]> git.sur5r.net Git - openldap/blob - servers/slapd/extended.c
projects / openldap / blob
? search:


9f70744e5047d9f70f896bbb9f5f15e18ea9bbd8
[openldap] / servers / slapd / extended.c
1 /* $OpenLDAP$ */
2 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
3  *
4  * Copyright 1999-2003 The OpenLDAP Foundation.
5  * All rights reserved.
6  *
7  * Redistribution and use in source and binary forms, with or without
8  * modification, are permitted only as authorized by the OpenLDAP
9  * Public License.
10  *
11  * A copy of this license is available in the file LICENSE in the
12  * top-level directory of the distribution or, alternatively, at
13  * <http://www.OpenLDAP.org/license.html>.
14  */
15
16 /*
17  * LDAPv3 Extended Operation Request
18  *      ExtendedRequest ::= [APPLICATION 23] SEQUENCE {
19  *              requestName      [0] LDAPOID,
20  *              requestValue     [1] OCTET STRING OPTIONAL
21  *      }
22  *
23  * LDAPv3 Extended Operation Response
24  *      ExtendedResponse ::= [APPLICATION 24] SEQUENCE {
25  *              COMPONENTS OF LDAPResult,
26  *              responseName     [10] LDAPOID OPTIONAL,
27  *              response         [11] OCTET STRING OPTIONAL
28  *      }
29  *
30  */
31
32 #include "portable.h"
33
34 #include <stdio.h>
35
36 #include <ac/socket.h>
37 #include <ac/string.h>
38
39 #include "slap.h"
40 #include "lber_pvt.h"
41
42 #ifdef LDAP_SLAPI
43 #include "slapi.h"
44 #endif
45
46 #define UNSUPPORTED_EXTENDEDOP "unsupported extended operation"
47
48 #ifdef LDAP_DEVEL
49 #define SLAP_EXOP_HIDE 0x0000
50 #else
51 #define SLAP_EXOP_HIDE 0x8000
52 #endif
53
54 static struct extop_list {
55         struct extop_list *next;
56         struct berval oid;
57         slap_mask_t flags;
58         SLAP_EXTOP_MAIN_FN *ext_main;
59 } *supp_ext_list = NULL;
60
61 static SLAP_EXTOP_MAIN_FN whoami_extop;
62
63 /* this list of built-in extops is for extops that are not part
64  * of backends or in external modules.  essentially, this is
65  * just a way to get built-in extops onto the extop list without
66  * having a separate init routine for each built-in extop.
67  */
68 #ifdef LDAP_EXOP_X_CANCEL
69 const struct berval slap_EXOP_CANCEL = BER_BVC(LDAP_EXOP_X_CANCEL);
70 #endif
71 const struct berval slap_EXOP_WHOAMI = BER_BVC(LDAP_EXOP_X_WHO_AM_I);
72 const struct berval slap_EXOP_MODIFY_PASSWD = BER_BVC(LDAP_EXOP_MODIFY_PASSWD);
73 const struct berval slap_EXOP_START_TLS = BER_BVC(LDAP_EXOP_START_TLS);
74
75 static struct {
76         const struct berval *oid;
77         slap_mask_t flags;
78         SLAP_EXTOP_MAIN_FN *ext_main;
79 } builtin_extops[] = {
80 #ifdef LDAP_EXOP_X_CANCEL
81         { &slap_EXOP_CANCEL, SLAP_EXOP_HIDE, cancel_extop },
82 #endif
83         { &slap_EXOP_WHOAMI, 0, whoami_extop },
84         { &slap_EXOP_MODIFY_PASSWD, 0, passwd_extop },
85 #ifdef HAVE_TLS
86         { &slap_EXOP_START_TLS, 0, starttls_extop },
87 #endif
88         { NULL, 0, NULL }
89 };
90
91
92 static struct extop_list *find_extop(
93         struct extop_list *list, struct berval *oid );
94
95 struct berval *
96 get_supported_extop (int index)
97 {
98         struct extop_list *ext;
99
100         /* linear scan is slow, but this way doesn't force a
101          * big change on root_dse.c, where this routine is used.
102          */
103         for (ext = supp_ext_list; ext != NULL && --index >= 0; ext = ext->next) {
104                 ; /* empty */
105         }
106
107         if (ext == NULL) return NULL;
108
109         return &ext->oid;
110 }
111
112
113 int exop_root_dse_info( Entry *e )
114 {
115         AttributeDescription *ad_supportedExtension
116                 = slap_schema.si_ad_supportedExtension;
117         struct berval vals[2];
118         struct extop_list *ext;
119
120         vals[1].bv_val = NULL;
121         vals[1].bv_len = 0;
122
123         for (ext = supp_ext_list; ext != NULL; ext = ext->next) {
124                 if( ext->flags & SLAP_EXOP_HIDE ) continue;
125
126                 vals[0] = ext->oid;
127
128                 if( attr_merge( e, ad_supportedExtension, vals, NULL ) ) {
129                         return LDAP_OTHER;
130                 }
131         }
132
133         return LDAP_SUCCESS;
134 }
135
136 int
137 do_extended(
138     Operation   *op,
139     SlapReply   *rs
140 )
141 {
142         struct berval reqdata = {0, NULL};
143         ber_tag_t tag;
144         ber_len_t len;
145         struct extop_list *ext = NULL;
146
147 #if defined(LDAP_SLAPI) 
148         Slapi_PBlock    *pb = op->o_pb;
149         SLAPI_FUNC      funcAddr = NULL;
150         int             extop_rc;
151         int             msg_sent = FALSE;
152 #endif /* defined(LDAP_SLAPI) */
153
154 #ifdef NEW_LOGGING
155         LDAP_LOG( OPERATION, ENTRY, "do_extended: conn %d\n", op->o_connid, 0, 0 );
156 #else
157         Debug( LDAP_DEBUG_TRACE, "do_extended\n", 0, 0, 0 );
158 #endif
159
160         if( op->o_protocol < LDAP_VERSION3 ) {
161 #ifdef NEW_LOGGING
162                 LDAP_LOG( OPERATION, ERR, 
163                         "do_extended: protocol version (%d) too low.\n", op->o_protocol, 0, 0 );
164 #else
165                 Debug( LDAP_DEBUG_ANY,
166                         "do_extended: protocol version (%d) too low\n",
167                         op->o_protocol, 0 ,0 );
168 #endif
169                 send_ldap_discon( op, rs, LDAP_PROTOCOL_ERROR, "requires LDAPv3" );
170                 rs->sr_err = -1;
171                 goto done;
172         }
173
174         if ( ber_scanf( op->o_ber, "{m" /*}*/, &op->ore_reqoid ) == LBER_ERROR ) {
175 #ifdef NEW_LOGGING
176                 LDAP_LOG( OPERATION, ERR, "do_extended: conn %d  ber_scanf failed\n", 
177                         op->o_connid, 0, 0 );
178 #else
179                 Debug( LDAP_DEBUG_ANY, "do_extended: ber_scanf failed\n", 0, 0 ,0 );
180 #endif
181                 send_ldap_discon( op, rs, LDAP_PROTOCOL_ERROR, "decoding error" );
182                 rs->sr_err = -1;
183                 goto done;
184         }
185
186 #ifdef LDAP_SLAPI
187         getPluginFunc( &op->ore_reqoid, &funcAddr ); /* NS-SLAPI extended operation */
188         if( !funcAddr && !(ext = find_extop(supp_ext_list, &op->ore_reqoid )))
189 #else
190         if( !(ext = find_extop(supp_ext_list, &op->ore_reqoid )))
191 #endif
192         {
193 #ifdef NEW_LOGGING
194                 LDAP_LOG( OPERATION, ERR, 
195                         "do_extended: conn %d  unsupported operation \"%s\"\n",
196                         op->o_connid, op->ore_reqoid.bv_val, 0 );
197 #else
198                 Debug( LDAP_DEBUG_ANY, "do_extended: unsupported operation \"%s\"\n",
199                         op->ore_reqoid.bv_val, 0 ,0 );
200 #endif
201                 send_ldap_error( op, rs, LDAP_PROTOCOL_ERROR,
202                         "unsupported extended operation" );
203                 goto done;
204         }
205
206         tag = ber_peek_tag( op->o_ber, &len );
207         
208         if( ber_peek_tag( op->o_ber, &len ) == LDAP_TAG_EXOP_REQ_VALUE ) {
209                 if( ber_scanf( op->o_ber, "m", &reqdata ) == LBER_ERROR ) {
210 #ifdef NEW_LOGGING
211                         LDAP_LOG( OPERATION, ERR, 
212                                 "do_extended: conn %d  ber_scanf failed\n", 
213                                 op->o_connid, 0, 0 );
214 #else
215                         Debug( LDAP_DEBUG_ANY, "do_extended: ber_scanf failed\n", 0, 0 ,0 );
216 #endif
217                         send_ldap_discon( op, rs, LDAP_PROTOCOL_ERROR, "decoding error" );
218                         rs->sr_err = -1;
219                         goto done;
220                 }
221         }
222
223         if( get_ctrls( op, rs, 1 ) != LDAP_SUCCESS ) {
224 #ifdef NEW_LOGGING
225                 LDAP_LOG( OPERATION, ERR, 
226                         "do_extended: conn %d  get_ctrls failed\n", op->o_connid, 0, 0 );
227 #else
228                 Debug( LDAP_DEBUG_ANY, "do_extended: get_ctrls failed\n", 0, 0 ,0 );
229 #endif
230                 return rs->sr_err;
231         } 
232
233         /* check for controls inappropriate for all extended operations */
234         if( get_manageDSAit( op ) == SLAP_CRITICAL_CONTROL ) {
235                 send_ldap_error( op, rs,
236                         LDAP_UNAVAILABLE_CRITICAL_EXTENSION,
237                         "manageDSAit control inappropriate" );
238                 goto done;
239         }
240
241 #ifdef NEW_LOGGING
242         LDAP_LOG( OPERATION, DETAIL1, 
243                 "do_extended: conn %d  oid=%s\n.", op->o_connid, op->ore_reqoid.bv_val, 0 );
244 #else
245         Debug( LDAP_DEBUG_ARGS, "do_extended: oid=%s\n", op->ore_reqoid.bv_val, 0 ,0 );
246 #endif
247
248 #if defined(LDAP_SLAPI)
249         if ( funcAddr != NULL ) {
250                 rs->sr_err = slapi_pblock_set( pb, SLAPI_EXT_OP_REQ_OID,
251                                 (void *)op->ore_reqoid.bv_val);
252                 if ( rs->sr_err != LDAP_SUCCESS ) {
253                         rs->sr_err = LDAP_OTHER;
254                         goto done;
255                 }
256
257                 rs->sr_err = slapi_pblock_set( pb, SLAPI_EXT_OP_REQ_VALUE,
258                                 (void *)&reqdata);
259                 if ( rs->sr_err != LDAP_SUCCESS ) {
260                         rs->sr_err = LDAP_OTHER;
261                         goto done;
262                 }
263
264                 rs->sr_err = slapi_x_pblock_set_operation( pb, op );
265                 if ( rs->sr_err != LDAP_SUCCESS ) {
266                         rs->sr_err = LDAP_OTHER;
267                         goto done;
268                 }
269
270                 extop_rc = (*funcAddr)( pb );
271                 if ( extop_rc == SLAPI_PLUGIN_EXTENDED_SENT_RESULT ) {
272                         msg_sent = TRUE;
273
274                 } else if ( extop_rc == SLAPI_PLUGIN_EXTENDED_NOT_HANDLED ) {
275                         rs->sr_err = LDAP_PROTOCOL_ERROR;
276                         rs->sr_text = UNSUPPORTED_EXTENDEDOP;
277
278                 } else {
279                         rs->sr_err = slapi_pblock_get( pb, SLAPI_EXT_OP_RET_OID,
280                                         &rs->sr_rspoid);
281                         if ( rs->sr_err != LDAP_SUCCESS ) {
282                                 goto done2;
283                         }
284
285                         rs->sr_err = slapi_pblock_get( pb, SLAPI_EXT_OP_RET_VALUE,
286                                         &rs->sr_rspdata);
287                         if ( rs->sr_err != LDAP_SUCCESS ) {
288                                 goto done2;
289                         }
290
291                         rs->sr_err = extop_rc;
292                         send_ldap_extended( op, rs );
293                         msg_sent = TRUE;
294                 }
295
296 done2:;
297                 if ( rs->sr_err != LDAP_SUCCESS && msg_sent == FALSE ) {
298                         send_ldap_result( op, rs );
299                 }
300
301                 if ( rs->sr_rspoid != NULL ) {
302                         ch_free( (char *)rs->sr_rspoid );
303                 }
304
305                 if ( rs->sr_rspdata != NULL ) {
306                         ber_bvfree( rs->sr_rspdata );
307                 }
308         } else { /* start of OpenLDAP extended operation */
309 #endif /* defined( LDAP_SLAPI ) */
310                 if (reqdata.bv_val) op->ore_reqdata = &reqdata;
311                 rs->sr_err = (ext->ext_main)( op, rs );
312
313                 if( rs->sr_err != SLAPD_ABANDON ) {
314                         if ( rs->sr_err == LDAP_REFERRAL && rs->sr_ref == NULL ) {
315                                 rs->sr_ref = referral_rewrite( default_referral,
316                                         NULL, NULL, LDAP_SCOPE_DEFAULT );
317                                 if ( !rs->sr_ref ) rs->sr_ref = default_referral;
318                                 if ( !rs->sr_ref ) {
319                                         rs->sr_err = LDAP_UNWILLING_TO_PERFORM;
320                                         rs->sr_text = "referral missing";
321                                 }
322                         }
323
324                         send_ldap_extended( op, rs );
325
326                         ber_bvarray_free( rs->sr_ref );
327                 }
328
329                 if ( rs->sr_rspoid != NULL ) {
330                         free( (char *)rs->sr_rspoid );
331                 }
332
333                 if ( rs->sr_rspdata != NULL ) {
334                         ber_bvfree( rs->sr_rspdata );
335                 }
336 #ifdef LDAP_SLAPI
337         } /* end of OpenLDAP extended operation */
338 #endif /* LDAP_SLAPI */
339
340 done:
341         return rs->sr_err;
342 }
343
344 int
345 load_extop(
346         struct berval *ext_oid,
347         slap_mask_t ext_flags,
348         SLAP_EXTOP_MAIN_FN *ext_main )
349 {
350         struct extop_list *ext;
351
352         if( ext_oid == NULL || ext_oid->bv_val == NULL ||
353                 ext_oid->bv_val[0] == '\0' || ext_oid->bv_len == 0 ) return -1; 
354         if(!ext_main) return -1; 
355
356         ext = ch_calloc(1, sizeof(struct extop_list) + ext_oid->bv_len + 1);
357         if (ext == NULL)
358                 return(-1);
359
360         ext->flags = ext_flags;
361
362         ext->oid.bv_val = (char *)(ext + 1);
363         AC_MEMCPY( ext->oid.bv_val, ext_oid->bv_val, ext_oid->bv_len );
364         ext->oid.bv_len = ext_oid->bv_len;
365         ext->oid.bv_val[ext->oid.bv_len] = '\0';
366
367         ext->ext_main = ext_main;
368         ext->next = supp_ext_list;
369
370         supp_ext_list = ext;
371
372         return(0);
373 }
374
375 int
376 extops_init (void)
377 {
378         int i;
379
380         for (i = 0; builtin_extops[i].oid != NULL; i++) {
381                 load_extop((struct berval *)builtin_extops[i].oid,
382                         builtin_extops[i].flags,
383                         builtin_extops[i].ext_main);
384         }
385         return(0);
386 }
387
388 int
389 extops_kill (void)
390 {
391         struct extop_list *ext;
392
393         /* we allocated the memory, so we have to free it, too. */
394         while ((ext = supp_ext_list) != NULL) {
395                 supp_ext_list = ext->next;
396                 ch_free(ext);
397         }
398         return(0);
399 }
400
401 static struct extop_list *
402 find_extop( struct extop_list *list, struct berval *oid )
403 {
404         struct extop_list *ext;
405
406         for (ext = list; ext; ext = ext->next) {
407                 if (bvmatch(&ext->oid, oid))
408                         return(ext);
409         }
410         return(NULL);
411 }
412
413
414 static int
415 whoami_extop (
416         Operation *op,
417         SlapReply *rs )
418 {
419         struct berval *bv;
420
421         if ( op->ore_reqdata != NULL ) {
422                 /* no request data should be provided */
423                 rs->sr_text = "no request data expected";
424                 return LDAP_PROTOCOL_ERROR;
425         }
426
427         op->o_bd = op->o_conn->c_authz_backend;
428         if( backend_check_restrictions( op, rs,
429                 (struct berval *)&slap_EXOP_WHOAMI ) != LDAP_SUCCESS ) {
430                 return rs->sr_err;
431         }
432
433         bv = (struct berval *) ch_malloc( sizeof(struct berval) );
434         if( op->o_dn.bv_len ) {
435                 bv->bv_len = op->o_dn.bv_len + sizeof("dn:")-1;
436                 bv->bv_val = ch_malloc( bv->bv_len + 1 );
437                 AC_MEMCPY( bv->bv_val, "dn:", sizeof("dn:")-1 );
438                 AC_MEMCPY( &bv->bv_val[sizeof("dn:")-1], op->o_dn.bv_val,
439                         op->o_dn.bv_len );
440                 bv->bv_val[bv->bv_len] = '\0';
441
442         } else {
443                 bv->bv_len = 0;
444                 bv->bv_val = NULL;
445         }
446
447         rs->sr_rspdata = bv;
448         return LDAP_SUCCESS;
449 }
Cloned from git://git.openldap.org/openldap.git