/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2012 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
static struct slap_control control_defs[] = {
{ LDAP_CONTROL_ASSERT,
(int)offsetof(struct slap_control_ids, sc_assert),
- SLAP_CTRL_DELETE|SLAP_CTRL_MODIFY|SLAP_CTRL_RENAME|
- SLAP_CTRL_COMPARE|SLAP_CTRL_SEARCH,
+ SLAP_CTRL_UPDATE|SLAP_CTRL_COMPARE|SLAP_CTRL_SEARCH,
NULL, NULL,
parseAssert, LDAP_SLIST_ENTRY_INITIALIZER(next) },
{ LDAP_CONTROL_PRE_READ,
return LDAP_SUCCESS;
}
+#ifdef SLAP_CONFIG_DELETE
+int
+unregister_supported_control( const char *controloid )
+{
+ struct slap_control *sc;
+ int i;
+
+ if ( controloid == NULL || (sc = find_ctrl( controloid )) == NULL ){
+ return -1;
+ }
+
+ for ( i = 0; slap_known_controls[ i ]; i++ ) {
+ if ( strcmp( controloid, slap_known_controls[ i ] ) == 0 ) {
+ do {
+ slap_known_controls[ i ] = slap_known_controls[ i+1 ];
+ } while ( slap_known_controls[ i++ ] );
+ num_known_controls--;
+ break;
+ }
+ }
+
+ LDAP_SLIST_REMOVE(&controls_list, sc, slap_control, sc_next);
+ ch_free( sc->sc_oid );
+ if ( sc->sc_extendedopsbv != NULL ) {
+ ber_bvarray_free( sc->sc_extendedopsbv );
+ }
+ ch_free( sc );
+
+ return 0;
+}
+#endif /* SLAP_CONFIG_DELETE */
+
/*
* One-time initialization of internal controls.
*/
op->o_tmpfree( ctrls, op->o_tmpmemctx );
}
+int slap_add_ctrls(
+ Operation *op,
+ SlapReply *rs,
+ LDAPControl **ctrls )
+{
+ int i = 0, j;
+ LDAPControl **ctrlsp;
+
+ if ( rs->sr_ctrls ) {
+ for ( ; rs->sr_ctrls[ i ]; i++ ) ;
+ }
+
+ for ( j=0; ctrls[j]; j++ ) ;
+
+ ctrlsp = op->o_tmpalloc(( i+j+1 )*sizeof(LDAPControl *), op->o_tmpmemctx );
+ i = 0;
+ if ( rs->sr_ctrls ) {
+ for ( ; rs->sr_ctrls[i]; i++ )
+ ctrlsp[i] = rs->sr_ctrls[i];
+ }
+ for ( j=0; ctrls[j]; j++)
+ ctrlsp[i++] = ctrls[j];
+ ctrlsp[i] = NULL;
+
+ if ( rs->sr_flags & REP_CTRLS_MUSTBEFREED )
+ op->o_tmpfree( rs->sr_ctrls, op->o_tmpmemctx );
+ rs->sr_ctrls = ctrlsp;
+ rs->sr_flags |= REP_CTRLS_MUSTBEFREED;
+ return i;
+}
+
int slap_parse_ctrl(
Operation *op,
SlapReply *rs,
}
if ( get_whatFailed( op ) ) {
- char *oids[ 2 ] = { failed_oid, NULL };
+ char *oids[ 2 ];
+ oids[ 0 ] = failed_oid;
+ oids[ 1 ] = NULL;
slap_ctrl_whatFailed_add( op, rs, oids );
}
}
return LDAP_PROTOCOL_ERROR;
}
+ if ( ( global_disallows & SLAP_DISALLOW_DONTUSECOPY_N_CRIT )
+ && !ctrl->ldctl_iscritical )
+ {
+ rs->sr_text = "dontUseCopy criticality of FALSE not allowed";
+ return LDAP_PROTOCOL_ERROR;
+ }
+
op->o_dontUseCopy = ctrl->ldctl_iscritical
? SLAP_CONTROL_CRITICAL
: SLAP_CONTROL_NONCRITICAL;
return LDAP_PROTOCOL_ERROR;
}
+ if ( ( global_disallows & SLAP_DISALLOW_PROXY_AUTHZ_N_CRIT )
+ && !ctrl->ldctl_iscritical )
+ {
+ rs->sr_text = "proxied authorization criticality of FALSE not allowed";
+ return LDAP_PROTOCOL_ERROR;
+ }
+
if ( !( global_allows & SLAP_ALLOW_PROXY_AUTHZ_ANON )
&& BER_BVISEMPTY( &op->o_ndn ) )
{
}
ch_free( op->o_ndn.bv_val );
- ch_free( op->o_dn.bv_val );
/*
* NOTE: since slap_sasl_getdn() returns a normalized dn,
* from now on op->o_dn is normalized
*/
op->o_ndn = dn;
- ber_dupbv( &op->o_dn, &dn );
+ ber_bvreplace( &op->o_dn, &dn );
Statslog( LDAP_DEBUG_STATS, "%s PROXYAUTHZ dn=\"%s\"\n",
op->o_log_prefix, dn.bv_val, 0, 0, 0 );
if ( !cookie.bv_len ) {
ps->ps_count = 0;
ps->ps_cookie = 0;
+ /* taint ps_cookie, to detect whether it's set */
+ op->o_conn->c_pagedresults_state.ps_cookie = NOID;
}
/* NOTE: according to RFC 2696 3.:
an[i].an_desc = NULL;
an[i].an_oc = NULL;
- an[i].an_oc_exclude = 0;
+ an[i].an_flags = 0;
rc = slap_bv2ad( &an[i].an_name, &an[i].an_desc, &dummy );
if ( rc == LDAP_SUCCESS ) {
an[i].an_name = an[i].an_desc->ad_cname;
return LDAP_PROTOCOL_ERROR;
}
- if ( BER_BVISNULL( &ctrl->ldctl_value )) {
+ if ( !BER_BVISNULL( &ctrl->ldctl_value )) {
rs->sr_text = "permissiveModify control value not absent";
return LDAP_PROTOCOL_ERROR;
}
return LDAP_PROTOCOL_ERROR;
}
+ if ( search_flags & ~(LDAP_SEARCH_FLAG_DOMAIN_SCOPE) ) {
+ /* Search flags not recognised so far,
+ * including:
+ * LDAP_SEARCH_FLAG_PHANTOM_ROOT
+ */
+ if ( ctrl->ldctl_iscritical ) {
+ rs->sr_text = "searchOptions contained unrecognized flag";
+ return LDAP_UNWILLING_TO_PERFORM;
+ }
+
+ /* Ignore */
+ Debug( LDAP_DEBUG_TRACE,
+ "searchOptions: conn=%lu unrecognized flag(s) 0x%x (non-critical)\n",
+ op->o_connid, (unsigned)search_flags, 0 );
+
+ return LDAP_SUCCESS;
+ }
+
if ( search_flags & LDAP_SEARCH_FLAG_DOMAIN_SCOPE ) {
if ( op->o_domain_scope != SLAP_CONTROL_NONE ) {
rs->sr_text = "searchOptions control specified multiple times "
: SLAP_CONTROL_NONCRITICAL;
}
- if ( search_flags & ~(LDAP_SEARCH_FLAG_DOMAIN_SCOPE) ) {
- /* Other search flags not recognised so far,
- * including:
- * LDAP_SEARCH_FLAG_PHANTOM_ROOM
- */
- rs->sr_text = "searchOptions contained unrecognized flag";
- return LDAP_UNWILLING_TO_PERFORM;
- }
-
return LDAP_SUCCESS;
}
projects / openldap / blobdiff