X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=servers%2Fslapd%2Fbackend.c;h=3048dd41bb26e3f411aa4fda2d3676fb0f1b91f7;hb=ed471a4d53b9bcd2cc89410743ffb4bd58b5fc05;hp=133f9fd82e8c52b57c9cd87e4ccb706490135038;hpb=13d13baedaa55de8659551b585f03a344e87b415;p=openldap diff --git a/servers/slapd/backend.c b/servers/slapd/backend.c index 133f9fd82e..3048dd41bb 100644 --- a/servers/slapd/backend.c +++ b/servers/slapd/backend.c @@ -7,6 +7,7 @@ #include "portable.h" +#include "slapi_common.h" #include @@ -16,6 +17,7 @@ #include #include "slap.h" +#include "slapi.h" #include "lutil.h" #include "lber_pvt.h" @@ -254,34 +256,32 @@ int backend_startup(Backend *be) if ( be->bd_info->bi_open ) { rc = be->bd_info->bi_open( be->bd_info ); - } - - if(rc != 0) { + if ( rc != 0 ) { #ifdef NEW_LOGGING - LDAP_LOG( BACKEND, CRIT, "backend_startup: bi_open failed!\n", 0, 0, 0 ); + LDAP_LOG( BACKEND, CRIT, "backend_startup: bi_open failed!\n", 0, 0, 0 ); #else - Debug( LDAP_DEBUG_ANY, - "backend_startup: bi_open failed!\n", - 0, 0, 0 ); + Debug( LDAP_DEBUG_ANY, + "backend_startup: bi_open failed!\n", + 0, 0, 0 ); #endif - return rc; + return rc; + } } if ( be->bd_info->bi_db_open ) { rc = be->bd_info->bi_db_open( be ); - } - - if(rc != 0) { + if ( rc != 0 ) { #ifdef NEW_LOGGING - LDAP_LOG( BACKEND, CRIT, - "backend_startup: bi_db_open failed! (%d)\n", rc, 0, 0 ); + LDAP_LOG( BACKEND, CRIT, + "backend_startup: bi_db_open failed! (%d)\n", rc, 0, 0 ); #else - Debug( LDAP_DEBUG_ANY, - "backend_startup: bi_db_open failed! (%d)\n", - rc, 0, 0 ); + Debug( LDAP_DEBUG_ANY, + "backend_startup: bi_db_open failed! (%d)\n", + rc, 0, 0 ); #endif - return rc; + return rc; + } } return rc; @@ -297,18 +297,17 @@ int backend_startup(Backend *be) if( backendInfo[i].bi_open ) { rc = backendInfo[i].bi_open( &backendInfo[i] ); - } - - if(rc != 0) { + if ( rc != 0 ) { #ifdef NEW_LOGGING - LDAP_LOG( BACKEND, CRIT, - "backend_startup: bi_open %d failed!\n", i, 0, 0 ); + LDAP_LOG( BACKEND, CRIT, + "backend_startup: bi_open %d failed!\n", i, 0, 0 ); #else - Debug( LDAP_DEBUG_ANY, - "backend_startup: bi_open %d failed!\n", - i, 0, 0 ); + Debug( LDAP_DEBUG_ANY, + "backend_startup: bi_open %d failed!\n", + i, 0, 0 ); #endif - return rc; + return rc; + } } } @@ -320,18 +319,17 @@ int backend_startup(Backend *be) if ( backendDB[i].bd_info->bi_db_open ) { rc = backendDB[i].bd_info->bi_db_open( &backendDB[i] ); - } - - if(rc != 0) { + if ( rc != 0 ) { #ifdef NEW_LOGGING - LDAP_LOG( BACKEND, CRIT, - "backend_startup: bi_db_open(%d) failed! (%d)\n", i, rc, 0 ); + LDAP_LOG( BACKEND, CRIT, + "backend_startup: bi_db_open(%d) failed! (%d)\n", i, rc, 0 ); #else - Debug( LDAP_DEBUG_ANY, - "backend_startup: bi_db_open(%d) failed! (%d)\n", - i, rc, 0 ); + Debug( LDAP_DEBUG_ANY, + "backend_startup: bi_db_open(%d) failed! (%d)\n", + i, rc, 0 ); #endif - return rc; + return rc; + } } } @@ -589,7 +587,7 @@ be_issuffix( int i; for ( i = 0; be->be_nsuffix != NULL && be->be_nsuffix[i].bv_val != NULL; i++ ) { - if ( ber_bvcmp( &be->be_nsuffix[i], bvsuffix ) == 0 ) { + if ( bvmatch( &be->be_nsuffix[i], bvsuffix ) ) { return( 1 ); } } @@ -690,12 +688,60 @@ backend_unbind( Operation *op ) { - int i; + int i; + int rc; + Slapi_PBlock *pb = op->o_pb; + +#if defined( LDAP_SLAPI ) + slapi_pblock_set( pb, SLAPI_CONNECTION, (void *)conn ); + slapi_pblock_set( pb, SLAPI_OPERATION, (void *)op ); +#endif /* defined( LDAP_SLAPI ) */ for ( i = 0; i < nbackends; i++ ) { +#if defined( LDAP_SLAPI ) + slapi_pblock_set( pb, SLAPI_BACKEND, (void *)&backends[i] ); + rc = doPluginFNs( &backends[i], SLAPI_PLUGIN_PRE_UNBIND_FN, + (Slapi_PBlock *)pb ); + if ( rc != 0 && rc != LDAP_OTHER ) { + /* + * either there is no preOp (unbind) plugins + * or a plugin failed. Just log it. + * + * FIXME: is this correct? + */ +#ifdef NEW_LOGGING + LDAP_LOG( OPERATION, INFO, "do_bind: Unbind preOps " + "failed\n", 0, 0, 0); +#else + Debug(LDAP_DEBUG_TRACE, "do_bind: Unbind preOps " + "failed.\n", 0, 0, 0); +#endif + } +#endif /* defined( LDAP_SLAPI ) */ + if ( backends[i].be_unbind ) { (*backends[i].be_unbind)( &backends[i], conn, op ); } + +#if defined( LDAP_SLAPI ) + rc = doPluginFNs( &backends[i], SLAPI_PLUGIN_POST_UNBIND_FN, + (Slapi_PBlock *)pb ); + if ( rc != 0 && rc != LDAP_OTHER ) { + /* + * either there is no postOp (unbind) plugins + * or a plugin failed. Just log it. + * + * FIXME: is this correct? + */ +#ifdef NEW_LOGGING + LDAP_LOG( OPERATION, INFO, "do_unbind: Unbind postOps " + "failed\n", 0, 0, 0); +#else + Debug(LDAP_DEBUG_TRACE, "do_unbind: Unbind postOps " + "failed.\n", 0, 0, 0); +#endif + } +#endif /* defined( LDAP_SLAPI ) */ } return 0; @@ -740,15 +786,13 @@ backend_check_controls( Operation *op, const char **text ) { - LDAPControl **ctrls; - ctrls = op->o_ctrls; - if( ctrls == NULL ) { - return LDAP_SUCCESS; - } + LDAPControl **ctrls = op->o_ctrls; + + if( ctrls == NULL ) return LDAP_SUCCESS; for( ; *ctrls != NULL ; ctrls++ ) { if( (*ctrls)->ldctl_iscritical && - !charray_inlist( be->be_controls, (*ctrls)->ldctl_oid ) ) + !ldap_charray_inlist( be->be_controls, (*ctrls)->ldctl_oid ) ) { *text = "control unavailable in context"; return LDAP_UNAVAILABLE_CRITICAL_EXTENSION; @@ -820,7 +864,7 @@ backend_check_restrictions( { struct berval bv = BER_BVC( LDAP_EXOP_START_TLS ); - if( ber_bvcmp( opdata, &bv ) == 0 ) { + if( bvmatch( opdata, &bv ) ) { session++; starttls++; break; @@ -829,7 +873,7 @@ backend_check_restrictions( { struct berval bv = BER_BVC( LDAP_EXOP_X_WHO_AM_I ); - if( ber_bvcmp( opdata, &bv ) == 0 ) { + if( bvmatch( opdata, &bv ) ) { break; } } @@ -872,6 +916,15 @@ backend_check_restrictions( return LDAP_CONFIDENTIALITY_REQUIRED; } + + if( op->o_tag == LDAP_REQ_BIND && opdata == NULL ) { + /* simple bind specific check */ + if( op->o_ssf < ssf->sss_simple_bind ) { + *text = "confidentiality required"; + return LDAP_CONFIDENTIALITY_REQUIRED; + } + } + if( op->o_tag != LDAP_REQ_BIND || opdata == NULL ) { /* these checks don't apply to SASL bind */ @@ -907,10 +960,20 @@ backend_check_restrictions( return LDAP_CONFIDENTIALITY_REQUIRED; } - if( op->o_ndn.bv_len == 0 ) { + if( !( global_allows & SLAP_ALLOW_UPDATE_ANON ) && + op->o_ndn.bv_len == 0 ) + { *text = "modifications require authentication"; return LDAP_STRONG_AUTH_REQUIRED; } + +#ifdef SLAP_X_LISTENER_MOD + if ( ! ( conn->c_listener->sl_perms & S_IWUSR ) ) { + /* no "w" mode means readonly */ + *text = "modifications not allowed on this listener"; + return LDAP_UNWILLING_TO_PERFORM; + } +#endif /* SLAP_X_LISTENER_MOD */ } } @@ -961,6 +1024,25 @@ backend_check_restrictions( return LDAP_OPERATIONS_ERROR; } } + +#ifdef SLAP_X_LISTENER_MOD + if ( !starttls && op->o_dn.bv_len == 0 ) { + if ( ! ( conn->c_listener->sl_perms & S_IXUSR ) ) { + /* no "x" mode means bind required */ + *text = "bind required on this listener"; + return LDAP_STRONG_AUTH_REQUIRED; + } + } + + if ( !starttls && !updateop ) { + if ( ! ( conn->c_listener->sl_perms & S_IRUSR ) ) { + /* no "r" mode means no read */ + *text = "read not allowed on this listener"; + return LDAP_UNWILLING_TO_PERFORM; + } + } +#endif /* SLAP_X_LISTENER_MOD */ + } if( restrictops & opflag ) { @@ -1110,13 +1192,12 @@ Attribute *backend_operational( * and the backend supports specific operational attributes, * add them to the attribute list */ -#ifdef SLAPD_SCHEMA_DN if ( opattrs || ( attrs && ad_inlist( slap_schema.si_ad_subschemaSubentry, attrs )) ) { - *ap = slap_operational_subschemaSubentry(); + *ap = slap_operational_subschemaSubentry( be ); ap = &(*ap)->a_next; } -#endif + if ( ( opattrs || attrs ) && be && be->be_operational != NULL ) { ( void )be->be_operational( be, conn, op, e, attrs, opattrs, ap ); }