X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=servers%2Fslapd%2Fcontrols.c;h=27fe43f1c6161453fbaa8d452283f29f7b05a917;hb=3eb87b2faae4b9f59f1270936f70a1781c2abd7a;hp=c201273eb579f44430bcba861f4e04fab2ad8d58;hpb=1ff692274aa62a9e049a39cdff1412dc6649d8a9;p=openldap diff --git a/servers/slapd/controls.c b/servers/slapd/controls.c index c201273eb5..27fe43f1c6 100644 --- a/servers/slapd/controls.c +++ b/servers/slapd/controls.c @@ -32,6 +32,9 @@ static SLAP_CTRL_PARSE_FN parseManageDSAit; static SLAP_CTRL_PARSE_FN parseModifyIncrement; static SLAP_CTRL_PARSE_FN parseNoOp; static SLAP_CTRL_PARSE_FN parsePagedResults; +#ifdef LDAP_DEVEL +static SLAP_CTRL_PARSE_FN parseSortedResults; +#endif static SLAP_CTRL_PARSE_FN parseValuesReturnFilter; static SLAP_CTRL_PARSE_FN parsePermissiveModify; static SLAP_CTRL_PARSE_FN parseDomainScope; @@ -106,12 +109,18 @@ static struct slap_control control_defs[] = { parsePostRead, LDAP_SLIST_ENTRY_INITIALIZER(next) }, { LDAP_CONTROL_VALUESRETURNFILTER, (int)offsetof(struct slap_control_ids, sc_valuesReturnFilter), - SLAP_CTRL_SEARCH, NULL, + SLAP_CTRL_GLOBAL|SLAP_CTRL_SEARCH, NULL, parseValuesReturnFilter, LDAP_SLIST_ENTRY_INITIALIZER(next) }, { LDAP_CONTROL_PAGEDRESULTS, (int)offsetof(struct slap_control_ids, sc_pagedResults), SLAP_CTRL_SEARCH, NULL, parsePagedResults, LDAP_SLIST_ENTRY_INITIALIZER(next) }, +#ifdef LDAP_DEVEL + { LDAP_CONTROL_SORTREQUEST, + (int)offsetof(struct slap_control_ids, sc_sortedResults), + SLAP_CTRL_GLOBAL|SLAP_CTRL_SEARCH|SLAP_CTRL_HIDE, NULL, + parseSortedResults, LDAP_SLIST_ENTRY_INITIALIZER(next) }, +#endif #ifdef LDAP_CONTROL_X_DOMAIN_SCOPE { LDAP_CONTROL_X_DOMAIN_SCOPE, (int)offsetof(struct slap_control_ids, sc_domainScope), @@ -381,7 +390,7 @@ slap_find_control_id( } int -slap_global_control( Operation *op, const char *oid ) +slap_global_control( Operation *op, const char *oid, int *cid ) { struct slap_control *ctrl = find_ctrl( oid ); @@ -390,22 +399,23 @@ slap_global_control( Operation *op, const char *oid ) Debug( LDAP_DEBUG_ANY, "slap_global_control: unrecognized control: %s\n", oid, 0, 0 ); - assert( 0 ); - return 0; + return LDAP_CONTROL_NOT_FOUND; } - if ( ctrl->sc_mask & SLAP_CTRL_GLOBAL ) return 1; + if ( cid ) *cid = ctrl->sc_cid; - if (( op->o_tag & LDAP_REQ_SEARCH ) && - ( ctrl->sc_mask & SLAP_CTRL_GLOBAL_SEARCH )) + if ( ( ctrl->sc_mask & SLAP_CTRL_GLOBAL ) || + ( ( op->o_tag & LDAP_REQ_SEARCH ) && + ( ctrl->sc_mask & SLAP_CTRL_GLOBAL_SEARCH ) ) ) { - return 1; + return LDAP_COMPARE_TRUE; } - Debug( LDAP_DEBUG_ANY, + Debug( LDAP_DEBUG_TRACE, "slap_global_control: unavailable control: %s\n", oid, 0, 0 ); - return 0; + + return LDAP_COMPARE_FALSE; } void slap_free_ctrls( @@ -745,19 +755,17 @@ static int parseProxyAuthz ( ctrl->ldctl_value.bv_len ? ctrl->ldctl_value.bv_val : "anonymous", 0 ); - if( ctrl->ldctl_value.bv_len == 0 ) { + if ( ctrl->ldctl_value.bv_len == 0 ) { Debug( LDAP_DEBUG_TRACE, "parseProxyAuthz: conn=%lu anonymous\n", op->o_connid, 0, 0 ); /* anonymous */ - free( op->o_dn.bv_val ); - op->o_dn.bv_len = 0; - op->o_dn.bv_val = ch_strdup( "" ); - - free( op->o_ndn.bv_val ); + op->o_ndn.bv_val[ 0 ] = '\0'; op->o_ndn.bv_len = 0; - op->o_ndn.bv_val = ch_strdup( "" ); + + op->o_dn.bv_val[ 0 ] = '\0'; + op->o_dn.bv_len = 0; return LDAP_SUCCESS; } @@ -781,27 +789,26 @@ static int parseProxyAuthz ( rc = slap_sasl_authorized( op, &op->o_ndn, &dn ); - if( rc ) { + if ( rc ) { ch_free( dn.bv_val ); rs->sr_text = "not authorized to assume identity"; return LDAP_PROXY_AUTHZ_FAILURE; } - ch_free( op->o_dn.bv_val ); ch_free( op->o_ndn.bv_val ); - - op->o_dn.bv_val = NULL; - op->o_ndn = dn; - - Statslog( LDAP_DEBUG_STATS, "%s PROXYAUTHZ dn=\"%s\"\n", - op->o_log_prefix, dn.bv_val, 0, 0, 0 ); + ch_free( op->o_dn.bv_val ); /* * NOTE: since slap_sasl_getdn() returns a normalized dn, * from now on op->o_dn is normalized */ + op->o_ndn = dn; ber_dupbv( &op->o_dn, &dn ); + + Statslog( LDAP_DEBUG_STATS, "%s PROXYAUTHZ dn=\"%s\"\n", + op->o_log_prefix, dn.bv_val, 0, 0, 0 ); + return LDAP_SUCCESS; } @@ -949,6 +956,34 @@ done:; return rc; } +#ifdef LDAP_DEVEL +static int parseSortedResults ( + Operation *op, + SlapReply *rs, + LDAPControl *ctrl ) +{ + int rc = LDAP_SUCCESS; + + if ( op->o_sortedresults != SLAP_CONTROL_NONE ) { + rs->sr_text = "sorted results control specified multiple times"; + return LDAP_PROTOCOL_ERROR; + } + + if ( BER_BVISEMPTY( &ctrl->ldctl_value ) ) { + rs->sr_text = "sorted results control value is empty (or absent)"; + return LDAP_PROTOCOL_ERROR; + } + + /* blow off parsing the value */ + + op->o_sortedresults = ctrl->ldctl_iscritical + ? SLAP_CONTROL_CRITICAL + : SLAP_CONTROL_NONCRITICAL; + + return rc; +} +#endif + static int parseAssert ( Operation *op, SlapReply *rs, @@ -1190,8 +1225,8 @@ static int parseSubentries ( /* FIXME: should use BER library */ if( ( ctrl->ldctl_value.bv_len != 3 ) - && ( ctrl->ldctl_value.bv_val[0] != 0x01 ) - && ( ctrl->ldctl_value.bv_val[1] != 0x01 )) + || ( ctrl->ldctl_value.bv_val[0] != 0x01 ) + || ( ctrl->ldctl_value.bv_val[1] != 0x01 )) { rs->sr_text = "subentries control value encoding is bogus"; return LDAP_PROTOCOL_ERROR; @@ -1201,8 +1236,9 @@ static int parseSubentries ( ? SLAP_CONTROL_CRITICAL : SLAP_CONTROL_NONCRITICAL; - if ( (void *)(ctrl->ldctl_value.bv_val[2] != 0x00)) + if ( (void *)(ctrl->ldctl_value.bv_val[2] != 0x00)) { set_subentries_visibility( op ); + } return LDAP_SUCCESS; }