389-ds-base/ldap/servers/plugins/uiduniq/7bit.c

/** BEGIN COPYRIGHT BLOCK
 * Copyright (C) 2001 Sun Microsystems, Inc. Used by permission.
 * Copyright (C) 2005 Red Hat, Inc.
 * All rights reserved.
 *
 * License: GPL (version 3 or any later version).
 * See LICENSE for details.
 * END COPYRIGHT BLOCK **/

#ifdef HAVE_CONFIG_H
#include <config.h>
#endif

/*
 * 7bit.c
 *
 * Implements a directory server pre-operation plugin to test
 * attributes for 7 bit clean within a defined subtree in the
 * directory.
 *
 */
#include <stdio.h>
#include <slapi-plugin.h>
#include <slapi-private.h>
#include <string.h>

/* DBDB this should be pulled from a common header file */
#if defined(LDAP_ERROR_LOGGING) && !defined(DEBUG)
#define DEBUG
#endif

/*
 * ISSUES:
 *   How should this plugin handle ACL issues?  It seems wrong to reject
 *   adds and modifies because there is already a conflicting UID, when
 *   the request would have failed because of an ACL check anyway.
 *
 *   This code currently defines a maximum filter string size of 512.  Is
 *   this large enough?
 *
 *   This code currently does not quote the value portion of the filter as
 *   it is created.  This is a bug.
 */

/* */
#define BEGIN do {
#define END   \
    }         \
    while (0) \
        ;

/*
 * Slapi plugin descriptor
 */
static char *plugin_name = "NS7bitAttr";
static Slapi_PluginDesc
    pluginDesc = {"NS7bitAttr", VENDOR, DS_PACKAGE_VERSION,
                  "Enforce  7-bit clean attribute values"};


/*
 * More information about constraint failure
 */
static char *moreInfo =
    "The value is not 7-bit clean: ";

/* ------------------------------------------------------------ */
/*
 * op_error - Record (and report) an operational error.
 */
static int
op_error(int internal_error)
{
    slapi_log_err(SLAPI_LOG_PLUGIN, plugin_name,
                  "op_error - %d\n", internal_error);

    return LDAP_OPERATIONS_ERROR;
}

static void
issue_error(Slapi_PBlock *pb, int result, char *type, char *value)
{
    char *moreinfop;

    slapi_log_err(SLAPI_LOG_PLUGIN, plugin_name,
                  "issue_error - %s result %d\n", type, result);

    if (value == NULL) {
        value = "unknown";
    }
    moreinfop = slapi_ch_smprintf("%s%s", moreInfo, value);

    /* Send failure to the client */
    slapi_send_ldap_result(pb, result, 0, moreinfop, 0, 0);
    slapi_ch_free((void **)&moreinfop);

    return;
}


/*
 * Check 'value' for 7-bit cleanliness.
 */
static int
bit_check_one_berval(const struct berval *value, char **violated)
{
    int result;
    char *ch;
    int i;

#ifdef DEBUG
    slapi_log_err(SLAPI_LOG_PLUGIN, plugin_name, "bit_check_one_berval - 7-bit checking begin\n");
#endif

    result = LDAP_SUCCESS;
    /* If no value, can't possibly be a conflict */
    if ((struct berval *)NULL == value)
        return result;

    for (i = 0, ch = value->bv_val; ch && i < (int)(value->bv_len);
         ch++, i++) {

        if ((0x80 & *ch) != 0) {
            result = LDAP_CONSTRAINT_VIOLATION;
            *violated = value->bv_val;
            break;
        }
    }

    return result;
}


/*
 * Check a set of values for 7-bit cleanliness.
 *
 * If 'attr' is NULL, the values are taken from 'values'.
 * If 'attr' is non-NULL, the values are taken from 'attr'.
 */
static int
bit_check(Slapi_Attr *attr, struct berval **values, char **violated)
{
    int result = LDAP_SUCCESS;
    *violated = NULL;

    /* If no values, can't possibly be a conflict */
    if ((Slapi_Attr *)NULL == attr && (struct berval **)NULL == values)
        return result;

    if ((Slapi_Attr *)NULL != attr) {
        Slapi_Value *v = NULL;
        int vhint = -1;

        for (vhint = slapi_attr_first_value(attr, &v);
             vhint != -1 && LDAP_SUCCESS == result;
             vhint = slapi_attr_next_value(attr, vhint, &v)) {
            result = bit_check_one_berval(slapi_value_get_berval(v), violated);
        }
    } else {
        for (; *values != NULL && LDAP_SUCCESS == result; values++) {
            result = bit_check_one_berval(*values, violated);
        }
    }

#ifdef DEBUG
    slapi_log_err(SLAPI_LOG_PLUGIN, plugin_name,
                  "bit_check - 7 bit check result = %d\n", result);
#endif

    return result;
}


/* ------------------------------------------------------------ */
/*
 * preop_add - pre-operation plug-in for add
 */
static int
preop_add(Slapi_PBlock *pb)
{
    int result;
    char *violated = NULL;
    char *pwd = NULL;
    char *origpwd = NULL;
#ifdef DEBUG
    slapi_log_err(SLAPI_LOG_PLUGIN, plugin_name, "preop_add - ADD begin\n");
#endif

    result = LDAP_SUCCESS;

    /*
   * Do constraint check on the added entry.  Set result.
   */
    BEGIN
    int err;
    int argc;
    char **argv;
    char **attrName;
    const char *dn;
    Slapi_DN *sdn = NULL;
    Slapi_Entry *e;
    char **firstSubtree;
    char **subtreeDN;
    int subtreeCnt;
    int is_replicated_operation;
    struct berval *vals[2];
    struct berval val;
    vals[0] = &val;
    vals[1] = NULL;
    /*
     * Get the arguments
     */
    err = slapi_pblock_get(pb, SLAPI_PLUGIN_ARGC, &argc);
    if (err) {
        result = op_error(53);
        break;
    }

    err = slapi_pblock_get(pb, SLAPI_PLUGIN_ARGV, &argv);
    if (err) {
        result = op_error(54);
        break;
    }

    /*
     * If this is a replication update, just be a noop.
     */
    err = slapi_pblock_get(pb, SLAPI_IS_REPLICATED_OPERATION, &is_replicated_operation);
    if (err) {
        result = op_error(56);
        break;
    }
    if (is_replicated_operation) {
        break;
    }

    /*
     * Get the target DN for this add operation
     */
    err = slapi_pblock_get(pb, SLAPI_ADD_TARGET_SDN, &sdn);
    if (err) {
        result = op_error(50);
        break;
    }

    dn = slapi_sdn_get_dn(sdn);

#ifdef DEBUG
    slapi_log_err(SLAPI_LOG_PLUGIN, plugin_name, "preop_add - ADD target=%s\n", dn);
#endif

    /*
     * Get the entry data for this add. Check whether it
     * contains a value for the unique attribute
     */
    err = slapi_pblock_get(pb, SLAPI_ADD_ENTRY, &e);
    if (err) {
        result = op_error(51);
        break;
    }

    for (firstSubtree = argv; strcmp(*firstSubtree, ",") != 0;
         firstSubtree++, argc--) {
    }
    firstSubtree++;
    argc--;

    for (attrName = argv; attrName && *attrName && strcmp(*attrName, ","); attrName++) {
        /*
       * if the attribute is userpassword, check unhashed user password
       * instead.  "userpassword" is encoded; it will always pass the 7bit
       * check.
       */
        char *attr_name = NULL;
        Slapi_Attr *attr = NULL;
        if (strcasecmp(*attrName, "userpassword") == 0) {
            origpwd = pwd = slapi_get_first_clear_text_pw(e);
            if (pwd == NULL) {
                continue;
            }
            val.bv_val = pwd;
            val.bv_len = strlen(val.bv_val);
        } else {
            attr_name = *attrName;
            err = slapi_entry_attr_find(e, attr_name, &attr);
            if (err)
                continue; /* break;*/ /* no 7-bit attribute */
        }

        /*
       * For each DN in the managed list, do 7-bit checking if
       * the target DN is a subnode in the tree.
       */
        for (subtreeDN = firstSubtree, subtreeCnt = argc; subtreeCnt > 0;
             subtreeCnt--, subtreeDN++) {
            /*
         * issuffix determines whether the target is under the
         * subtree *subtreeDN
         */
            if (slapi_dn_issuffix(dn, *subtreeDN)) {
#ifdef DEBUG
                slapi_log_err(SLAPI_LOG_PLUGIN, plugin_name,
                              "preop_add - ADD subtree=%s\n", *subtreeDN);
#endif

                /*
           * Check if the value is 7-bit clean
           */
                if (pwd) {
                    result = bit_check(attr, vals, &violated);
                    if (!result)
                        pwd = NULL;
                } else
                    result = bit_check(attr, NULL, &violated);
                if (result)
                    break;
            }
        }
        /* don't have to go on if there is a value not 7-bit clean */
        if (result)
            break;
    }
    END

        if (result)
    {
        issue_error(pb, result, "ADD", violated);
    }
    slapi_ch_free_string(&origpwd);
    return (result == LDAP_SUCCESS) ? 0 : -1;
}

static void
addMod(LDAPMod ***modary, int *capacity, int *nmods, LDAPMod *toadd)
{
    if (*nmods == *capacity) {
        *capacity += 4;
        if (*modary) {
            *modary = (LDAPMod **)slapi_ch_realloc((char *)*modary, *capacity * sizeof(LDAPMod *));
        } else {
            *modary = (LDAPMod **)slapi_ch_malloc(*capacity * sizeof(LDAPMod *));
        }
    }
    (*modary)[*nmods] = toadd;
    (*nmods)++;
}

/* ------------------------------------------------------------ */
/*
 * preop_modify - pre-operation plug-in for modify
 */
static int
preop_modify(Slapi_PBlock *pb)
{
    int result;
    char *violated = NULL;
    LDAPMod **checkmods = NULL; /* holds mods to check */
    int checkmodsCapacity = 0;  /* max capacity of checkmods */

#ifdef DEBUG
    slapi_log_err(SLAPI_LOG_PLUGIN, plugin_name,
                  "preop_modify - MODIFY begin\n");
#endif

    result = LDAP_SUCCESS;

    BEGIN
    int err;
    int argc;
    char **argv;
    char **attrName;
    LDAPMod **mods;
    LDAPMod **firstMods;
    LDAPMod *mod;
    const char *target;
    Slapi_DN *target_sdn = NULL;
    char **firstSubtree;
    char **subtreeDN;
    int subtreeCnt;
    int is_replicated_operation;

    /*
     * Get the arguments
     */
    err = slapi_pblock_get(pb, SLAPI_PLUGIN_ARGC, &argc);
    if (err) {
        result = op_error(13);
        break;
    }

    err = slapi_pblock_get(pb, SLAPI_PLUGIN_ARGV, &argv);
    if (err) {
        result = op_error(14);
        break;
    }

    /*
     * If this is a replication update, just be a noop.
     */
    err = slapi_pblock_get(pb, SLAPI_IS_REPLICATED_OPERATION, &is_replicated_operation);
    if (err) {
        result = op_error(16);
        break;
    }
    if (is_replicated_operation) {
        break;
    }

    err = slapi_pblock_get(pb, SLAPI_MODIFY_MODS, &firstMods);
    if (err) {
        result = op_error(10);
        break;
    }

    /* Get the target DN */
    err = slapi_pblock_get(pb, SLAPI_MODIFY_TARGET_SDN, &target_sdn);
    if (err) {
        result = op_error(11);
        break;
    }

    target = slapi_sdn_get_dn(target_sdn);
    /*
     * Look for managed trees that include the target
     * Arguments before "," are the 7-bit clean attribute names.  Arguemnts
     * after "," are subtreeDN's.
     */
    for (firstSubtree = argv; strcmp(*firstSubtree, ",") != 0;
         firstSubtree++, argc--) {
    }
    firstSubtree++;
    argc--;

    for (attrName = argv; strcmp(*attrName, ",") != 0; attrName++) {
        int modcount = 0;
        int ii = 0;

        /*
       * if the attribute is userpassword, check unhashed#user#password
       * instead.  "userpassword" is encoded; it will always pass the 7bit
       * check.
       */
        char *attr_name;
        if (strcasecmp(*attrName, "userpassword") == 0) {
            attr_name = "unhashed#user#password";
        } else {
            attr_name = *attrName;
        }

        /* There may be more than one mod that matches e.g.
     changetype: modify
     delete: uid
     uid: balster1950
     -
     add: uid
     uid: scottg

     So, we need to first find all mods that contain the attribute
     which are add or replace ops and are bvalue encoded
      */
        /* find out how many mods meet this criteria */
        for (mods = firstMods; mods && *mods; mods++) {
            mod = *mods;
            if ((slapi_attr_type_cmp(mod->mod_type, attr_name, 1) == 0) && /* mod contains target attr */
                (mod->mod_op & LDAP_MOD_BVALUES) &&                        /* mod is bval encoded (not string val) */
                (mod->mod_bvalues && mod->mod_bvalues[0]) &&               /* mod actually contains some values */
                (SLAPI_IS_MOD_ADD(mod->mod_op) ||                          /* mod is add */
                 SLAPI_IS_MOD_REPLACE(mod->mod_op)))                       /* mod is replace */
            {
                addMod(&checkmods, &checkmodsCapacity, &modcount, mod);
            }
        }
        if (modcount == 0) {
            continue; /* no mods to check, go to next attr */
        }

        /*
       * stop checking at first mod that fails the check
       */
        for (ii = 0; (result == 0) && (ii < modcount); ++ii) {
            mod = checkmods[ii];
            /*
     * For each DN in the managed list, do 7-bit checking if
     * the target DN is a subnode in the tree.
     */
            for (subtreeDN = firstSubtree, subtreeCnt = argc; subtreeCnt > 0;
                 subtreeCnt--, subtreeDN++) {
                /*
       * issuffix determines whether the target is under the
       * subtree *subtreeDN
       */
                if (slapi_dn_issuffix(target, *subtreeDN)) {
#ifdef DEBUG
                    slapi_log_err(SLAPI_LOG_PLUGIN, plugin_name,
                                  "preop_modify - MODIFY subtree=%s\n", *subtreeDN);
#endif
                    /*
         * Check if the value is 7-bit clean
         */
                    result = bit_check(NULL, mod->mod_bvalues, &violated);
                    if (result)
                        break;
                }
            }
        }
        /* don't have to go on if there is a value not 7-bit clean */
        if (result)
            break;
    }
    END

    slapi_ch_free((void **)&checkmods);
    if (result) {
        issue_error(pb, result, "MODIFY", violated);
    }

    return (result == LDAP_SUCCESS) ? 0 : -1;
}

/* ------------------------------------------------------------ */
/*
 * preop_modrdn - Pre-operation call for modify RDN
 *
 * Check that the new RDN does not include attributes that
 * cause a constraint violation
 */
static int
preop_modrdn(Slapi_PBlock *pb)
{
    int result;
    Slapi_Entry *e;
    char *violated = NULL;

#ifdef DEBUG
    slapi_log_err(SLAPI_LOG_PLUGIN, plugin_name,
                  "preop_modrdn - MODRDN begin\n");
#endif

    /* Init */
    result = LDAP_SUCCESS;
    e = 0;

    BEGIN
    int err;
    int argc;
    char **argv;
    char **attrName;
    Slapi_DN *target_sdn = NULL;
    Slapi_DN *superior = NULL;
    char *rdn;
    Slapi_Attr *attr;
    char **firstSubtree;
    char **subtreeDN;
    int subtreeCnt;
    int is_replicated_operation;

    /*
     * Get the arguments
     */
    err = slapi_pblock_get(pb, SLAPI_PLUGIN_ARGC, &argc);
    if (err) {
        result = op_error(30);
        break;
    }

    err = slapi_pblock_get(pb, SLAPI_PLUGIN_ARGV, &argv);
    if (err) {
        result = op_error(31);
        break;
    }

    /*
     * If this is a replication update, just be a noop.
     */
    err = slapi_pblock_get(pb, SLAPI_IS_REPLICATED_OPERATION, &is_replicated_operation);
    if (err) {
        result = op_error(16);
        break;
    }
    if (is_replicated_operation) {
        break;
    }

    /* Get the DN of the entry being renamed */
    err = slapi_pblock_get(pb, SLAPI_MODRDN_TARGET_SDN, &target_sdn);
    if (err) {
        result = op_error(22);
        break;
    }

    /* Get superior value - unimplemented in 3.0 DS */
    err = slapi_pblock_get(pb, SLAPI_MODRDN_NEWSUPERIOR_SDN, &superior);
    if (err) {
        result = op_error(20);
        break;
    }

    /*
     * No superior means the entry is just renamed at
     * its current level in the tree.  Use the target DN for
     * determining which managed tree this belongs to
     */
    if (!slapi_sdn_get_dn(superior))
        superior = target_sdn;

    /* Get the new RDN - this has the attribute values */
    err = slapi_pblock_get(pb, SLAPI_MODRDN_NEWRDN, &rdn);
    if (err) {
        result = op_error(33);
        break;
    }

#ifdef DEBUG
    slapi_log_err(SLAPI_LOG_PLUGIN, plugin_name,
                  "preop_modrdn - MODRDN newrdn=%s\n", rdn);
#endif

    /*
     * Parse the RDN into attributes by creating a "dummy" entry
     * and setting the attributes from the RDN.
     *
     * The new entry must be freed.
     */
    e = slapi_entry_alloc();
    if (!e) {
        result = op_error(32);
        break;
    }

    /* NOTE: strdup on the rdn, since it will be freed when
     * the entry is freed */
    /* slapi_entry_set_normdn expects rdn normalized, but not decapitalized */
    slapi_entry_set_normdn(e, slapi_ch_strdup(rdn));

    err = slapi_entry_add_rdn_values(e);
    if (err) {
        slapi_log_err(SLAPI_LOG_PLUGIN, plugin_name,
                      "preop_modrdn - MODRDN bad rdn value=%s\n", rdn);
        break; /* Bad DN */
    }

    /*
     * arguments before "," are the 7-bit clean attribute names.  Arguments
     * after "," are subtreeDN's.
     */
    for (firstSubtree = argv; strcmp(*firstSubtree, ",") != 0;
         firstSubtree++, argc--) {
    }
    firstSubtree++;
    argc--;

    /*
     * Find out if the node is being moved into one of
     * the managed subtrees
     */
    for (attrName = argv; strcmp(*attrName, ",") != 0; attrName++) {
        /*
       * If the attribute type is userpassword, do not replace it by
       * unhashed#user#password because unhashed#user#password does not exist
       * in this case.
       */
        /*
       * Find any 7-bit attribute data in the new RDN
       */
        err = slapi_entry_attr_find(e, *attrName, &attr);
        if (err)
            continue; /* break;*/ /* no 7-bit attribute */

        /*
       * For each DN in the managed list, do 7-bit checking if
       * the target DN is a subnode in the tree.
       */
        for (subtreeDN = firstSubtree, subtreeCnt = argc; subtreeCnt > 0;
             subtreeCnt--, subtreeDN++) {
            /*
         * issuffix determines whether the target is under the
         * subtree *subtreeDN
         */
            if (slapi_dn_issuffix(slapi_sdn_get_dn(superior), *subtreeDN)) {
#ifdef DEBUG
                slapi_log_err(SLAPI_LOG_PLUGIN, plugin_name,
                              "preop_modrdn - MODRDN subtree=%s\n", *subtreeDN);
#endif

                /*
           * Check if the value is 7-bit clean
           */
                result = bit_check(attr, NULL, &violated);
                if (result)
                    break;
            }
        }
        /* don't have to go on if there is a value not 7-bit clean */
        if (result) {
            /* WB we need to issue the error before we free slapi_entry, else we
         * are triggering a use after free because we free violated.
         */
            issue_error(pb, result, "MODRDN", violated);
            break;
        }
    }
    END

        /* Clean-up */
        if (e) slapi_entry_free(e);

    return (result == LDAP_SUCCESS) ? 0 : -1;
}

/* ------------------------------------------------------------ */
/*
 * Initialize the plugin
 *
 */
int
NS7bitAttr_Init(Slapi_PBlock *pb)
{
    int err = 0;
    Slapi_Entry *plugin_entry = NULL;
    char *plugin_type = NULL;
    int preadd = SLAPI_PLUGIN_PRE_ADD_FN;
    int premod = SLAPI_PLUGIN_PRE_MODIFY_FN;
    int premdn = SLAPI_PLUGIN_PRE_MODRDN_FN;

    BEGIN
    int attr_count = 0;
    int argc;
    char **argv;
    int valid_suffix = 0;

    /* Declare plugin version */
    err = slapi_pblock_set(pb, SLAPI_PLUGIN_VERSION,
                           SLAPI_PLUGIN_VERSION_01);
    if (err)
        break;

    if ((slapi_pblock_get(pb, SLAPI_PLUGIN_CONFIG_ENTRY, &plugin_entry) == 0) &&
        plugin_entry &&
        (plugin_type = slapi_entry_attr_get_charptr(plugin_entry, "nsslapd-plugintype")) &&
        plugin_type && strstr(plugin_type, "betxn")) {
        preadd = SLAPI_PLUGIN_BE_TXN_PRE_ADD_FN;
        premod = SLAPI_PLUGIN_BE_TXN_PRE_MODIFY_FN;
        premdn = SLAPI_PLUGIN_BE_TXN_PRE_MODRDN_FN;
    }
    slapi_ch_free_string(&plugin_type);

    /*
     * Get and normalize arguments
     */
    err = slapi_pblock_get(pb, SLAPI_PLUGIN_ARGC, &argc);
    if (err)
        break;

    err = slapi_pblock_get(pb, SLAPI_PLUGIN_ARGV, &argv);
    if (err)
        break;

    for (attr_count = 0; argv && argv[attr_count]; attr_count++) {
        slapi_log_err(SLAPI_LOG_PLUGIN, plugin_name, "NS7bitAttr_Init - %d: %s\n",
                      attr_count, argv[attr_count]);
    }
    /*
     * Arguments before "," are the 7-bit attribute names. Arguments after
     * "," are the subtree DN's.
     */
    if (argc < 1) {
        err = -2;
        break;
    } /* missing arguments */
    attr_count = 0;
    for (; *argv && strcmp(*argv, ",") != 0 && argc > 0; attr_count++, argc--, argv++)
        ;
    if (argc == 0) {
        err = -3;
        break;
    } /* no comma separator */
    if (attr_count == 0) {
        err = -4;
        break;
    } /* no attributes */
    argv++;
    argc--;
    if (argc == 0) {
        err = -5;
        break;
    } /* no suffix */
    for (; argc > 0; argc--, argv++) {
        err = slapi_dn_syntax_check(pb, *argv, 1);
        if (err) {
            slapi_log_err(SLAPI_LOG_ERR, plugin_name, "NS7bitAttr_Init - "
                                                      "Invalid suffix: %s\n",
                          *argv);
            continue;
        }
        if (!valid_suffix)
            valid_suffix = 1;
        char *normdn = slapi_create_dn_string_case("%s", *argv);
        slapi_ch_free_string(argv);
        *argv = normdn;
    }

    if (!valid_suffix) {
        err = -6;
        break;
    } /* Invalid suffix list */
    /* Provide descriptive information */
    err = slapi_pblock_set(pb, SLAPI_PLUGIN_DESCRIPTION,
                           (void *)&pluginDesc);
    if (err)
        break;

    /* Register functions */
    err = slapi_pblock_set(pb, preadd, (void *)preop_add);
    if (err)
        break;

    err = slapi_pblock_set(pb, premod, (void *)preop_modify);
    if (err)
        break;

    err = slapi_pblock_set(pb, premdn, (void *)preop_modrdn);
    if (err)
        break;

    END

        if (err)
    {
        if (err == -1) {
            slapi_log_err(SLAPI_LOG_PLUGIN, plugin_name, "NS7bitAttr_Init - Error: %d\n", err);
        } else if (err == -2) {
            slapi_log_err(SLAPI_LOG_ERR, plugin_name, "NS7bitAttr_Init - "
                                                      "Invalid plugin arguments - missing arguments\n");
        } else if (err == -3) {
            slapi_log_err(SLAPI_LOG_ERR, plugin_name, "NS7bitAttr_Init - "
                                                      "Invalid plugin arguments - missing \",\" separator argument\n");
        } else if (err == -4) {
            slapi_log_err(SLAPI_LOG_ERR, plugin_name, "NS7bitAttr_Init - "
                                                      "Invalid plugin arguments - missing attributes\n");
        } else if (err == -5) {
            slapi_log_err(SLAPI_LOG_ERR, plugin_name, "NS7bitAttr_Init - "
                                                      "Invalid plugin arguments - missing suffix\n");
        } else if (err == -6) {
            slapi_log_err(SLAPI_LOG_ERR, plugin_name, "NS7bitAttr_Init - "
                                                      "Invalid plugin arguments - Invalid suffix list\n");
        }

        err = -1;
    }
    else slapi_log_err(SLAPI_LOG_PLUGIN, plugin_name, "NS7bitAttr_Init - plugin loaded\n");

    return err;
}