X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=servers%2Fslapd%2Fback-ldap%2Fgroup.c;h=199ead103aa31add76f8c66389e677ade1ca0667;hb=bf35f8e37fa2516daa02a8c607dd2326b2be40e9;hp=800b873e8d8c85f6f4661139a795ebd22a88e527;hpb=74fa239a201cd2d785fe34bdbaf6804161bdb231;p=openldap diff --git a/servers/slapd/back-ldap/group.c b/servers/slapd/back-ldap/group.c index 800b873e8d..199ead103a 100644 --- a/servers/slapd/back-ldap/group.c +++ b/servers/slapd/back-ldap/group.c @@ -1,7 +1,7 @@ /* group.c - ldap backend acl group routine */ /* $OpenLDAP$ */ /* - * Copyright 1998-1999 The OpenLDAP Foundation, All Rights Reserved. + * Copyright 1998-2003 The OpenLDAP Foundation, All Rights Reserved. * COPYING RESTRICTIONS APPLY, see COPYRIGHT file */ @@ -14,7 +14,7 @@ #include "slap.h" #include "back-ldap.h" - +#include "lutil.h" /* return 0 IFF op_dn is a value in group_at (member) attribute * of entry with gr_dn AND that entry has an objectClass @@ -22,38 +22,39 @@ */ int ldap_back_group( - Backend *be, - Connection *conn, - Operation *op, - Entry *target, - const char *gr_ndn, - const char *op_ndn, - ObjectClass* group_oc, + Backend *be, + Connection *conn, + Operation *op, + Entry *target, + struct berval *gr_ndn, + struct berval *op_ndn, + ObjectClass *group_oc, AttributeDescription* group_at ) { struct ldapinfo *li = (struct ldapinfo *) be->be_private; - int rc = 1; + struct ldapconn *lc; + int rc = 1, oc; Attribute *attr; - struct berval bv; LDAPMessage *result; char *gattr[2]; - char *filter; - LDAP *ld; - char *mop_ndn, *mgr_ndn; + char *filter = NULL, *ptr; + struct berval mop_ndn = { 0, NULL }, mgr_ndn = { 0, NULL }; AttributeDescription *ad_objectClass = slap_schema.si_ad_objectClass; - char *group_oc_name = NULL; - char *group_at_name = group_at->ad_cname->bv_val; + struct berval group_oc_name = {0, NULL}; + struct berval group_at_name = group_at->ad_cname; if( group_oc->soc_names && group_oc->soc_names[0] ) { - group_oc_name = group_oc->soc_names[0]; + group_oc_name.bv_val = group_oc->soc_names[0]; } else { - group_oc_name = group_oc->soc_oid; + group_oc_name.bv_val = group_oc->soc_oid; } + if (group_oc_name.bv_val) + group_oc_name.bv_len = strlen(group_oc_name.bv_val); - if (target != NULL && strcmp(target->e_ndn, gr_ndn) == 0) { + if (target != NULL && dn_match( &target->e_nname, gr_ndn ) ) { /* we already have a copy of the entry */ /* attribute and objectclass mapping has already been done */ @@ -67,7 +68,7 @@ ldap_back_group( /* * Now we can check for the group objectClass value */ - if( !is_entry_objectclass( target, group_oc ) ) { + if( !is_entry_objectclass( target, group_oc, 0 ) ) { return(1); } @@ -81,9 +82,8 @@ ldap_back_group( * attribute has not been required */ if ((attr = attr_find(target->e_attrs, group_at)) != NULL) { - bv.bv_val = (char *) op_ndn; - bv.bv_len = strlen( op_ndn ); - if( value_find( group_at, attr->a_vals, &bv ) != LDAP_SUCCESS ) + if( value_find_ex( group_at, SLAP_MR_ASSERTED_VALUE_NORMALIZED_MATCH, + attr->a_vals, op_ndn ) != LDAP_SUCCESS ) return(1); return(0); } /* else: repeat the search */ @@ -95,14 +95,20 @@ ldap_back_group( */ #ifdef ENABLE_REWRITE switch ( rewrite_session( li->rwinfo, "bindDn", - op_ndn, conn, &mop_ndn ) ) { + op_ndn->bv_val, conn, &mop_ndn.bv_val ) ) { case REWRITE_REGEXEC_OK: - if ( mop_ndn == NULL ) { - mop_ndn = ( char * )op_ndn; + if ( mop_ndn.bv_val == NULL ) { + mop_ndn = *op_ndn; } +#ifdef NEW_LOGGING + LDAP_LOG( BACK_LDAP, DETAIL1, + "[rw] bindDn (op ndn in group): \"%s\" -> \"%s\"\n", + op_ndn->bv_val, mop_ndn.bv_val, 0 ); +#else /* !NEW_LOGGING */ Debug( LDAP_DEBUG_ARGS, "rw> bindDn (op ndn in group): \"%s\" -> \"%s\"\n%s", - op_ndn, mop_ndn, "" ); + op_ndn->bv_val, mop_ndn.bv_val, "" ); +#endif /* !NEW_LOGGING */ break; case REWRITE_REGEXEC_UNWILLING: @@ -115,15 +121,21 @@ ldap_back_group( * Rewrite the gr ndn if needed */ switch ( rewrite_session( li->rwinfo, "searchBase", - gr_ndn, conn, &mgr_ndn ) ) { + gr_ndn->bv_val, conn, &mgr_ndn.bv_val ) ) { case REWRITE_REGEXEC_OK: - if ( mgr_ndn == NULL ) { - mgr_ndn = ( char * )gr_ndn; + if ( mgr_ndn.bv_val == NULL ) { + mgr_ndn = *gr_ndn; } +#ifdef NEW_LOGGING + LDAP_LOG( BACK_LDAP, DETAIL1, + "[rw] searchBase (gr ndn in group): \"%s\" -> \"%s\"\n%s", + gr_ndn->bv_val, mgr_ndn.bv_val, "" ); +#else /* !NEW_LOGGING */ Debug( LDAP_DEBUG_ARGS, "rw> searchBase (gr ndn in group):" " \"%s\" -> \"%s\"\n%s", - gr_ndn, mgr_ndn, "" ); + gr_ndn->bv_val, mgr_ndn.bv_val, "" ); +#endif /* !NEW_LOGGING */ break; case REWRITE_REGEXEC_UNWILLING: @@ -132,74 +144,67 @@ ldap_back_group( goto cleanup; } #else /* !ENABLE_REWRITE */ - mop_ndn = ldap_back_dn_massage( li, ch_strdup( op_ndn ), 1 ); - if ( mop_ndn == NULL ) { + ldap_back_dn_massage( li, op_ndn, &mop_ndn, 1, 1 ); + if ( mop_ndn.bv_val == NULL ) { goto cleanup; } - mgr_ndn = ldap_back_dn_massage( li, ch_strdup( gr_ndn ), 1 ); - if ( mgr_ndn == NULL ) { + ldap_back_dn_massage( li, gr_ndn, &mgr_ndn, 1, 1 ); + if ( mgr_ndn.bv_val == NULL ) { goto cleanup; } #endif /* !ENABLE_REWRITE */ - group_oc_name = ldap_back_map(&li->oc_map, group_oc_name, 0); - if (group_oc_name == NULL) + ldap_back_map(&li->oc_map, &group_oc_name, &group_oc_name, + BACKLDAP_MAP); + if (group_oc_name.bv_val == NULL || group_oc_name.bv_val[0] == '\0') goto cleanup; - group_at_name = ldap_back_map(&li->at_map, group_at_name, 0); - if (group_at_name == NULL) + ldap_back_map(&li->at_map, &group_at_name, &group_at_name, + BACKLDAP_MAP); + if (group_at_name.bv_val == NULL || group_at_name.bv_val[0] == '\0') goto cleanup; filter = ch_malloc(sizeof("(&(objectclass=)(=))") - + strlen(group_oc_name) - + strlen(group_at_name) - + strlen(mop_ndn) + 1); + + group_oc_name.bv_len + + group_at_name.bv_len + + mop_ndn.bv_len + 1); if (filter == NULL) goto cleanup; - if (ldap_initialize(&ld, li->url) != LDAP_SUCCESS) { + /* Tell getconn this is a privileged op */ + oc = op->o_do_not_cache; + op->o_do_not_cache = 1; + lc = ldap_back_getconn(li, conn, op); + if ( !lc || !ldap_back_dobind( li, lc, NULL, op ) ) { + op->o_do_not_cache = oc; goto cleanup; } + op->o_do_not_cache = oc; - if (ldap_bind_s(ld, li->binddn, li->bindpw, LDAP_AUTH_SIMPLE) - != LDAP_SUCCESS) { - goto cleanup; - } - - strcpy(filter, "(&(objectclass="); - strcat(filter, group_oc_name); - strcat(filter, ")("); - strcat(filter, group_at_name); - strcat(filter, "="); - strcat(filter, mop_ndn); - strcat(filter, "))"); + ptr = lutil_strcopy(filter, "(&(objectclass="); + ptr = lutil_strcopy(ptr, group_oc_name.bv_val); + ptr = lutil_strcopy(ptr, ")("); + ptr = lutil_strcopy(ptr, group_at_name.bv_val); + ptr = lutil_strcopy(ptr, "="); + ptr = lutil_strcopy(ptr, mop_ndn.bv_val); + strcpy(ptr, "))"); gattr[0] = "objectclass"; gattr[1] = NULL; - if (ldap_search_ext_s(ld, mgr_ndn, LDAP_SCOPE_BASE, filter, + if (ldap_search_ext_s(lc->ld, mgr_ndn.bv_val, LDAP_SCOPE_BASE, filter, gattr, 0, NULL, NULL, LDAP_NO_LIMIT, LDAP_NO_LIMIT, &result) == LDAP_SUCCESS) { - if (ldap_first_entry(ld, result) != NULL) + if (ldap_first_entry(lc->ld, result) != NULL) rc = 0; ldap_msgfree(result); } -cleanup: - if ( ld != NULL ) { - ldap_unbind(ld); - } +cleanup:; ch_free(filter); -#ifdef ENABLE_REWRITE - if ( mop_ndn != op_ndn ) { -#endif /* ENABLE_REWRITE */ - free( mop_ndn ); -#ifdef ENABLE_REWRITE + if ( mop_ndn.bv_val != op_ndn->bv_val ) { + free( mop_ndn.bv_val ); } - if ( mgr_ndn != gr_ndn ) { -#endif /* ENABLE_REWRITE */ - free( mgr_ndn ); -#ifdef ENABLE_REWRITE + if ( mgr_ndn.bv_val != gr_ndn->bv_val ) { + free( mgr_ndn.bv_val ); } -#endif /* ENABLE_REWRITE */ return(rc); } -