X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=servers%2Fslapd%2Fcontrols.c;h=6caa711acec2dc7c9eb513099ba8487330497485;hb=703531fe5c39e839b74dfbb6760dd8f39dac56b3;hp=ee2a36742f91aca599ebb4f9e732a257f23d11c5;hpb=329f79f209306dc45a608dd532e6ea19ed050803;p=openldap diff --git a/servers/slapd/controls.c b/servers/slapd/controls.c index ee2a36742f..6caa711ace 100644 --- a/servers/slapd/controls.c +++ b/servers/slapd/controls.c @@ -1,7 +1,7 @@ /* $OpenLDAP$ */ /* This work is part of OpenLDAP Software . * - * Copyright 1998-2008 The OpenLDAP Foundation. + * Copyright 1998-2012 The OpenLDAP Foundation. * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -123,8 +123,7 @@ static char *session_tracking_extops[] = { static struct slap_control control_defs[] = { { LDAP_CONTROL_ASSERT, (int)offsetof(struct slap_control_ids, sc_assert), - SLAP_CTRL_DELETE|SLAP_CTRL_MODIFY|SLAP_CTRL_RENAME| - SLAP_CTRL_COMPARE|SLAP_CTRL_SEARCH, + SLAP_CTRL_UPDATE|SLAP_CTRL_COMPARE|SLAP_CTRL_SEARCH, NULL, NULL, parseAssert, LDAP_SLIST_ENTRY_INITIALIZER(next) }, { LDAP_CONTROL_PRE_READ, @@ -345,6 +344,38 @@ register_supported_control2(const char *controloid, return LDAP_SUCCESS; } +#ifdef SLAP_CONFIG_DELETE +int +unregister_supported_control( const char *controloid ) +{ + struct slap_control *sc; + int i; + + if ( controloid == NULL || (sc = find_ctrl( controloid )) == NULL ){ + return -1; + } + + for ( i = 0; slap_known_controls[ i ]; i++ ) { + if ( strcmp( controloid, slap_known_controls[ i ] ) == 0 ) { + do { + slap_known_controls[ i ] = slap_known_controls[ i+1 ]; + } while ( slap_known_controls[ i++ ] ); + num_known_controls--; + break; + } + } + + LDAP_SLIST_REMOVE(&controls_list, sc, slap_control, sc_next); + ch_free( sc->sc_oid ); + if ( sc->sc_extendedopsbv != NULL ) { + ber_bvarray_free( sc->sc_extendedopsbv ); + } + ch_free( sc ); + + return 0; +} +#endif /* SLAP_CONFIG_DELETE */ + /* * One-time initialization of internal controls. */ @@ -540,6 +571,37 @@ void slap_free_ctrls( op->o_tmpfree( ctrls, op->o_tmpmemctx ); } +int slap_add_ctrls( + Operation *op, + SlapReply *rs, + LDAPControl **ctrls ) +{ + int i = 0, j; + LDAPControl **ctrlsp; + + if ( rs->sr_ctrls ) { + for ( ; rs->sr_ctrls[ i ]; i++ ) ; + } + + for ( j=0; ctrls[j]; j++ ) ; + + ctrlsp = op->o_tmpalloc(( i+j+1 )*sizeof(LDAPControl *), op->o_tmpmemctx ); + i = 0; + if ( rs->sr_ctrls ) { + for ( ; rs->sr_ctrls[i]; i++ ) + ctrlsp[i] = rs->sr_ctrls[i]; + } + for ( j=0; ctrls[j]; j++) + ctrlsp[i++] = ctrls[j]; + ctrlsp[i] = NULL; + + if ( rs->sr_flags & REP_CTRLS_MUSTBEFREED ) + op->o_tmpfree( rs->sr_ctrls, op->o_tmpmemctx ); + rs->sr_ctrls = ctrlsp; + rs->sr_flags |= REP_CTRLS_MUSTBEFREED; + return i; +} + int slap_parse_ctrl( Operation *op, SlapReply *rs, @@ -863,7 +925,9 @@ return_results: } if ( get_whatFailed( op ) ) { - char *oids[ 2 ] = { failed_oid, NULL }; + char *oids[ 2 ]; + oids[ 0 ] = failed_oid; + oids[ 1 ] = NULL; slap_ctrl_whatFailed_add( op, rs, oids ); } } @@ -960,6 +1024,13 @@ static int parseDontUseCopy ( return LDAP_PROTOCOL_ERROR; } + if ( ( global_disallows & SLAP_DISALLOW_DONTUSECOPY_N_CRIT ) + && !ctrl->ldctl_iscritical ) + { + rs->sr_text = "dontUseCopy criticality of FALSE not allowed"; + return LDAP_PROTOCOL_ERROR; + } + op->o_dontUseCopy = ctrl->ldctl_iscritical ? SLAP_CONTROL_CRITICAL : SLAP_CONTROL_NONCRITICAL; @@ -1029,6 +1100,13 @@ static int parseProxyAuthz ( return LDAP_PROTOCOL_ERROR; } + if ( ( global_disallows & SLAP_DISALLOW_PROXY_AUTHZ_N_CRIT ) + && !ctrl->ldctl_iscritical ) + { + rs->sr_text = "proxied authorization criticality of FALSE not allowed"; + return LDAP_PROTOCOL_ERROR; + } + if ( !( global_allows & SLAP_ALLOW_PROXY_AUTHZ_ANON ) && BER_BVISEMPTY( &op->o_ndn ) ) { @@ -1091,14 +1169,13 @@ static int parseProxyAuthz ( } ch_free( op->o_ndn.bv_val ); - ch_free( op->o_dn.bv_val ); /* * NOTE: since slap_sasl_getdn() returns a normalized dn, * from now on op->o_dn is normalized */ op->o_ndn = dn; - ber_dupbv( &op->o_dn, &dn ); + ber_bvreplace( &op->o_dn, &dn ); Statslog( LDAP_DEBUG_STATS, "%s PROXYAUTHZ dn=\"%s\"\n", op->o_log_prefix, dn.bv_val, 0, 0, 0 ); @@ -1188,6 +1265,8 @@ static int parsePagedResults ( if ( !cookie.bv_len ) { ps->ps_count = 0; ps->ps_cookie = 0; + /* taint ps_cookie, to detect whether it's set */ + op->o_conn->c_pagedresults_state.ps_cookie = NOID; } /* NOTE: according to RFC 2696 3.: @@ -1368,7 +1447,7 @@ parseReadAttrs( an[i].an_desc = NULL; an[i].an_oc = NULL; - an[i].an_oc_exclude = 0; + an[i].an_flags = 0; rc = slap_bv2ad( &an[i].an_name, &an[i].an_desc, &dummy ); if ( rc == LDAP_SUCCESS ) { an[i].an_name = an[i].an_desc->ad_cname; @@ -1534,7 +1613,7 @@ static int parsePermissiveModify ( return LDAP_PROTOCOL_ERROR; } - if ( BER_BVISNULL( &ctrl->ldctl_value )) { + if ( !BER_BVISNULL( &ctrl->ldctl_value )) { rs->sr_text = "permissiveModify control value not absent"; return LDAP_PROTOCOL_ERROR; } @@ -1625,6 +1704,24 @@ static int parseSearchOptions ( return LDAP_PROTOCOL_ERROR; } + if ( search_flags & ~(LDAP_SEARCH_FLAG_DOMAIN_SCOPE) ) { + /* Search flags not recognised so far, + * including: + * LDAP_SEARCH_FLAG_PHANTOM_ROOT + */ + if ( ctrl->ldctl_iscritical ) { + rs->sr_text = "searchOptions contained unrecognized flag"; + return LDAP_UNWILLING_TO_PERFORM; + } + + /* Ignore */ + Debug( LDAP_DEBUG_TRACE, + "searchOptions: conn=%lu unrecognized flag(s) 0x%x (non-critical)\n", + op->o_connid, (unsigned)search_flags, 0 ); + + return LDAP_SUCCESS; + } + if ( search_flags & LDAP_SEARCH_FLAG_DOMAIN_SCOPE ) { if ( op->o_domain_scope != SLAP_CONTROL_NONE ) { rs->sr_text = "searchOptions control specified multiple times " @@ -1637,15 +1734,6 @@ static int parseSearchOptions ( : SLAP_CONTROL_NONCRITICAL; } - if ( search_flags & ~(LDAP_SEARCH_FLAG_DOMAIN_SCOPE) ) { - /* Other search flags not recognised so far, - * including: - * LDAP_SEARCH_FLAG_PHANTOM_ROOM - */ - rs->sr_text = "searchOptions contained unrecognized flag"; - return LDAP_UNWILLING_TO_PERFORM; - } - return LDAP_SUCCESS; }