X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=servers%2Fslapd%2Fcontrols.c;h=ea2ecba0ec2edea11f055924a6459c27ad792789;hb=eb6b2650091656bde96fbbdb87a5b8154cdc319b;hp=b6c356e7413293b2f07234363f799e970749b2e3;hpb=d3e288dffe178be4fde51cb072032f4f52b5e4fe;p=openldap

diff --git a/servers/slapd/controls.c b/servers/slapd/controls.c
index b6c356e741..ea2ecba0ec 100644
--- a/servers/slapd/controls.c
+++ b/servers/slapd/controls.c
@@ -1,7 +1,7 @@
 /* $OpenLDAP$ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -849,8 +849,8 @@ static int parseDontUseCopy (
 		return LDAP_PROTOCOL_ERROR;
 	}
 
-	if ( ctrl->ldctl_value.bv_len ) {
-		rs->sr_text = "dontUseCopy control value not empty";
+	if ( !BER_BVISNULL( &ctrl->ldctl_value )) {
+		rs->sr_text = "dontUseCopy control value not absent";
 		return LDAP_PROTOCOL_ERROR;
 	}
 
@@ -873,8 +873,8 @@ static int parseRelax (
 		return LDAP_PROTOCOL_ERROR;
 	}
 
-	if ( ctrl->ldctl_value.bv_len ) {
-		rs->sr_text = "relax control value not empty";
+	if ( !BER_BVISNULL( &ctrl->ldctl_value )) {
+		rs->sr_text = "relax control value not absent";
 		return LDAP_PROTOCOL_ERROR;
 	}
 
@@ -895,8 +895,8 @@ static int parseManageDSAit (
 		return LDAP_PROTOCOL_ERROR;
 	}
 
-	if ( ctrl->ldctl_value.bv_len ) {
-		rs->sr_text = "manageDSAit control value not empty";
+	if ( !BER_BVISNULL( &ctrl->ldctl_value )) {
+		rs->sr_text = "manageDSAit control value not absent";
 		return LDAP_PROTOCOL_ERROR;
 	}
 
@@ -920,6 +920,11 @@ static int parseProxyAuthz (
 		return LDAP_PROTOCOL_ERROR;
 	}
 
+	if ( BER_BVISNULL( &ctrl->ldctl_value )) {
+		rs->sr_text = "proxy authorization control value absent";
+		return LDAP_PROTOCOL_ERROR;
+	}
+
 	if ( !( global_allows & SLAP_ALLOW_PROXY_AUTHZ_ANON )
 		&& BER_BVISEMPTY( &op->o_ndn ) )
 	{
@@ -937,7 +942,7 @@ static int parseProxyAuthz (
 		ctrl->ldctl_value.bv_len ?  ctrl->ldctl_value.bv_val : "anonymous",
 		0 );
 
-	if ( ctrl->ldctl_value.bv_len == 0 ) {
+	if ( BER_BVISEMPTY( &ctrl->ldctl_value )) {
 		Debug( LDAP_DEBUG_TRACE,
 			"parseProxyAuthz: conn=%lu anonymous\n", 
 			op->o_connid, 0, 0 );
@@ -991,7 +996,6 @@ static int parseProxyAuthz (
 	op->o_ndn = dn;
 	ber_dupbv( &op->o_dn, &dn );
 
-
 	Statslog( LDAP_DEBUG_STATS, "%s PROXYAUTHZ dn=\"%s\"\n",
 	    op->o_log_prefix, dn.bv_val, 0, 0, 0 );
 
@@ -1037,8 +1041,13 @@ static int parsePagedResults (
 		return LDAP_PROTOCOL_ERROR;
 	}
 
+	if ( BER_BVISNULL( &ctrl->ldctl_value ) ) {
+		rs->sr_text = "paged results control value is absent";
+		return LDAP_PROTOCOL_ERROR;
+	}
+
 	if ( BER_BVISEMPTY( &ctrl->ldctl_value ) ) {
-		rs->sr_text = "paged results control value is empty (or absent)";
+		rs->sr_text = "paged results control value is empty";
 		return LDAP_PROTOCOL_ERROR;
 	}
 
@@ -1113,8 +1122,13 @@ static int parseSortedResults (
 		return LDAP_PROTOCOL_ERROR;
 	}
 
+	if ( BER_BVISNULL( &ctrl->ldctl_value ) ) {
+		rs->sr_text = "sorted results control value is absent";
+		return LDAP_PROTOCOL_ERROR;
+	}
+
 	if ( BER_BVISEMPTY( &ctrl->ldctl_value ) ) {
-		rs->sr_text = "sorted results control value is empty (or absent)";
+		rs->sr_text = "sorted results control value is empty";
 		return LDAP_PROTOCOL_ERROR;
 	}
 
@@ -1141,8 +1155,13 @@ static int parseAssert (
 		return LDAP_PROTOCOL_ERROR;
 	}
 
-	if ( ctrl->ldctl_value.bv_len == 0 ) {
-		rs->sr_text = "assert control value is empty (or absent)";
+	if ( BER_BVISNULL( &ctrl->ldctl_value )) {
+		rs->sr_text = "assert control value is absent";
+		return LDAP_PROTOCOL_ERROR;
+	}
+
+	if ( BER_BVISEMPTY( &ctrl->ldctl_value )) {
+		rs->sr_text = "assert control value is empty";
 		return LDAP_PROTOCOL_ERROR;
 	}
 
@@ -1199,8 +1218,13 @@ static int parsePreRead (
 		return LDAP_PROTOCOL_ERROR;
 	}
 
-	if ( ctrl->ldctl_value.bv_len == 0 ) {
-		rs->sr_text = "preread control value is empty (or absent)";
+	if ( BER_BVISNULL( &ctrl->ldctl_value )) {
+		rs->sr_text = "preread control value is absent";
+		return LDAP_PROTOCOL_ERROR;
+	}
+
+	if ( BER_BVISEMPTY( &ctrl->ldctl_value )) {
+		rs->sr_text = "preread control value is empty";
 		return LDAP_PROTOCOL_ERROR;
 	}
 
@@ -1267,8 +1291,13 @@ static int parsePostRead (
 		return LDAP_PROTOCOL_ERROR;
 	}
 
-	if ( ctrl->ldctl_value.bv_len == 0 ) {
-		rs->sr_text = "postread control value is empty (or absent)";
+	if ( BER_BVISNULL( &ctrl->ldctl_value )) {
+		rs->sr_text = "postread control value is absent";
+		return LDAP_PROTOCOL_ERROR;
+	}
+
+	if ( BER_BVISEMPTY( &ctrl->ldctl_value )) {
+		rs->sr_text = "postread control value is empty";
 		return LDAP_PROTOCOL_ERROR;
 	}
 
@@ -1294,18 +1323,37 @@ static int parsePostRead (
 		goto done;
 	}
 
-	for( i=0; i<siz; i++ ) {
+	for ( i = 0; i < siz; i++ ) {
 		const char	*dummy = NULL;
+		int		rc;
 
 		an[i].an_desc = NULL;
 		an[i].an_oc = NULL;
 		an[i].an_oc_exclude = 0;
-		rs->sr_err = slap_bv2ad( &an[i].an_name, &an[i].an_desc, &dummy );
-		if ( rs->sr_err != LDAP_SUCCESS && ctrl->ldctl_iscritical ) {
-			rs->sr_text = dummy
-				? dummy
-				: "postread control: unknown attributeType";
-			goto done;
+		rc = slap_bv2ad( &an[i].an_name, &an[i].an_desc, &dummy );
+		if ( rc != LDAP_SUCCESS ) {
+			int			i;
+			static struct berval	special_attrs[] = {
+				BER_BVC( LDAP_NO_ATTRS ),
+				BER_BVC( LDAP_ALL_USER_ATTRIBUTES ),
+				BER_BVC( LDAP_ALL_OPERATIONAL_ATTRIBUTES ),
+				BER_BVNULL
+			};
+
+			/* deal with special attribute types */
+			for ( i = 0; !BER_BVISNULL( &special_attrs[ i ] ); i++ ) {
+				if ( bvmatch( &an[i].an_name, &special_attrs[ i ] ) ) {
+					break;
+				}
+			}
+
+			if ( BER_BVISNULL( &special_attrs[ i ] ) && ctrl->ldctl_iscritical ) {
+				rs->sr_err = rc;
+				rs->sr_text = dummy
+					? dummy
+					: "postread control: unknown attributeType";
+				goto done;
+			}
 		}
 	}
 
@@ -1333,8 +1381,13 @@ static int parseValuesReturnFilter (
 		return LDAP_PROTOCOL_ERROR;
 	}
 
-	if ( ctrl->ldctl_value.bv_len == 0 ) {
-		rs->sr_text = "valuesReturnFilter control value is empty (or absent)";
+	if ( BER_BVISNULL( &ctrl->ldctl_value )) {
+		rs->sr_text = "valuesReturnFilter control value is absent";
+		return LDAP_PROTOCOL_ERROR;
+	}
+
+	if ( BER_BVISEMPTY( &ctrl->ldctl_value )) {
+		rs->sr_text = "valuesReturnFilter control value is empty";
 		return LDAP_PROTOCOL_ERROR;
 	}
 
@@ -1417,8 +1470,8 @@ static int parsePermissiveModify (
 		return LDAP_PROTOCOL_ERROR;
 	}
 
-	if ( ctrl->ldctl_value.bv_len ) {
-		rs->sr_text = "permissiveModify control value not empty";
+	if ( BER_BVISNULL( &ctrl->ldctl_value )) {
+		rs->sr_text = "permissiveModify control value not absent";
 		return LDAP_PROTOCOL_ERROR;
 	}
 
@@ -1439,7 +1492,7 @@ static int parseDomainScope (
 		return LDAP_PROTOCOL_ERROR;
 	}
 
-	if ( ctrl->ldctl_value.bv_len ) {
+	if ( BER_BVISNULL( &ctrl->ldctl_value )) {
 		rs->sr_text = "domainScope control value not empty";
 		return LDAP_PROTOCOL_ERROR;
 	}
@@ -1462,8 +1515,8 @@ static int parseTreeDelete (
 		return LDAP_PROTOCOL_ERROR;
 	}
 
-	if ( ctrl->ldctl_value.bv_len ) {
-		rs->sr_text = "treeDelete control value not empty";
+	if ( BER_BVISNULL( &ctrl->ldctl_value )) {
+		rs->sr_text = "treeDelete control value not absent";
 		return LDAP_PROTOCOL_ERROR;
 	}
 
@@ -1484,8 +1537,13 @@ static int parseSearchOptions (
 	ber_int_t search_flags;
 	ber_tag_t tag;
 
-	if ( ctrl->ldctl_value.bv_len == 0 ) {
-		rs->sr_text = "searchOptions control value is empty (or absent)";
+	if ( BER_BVISNULL( &ctrl->ldctl_value )) {
+		rs->sr_text = "searchOptions control value is absent";
+		return LDAP_PROTOCOL_ERROR;
+	}
+
+	if ( BER_BVISEMPTY( &ctrl->ldctl_value )) {
+		rs->sr_text = "searchOptions control value is empty";
 		return LDAP_PROTOCOL_ERROR;
 	}