本文整理汇总了C++中dn_match函数的典型用法代码示例。如果您正苦于以下问题:C++ dn_match函数的具体用法?C++ dn_match怎么用?C++ dn_match使用的例子?那么恭喜您, 这里精选的函数代码示例或许可以为您提供帮助。
在下文中一共展示了dn_match函数的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的C++代码示例。
示例1: monitor_subsys_conn_update
static int
monitor_subsys_conn_update(
Operation *op,
SlapReply *rs,
Entry *e )
{
monitor_info_t *mi = ( monitor_info_t * )op->o_bd->be_private;
long n = -1;
static struct berval total_bv = BER_BVC( "cn=total" ),
current_bv = BER_BVC( "cn=current" );
struct berval rdn;
assert( mi != NULL );
assert( e != NULL );
dnRdn( &e->e_nname, &rdn );
if ( dn_match( &rdn, &total_bv ) ) {
n = connections_nextid();
} else if ( dn_match( &rdn, ¤t_bv ) ) {
Connection *c;
ber_socket_t connindex;
for ( n = 0, c = connection_first( &connindex );
c != NULL;
n++, c = connection_next( c, &connindex ) )
{
/* No Op */ ;
}
connection_done( c );
}
if ( n != -1 ) {
Attribute *a;
char buf[LDAP_PVT_INTTYPE_CHARS(long)];
ber_len_t len;
a = attr_find( e->e_attrs, mi->mi_ad_monitorCounter );
if ( a == NULL ) {
return( -1 );
}
snprintf( buf, sizeof( buf ), "%ld", n );
len = strlen( buf );
if ( len > a->a_vals[ 0 ].bv_len ) {
a->a_vals[ 0 ].bv_val = ber_memrealloc( a->a_vals[ 0 ].bv_val, len + 1 );
}
a->a_vals[ 0 ].bv_len = len;
memcpy( a->a_vals[ 0 ].bv_val, buf, len + 1 );
/* FIXME: touch modifyTimestamp? */
}示例2: collect_response
static int
collect_response( Operation *op, SlapReply *rs )
{
slap_overinst *on = (slap_overinst *) op->o_bd->bd_info;
collect_info *ci = on->on_bi.bi_private;
/* If we've been configured and the current response is
* a search entry
*/
if ( ci && rs->sr_type == REP_SEARCH ) {
int rc;
op->o_bd->bd_info = (BackendInfo *)on->on_info;
for (; ci; ci=ci->ci_next ) {
int idx=0;
/* Is this entry an ancestor of this collectinfo ? */
if (!dnIsSuffix(&rs->sr_entry->e_nname, &ci->ci_dn)) {
/* collectinfo does not match */
continue;
}
/* Is this entry the same as the template DN ? */
if ( dn_match(&rs->sr_entry->e_nname, &ci->ci_dn)) {
/* dont apply change to parent */
continue;
}
/* The current entry may live in a cache, so
* don't modify it directly. Make a copy and
* work with that instead.
*/
rs_entry2modifiable( op, rs, on );
/* Loop for each attribute in this collectinfo */
for(idx=0; idx<ci->ci_ad_num; idx++) {
BerVarray vals = NULL;
/* Extract the values of the desired attribute from
* the ancestor entry */
rc = backend_attribute( op, NULL, &ci->ci_dn,
ci->ci_ad[idx], &vals, ACL_READ );
/* If there are any values, merge them into the
* current search result
*/
if ( vals ) {
attr_merge( rs->sr_entry, ci->ci_ad[idx],
vals, NULL );
ber_bvarray_free_x( vals, op->o_tmpmemctx );
}
}
}
}
/* Default is to just fall through to the normal processing */
return SLAP_CB_CONTINUE;
}示例3: rdnval_op_rename
static int
rdnval_op_rename( Operation *op, SlapReply *rs )
{
Modifications *ml, **mlp;
int numvals = 0;
BerVarray vals = NULL, nvals = NULL;
struct berval old;
int rc;
dnRdn( &op->o_req_dn, &old );
if ( dn_match( &old, &op->orr_newrdn ) ) {
dnRdn( &op->o_req_ndn, &old );
if ( dn_match( &old, &op->orr_nnewrdn ) ) {
return SLAP_CB_CONTINUE;
}
}
rc = rdnval_rdn2vals( op, rs, &op->orr_newrdn, &op->orr_nnewrdn,
&vals, &nvals, &numvals );
if ( rc != LDAP_SUCCESS ) {
send_ldap_result( op, rs );
}
ml = SLAP_CALLOC( sizeof( Modifications ), 1 );
ml->sml_values = vals;
ml->sml_nvalues = nvals;
ml->sml_numvals = numvals;
ml->sml_op = LDAP_MOD_REPLACE;
ml->sml_flags = SLAP_MOD_INTERNAL;
ml->sml_desc = ad_rdnValue;
ml->sml_type = ad_rdnValue->ad_cname;
for ( mlp = &op->orr_modlist; *mlp != NULL; mlp = &(*mlp)->sml_next )
/* goto tail */ ;
*mlp = ml;
return SLAP_CB_CONTINUE;
}示例4: sasl_sc_smatch
static int sasl_sc_smatch( BackendDB *be, Connection *conn, Operation *o,
Entry *e, AttributeName *an, int ao, LDAPControl **c)
{
smatch_info *sm = o->o_callback->sc_private;
if (dn_match(sm->dn, &e->e_nname)) {
sm->match = 1;
return -1; /* short-circuit the search */
}
return 1;
}示例5: usn_operational
static int
usn_operational(
Operation *op,
SlapReply *rs )
{
slap_overinst *on = (slap_overinst *)op->o_bd->bd_info;
usn_info_t *ui = (usn_info_t *)on->on_bi.bi_private;
if ( rs->sr_entry &&
dn_match( &rs->sr_entry->e_nname, op->o_bd->be_nsuffix )) {
if ( SLAP_OPATTRS( rs->sr_attr_flags ) ||
ad_inlist( ad_usnChanged, rs->sr_attrs )) {
Attribute *a, **ap = NULL;
char intbuf[64];
struct berval bv;
int my_usn;
for ( a=rs->sr_entry->e_attrs; a; a=a->a_next ) {
if ( a->a_desc == ad_usnChanged )
break;
}
if ( !a ) {
for ( ap = &rs->sr_operational_attrs; *ap;
ap=&(*ap)->a_next );
a = attr_alloc( ad_usnChanged );
*ap = a;
}
if ( !ap ) {
if ( rs_entry2modifiable( op,rs, on )) {
a = attr_find( rs->sr_entry->e_attrs,
ad_usnChanged );
}
ber_bvarray_free( a->a_vals );
a->a_vals = NULL;
a->a_numvals = 0;
}
ldap_pvt_thread_mutex_lock( &ui->ui_mutex );
my_usn = ui->ui_current;
ldap_pvt_thread_mutex_unlock( &ui->ui_mutex );
bv.bv_len = snprintf( intbuf, sizeof(intbuf), "%d", my_usn );
bv.bv_val = intbuf;
attr_valadd( a, &bv, NULL, 1 );
}
}
return SLAP_CB_CONTINUE;
}示例6: collect_modify
static int
collect_modify( Operation *op, SlapReply *rs)
{
slap_overinst *on = (slap_overinst *) op->o_bd->bd_info;
collect_info *ci = on->on_bi.bi_private;
Modifications *ml;
char errMsg[100];
int idx;
for ( ml = op->orm_modlist; ml != NULL; ml = ml->sml_next) {
for (; ci; ci=ci->ci_next ) {
/* Is this entry an ancestor of this collectinfo ? */
if (!dnIsSuffix(&op->o_req_ndn, &ci->ci_dn)) {
/* this collectinfo does not match */
continue;
}
/* Is this entry the same as the template DN ? */
if ( dn_match(&op->o_req_ndn, &ci->ci_dn)) {
/* all changes in this ci are allowed */
continue;
}
/* check for collect attributes - disallow modify if present */
for(idx=0; idx<ci->ci_ad_num; idx++) {
if (ml->sml_desc == ci->ci_ad[idx]) {
rs->sr_err = LDAP_UNWILLING_TO_PERFORM;
snprintf( errMsg, sizeof( errMsg ),
"cannot change virtual attribute '%s'",
ci->ci_ad[idx]->ad_cname.bv_val);
rs->sr_text = errMsg;
send_ldap_result( op, rs );
return rs->sr_err;
}
}
}
}
return SLAP_CB_CONTINUE;
}示例7: meta_back_bind
//.........这里部分代码省略.........
BER_BVZERO( &msc->msc_cred );
}
continue;
}
(void)meta_back_proxy_authz_bind( mc, i, op, rs, LDAP_BACK_DONTSEND, 1 );
lerr = rs->sr_err;
} else {
lerr = meta_back_single_bind( op, rs, mc, i );
}
if ( lerr != LDAP_SUCCESS ) {
rc = rs->sr_err = lerr;
/* FIXME: in some cases (e.g. unavailable)
* do not assume it's not candidate; rather
* mark this as an error to be eventually
* reported to client */
META_CANDIDATE_CLEAR( &candidates[ i ] );
break;
}
}
/* must re-insert if local DN changed as result of bind */
if ( rc == LDAP_SUCCESS ) {
if ( isroot ) {
mc->mc_authz_target = META_BOUND_ALL;
}
if ( !LDAP_BACK_PCONN_ISPRIV( mc )
&& !dn_match( &op->o_req_ndn, &mc->mc_local_ndn ) )
{
int lerr;
/* wait for all other ops to release the connection */
ldap_pvt_thread_mutex_lock( &mi->mi_conninfo.lai_mutex );
assert( mc->mc_refcnt == 1 );
#if META_BACK_PRINT_CONNTREE > 0
meta_back_print_conntree( mi, ">>> meta_back_bind" );
#endif /* META_BACK_PRINT_CONNTREE */
/* delete all cached connections with the current connection */
if ( LDAP_BACK_SINGLECONN( mi ) ) {
metaconn_t *tmpmc;
while ( ( tmpmc = avl_delete( &mi->mi_conninfo.lai_tree, (caddr_t)mc, meta_back_conn_cmp ) ) != NULL )
{
assert( !LDAP_BACK_PCONN_ISPRIV( mc ) );
Debug( LDAP_DEBUG_TRACE,
"=>meta_back_bind: destroying conn %lu (refcnt=%u)\n",
mc->mc_conn->c_connid, mc->mc_refcnt );
if ( tmpmc->mc_refcnt != 0 ) {
/* taint it */
LDAP_BACK_CONN_TAINTED_SET( tmpmc );
} else {
/*
* Needs a test because the handler may be corrupted,
* and calling ldap_unbind on a corrupted header results
* in a segmentation fault
*/
meta_back_conn_free( tmpmc );示例8: slapi_over_acl_group
static int
slapi_over_acl_group(
Operation *op,
Entry *target,
struct berval *gr_ndn,
struct berval *op_ndn,
ObjectClass *group_oc,
AttributeDescription *group_at )
{
Slapi_Entry *e;
int rc;
Slapi_PBlock *pb;
BackendDB *be = op->o_bd;
GroupAssertion *g;
SlapReply rs = { REP_RESULT };
op->o_bd = select_backend( gr_ndn, 0 );
for ( g = op->o_groups; g; g = g->ga_next ) {
if ( g->ga_be != op->o_bd || g->ga_oc != group_oc ||
g->ga_at != group_at || g->ga_len != gr_ndn->bv_len )
{
continue;
}
if ( strcmp( g->ga_ndn, gr_ndn->bv_val ) == 0 ) {
break;
}
}
if ( g != NULL ) {
rc = g->ga_res;
goto done;
}
if ( target != NULL && dn_match( &target->e_nname, gr_ndn ) ) {
e = target;
rc = 0;
} else {
rc = be_entry_get_rw( op, gr_ndn, group_oc, group_at, 0, &e );
}
if ( e != NULL ) {
int internal_op;
slap_callback cb;
internal_op = slapi_op_internal_p( op, &rs, &cb );
cb.sc_response = NULL;
cb.sc_cleanup = NULL;
pb = SLAPI_OPERATION_PBLOCK( op );
slapi_pblock_set( pb, SLAPI_X_GROUP_ENTRY, (void *)e );
slapi_pblock_set( pb, SLAPI_X_GROUP_OPERATION_DN, (void *)op_ndn->bv_val );
slapi_pblock_set( pb, SLAPI_X_GROUP_ATTRIBUTE, (void *)group_at->ad_cname.bv_val );
slapi_pblock_set( pb, SLAPI_X_GROUP_TARGET_ENTRY, (void *)target );
rc = slapi_over_call_plugins( pb, SLAPI_X_PLUGIN_PRE_GROUP_FN );
if ( rc >= 0 ) /* 1 means no plugins called */
rc = SLAP_CB_CONTINUE;
else
rc = pb->pb_rs->sr_err;
slapi_pblock_delete_param( pb, SLAPI_X_GROUP_ENTRY );
slapi_pblock_delete_param( pb, SLAPI_X_GROUP_OPERATION_DN );
slapi_pblock_delete_param( pb, SLAPI_X_GROUP_ATTRIBUTE );
slapi_pblock_delete_param( pb, SLAPI_X_GROUP_TARGET_ENTRY );
if ( !internal_op )
slapi_pblock_destroy( pb );
if ( e != target ) {
be_entry_release_r( op, e );
}
op->o_callback = cb.sc_next;
} else {
rc = LDAP_NO_SUCH_OBJECT; /* return SLAP_CB_CONTINUE for correctness? */
}
if ( op->o_tag != LDAP_REQ_BIND && !op->o_do_not_cache &&
rc != SLAP_CB_CONTINUE ) {
g = op->o_tmpalloc( sizeof( GroupAssertion ) + gr_ndn->bv_len,
op->o_tmpmemctx );
g->ga_be = op->o_bd;
g->ga_oc = group_oc;
g->ga_at = group_at;
g->ga_res = rc;
g->ga_len = gr_ndn->bv_len;
strcpy( g->ga_ndn, gr_ndn->bv_val );
g->ga_next = op->o_groups;
op->o_groups = g;
}
/*
* XXX don't call POST_GROUP_FN, I have no idea what the point of
* that plugin function was anyway
*/
done:
op->o_bd = be;
return rc;
}示例9: pguid_op_add
static int
pguid_op_add( Operation *op, SlapReply *rs )
{
slap_overinst *on = (slap_overinst *)op->o_bd->bd_info;
struct berval pdn, pndn;
Entry *e = NULL;
Attribute *a;
int rc;
/* don't care about suffix entry */
if ( dn_match( &op->o_req_ndn, &op->o_bd->be_nsuffix[0] ) ) {
return SLAP_CB_CONTINUE;
}
dnParent( &op->o_req_dn, &pdn );
dnParent( &op->o_req_ndn, &pndn );
rc = overlay_entry_get_ov( op, &pndn, NULL, slap_schema.si_ad_entryUUID, 0, &e, on );
if ( rc != LDAP_SUCCESS || e == NULL ) {
Debug( LDAP_DEBUG_ANY, "%s: pguid_op_add: unable to get parent entry DN=\"%s\" (%d)\n",
op->o_log_prefix, pdn.bv_val, rc );
return SLAP_CB_CONTINUE;
}
a = attr_find( e->e_attrs, slap_schema.si_ad_entryUUID );
if ( a == NULL ) {
Debug( LDAP_DEBUG_ANY, "%s: pguid_op_add: unable to find entryUUID of parent entry DN=\"%s\" (%d)\n",
op->o_log_prefix, pdn.bv_val, rc );
} else {
assert( a->a_numvals == 1 );
if ( op->ora_e != NULL ) {
attr_merge_one( op->ora_e, ad_parentUUID, &a->a_vals[0], a->a_nvals == a->a_vals ? NULL : &a->a_nvals[0] );
} else {
Modifications *ml;
Modifications *mod;
assert( op->ora_modlist != NULL );
for ( ml = op->ora_modlist; ml != NULL; ml = ml->sml_next ) {
if ( ml->sml_mod.sm_desc == slap_schema.si_ad_entryUUID ) {
break;
}
}
if ( ml == NULL ) {
ml = op->ora_modlist;
}
mod = (Modifications *) ch_malloc( sizeof( Modifications ) );
mod->sml_flags = SLAP_MOD_INTERNAL;
mod->sml_op = LDAP_MOD_ADD;
mod->sml_desc = ad_parentUUID;
mod->sml_type = ad_parentUUID->ad_cname;
mod->sml_values = ch_malloc( sizeof( struct berval ) * 2 );
mod->sml_nvalues = NULL;
mod->sml_numvals = 1;
ber_dupbv( &mod->sml_values[0], &a->a_vals[0] );
BER_BVZERO( &mod->sml_values[1] );
mod->sml_next = ml->sml_next;
ml->sml_next = mod;
}
}
if ( e != NULL ) {
(void)overlay_entry_release_ov( op, e, 0, on );
}
return SLAP_CB_CONTINUE;
}示例10: aci_mask
//.........这里部分代码省略.........
/* otherwise require an identity */
if ( BER_BVISNULL( &op->o_ndn ) || BER_BVISEMPTY( &op->o_ndn ) ) {
return 0;
}
/* see if we have a users access */
if ( ber_bvcmp( &aci_bv[ ACI_BV_USERS ], &type ) == 0 ) {
return 1;
}
/* NOTE: this may fail if a DN contains a valid '#' (unescaped);
* just grab all the berval up to its end (ITS#3303).
* NOTE: the problem could be solved by providing the DN with
* the embedded '#' encoded as hexpairs: "cn=Foo#Bar" would
* become "cn=Foo\23Bar" and be safely used by aci_mask(). */
#if 0
if ( acl_get_part( aci, 4, '#', &sdn ) < 0 ) {
return 0;
}
#endif
sdn.bv_val = type.bv_val + type.bv_len + STRLENOF( "#" );
sdn.bv_len = aci->bv_len - ( sdn.bv_val - aci->bv_val );
/* get the type options, if any */
if ( acl_get_part( &type, 1, '/', &opts ) > 0 ) {
opts.bv_len = type.bv_len - ( opts.bv_val - type.bv_val );
type.bv_len = opts.bv_val - type.bv_val - 1;
} else {
BER_BVZERO( &opts );
}
if ( ber_bvcmp( &aci_bv[ ACI_BV_ACCESS_ID ], &type ) == 0 ) {
return dn_match( &op->o_ndn, &sdn );
} else if ( ber_bvcmp( &aci_bv[ ACI_BV_SUBTREE ], &type ) == 0 ) {
return dnIsSuffix( &op->o_ndn, &sdn );
} else if ( ber_bvcmp( &aci_bv[ ACI_BV_ONELEVEL ], &type ) == 0 ) {
struct berval pdn;
dnParent( &sdn, &pdn );
return dn_match( &op->o_ndn, &pdn );
} else if ( ber_bvcmp( &aci_bv[ ACI_BV_CHILDREN ], &type ) == 0 ) {
return ( !dn_match( &op->o_ndn, &sdn ) && dnIsSuffix( &op->o_ndn, &sdn ) );
} else if ( ber_bvcmp( &aci_bv[ ACI_BV_SELF ], &type ) == 0 ) {
return dn_match( &op->o_ndn, &e->e_nname );
} else if ( ber_bvcmp( &aci_bv[ ACI_BV_DNATTR ], &type ) == 0 ) {
Attribute *at;
AttributeDescription *ad = NULL;
const char *text;
rc = slap_bv2ad( &sdn, &ad, &text );
assert( rc == LDAP_SUCCESS );
rc = 0;
for ( at = attrs_find( e->e_attrs, ad );
at != NULL;
at = attrs_find( at->a_next, ad ) )
{
if ( attr_valfind( at,
SLAP_MR_ATTRIBUTE_VALUE_NORMALIZED_MATCH |示例11: retcode_op_func
static int
retcode_op_func( Operation *op, SlapReply *rs )
{
slap_overinst *on = (slap_overinst *)op->o_bd->bd_info;
retcode_t *rd = (retcode_t *)on->on_bi.bi_private;
retcode_item_t *rdi;
struct berval nrdn, npdn;
slap_callback *cb = NULL;
/* sleep as required */
retcode_sleep( rd->rd_sleep );
if ( !dnIsSuffix( &op->o_req_ndn, &rd->rd_npdn ) ) {
if ( RETCODE_INDIR( rd ) ) {
switch ( op->o_tag ) {
case LDAP_REQ_ADD:
return retcode_op_add( op, rs );
case LDAP_REQ_BIND:
/* skip if rootdn */
/* FIXME: better give the db a chance? */
if ( be_isroot_pw( op ) ) {
return LDAP_SUCCESS;
}
return retcode_op_internal( op, rs );
case LDAP_REQ_SEARCH:
if ( op->ors_scope == LDAP_SCOPE_BASE ) {
rs->sr_err = retcode_op_internal( op, rs );
switch ( rs->sr_err ) {
case SLAP_CB_CONTINUE:
if ( rs->sr_nentries == 0 ) {
break;
}
rs->sr_err = LDAP_SUCCESS;
/* fallthru */
default:
send_ldap_result( op, rs );
break;
}
return rs->sr_err;
}
break;
case LDAP_REQ_MODIFY:
case LDAP_REQ_DELETE:
case LDAP_REQ_MODRDN:
case LDAP_REQ_COMPARE:
return retcode_op_internal( op, rs );
}
}
return SLAP_CB_CONTINUE;
}
if ( op->o_tag == LDAP_REQ_SEARCH
&& op->ors_scope != LDAP_SCOPE_BASE
&& op->o_req_ndn.bv_len == rd->rd_npdn.bv_len )
{
return retcode_send_onelevel( op, rs );
}
dnParent( &op->o_req_ndn, &npdn );
if ( npdn.bv_len != rd->rd_npdn.bv_len ) {
rs->sr_err = LDAP_NO_SUCH_OBJECT;
rs->sr_matched = rd->rd_pdn.bv_val;
send_ldap_result( op, rs );
rs->sr_matched = NULL;
return rs->sr_err;
}
dnRdn( &op->o_req_ndn, &nrdn );
for ( rdi = rd->rd_item; rdi != NULL; rdi = rdi->rdi_next ) {
struct berval rdi_nrdn;
dnRdn( &rdi->rdi_ndn, &rdi_nrdn );
if ( dn_match( &nrdn, &rdi_nrdn ) ) {
break;
}
}
if ( rdi != NULL && rdi->rdi_mask != SN_DG_OP_ALL ) {
retcode_op_e o_tag = SN_DG_OP_NONE;
switch ( op->o_tag ) {
case LDAP_REQ_ADD:
o_tag = SN_DG_OP_ADD;
break;
case LDAP_REQ_BIND:
o_tag = SN_DG_OP_BIND;
break;
case LDAP_REQ_COMPARE:
o_tag = SN_DG_OP_COMPARE;
break;
//.........这里部分代码省略.........
示例12: monitor_subsys_time_update
static int
monitor_subsys_time_update(
Operation *op,
SlapReply *rs,
Entry *e )
{
monitor_info_t *mi = ( monitor_info_t * )op->o_bd->be_private;
static struct berval bv_current = BER_BVC( "cn=current" ),
bv_uptime = BER_BVC( "cn=uptime" );
struct berval rdn;
assert( mi != NULL );
assert( e != NULL );
dnRdn( &e->e_nname, &rdn );
if ( dn_match( &rdn, &bv_current ) ) {
struct tm tm;
char tmbuf[ LDAP_LUTIL_GENTIME_BUFSIZE ];
Attribute *a;
ber_len_t len;
time_t currtime;
currtime = slap_get_time();
ldap_pvt_gmtime( &currtime, &tm );
lutil_gentime( tmbuf, sizeof( tmbuf ), &tm );
len = strlen( tmbuf );
a = attr_find( e->e_attrs, mi->mi_ad_monitorTimestamp );
if ( a == NULL ) {
return rs->sr_err = LDAP_OTHER;
}
assert( len == a->a_vals[ 0 ].bv_len );
AC_MEMCPY( a->a_vals[ 0 ].bv_val, tmbuf, len );
/* FIXME: touch modifyTimestamp? */
} else if ( dn_match( &rdn, &bv_uptime ) ) {
Attribute *a;
double diff;
char buf[ BACKMONITOR_BUFSIZE ];
struct berval bv;
a = attr_find( e->e_attrs, mi->mi_ad_monitoredInfo );
if ( a == NULL ) {
return rs->sr_err = LDAP_OTHER;
}
diff = difftime( slap_get_time(), starttime );
bv.bv_len = snprintf( buf, sizeof( buf ), "%lu",
(unsigned long) diff );
bv.bv_val = buf;
ber_bvreplace( &a->a_vals[ 0 ], &bv );
if ( a->a_nvals != a->a_vals ) {
ber_bvreplace( &a->a_nvals[ 0 ], &bv );
}
/* FIXME: touch modifyTimestamp? */
}
return SLAP_CB_CONTINUE;
}示例13: slap_sasl_authorized
int slap_sasl_authorized( Connection *conn,
struct berval *authcDN, struct berval *authzDN )
{
int rc = LDAP_INAPPROPRIATE_AUTH;
/* User binding as anonymous */
if ( authzDN == NULL ) {
rc = LDAP_SUCCESS;
goto DONE;
}
#ifdef NEW_LOGGING
LDAP_LOG( TRANSPORT, ENTRY,
"slap_sasl_authorized: can %s become %s?\n",
authcDN->bv_val, authzDN->bv_val, 0 );
#else
Debug( LDAP_DEBUG_TRACE,
"==>slap_sasl_authorized: can %s become %s?\n",
authcDN->bv_val, authzDN->bv_val, 0 );
#endif
/* If person is authorizing to self, succeed */
if ( dn_match( authcDN, authzDN ) ) {
rc = LDAP_SUCCESS;
goto DONE;
}
/* Allow the manager to authorize as any DN. */
if( conn->c_authz_backend && be_isroot( conn->c_authz_backend, authcDN )) {
rc = LDAP_SUCCESS;
goto DONE;
}
/* Check source rules */
if( authz_policy & SASL_AUTHZ_TO ) {
rc = slap_sasl_check_authz( conn, authcDN, authzDN,
slap_schema.si_ad_saslAuthzTo, authcDN );
if( rc == LDAP_SUCCESS ) {
goto DONE;
}
}
/* Check destination rules */
if( authz_policy & SASL_AUTHZ_FROM ) {
rc = slap_sasl_check_authz( conn, authzDN, authcDN,
slap_schema.si_ad_saslAuthzFrom, authcDN );
if( rc == LDAP_SUCCESS ) {
goto DONE;
}
}
rc = LDAP_INAPPROPRIATE_AUTH;
DONE:
#ifdef NEW_LOGGING
LDAP_LOG( TRANSPORT, RESULTS, "slap_sasl_authorized: return %d\n", rc,0,0 );
#else
Debug( LDAP_DEBUG_TRACE,
"<== slap_sasl_authorized: return %d\n", rc, 0, 0 );
#endif
return( rc );
}示例14: pg_dynacl_mask
static int
pg_dynacl_mask(
void *priv,
Operation *op,
Entry *target,
AttributeDescription *desc,
struct berval *val,
int nmatch,
regmatch_t *matches,
slap_access_t *grant,
slap_access_t *deny )
{
pg_t *pg = (pg_t *)priv;
Entry *group = NULL,
*user = NULL;
int rc;
Backend *be = op->o_bd,
*group_be = NULL,
*user_be = NULL;
struct berval group_ndn;
ACL_INVALIDATE( *deny );
/* get user */
if ( target && dn_match( &target->e_nname, &op->o_ndn ) ) {
user = target;
rc = LDAP_SUCCESS;
} else {
user_be = op->o_bd = select_backend( &op->o_ndn, 0 );
if ( op->o_bd == NULL ) {
op->o_bd = be;
return 0;
}
rc = be_entry_get_rw( op, &op->o_ndn, pg_posixAccount, pg_uidNumber, 0, &user );
}
if ( rc != LDAP_SUCCESS || user == NULL ) {
op->o_bd = be;
return 0;
}
/* get target */
if ( pg->pg_style == ACL_STYLE_EXPAND ) {
char buf[ 1024 ];
struct berval bv;
AclRegexMatches amatches = { 0 };
amatches.dn_count = nmatch;
AC_MEMCPY( amatches.dn_data, matches, sizeof( amatches.dn_data ) );
bv.bv_len = sizeof( buf ) - 1;
bv.bv_val = buf;
if ( acl_string_expand( &bv, &pg->pg_pat,
&target->e_nname,
NULL, &amatches ) )
{
goto cleanup;
}
if ( dnNormalize( 0, NULL, NULL, &bv, &group_ndn,
op->o_tmpmemctx ) != LDAP_SUCCESS )
{
/* did not expand to a valid dn */
goto cleanup;
}
} else {
group_ndn = pg->pg_pat;
}
if ( target && dn_match( &target->e_nname, &group_ndn ) ) {
group = target;
rc = LDAP_SUCCESS;
} else {
group_be = op->o_bd = select_backend( &group_ndn, 0 );
if ( op->o_bd == NULL ) {
goto cleanup;
}
rc = be_entry_get_rw( op, &group_ndn, pg_posixGroup, pg_memberUid, 0, &group );
}
if ( group_ndn.bv_val != pg->pg_pat.bv_val ) {
op->o_tmpfree( group_ndn.bv_val, op->o_tmpmemctx );
}
if ( rc == LDAP_SUCCESS && group != NULL ) {
Attribute *a_uid,
*a_member;
a_uid = attr_find( user->e_attrs, pg_uidNumber );
if ( !a_uid || !BER_BVISNULL( &a_uid->a_nvals[ 1 ] ) ) {
rc = LDAP_NO_SUCH_ATTRIBUTE;
} else {
a_member = attr_find( group->e_attrs, pg_memberUid );
if ( !a_member ) {
rc = LDAP_NO_SUCH_ATTRIBUTE;
//.........这里部分代码省略.........
示例15: autoca_op_response
static int
autoca_op_response(
Operation *op,
SlapReply *rs
)
{
slap_overinst *on = op->o_callback->sc_private;
autoca_info *ai = on->on_bi.bi_private;
Attribute *a;
int isusr = 0;
if (rs->sr_type != REP_SEARCH)
return SLAP_CB_CONTINUE;
/* If root or self */
if ( !be_isroot( op ) &&
!dn_match( &rs->sr_entry->e_nname, &op->o_ndn ))
return SLAP_CB_CONTINUE;
isusr = is_entry_objectclass( rs->sr_entry, ai->ai_usrclass, SLAP_OCF_CHECK_SUP );
if ( !isusr )
{
if (!is_entry_objectclass( rs->sr_entry, ai->ai_srvclass, SLAP_OCF_CHECK_SUP ))
return SLAP_CB_CONTINUE;
}
a = attr_find( rs->sr_entry->e_attrs, ad_usrPkey );
if ( !a )
{
Operation op2;
genargs args;
saveargs arg2;
myext extras[2];
int rc;
args.issuer_cert = ai->ai_cert;
args.issuer_pkey = ai->ai_pkey;
args.subjectDN = &rs->sr_entry->e_name;
args.more_exts = NULL;
if ( isusr )
{
args.cert_exts = usrExts;
args.keybits = ai->ai_usrkeybits;
args.days = ai->ai_usrdays;
a = attr_find( rs->sr_entry->e_attrs, ad_mail );
if ( a )
{
extras[0].name = "subjectAltName";
extras[1].name = NULL;
extras[0].value = op->o_tmpalloc( sizeof("email:") + a->a_vals[0].bv_len, op->o_tmpmemctx );
sprintf(extras[0].value, "email:%s", a->a_vals[0].bv_val);
args.more_exts = extras;
}
} else
{
args.cert_exts = srvExts;
args.keybits = ai->ai_srvkeybits;
args.days = ai->ai_srvdays;
if ( ad_ipaddr && (a = attr_find( rs->sr_entry->e_attrs, ad_ipaddr )))
{
extras[0].name = "subjectAltName";
extras[1].name = NULL;
extras[0].value = op->o_tmpalloc( sizeof("IP:") + a->a_vals[0].bv_len, op->o_tmpmemctx );
sprintf(extras[0].value, "IP:%s", a->a_vals[0].bv_val);
args.more_exts = extras;
}
}
rc = autoca_gencert( op, &args );
if ( rc )
return SLAP_CB_CONTINUE;
X509_free( args.newcert );
EVP_PKEY_free( args.newpkey );
if ( is_entry_objectclass( rs->sr_entry, oc_usrObj, 0 ))
arg2.oc = NULL;
else
arg2.oc = oc_usrObj;
if ( !( rs->sr_flags & REP_ENTRY_MODIFIABLE ))
{
Entry *e = entry_dup( rs->sr_entry );
rs_replace_entry( op, rs, on, e );
rs->sr_flags |= REP_ENTRY_MODIFIABLE | REP_ENTRY_MUSTBEFREED;
}
arg2.dercert = &args.dercert;
arg2.derpkey = &args.derpkey;
arg2.on = on;
arg2.dn = &rs->sr_entry->e_name;
arg2.ndn = &rs->sr_entry->e_nname;
arg2.isca = 0;
op2 = *op;
rc = autoca_savecert( &op2, &arg2 );
if ( !rc )
{
/* If this is our cert DN, configure it */
if ( dn_match( &rs->sr_entry->e_nname, &ai->ai_localndn ))
autoca_setlocal( &op2, &args.dercert, &args.derpkey );
attr_merge_one( rs->sr_entry, ad_usrCert, &args.dercert, NULL );
attr_merge_one( rs->sr_entry, ad_usrPkey, &args.derpkey, NULL );
}
op->o_tmpfree( args.dercert.bv_val, op->o_tmpmemctx );
op->o_tmpfree( args.derpkey.bv_val, op->o_tmpmemctx );
//.........这里部分代码省略.........