- > /* determine if this is a group op or single entry */ > op_to_sdn = slapi_sdn_new_dn_byref(op_to); > slapi_search_internal_get_entry( op_to_sdn, attrlist, > &e, memberof_get_plugin_id()); > slapi_sdn_free(&op_to_sdn); >@@ -856,11 +858,11 @@ > > slapi_log_error( SLAPI_LOG_PLUGIN, MEMBEROF_PLUGIN_SUBSYSTEM, > "memberof_modop_one_r: %s %s in %s\n" > ,op_str, op_this, op_to); > >- if(!slapi_filter_test_simple(e, memberof_group_filter)) >+ if(!slapi_filter_test_simple(e, theConfig.group_filter)) > { > /* group */ > Slapi_Value *ll_dn_val = 0; > Slapi_Attr *members = 0; > >@@ -897,11 +899,11 @@ > /* Add the nested group's DN to the stack so we can detect loops later. */ > ll = (memberofstringll*)slapi_ch_malloc(sizeof(memberofstringll)); > ll->dn = op_to; > ll->next = stack; > >- slapi_entry_attr_find( e, MEMBEROF_GROUP_ATTR, &members ); >+ slapi_entry_attr_find( e, theConfig.groupattr, &members ); > if(members) > { > memberof_mod_attr_list_r(pb, mod_op, group_dn, op_this, members, ll); > } > >@@ -951,11 +953,11 @@ > * don't want to remove the memberOf value. */ > if((LDAP_MOD_DELETE != mod_op) || (0 == memberof_is_member(this_dn_val, to_dn_val))) { > /* If we're about to add a memberOf value to an entry, we should first check > * if the value already exists. */ > if((LDAP_MOD_ADD == mod_op) && (slapi_entry_attr_has_syntax_value(e, >- MEMBEROF_ATTR, this_dn_val))) >+ theConfig.memberof_attr, this_dn_val))) > { > slapi_log_error( SLAPI_LOG_PLUGIN, MEMBEROF_PLUGIN_SUBSYSTEM, > "memberof_modop_one_r: memberOf value %s already exists in " > "entry %s\n", op_this, op_to); > goto bail; >@@ -977,20 +979,20 @@ > > val[0] = op_this; > val[1] = 0; > > mod.mod_op = LDAP_MOD_REPLACE == mod_op?LDAP_MOD_DELETE:mod_op; >- mod.mod_type = MEMBEROF_ATTR; >+ mod.mod_type = theConfig.memberof_attr; > mod.mod_values = val; > > if(LDAP_MOD_REPLACE == mod_op) > { > replace_val[0] = replace_with; > replace_val[1] = 0; > > replace_mod.mod_op = LDAP_MOD_ADD; >- replace_mod.mod_type = MEMBEROF_ATTR; >+ replace_mod.mod_type = theConfig.memberof_attr; > replace_mod.mod_values = replace_val; > } > > slapi_modify_internal_set_pb( > mod_pb, op_to, >@@ -1288,11 +1290,11 @@ > > int memberof_add_membership(Slapi_PBlock *pb, char *op_this, char *op_to) > { > memberof_add_groups data = {op_to, op_this}; > >- return memberof_call_foreach_dn(pb, op_this, MEMBEROF_GROUP_ATTR, >+ return memberof_call_foreach_dn(pb, op_this, theConfig.groupattr, > memberof_add_groups_search_callback, &data); > } > > int memberof_add_groups_search_callback(Slapi_Entry *e, void *callback_data) > { >@@ -1307,22 +1309,22 @@ > */ > int memberof_is_direct_member(Slapi_Value *groupdn, Slapi_Value *memberdn) > { > int rc = 0; > Slapi_DN *sdn = 0; >- char *attrlist[2] = {MEMBEROF_GROUP_ATTR,0}; >+ char *attrlist[2] = {theConfig.groupattr,0}; > Slapi_Entry *group_e = 0; > Slapi_Attr *attr = 0; > > sdn = slapi_sdn_new_dn_byref(slapi_value_get_string(groupdn)); > > slapi_search_internal_get_entry(sdn, attrlist, > &group_e, memberof_get_plugin_id()); > > if(group_e) > { >- slapi_entry_attr_find(group_e, MEMBEROF_GROUP_ATTR, &attr ); >+ slapi_entry_attr_find(group_e, theConfig.groupattr, &attr ); > if(attr) > { > rc = 0 == slapi_attr_value_find( > attr, slapi_value_get_berval(memberdn)); > } >@@ -1418,14 +1420,14 @@ > * see if it is our group. If not, search for "member=<matchdn>" > * and keep looping until we've exhausted it. */ > if(base_sdn) > { > int filter_size = >- (strlen(MEMBEROF_GROUP_ATTR) + >+ (strlen(theConfig.groupattr) + > strlen(slapi_value_get_string(memberdn)) + 4); /* 4 for (=) + null */ > filter_str = (char*)slapi_ch_malloc(filter_size); >- sprintf(filter_str, "(%s=%s)", MEMBEROF_GROUP_ATTR, slapi_value_get_string(memberdn)); >+ sprintf(filter_str, "(%s=%s)", theConfig.groupattr, slapi_value_get_string(memberdn)); > } > > if(filter_str) > { > slapi_search_internal_set_pb(search_pb, slapi_sdn_get_dn(base_sdn), >@@ -1498,11 +1500,11 @@ > * iterate until a pass fails to move a group over to member groups > * remaining groups should be deleted > */ > int memberof_test_membership(Slapi_PBlock *pb, char *group_dn) > { >- return memberof_call_foreach_dn(pb, group_dn, MEMBEROF_ATTR, >+ return memberof_call_foreach_dn(pb, group_dn, theConfig.memberof_attr, > memberof_test_membership_callback ,0); > } > > /* > * memberof_test_membership_callback() >@@ -1526,11 +1528,11 @@ > { > goto bail; > } > > /* divide groups into member and non-member lists */ >- slapi_entry_attr_find(e, MEMBEROF_ATTR, &attr ); >+ slapi_entry_attr_find(e, theConfig.memberof_attr, &attr ); > if(attr) > { > slapi_attr_get_numvalues( attr, &total); > if(total) > { >@@ -1685,12 +1687,12 @@ > slapi_pblock_get( pb, SLAPI_ENTRY_PRE_OP, &pre_e ); > slapi_pblock_get( pb, SLAPI_ENTRY_POST_OP, &post_e ); > > if(pre_e && post_e) > { >- slapi_entry_attr_find( pre_e, MEMBEROF_GROUP_ATTR, &pre_attr ); >- slapi_entry_attr_find( post_e, MEMBEROF_GROUP_ATTR, &post_attr ); >+ slapi_entry_attr_find( pre_e, theConfig.groupattr, &pre_attr ); >+ slapi_entry_attr_find( post_e, theConfig.groupattr, &post_attr ); > } > > if(pre_attr || post_attr) > { > int pre_total = 0; >@@ -1841,37 +1843,19 @@ > > if(first_time) > { > first_time = 0; > attr = slapi_attr_new(); >- slapi_attr_init(attr, MEMBEROF_GROUP_ATTR); >+ slapi_attr_init(attr, theConfig.groupattr); > } > > return slapi_attr_value_cmp( > attr, > slapi_value_get_berval(val1), > slapi_value_get_berval(val2)); > } > >-/* memberof_string2filter() >- * >- * For some reason slapi_str2filter writes to its input >- * which means you cannot pass in a string constant >- * so this is a fix up function for that >- */ >-Slapi_Filter *memberof_string2filter(char *strfilter) >-{ >- Slapi_Filter *ret = 0; >- char *idontbelieveit = slapi_ch_strdup(strfilter); >- >- ret = slapi_str2filter( idontbelieveit ); >- >- slapi_ch_free_string(&idontbelieveit); >- >- return ret; >-} >- > /* memberof_is_legit_member() > * > * before we rush to remove this group from the entry > * we need to be sure that the entry is not a member > * of the group for another legitimate reason i.e. >@@ -1890,12 +1874,12 @@ > Slapi_Entry *opto_e = 0; > char *filter_str = 0; > Slapi_Filter *filter = 0; > int filter_size = 0; > memberofstringll *ll = 0; >- char *attrlist[2] = {MEMBEROF_GROUP_ATTR,0}; >- char *optolist[2] = {MEMBEROF_ATTR,0}; >+ char *attrlist[2] = {theConfig.groupattr,0}; >+ char *optolist[2] = {theConfig.memberof_attr,0}; > Slapi_Attr *memberof = 0; > Slapi_Value *memberdn = 0; > int hint = 0; > const char *delete_group_dn = 0; > >@@ -1912,17 +1896,16 @@ > { > goto bail; > } > > filter_size = 2 * >- (strlen(MEMBEROF_GROUP_ATTR) + >+ (strlen(theConfig.groupattr) + > strlen(op_to) + 4); /* 4 for (=) + null */ > filter_str = (char*)slapi_ch_malloc(filter_size); > >- sprintf(filter_str, "(%s=%s)", MEMBEROF_GROUP_ATTR, op_to); >- >- filter = memberof_string2filter(filter_str); >+ sprintf(filter_str, "(%s=%s)", theConfig.groupattr, op_to); >+ filter = slapi_str2filter(filter_str); > > if(!slapi_filter_test_simple(group_e, filter)) > { > /* entry is direct member */ > slapi_log_error( SLAPI_LOG_PLUGIN, MEMBEROF_PLUGIN_SUBSYSTEM, >@@ -1964,11 +1947,11 @@ > &opto_e, memberof_get_plugin_id()); > slapi_sdn_free(&opto_sdn); > > if(opto_e) > { >- slapi_entry_attr_find(opto_e, MEMBEROF_ATTR, &memberof); >+ slapi_entry_attr_find(opto_e, theConfig.memberof_attr, &memberof); > } > > if(0 == memberof) > { > goto bail; >@@ -1979,11 +1962,11 @@ > > while(memberdn) > { > char *dn = (char*)slapi_value_get_string(memberdn); > int current_size = >- (strlen(MEMBEROF_GROUP_ATTR) + >+ (strlen(theConfig.groupattr) + > strlen(dn) + 4); /* 4 for (=) + null */ > > /* disregard the group being removed */ > if(0 == strcmp(dn, delete_group_dn)) > { >@@ -1996,12 +1979,12 @@ > filter_size = 2 * current_size; > filter_str = slapi_ch_realloc( > filter_str, filter_size); > } > >- sprintf(filter_str, "(%s=%s)", MEMBEROF_GROUP_ATTR, dn); >- filter = memberof_string2filter(filter_str); >+ sprintf(filter_str, "(%s=%s)", theConfig.groupattr, dn); >+ filter = slapi_str2filter(filter_str); > > if(!slapi_filter_test_simple(group_e, filter)) > { > /* another group allows entry */ > slapi_log_error( SLAPI_LOG_PLUGIN, MEMBEROF_PLUGIN_SUBSYSTEM, >@@ -2197,14 +2180,14 @@ > int rc = 0; > char *dn = slapi_entry_get_dn(e); > memberof_add_groups data = {dn, dn}; > > /* step 1 */ >- slapi_entry_attr_delete(e, MEMBEROF_ATTR); >+ slapi_entry_attr_delete(e, theConfig.memberof_attr); > > /* step 2 and 3 */ >- rc = memberof_call_foreach_dn(0, dn, MEMBEROF_GROUP_ATTR, >+ rc = memberof_call_foreach_dn(0, dn, theConfig.groupattr, > memberof_add_groups_search_callback, &data); > > return rc; > } >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=309023">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 450989
:
309023
|
309024
|
309025
|
309681
|
309682
|
309683
|
309753
|
309754
|
309755
|
309804
|
309805
|
309806