X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=servers%2Fslapd%2Fextended.c;h=bc34f65f60df30ea70ba6c2c8aca70a192c362be;hb=c6b5abbfd20567116846ebc38f0005c429284c98;hp=2bab109f195b2fa15c68e32bffea46787fc7409e;hpb=485f47870758e3d56e7a58a78b347e1a60b65148;p=openldap diff --git a/servers/slapd/extended.c b/servers/slapd/extended.c index 2bab109f19..bc34f65f60 100644 --- a/servers/slapd/extended.c +++ b/servers/slapd/extended.c @@ -1,7 +1,7 @@ /* $OpenLDAP$ */ /* This work is part of OpenLDAP Software . * - * Copyright 1999-2003 The OpenLDAP Foundation. + * Copyright 1999-2012 The OpenLDAP Foundation. * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -39,18 +39,6 @@ #include "slap.h" #include "lber_pvt.h" -#ifdef LDAP_SLAPI -#include "slapi.h" -#endif - -#define UNSUPPORTED_EXTENDEDOP "unsupported extended operation" - -#ifdef LDAP_DEVEL -#define SLAP_EXOP_HIDE 0x0000 -#else -#define SLAP_EXOP_HIDE 0x8000 -#endif - static struct extop_list { struct extop_list *next; struct berval oid; @@ -60,31 +48,23 @@ static struct extop_list { static SLAP_EXTOP_MAIN_FN whoami_extop; -/* this list of built-in extops is for extops that are not part - * of backends or in external modules. essentially, this is +/* This list of built-in extops is for extops that are not part + * of backends or in external modules. Essentially, this is * just a way to get built-in extops onto the extop list without * having a separate init routine for each built-in extop. */ -#ifdef LDAP_EXOP_X_CANCEL -const struct berval slap_EXOP_CANCEL = BER_BVC(LDAP_EXOP_X_CANCEL); -#endif -const struct berval slap_EXOP_WHOAMI = BER_BVC(LDAP_EXOP_X_WHO_AM_I); -const struct berval slap_EXOP_MODIFY_PASSWD = BER_BVC(LDAP_EXOP_MODIFY_PASSWD); -const struct berval slap_EXOP_START_TLS = BER_BVC(LDAP_EXOP_START_TLS); - static struct { const struct berval *oid; slap_mask_t flags; SLAP_EXTOP_MAIN_FN *ext_main; } builtin_extops[] = { -#ifdef LDAP_EXOP_X_CANCEL - { &slap_EXOP_CANCEL, SLAP_EXOP_HIDE, cancel_extop }, +#ifdef LDAP_X_TXN + { &slap_EXOP_TXN_START, 0, txn_start_extop }, + { &slap_EXOP_TXN_END, 0, txn_end_extop }, #endif + { &slap_EXOP_CANCEL, 0, cancel_extop }, { &slap_EXOP_WHOAMI, 0, whoami_extop }, - { &slap_EXOP_MODIFY_PASSWD, 0, passwd_extop }, -#ifdef HAVE_TLS - { &slap_EXOP_START_TLS, 0, starttls_extop }, -#endif + { &slap_EXOP_MODIFY_PASSWD, SLAP_EXOP_WRITES, passwd_extop }, { NULL, 0, NULL } }; @@ -140,174 +120,105 @@ do_extended( ) { struct berval reqdata = {0, NULL}; - ber_tag_t tag; ber_len_t len; - struct extop_list *ext = NULL; - -#if defined(LDAP_SLAPI) - Slapi_PBlock *pb = op->o_pb; - SLAPI_FUNC funcAddr = NULL; - int extop_rc; - int msg_sent = FALSE; -#endif /* defined(LDAP_SLAPI) */ - -#ifdef NEW_LOGGING - LDAP_LOG( OPERATION, ENTRY, "do_extended: conn %d\n", op->o_connid, 0, 0 ); -#else - Debug( LDAP_DEBUG_TRACE, "do_extended\n", 0, 0, 0 ); -#endif + + Debug( LDAP_DEBUG_TRACE, "%s do_extended\n", + op->o_log_prefix, 0, 0 ); if( op->o_protocol < LDAP_VERSION3 ) { -#ifdef NEW_LOGGING - LDAP_LOG( OPERATION, ERR, - "do_extended: protocol version (%d) too low.\n", op->o_protocol, 0, 0 ); -#else - Debug( LDAP_DEBUG_ANY, - "do_extended: protocol version (%d) too low\n", - op->o_protocol, 0 ,0 ); -#endif + Debug( LDAP_DEBUG_ANY, "%s do_extended: protocol version (%d) too low\n", + op->o_log_prefix, op->o_protocol, 0 ); send_ldap_discon( op, rs, LDAP_PROTOCOL_ERROR, "requires LDAPv3" ); - rs->sr_err = -1; + rs->sr_err = SLAPD_DISCONNECT; goto done; } if ( ber_scanf( op->o_ber, "{m" /*}*/, &op->ore_reqoid ) == LBER_ERROR ) { -#ifdef NEW_LOGGING - LDAP_LOG( OPERATION, ERR, "do_extended: conn %d ber_scanf failed\n", - op->o_connid, 0, 0 ); -#else - Debug( LDAP_DEBUG_ANY, "do_extended: ber_scanf failed\n", 0, 0 ,0 ); -#endif + Debug( LDAP_DEBUG_ANY, "%s do_extended: ber_scanf failed\n", + op->o_log_prefix, 0, 0 ); send_ldap_discon( op, rs, LDAP_PROTOCOL_ERROR, "decoding error" ); - rs->sr_err = -1; + rs->sr_err = SLAPD_DISCONNECT; goto done; } -#ifdef LDAP_SLAPI - getPluginFunc( &op->ore_reqoid, &funcAddr ); /* NS-SLAPI extended operation */ - if( !funcAddr && !(ext = find_extop(supp_ext_list, &op->ore_reqoid ))) -#else - if( !(ext = find_extop(supp_ext_list, &op->ore_reqoid ))) -#endif - { -#ifdef NEW_LOGGING - LDAP_LOG( OPERATION, ERR, - "do_extended: conn %d unsupported operation \"%s\"\n", - op->o_connid, op->ore_reqoid.bv_val, 0 ); -#else - Debug( LDAP_DEBUG_ANY, "do_extended: unsupported operation \"%s\"\n", - op->ore_reqoid.bv_val, 0 ,0 ); -#endif - send_ldap_error( op, rs, LDAP_PROTOCOL_ERROR, - "unsupported extended operation" ); - goto done; - } - - tag = ber_peek_tag( op->o_ber, &len ); - if( ber_peek_tag( op->o_ber, &len ) == LDAP_TAG_EXOP_REQ_VALUE ) { if( ber_scanf( op->o_ber, "m", &reqdata ) == LBER_ERROR ) { -#ifdef NEW_LOGGING - LDAP_LOG( OPERATION, ERR, - "do_extended: conn %d ber_scanf failed\n", - op->o_connid, 0, 0 ); -#else - Debug( LDAP_DEBUG_ANY, "do_extended: ber_scanf failed\n", 0, 0 ,0 ); -#endif + Debug( LDAP_DEBUG_ANY, "%s do_extended: ber_scanf failed\n", + op->o_log_prefix, 0, 0 ); send_ldap_discon( op, rs, LDAP_PROTOCOL_ERROR, "decoding error" ); - rs->sr_err = -1; + rs->sr_err = SLAPD_DISCONNECT; goto done; } } if( get_ctrls( op, rs, 1 ) != LDAP_SUCCESS ) { -#ifdef NEW_LOGGING - LDAP_LOG( OPERATION, ERR, - "do_extended: conn %d get_ctrls failed\n", op->o_connid, 0, 0 ); -#else - Debug( LDAP_DEBUG_ANY, "do_extended: get_ctrls failed\n", 0, 0 ,0 ); -#endif + Debug( LDAP_DEBUG_ANY, "%s do_extended: get_ctrls failed\n", + op->o_log_prefix, 0, 0 ); return rs->sr_err; } + Statslog( LDAP_DEBUG_STATS, "%s EXT oid=%s\n", + op->o_log_prefix, op->ore_reqoid.bv_val, 0, 0, 0 ); + /* check for controls inappropriate for all extended operations */ - if( get_manageDSAit( op ) == SLAP_CRITICAL_CONTROL ) { + if( get_manageDSAit( op ) == SLAP_CONTROL_CRITICAL ) { send_ldap_error( op, rs, LDAP_UNAVAILABLE_CRITICAL_EXTENSION, "manageDSAit control inappropriate" ); goto done; } -#ifdef NEW_LOGGING - LDAP_LOG( OPERATION, DETAIL1, - "do_extended: conn %d oid=%s\n.", op->o_connid, op->ore_reqoid.bv_val, 0 ); -#else - Debug( LDAP_DEBUG_ARGS, "do_extended: oid=%s\n", op->ore_reqoid.bv_val, 0 ,0 ); -#endif + /* FIXME: temporary? */ + if ( reqdata.bv_val ) { + op->ore_reqdata = &reqdata; + } -#if defined(LDAP_SLAPI) - if ( funcAddr != NULL ) { - rs->sr_err = slapi_pblock_set( pb, SLAPI_EXT_OP_REQ_OID, - (void *)op->ore_reqoid.bv_val); - if ( rs->sr_err != LDAP_SUCCESS ) { - rs->sr_err = LDAP_OTHER; - goto done; - } + op->o_bd = frontendDB; + rs->sr_err = frontendDB->be_extended( op, rs ); - rs->sr_err = slapi_pblock_set( pb, SLAPI_EXT_OP_REQ_VALUE, - (void *)&reqdata); - if ( rs->sr_err != LDAP_SUCCESS ) { - rs->sr_err = LDAP_OTHER; - goto done; + /* clean up in case some overlay set them? */ + if ( !BER_BVISNULL( &op->o_req_ndn ) ) { + if ( !BER_BVISNULL( &op->o_req_dn ) + && op->o_req_ndn.bv_val != op->o_req_dn.bv_val ) + { + op->o_tmpfree( op->o_req_dn.bv_val, op->o_tmpmemctx ); } + op->o_tmpfree( op->o_req_ndn.bv_val, op->o_tmpmemctx ); + BER_BVZERO( &op->o_req_dn ); + BER_BVZERO( &op->o_req_ndn ); + } - rs->sr_err = slapi_x_pblock_set_operation( pb, op ); - if ( rs->sr_err != LDAP_SUCCESS ) { - rs->sr_err = LDAP_OTHER; - goto done; - } +done: + return rs->sr_err; +} - extop_rc = (*funcAddr)( pb ); - if ( extop_rc == SLAPI_PLUGIN_EXTENDED_SENT_RESULT ) { - msg_sent = TRUE; +int +fe_extended( Operation *op, SlapReply *rs ) +{ + struct extop_list *ext = NULL; + struct berval reqdata = BER_BVNULL; - } else if ( extop_rc == SLAPI_PLUGIN_EXTENDED_NOT_HANDLED ) { - rs->sr_err = LDAP_PROTOCOL_ERROR; - rs->sr_text = UNSUPPORTED_EXTENDEDOP; + if (op->ore_reqdata) { + reqdata = *op->ore_reqdata; + } - } else { - rs->sr_err = slapi_pblock_get( pb, SLAPI_EXT_OP_RET_OID, - &rs->sr_rspoid); - if ( rs->sr_err != LDAP_SUCCESS ) { - goto done2; - } + ext = find_extop(supp_ext_list, &op->ore_reqoid ); + if ( ext == NULL ) { + Debug( LDAP_DEBUG_ANY, "%s do_extended: unsupported operation \"%s\"\n", + op->o_log_prefix, op->ore_reqoid.bv_val, 0 ); + send_ldap_error( op, rs, LDAP_PROTOCOL_ERROR, + "unsupported extended operation" ); + goto done; + } - rs->sr_err = slapi_pblock_get( pb, SLAPI_EXT_OP_RET_VALUE, - &rs->sr_rspdata); - if ( rs->sr_err != LDAP_SUCCESS ) { - goto done2; - } + op->ore_flags = ext->flags; - rs->sr_err = extop_rc; - send_ldap_extended( op, rs ); - msg_sent = TRUE; - } + Debug( LDAP_DEBUG_ARGS, "do_extended: oid=%s\n", + op->ore_reqoid.bv_val, 0 ,0 ); -done2:; - if ( rs->sr_err != LDAP_SUCCESS && msg_sent == FALSE ) { - send_ldap_result( op, rs ); - } + { /* start of OpenLDAP extended operation */ + BackendDB *bd = op->o_bd; - if ( rs->sr_rspoid != NULL ) { - ch_free( (char *)rs->sr_rspoid ); - } - - if ( rs->sr_rspdata != NULL ) { - ber_bvfree( rs->sr_rspdata ); - } - } else { /* start of OpenLDAP extended operation */ -#endif /* defined( LDAP_SLAPI ) */ - if (reqdata.bv_val) op->ore_reqdata = &reqdata; rs->sr_err = (ext->ext_main)( op, rs ); if( rs->sr_err != SLAPD_ABANDON ) { @@ -321,6 +232,8 @@ done2:; } } + if ( op->o_bd == NULL ) + op->o_bd = bd; send_ldap_extended( op, rs ); if ( rs->sr_ref != default_referral ) { @@ -331,60 +244,147 @@ done2:; if ( rs->sr_rspoid != NULL ) { free( (char *)rs->sr_rspoid ); + rs->sr_rspoid = NULL; } if ( rs->sr_rspdata != NULL ) { ber_bvfree( rs->sr_rspdata ); + rs->sr_rspdata = NULL; } -#ifdef LDAP_SLAPI } /* end of OpenLDAP extended operation */ -#endif /* LDAP_SLAPI */ -done: +done:; return rs->sr_err; } int -load_extop( - struct berval *ext_oid, +load_extop2( + const struct berval *ext_oid, slap_mask_t ext_flags, - SLAP_EXTOP_MAIN_FN *ext_main ) + SLAP_EXTOP_MAIN_FN *ext_main, + unsigned flags ) { - struct extop_list *ext; + struct berval oidm = BER_BVNULL; + struct extop_list *ext; + int insertme = 0; - if( ext_oid == NULL || ext_oid->bv_val == NULL || - ext_oid->bv_val[0] == '\0' || ext_oid->bv_len == 0 ) return -1; - if(!ext_main) return -1; + if ( !ext_main ) { + return -1; + } - ext = ch_calloc(1, sizeof(struct extop_list) + ext_oid->bv_len + 1); - if (ext == NULL) - return(-1); + if ( ext_oid == NULL || BER_BVISNULL( ext_oid ) || + BER_BVISEMPTY( ext_oid ) ) + { + return -1; + } - ext->flags = ext_flags; + if ( numericoidValidate( NULL, (struct berval *)ext_oid ) != + LDAP_SUCCESS ) + { + oidm.bv_val = oidm_find( ext_oid->bv_val ); + if ( oidm.bv_val == NULL ) { + return -1; + } + oidm.bv_len = strlen( oidm.bv_val ); + ext_oid = &oidm; + } + + for ( ext = supp_ext_list; ext; ext = ext->next ) { + if ( bvmatch( ext_oid, &ext->oid ) ) { + if ( flags == 1 ) { + break; + } + return -1; + } + } + + if ( flags == 0 || ext == NULL ) { + ext = ch_calloc( 1, sizeof(struct extop_list) + ext_oid->bv_len + 1 ); + if ( ext == NULL ) { + return(-1); + } + + ext->oid.bv_val = (char *)(ext + 1); + AC_MEMCPY( ext->oid.bv_val, ext_oid->bv_val, ext_oid->bv_len ); + ext->oid.bv_len = ext_oid->bv_len; + ext->oid.bv_val[ext->oid.bv_len] = '\0'; - ext->oid.bv_val = (char *)(ext + 1); - AC_MEMCPY( ext->oid.bv_val, ext_oid->bv_val, ext_oid->bv_len ); - ext->oid.bv_len = ext_oid->bv_len; - ext->oid.bv_val[ext->oid.bv_len] = '\0'; + insertme = 1; + } + ext->flags = ext_flags; ext->ext_main = ext_main; - ext->next = supp_ext_list; - supp_ext_list = ext; + if ( insertme ) { + ext->next = supp_ext_list; + supp_ext_list = ext; + } return(0); } +int +unload_extop( + const struct berval *ext_oid, + SLAP_EXTOP_MAIN_FN *ext_main, + unsigned flags ) +{ + struct berval oidm = BER_BVNULL; + struct extop_list *ext, **extp; + + /* oid must be given */ + if ( ext_oid == NULL || BER_BVISNULL( ext_oid ) || + BER_BVISEMPTY( ext_oid ) ) + { + return -1; + } + + /* if it's not an oid, check if it's a macto */ + if ( numericoidValidate( NULL, (struct berval *)ext_oid ) != + LDAP_SUCCESS ) + { + oidm.bv_val = oidm_find( ext_oid->bv_val ); + if ( oidm.bv_val == NULL ) { + return -1; + } + oidm.bv_len = strlen( oidm.bv_val ); + ext_oid = &oidm; + } + + /* lookup the oid */ + for ( extp = &supp_ext_list; *extp; extp = &(*extp)->next ) { + if ( bvmatch( ext_oid, &(*extp)->oid ) ) { + /* if ext_main is given, only remove if it matches */ + if ( ext_main != NULL && (*extp)->ext_main != ext_main ) { + return -1; + } + break; + } + } + + if ( *extp == NULL ) { + return -1; + } + + ext = *extp; + *extp = (*extp)->next; + + ch_free( ext ); + + return 0; +} + int extops_init (void) { int i; - for (i = 0; builtin_extops[i].oid != NULL; i++) { - load_extop((struct berval *)builtin_extops[i].oid, + for ( i = 0; builtin_extops[i].oid != NULL; i++ ) { + load_extop( (struct berval *)builtin_extops[i].oid, builtin_extops[i].flags, - builtin_extops[i].ext_main); + builtin_extops[i].ext_main ); } + return(0); } @@ -414,6 +414,8 @@ find_extop( struct extop_list *list, struct berval *oid ) } +const struct berval slap_EXOP_WHOAMI = BER_BVC(LDAP_EXOP_WHO_AM_I); + static int whoami_extop ( Operation *op, @@ -427,18 +429,22 @@ whoami_extop ( return LDAP_PROTOCOL_ERROR; } + Statslog( LDAP_DEBUG_STATS, "%s WHOAMI\n", + op->o_log_prefix, 0, 0, 0, 0 ); + op->o_bd = op->o_conn->c_authz_backend; if( backend_check_restrictions( op, rs, - (struct berval *)&slap_EXOP_WHOAMI ) != LDAP_SUCCESS ) { + (struct berval *)&slap_EXOP_WHOAMI ) != LDAP_SUCCESS ) + { return rs->sr_err; } bv = (struct berval *) ch_malloc( sizeof(struct berval) ); if( op->o_dn.bv_len ) { - bv->bv_len = op->o_dn.bv_len + sizeof("dn:")-1; + bv->bv_len = op->o_dn.bv_len + STRLENOF( "dn:" ); bv->bv_val = ch_malloc( bv->bv_len + 1 ); - AC_MEMCPY( bv->bv_val, "dn:", sizeof("dn:")-1 ); - AC_MEMCPY( &bv->bv_val[sizeof("dn:")-1], op->o_dn.bv_val, + AC_MEMCPY( bv->bv_val, "dn:", STRLENOF( "dn:" ) ); + AC_MEMCPY( &bv->bv_val[STRLENOF( "dn:" )], op->o_dn.bv_val, op->o_dn.bv_len ); bv->bv_val[bv->bv_len] = '\0';