3 * Copyright 1999-2002 The OpenLDAP Foundation.
6 * Redistribution and use in source and binary forms are permitted only
7 * as authorized by the OpenLDAP Public License. A copy of this
8 * license is available at http://www.OpenLDAP.org/license.html or
9 * in file LICENSE in the top-level directory of the distribution.
15 #include <ac/string.h>
16 #include <ac/socket.h>
20 #include "../../libraries/liblber/lber-int.h"
22 #define SLAP_CTRL_FRONTEND 0x80000000U
23 #define SLAP_CTRL_FRONTEND_SEARCH 0x01000000U /* for NOOP */
25 #define SLAP_CTRL_OPFLAGS 0x0000FFFFU
26 #define SLAP_CTRL_ABANDON 0x00000001U
27 #define SLAP_CTRL_ADD 0x00002002U
28 #define SLAP_CTRL_BIND 0x00000004U
29 #define SLAP_CTRL_COMPARE 0x00001008U
30 #define SLAP_CTRL_DELETE 0x00002010U
31 #define SLAP_CTRL_MODIFY 0x00002020U
32 #define SLAP_CTRL_RENAME 0x00002040U
33 #define SLAP_CTRL_SEARCH 0x00001080U
34 #define SLAP_CTRL_UNBIND 0x00000100U
36 #define SLAP_CTRL_INTROGATE (SLAP_CTRL_COMPARE|SLAP_CTRL_SEARCH)
37 #define SLAP_CTRL_UPDATE \
38 (SLAP_CTRL_ADD|SLAP_CTRL_DELETE|SLAP_CTRL_MODIFY|SLAP_CTRL_RENAME)
39 #define SLAP_CTRL_ACCESS (SLAP_CTRL_INTROGATE|SLAP_CTRL_UPDATE)
41 typedef int (SLAP_CTRL_PARSE_FN) LDAP_P((
47 static SLAP_CTRL_PARSE_FN parseManageDSAit;
48 static SLAP_CTRL_PARSE_FN parseSubentries;
49 static SLAP_CTRL_PARSE_FN parseNoOp;
50 static SLAP_CTRL_PARSE_FN parsePagedResults;
51 static SLAP_CTRL_PARSE_FN parseValuesReturnFilter;
53 #ifdef LDAP_CLIENT_UPDATE
54 static SLAP_CTRL_PARSE_FN parseClientUpdate;
55 #endif /* LDAP_CLIENT_UPDATE */
57 #undef sc_mask /* avoid conflict with Irix 6.5 <sys/signal.h> */
59 static struct slap_control {
62 char **sc_extendedops;
63 SLAP_CTRL_PARSE_FN *sc_parse;
65 } supportedControls[] = {
66 { LDAP_CONTROL_MANAGEDSAIT,
67 SLAP_CTRL_ACCESS, NULL,
69 #ifdef LDAP_CONTROL_SUBENTRIES
70 { LDAP_CONTROL_SUBENTRIES,
71 SLAP_CTRL_SEARCH, NULL,
74 #ifdef LDAP_CONTROL_NOOP
76 SLAP_CTRL_ACCESS, NULL,
79 #ifdef LDAP_CONTROL_PAGEDRESULTS_REQUEST
80 { LDAP_CONTROL_PAGEDRESULTS_REQUEST,
81 SLAP_CTRL_SEARCH, NULL,
84 #ifdef LDAP_CONTROL_VALUESRETURNFILTER
85 { LDAP_CONTROL_VALUESRETURNFILTER,
86 SLAP_CTRL_SEARCH, NULL,
87 parseValuesReturnFilter },
89 #ifdef LDAP_CLIENT_UPDATE
90 { LDAP_CONTROL_CLIENT_UPDATE,
91 SLAP_CTRL_SEARCH, NULL,
98 get_supported_ctrl(int index)
100 return supportedControls[index].sc_oid;
103 static struct slap_control *
104 find_ctrl( const char *oid )
107 for( i=0; supportedControls[i].sc_oid; i++ ) {
108 if( strcmp( oid, supportedControls[i].sc_oid ) == 0 ) {
109 return &supportedControls[i];
124 BerElement *ber = op->o_ber;
125 struct slap_control *sc;
126 int rc = LDAP_SUCCESS;
127 const char *errmsg = NULL;
129 #ifdef LDAP_CLIENT_UPDATE
130 op->o_clientupdatetype = -1;
133 len = ber_pvt_ber_remaining(ber);
141 if(( tag = ber_peek_tag( ber, &len )) != LDAP_TAG_CONTROLS ) {
142 if( tag == LBER_ERROR ) {
143 rc = SLAPD_DISCONNECT;
144 errmsg = "unexpected data in PDU";
151 LDAP_LOG( OPERATION, ENTRY, "get_ctrls: conn %lu\n", conn->c_connid, 0, 0 );
153 Debug( LDAP_DEBUG_TRACE, "=> get_ctrls\n", 0, 0, 0 );
155 if( op->o_protocol < LDAP_VERSION3 ) {
156 rc = SLAPD_DISCONNECT;
157 errmsg = "controls require LDAPv3";
161 /* one for first control, one for termination */
162 op->o_ctrls = ch_malloc( 2 * sizeof(LDAPControl *) );
165 if( op->ctrls == NULL ) {
167 errmsg = "no memory";
172 op->o_ctrls[nctrls] = NULL;
174 /* step through each element */
175 for( tag = ber_first_element( ber, &len, &opaque );
177 tag = ber_next_element( ber, &len, opaque ) )
180 LDAPControl **tctrls;
182 c = ch_calloc( 1, sizeof(LDAPControl) );
186 ldap_controls_free(op->o_ctrls);
190 errmsg = "no memory";
195 /* allocate pointer space for current controls (nctrls)
196 * + this control + extra NULL
198 tctrls = ch_realloc( op->o_ctrls,
199 (nctrls+2) * sizeof(LDAPControl *));
202 if( tctrls == NULL ) {
204 ldap_controls_free(op->o_ctrls);
208 errmsg = "no memory";
212 op->o_ctrls = tctrls;
214 op->o_ctrls[nctrls++] = c;
215 op->o_ctrls[nctrls] = NULL;
217 tag = ber_scanf( ber, "{a" /*}*/, &c->ldctl_oid );
219 if( tag == LBER_ERROR ) {
221 LDAP_LOG( OPERATION, INFO, "get_ctrls: conn %lu get OID failed.\n",
222 conn->c_connid, 0, 0 );
224 Debug( LDAP_DEBUG_TRACE, "=> get_ctrls: get oid failed.\n",
227 ldap_controls_free( op->o_ctrls );
229 rc = SLAPD_DISCONNECT;
230 errmsg = "decoding controls error";
234 tag = ber_peek_tag( ber, &len );
236 if( tag == LBER_BOOLEAN ) {
238 tag = ber_scanf( ber, "b", &crit );
240 if( tag == LBER_ERROR ) {
242 LDAP_LOG( OPERATION, INFO,
243 "get_ctrls: conn %lu get crit failed.\n",
244 conn->c_connid, 0, 0 );
246 Debug( LDAP_DEBUG_TRACE, "=> get_ctrls: get crit failed.\n",
249 ldap_controls_free( op->o_ctrls );
251 rc = SLAPD_DISCONNECT;
252 errmsg = "decoding controls error";
256 c->ldctl_iscritical = (crit != 0);
257 tag = ber_peek_tag( ber, &len );
260 if( tag == LBER_OCTETSTRING ) {
261 tag = ber_scanf( ber, "o", &c->ldctl_value );
263 if( tag == LBER_ERROR ) {
265 LDAP_LOG( OPERATION, INFO, "get_ctrls: conn %lu: "
266 "%s (%scritical): get value failed.\n",
267 conn->c_connid, c->ldctl_oid ? c->ldctl_oid : "(NULL)",
268 c->ldctl_iscritical ? "" : "non" );
270 Debug( LDAP_DEBUG_TRACE, "=> get_ctrls: conn %lu: "
271 "%s (%scritical): get value failed.\n",
273 c->ldctl_oid ? c->ldctl_oid : "(NULL)",
274 c->ldctl_iscritical ? "" : "non" );
276 ldap_controls_free( op->o_ctrls );
278 rc = SLAPD_DISCONNECT;
279 errmsg = "decoding controls error";
285 LDAP_LOG( OPERATION, INFO,
286 "get_ctrls: conn %lu oid=\"%s\" (%scritical)\n",
287 conn->c_connid, c->ldctl_oid ? c->ldctl_oid : "(NULL)",
288 c->ldctl_iscritical ? "" : "non" );
290 Debug( LDAP_DEBUG_TRACE, "=> get_ctrls: oid=\"%s\" (%scritical)\n",
291 c->ldctl_oid ? c->ldctl_oid : "(NULL)",
292 c->ldctl_iscritical ? "" : "non",
296 sc = find_ctrl( c->ldctl_oid );
298 /* recognized control */
300 switch( op->o_tag ) {
302 tagmask = SLAP_CTRL_ADD;
305 tagmask = SLAP_CTRL_BIND;
307 case LDAP_REQ_COMPARE:
308 tagmask = SLAP_CTRL_COMPARE;
310 case LDAP_REQ_DELETE:
311 tagmask = SLAP_CTRL_DELETE;
313 case LDAP_REQ_MODIFY:
314 tagmask = SLAP_CTRL_MODIFY;
316 case LDAP_REQ_RENAME:
317 tagmask = SLAP_CTRL_RENAME;
319 case LDAP_REQ_SEARCH:
320 tagmask = SLAP_CTRL_SEARCH;
322 case LDAP_REQ_UNBIND:
323 tagmask = SLAP_CTRL_UNBIND;
325 case LDAP_REQ_EXTENDED:
326 /* FIXME: check list of extended operations */
331 errmsg = "controls internal error";
335 if (( sc->sc_mask & tagmask ) == tagmask ) {
336 /* available extension */
338 if( !sc->sc_parse ) {
340 errmsg = "not yet implemented";
344 rc = sc->sc_parse( conn, op, c, &errmsg );
346 if( rc != LDAP_SUCCESS ) goto return_results;
348 if ( sc->sc_mask & SLAP_CTRL_FRONTEND ) {
349 /* kludge to disable backend_control() check */
350 c->ldctl_iscritical = 0;
352 } else if ( tagmask == SLAP_CTRL_SEARCH &&
353 sc->sc_mask & SLAP_CTRL_FRONTEND_SEARCH )
355 /* kludge to disable backend_control() check */
356 c->ldctl_iscritical = 0;
359 } else if( c->ldctl_iscritical ) {
360 /* unavailable CRITICAL control */
361 rc = LDAP_UNAVAILABLE_CRITICAL_EXTENSION;
362 errmsg = "critical extension is unavailable";
366 } else if( c->ldctl_iscritical ) {
367 /* unrecognized CRITICAL control */
368 rc = LDAP_UNAVAILABLE_CRITICAL_EXTENSION;
369 errmsg = "critical extension is not recognized";
376 LDAP_LOG( OPERATION, RESULTS,
377 "get_ctrls: n=%d rc=%d err=%s\n", nctrls, rc, errmsg ? errmsg : "" );
379 Debug( LDAP_DEBUG_TRACE, "<= get_ctrls: n=%d rc=%d err=%s\n",
380 nctrls, rc, errmsg ? errmsg : "");
383 if( sendres && rc != LDAP_SUCCESS ) {
384 if( rc == SLAPD_DISCONNECT ) {
385 send_ldap_disconnect( conn, op, LDAP_PROTOCOL_ERROR, errmsg );
387 send_ldap_result( conn, op, rc,
388 NULL, errmsg, NULL, NULL );
395 static int parseManageDSAit (
401 if ( op->o_managedsait != SLAP_NO_CONTROL ) {
402 *text = "manageDSAit control specified multiple times";
403 return LDAP_PROTOCOL_ERROR;
406 if ( ctrl->ldctl_value.bv_len ) {
407 *text = "manageDSAit control value not empty";
408 return LDAP_PROTOCOL_ERROR;
411 op->o_managedsait = ctrl->ldctl_iscritical
412 ? SLAP_CRITICAL_CONTROL
413 : SLAP_NONCRITICAL_CONTROL;
418 #ifdef LDAP_CONTROL_SUBENTRIES
419 static int parseSubentries (
425 if ( op->o_subentries != SLAP_NO_CONTROL ) {
426 *text = "subentries control specified multiple times";
427 return LDAP_PROTOCOL_ERROR;
430 /* FIXME: should use BER library */
431 if( ( ctrl->ldctl_value.bv_len != 3 )
432 && ( ctrl->ldctl_value.bv_val[0] != 0x01 )
433 && ( ctrl->ldctl_value.bv_val[1] != 0x01 ))
435 *text = "subentries control value encoding is bogus";
436 return LDAP_PROTOCOL_ERROR;
439 op->o_subentries = ctrl->ldctl_iscritical
440 ? SLAP_CRITICAL_CONTROL
441 : SLAP_NONCRITICAL_CONTROL;
443 op->o_subentries_visibility = (ctrl->ldctl_value.bv_val[2] != 0x00);
449 #ifdef LDAP_CONTROL_NOOP
450 static int parseNoOp (
456 if ( op->o_noop != SLAP_NO_CONTROL ) {
457 *text = "noop control specified multiple times";
458 return LDAP_PROTOCOL_ERROR;
461 if ( ctrl->ldctl_value.bv_len ) {
462 *text = "noop control value not empty";
463 return LDAP_PROTOCOL_ERROR;
466 op->o_noop = ctrl->ldctl_iscritical
467 ? SLAP_CRITICAL_CONTROL
468 : SLAP_NONCRITICAL_CONTROL;
474 #ifdef LDAP_CONTROL_PAGEDRESULTS_REQUEST
475 static int parsePagedResults (
484 struct berval cookie = { 0, NULL };
486 if ( op->o_pagedresults != SLAP_NO_CONTROL ) {
487 *text = "paged results control specified multiple times";
488 return LDAP_PROTOCOL_ERROR;
491 if ( ctrl->ldctl_value.bv_len == 0 ) {
492 *text = "paged results control value is empty";
493 return LDAP_PROTOCOL_ERROR;
496 /* Parse the control value
497 * realSearchControlValue ::= SEQUENCE {
498 * size INTEGER (0..maxInt),
499 * -- requested page size from client
500 * -- result set size estimate from server
501 * cookie OCTET STRING
503 ber = ber_init( &ctrl->ldctl_value );
505 *text = "internal error";
509 tag = ber_scanf( ber, "{im}", &size, &cookie );
510 (void) ber_free( ber, 1 );
512 if( tag == LBER_ERROR ) {
513 *text = "paged results control could not be decoded";
514 return LDAP_PROTOCOL_ERROR;
518 *text = "paged results control size invalid";
519 return LDAP_PROTOCOL_ERROR;
522 if( cookie.bv_len ) {
523 PagedResultsCookie reqcookie;
524 if( cookie.bv_len != sizeof( reqcookie ) ) {
526 *text = "paged results cookie is invalid";
527 return LDAP_PROTOCOL_ERROR;
530 AC_MEMCPY( &reqcookie, cookie.bv_val, sizeof( reqcookie ));
532 if( reqcookie > op->o_pagedresults_state.ps_cookie ) {
534 *text = "paged results cookie is invalid";
535 return LDAP_PROTOCOL_ERROR;
537 } else if( reqcookie < op->o_pagedresults_state.ps_cookie ) {
538 *text = "paged results cookie is invalid or old";
539 return LDAP_UNWILLING_TO_PERFORM;
543 op->o_pagedresults_state.ps_cookie = op->o_opid;
544 op->o_pagedresults_size = size;
546 op->o_pagedresults = ctrl->ldctl_iscritical
547 ? SLAP_CRITICAL_CONTROL
548 : SLAP_NONCRITICAL_CONTROL;
554 #ifdef LDAP_CONTROL_VALUESRETURNFILTER
555 int parseValuesReturnFilter (
563 struct berval fstr = { 0, NULL };
564 const char *err_msg = "";
566 if ( op->o_valuesreturnfilter != SLAP_NO_CONTROL ) {
567 *text = "valuesreturnfilter control specified multiple times";
568 return LDAP_PROTOCOL_ERROR;
571 ber = ber_init( &(ctrl->ldctl_value) );
573 *text = "internal error";
577 rc = get_vrFilter( conn, ber, &(op->vrFilter), &err_msg);
579 if( rc != LDAP_SUCCESS ) {
581 if( rc == SLAPD_DISCONNECT ) {
582 send_ldap_disconnect( conn, op,
583 LDAP_PROTOCOL_ERROR, *text );
585 send_ldap_result( conn, op, rc,
586 NULL, *text, NULL, NULL );
588 if( fstr.bv_val != NULL) free( fstr.bv_val );
589 if( op->vrFilter != NULL) vrFilter_free( op->vrFilter );
592 vrFilter2bv( op->vrFilter, &fstr );
596 LDAP_LOG( OPERATION, ARGS,
597 "parseValuesReturnFilter: conn %d vrFilter: %s\n",
598 conn->c_connid, fstr.bv_len ? fstr.bv_val : "empty" , 0 );
600 Debug( LDAP_DEBUG_ARGS, " vrFilter: %s\n",
601 fstr.bv_len ? fstr.bv_val : "empty", 0, 0 );
604 op->o_valuesreturnfilter = ctrl->ldctl_iscritical
605 ? SLAP_CRITICAL_CONTROL
606 : SLAP_NONCRITICAL_CONTROL;
612 #ifdef LDAP_CLIENT_UPDATE
613 static int parseClientUpdate (
624 struct berval scheme = { 0, NULL };
625 struct berval cookie = { 0, NULL };
627 if ( op->o_noop != SLAP_NO_CONTROL ) {
628 *text = "LCUP client update control specified multiple times";
629 return LDAP_PROTOCOL_ERROR;
632 if ( ctrl->ldctl_value.bv_len == 0 ) {
633 *text = "LCUP client update control value is empty";
634 return LDAP_PROTOCOL_ERROR;
637 /* Parse the control value
638 * ClientUpdateControlValue ::= SEQUENCE {
639 * updateType ENUMERATED {
640 * synchronizeOnly {0},
641 * synchronizeAndPersist {1},
643 * sendCookieInterval INTEGER OPTIONAL,
644 * cookie LCUPCookie OPTIONAL
648 ber = ber_init( &ctrl->ldctl_value );
650 *text = "internal error";
654 if ( (tag = ber_scanf( ber, "{i" /*}*/, &type )) == LBER_ERROR ) {
655 *text = "LCUP client update control : decoding error";
656 return LDAP_PROTOCOL_ERROR;
659 if ( type != SYNCHRONIZE_ONLY &&
660 type != SYNCHRONIZE_AND_PERSIST &&
661 type != PERSIST_ONLY ) {
662 *text = "LCUP client update control : unknown update type";
663 return LDAP_PROTOCOL_ERROR;
666 if ( (tag = ber_peek_tag( ber, &len )) == LBER_DEFAULT ) {
667 *text = "LCUP client update control : decoding error";
668 return LDAP_PROTOCOL_ERROR;
671 if ( tag == LDAP_TAG_INTERVAL ) {
672 if ( (tag = ber_scanf( ber, "i", &interval )) == LBER_ERROR ) {
673 *text = "LCUP client update control : decoding error";
674 return LDAP_PROTOCOL_ERROR;
677 if ( interval <= 0 ) {
678 /* server chooses interval */
679 interval = LDAP_LCUP_DEFAULT_SEND_COOKIE_INTERVAL;
683 /* server chooses interval */
684 interval = LDAP_LCUP_DEFAULT_SEND_COOKIE_INTERVAL;
687 if ( (tag = ber_peek_tag( ber, &len )) == LBER_DEFAULT ) {
688 *text = "LCUP client update control : decoding error";
689 return LDAP_PROTOCOL_ERROR;
692 if ( tag == LDAP_TAG_COOKIE ) {
693 if ( (tag = ber_scanf( ber, /*{*/ "{mm}}",
694 &scheme, &cookie )) == LBER_ERROR ) {
695 *text = "LCUP client update control : decoding error";
696 return LDAP_PROTOCOL_ERROR;
700 /* TODO : Cookie Scheme Validation */
702 if ( lcup_cookie_validate(scheme, cookie) != LDAP_SUCCESS ) {
703 *text = "Invalid LCUP cookie";
704 return LCUP_INVALID_COOKIE;
707 if ( lcup_cookie_scheme_validate(scheme) != LDAP_SUCCESS ) {
708 *text = "Unsupported LCUP cookie scheme";
709 return LCUP_UNSUPPORTED_SCHEME;
713 op->o_clientupdatestate = ber_dupbv(NULL, &cookie);
715 (void) ber_free( ber, 1 );
717 op->o_clientupdatetype = type;
718 op->o_clientupdateinterval = interval;
720 op->o_clientupdate = ctrl->ldctl_iscritical
721 ? SLAP_CRITICAL_CONTROL
722 : SLAP_NONCRITICAL_CONTROL;