Author: nhosoi

Update of /cvs/dirsec/ldapserver/ldap/servers/plugins/chainingdb In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv6584/ldap/servers/plugins/chainingdb

Modified Files: cb_config.c cb_controls.c cb_instance.c Log Message: Resolves: #437525 Summary: GER: allow GER for non-existing entries Description: [slapd/charray.c] new: charray_merge_nodup -- merge 2 string arrays skipping the duplicates modified: charray_remove -- introduced "freeit" flag. If true, the removed string is freed. (The API is used only in chainingdb. The change is applied to the plugin.)

[slapd/opshared.c] modified: check OP_FLAG_GET_EFFECTIVE_RIGHTS in the iterate to support "@<objectclass>". It's needed to do at the location since we have to call acl plugin even when no entries are returned from the search. If no entries are returned and "@<objectclass>" is found in the attribute list, acl effective rights code generates the corresponding template entry.

[slapd/pblock.c] place to store gerattrs is added (SLAPI_SEARCH_GERATTRS), where gerattrs is an array of strings which store "...@<objectclass>".

[slapd/result.c] moved OP_FLAG_GET_EFFECTIVE_RIGHTS checking to iterate (opshared.c)

[slapd/schema.c] new: slapi_schema_list_objectclass_attributes -- return the required and/or allowed attributes belonging to the given objectclass. This is used to support "*" and "+" in the get effective rights. new: slapi_schema_get_superior_name -- return the superior objectclass name of the given objectclass.

[slapd/search.c] if "<attr>@<objectclass>" is found in the attribute list, cut the <attr> part out and added to the attrs array (pblock SLAPI_SEARCH_ATTRS) and store the original string to the gerattrs (pblock SLAPI_SEARCH_GERATTRS).

[plugin/acl/acleffectiverights.c] modified: _ger_g_permission_granted -- if the requester and the subject user are identical, give "g" permission modified: _ger_parse_control -- replaced strcpy with memmove since strcpy does not guarantee the result of the overlap copy. modified: _ger_get_attrs_rights -- support "*" (all attributes belonging to the object) and "+" (operational attributes). If repeated attributes are found in the given attribute list, they are reduced to one. new: _ger_generate_template_entry -- generate a template entry if "@<objectclass>" is passed.

[pluginc/cb/*] adjusted to the updated charray_remove.

Please see also this wiki page for the overview and test cases. http://directory.fedoraproject.org/wiki/Get_Effective_Rights_for_non-present...

Index: cb_config.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/plugins/chainingdb/cb_config.c,v retrieving revision 1.6 retrieving revision 1.7 diff -u -r1.6 -r1.7 --- cb_config.c 10 Nov 2006 23:44:50 -0000 1.6 +++ cb_config.c 27 Jun 2008 19:28:22 -0000 1.7 @@ -477,7 +477,8 @@ } else if ( (mods[i]->mod_op & ~LDAP_MOD_BVALUES) == LDAP_MOD_DELETE) { charray_remove(cb->config.chaining_components, - slapi_dn_normalize(slapi_ch_strdup(config_attr_value))); + slapi_dn_normalize(slapi_ch_strdup(config_attr_value)), + 0 /* freeit */); } } if (NULL == mods[i]->mod_bvalues) { @@ -513,7 +514,8 @@ if ( (mods[i]->mod_op & ~LDAP_MOD_BVALUES) == LDAP_MOD_DELETE) { charray_remove(cb->config.chainable_components, slapi_dn_normalize(slapi_ch_strdup(config_attr_value) -)); +), + 0 /* freeit */); } } if (NULL == mods[i]->mod_bvalues) {

Index: cb_controls.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/plugins/chainingdb/cb_controls.c,v retrieving revision 1.8 retrieving revision 1.9 diff -u -r1.8 -r1.9 --- cb_controls.c 10 Nov 2006 23:44:50 -0000 1.8 +++ cb_controls.c 27 Jun 2008 19:28:22 -0000 1.9 @@ -91,7 +91,7 @@ return; } if ( controlops == 0 ) { - charray_remove(cb->config.forward_ctrls,controloid); + charray_remove(cb->config.forward_ctrls,controloid,0/* free it */); } PR_RWLock_Unlock(cb->config.rwl_config_lock); }

Index: cb_instance.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/plugins/chainingdb/cb_instance.c,v retrieving revision 1.8 retrieving revision 1.9 diff -u -r1.8 -r1.9 --- cb_instance.c 18 Oct 2007 00:08:28 -0000 1.8 +++ cb_instance.c 27 Jun 2008 19:28:22 -0000 1.9 @@ -392,7 +392,8 @@ } else if ( (mods[i]->mod_op & ~LDAP_MOD_BVALUES) == LDAP_MOD_DELETE) { charray_remove(inst->illegal_attributes, - slapi_ch_strdup(config_attr_value)); + slapi_ch_strdup(config_attr_value), + 0 /* freeit */); } } if (NULL == mods[i]->mod_bvalues) { @@ -426,7 +427,8 @@ } else if ( (mods[i]->mod_op & ~LDAP_MOD_BVALUES) == LDAP_MOD_DELETE) { charray_remove(inst->chaining_components, - slapi_dn_normalize(slapi_ch_strdup(config_attr_value))); + slapi_dn_normalize(slapi_ch_strdup(config_attr_value)), + 0 /* freeit */); } } if (NULL == mods[i]->mod_bvalues) {