/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
static struct slap_control control_defs[] = {
{ LDAP_CONTROL_ASSERT,
(int)offsetof(struct slap_control_ids, sc_assert),
- SLAP_CTRL_DELETE|SLAP_CTRL_MODIFY|SLAP_CTRL_RENAME|
- SLAP_CTRL_COMPARE|SLAP_CTRL_SEARCH,
+ SLAP_CTRL_UPDATE|SLAP_CTRL_COMPARE|SLAP_CTRL_SEARCH,
NULL, NULL,
parseAssert, LDAP_SLIST_ENTRY_INITIALIZER(next) },
{ LDAP_CONTROL_PRE_READ,
op->o_tmpfree( ctrls, op->o_tmpmemctx );
}
+int slap_add_ctrls(
+ Operation *op,
+ SlapReply *rs,
+ LDAPControl **ctrls )
+{
+ int i = 0, j;
+ LDAPControl **ctrlsp;
+
+ if ( rs->sr_ctrls ) {
+ for ( ; rs->sr_ctrls[ i ]; i++ ) ;
+ }
+
+ for ( j=0; ctrls[j]; j++ ) ;
+
+ ctrlsp = op->o_tmpalloc(( i+j+1 )*sizeof(LDAPControl *), op->o_tmpmemctx );
+ i = 0;
+ if ( rs->sr_ctrls ) {
+ for ( ; rs->sr_ctrls[i]; i++ )
+ ctrlsp[i] = rs->sr_ctrls[i];
+ }
+ for ( j=0; ctrls[j]; j++)
+ ctrlsp[i++] = ctrls[j];
+ ctrlsp[i] = NULL;
+
+ if ( rs->sr_flags & REP_CTRLS_MUSTBEFREED )
+ op->o_tmpfree( rs->sr_ctrls, op->o_tmpmemctx );
+ rs->sr_ctrls = ctrlsp;
+ rs->sr_flags |= REP_CTRLS_MUSTBEFREED;
+ return i;
+}
+
int slap_parse_ctrl(
Operation *op,
SlapReply *rs,
}
if ( get_whatFailed( op ) ) {
- char *oids[ 2 ] = { failed_oid, NULL };
+ char *oids[ 2 ];
+ oids[ 0 ] = failed_oid;
+ oids[ 1 ] = NULL;
slap_ctrl_whatFailed_add( op, rs, oids );
}
}
return LDAP_PROTOCOL_ERROR;
}
- if ( !ctrl->ldctl_iscritical ) {
+ if ( ( global_disallows & SLAP_DISALLOW_DONTUSECOPY_N_CRIT )
+ && !ctrl->ldctl_iscritical )
+ {
rs->sr_text = "dontUseCopy criticality of FALSE not allowed";
return LDAP_PROTOCOL_ERROR;
}
- op->o_dontUseCopy = SLAP_CONTROL_CRITICAL;
+ op->o_dontUseCopy = ctrl->ldctl_iscritical
+ ? SLAP_CONTROL_CRITICAL
+ : SLAP_CONTROL_NONCRITICAL;
+
return LDAP_SUCCESS;
}
return LDAP_PROTOCOL_ERROR;
}
+ if ( ( global_disallows & SLAP_DISALLOW_PROXY_AUTHZ_N_CRIT )
+ && !ctrl->ldctl_iscritical )
+ {
+ rs->sr_text = "proxied authorization criticality of FALSE not allowed";
+ return LDAP_PROTOCOL_ERROR;
+ }
+
if ( !( global_allows & SLAP_ALLOW_PROXY_AUTHZ_ANON )
&& BER_BVISEMPTY( &op->o_ndn ) )
{
if ( !cookie.bv_len ) {
ps->ps_count = 0;
ps->ps_cookie = 0;
+ /* taint ps_cookie, to detect whether it's set */
+ op->o_conn->c_pagedresults_state.ps_cookie = NOID;
}
/* NOTE: according to RFC 2696 3.:
an[i].an_desc = NULL;
an[i].an_oc = NULL;
- an[i].an_oc_exclude = 0;
+ an[i].an_flags = 0;
rc = slap_bv2ad( &an[i].an_name, &an[i].an_desc, &dummy );
if ( rc == LDAP_SUCCESS ) {
an[i].an_name = an[i].an_desc->ad_cname;
return LDAP_PROTOCOL_ERROR;
}
+ if ( search_flags & ~(LDAP_SEARCH_FLAG_DOMAIN_SCOPE) ) {
+ /* Search flags not recognised so far,
+ * including:
+ * LDAP_SEARCH_FLAG_PHANTOM_ROOT
+ */
+ if ( ctrl->ldctl_iscritical ) {
+ rs->sr_text = "searchOptions contained unrecognized flag";
+ return LDAP_UNWILLING_TO_PERFORM;
+ }
+
+ /* Ignore */
+ Debug( LDAP_DEBUG_TRACE,
+ "searchOptions: conn=%lu unrecognized flag(s) 0x%x (non-critical)\n",
+ op->o_connid, (unsigned)search_flags, 0 );
+
+ return LDAP_SUCCESS;
+ }
+
if ( search_flags & LDAP_SEARCH_FLAG_DOMAIN_SCOPE ) {
if ( op->o_domain_scope != SLAP_CONTROL_NONE ) {
rs->sr_text = "searchOptions control specified multiple times "
: SLAP_CONTROL_NONCRITICAL;
}
- if ( search_flags & ~(LDAP_SEARCH_FLAG_DOMAIN_SCOPE) ) {
- /* Other search flags not recognised so far,
- * including:
- * LDAP_SEARCH_FLAG_PHANTOM_ROOM
- */
- rs->sr_text = "searchOptions contained unrecognized flag";
- return LDAP_UNWILLING_TO_PERFORM;
- }
-
return LDAP_SUCCESS;
}