X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=servers%2Fslapd%2Fextended.c;h=bc34f65f60df30ea70ba6c2c8aca70a192c362be;hb=c6b5abbfd20567116846ebc38f0005c429284c98;hp=36c42e446ecfc61baa9f6526036eb8cda6ed6a4d;hpb=8c52d0e40160096d267b461d2285733432a14138;p=openldap diff --git a/servers/slapd/extended.c b/servers/slapd/extended.c index 36c42e446e..bc34f65f60 100644 --- a/servers/slapd/extended.c +++ b/servers/slapd/extended.c @@ -1,7 +1,7 @@ /* $OpenLDAP$ */ /* This work is part of OpenLDAP Software . * - * Copyright 1999-2005 The OpenLDAP Foundation. + * Copyright 1999-2012 The OpenLDAP Foundation. * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -39,9 +39,6 @@ #include "slap.h" #include "lber_pvt.h" -#define UNSUPPORTED_EXOP "unsupported extended operation" - - static struct extop_list { struct extop_list *next; struct berval oid; @@ -56,22 +53,18 @@ static SLAP_EXTOP_MAIN_FN whoami_extop; * just a way to get built-in extops onto the extop list without * having a separate init routine for each built-in extop. */ -const struct berval slap_EXOP_CANCEL = BER_BVC(LDAP_EXOP_X_CANCEL); -const struct berval slap_EXOP_WHOAMI = BER_BVC(LDAP_EXOP_X_WHO_AM_I); -const struct berval slap_EXOP_MODIFY_PASSWD = BER_BVC(LDAP_EXOP_MODIFY_PASSWD); -const struct berval slap_EXOP_START_TLS = BER_BVC(LDAP_EXOP_START_TLS); - static struct { const struct berval *oid; slap_mask_t flags; SLAP_EXTOP_MAIN_FN *ext_main; } builtin_extops[] = { - { &slap_EXOP_CANCEL, SLAP_EXOP_HIDE, cancel_extop }, +#ifdef LDAP_X_TXN + { &slap_EXOP_TXN_START, 0, txn_start_extop }, + { &slap_EXOP_TXN_END, 0, txn_end_extop }, +#endif + { &slap_EXOP_CANCEL, 0, cancel_extop }, { &slap_EXOP_WHOAMI, 0, whoami_extop }, { &slap_EXOP_MODIFY_PASSWD, SLAP_EXOP_WRITES, passwd_extop }, -#ifdef HAVE_TLS - { &slap_EXOP_START_TLS, 0, starttls_extop }, -#endif { NULL, 0, NULL } }; @@ -127,32 +120,31 @@ do_extended( ) { struct berval reqdata = {0, NULL}; - ber_tag_t tag; ber_len_t len; - Debug( LDAP_DEBUG_TRACE, "do_extended\n", 0, 0, 0 ); + Debug( LDAP_DEBUG_TRACE, "%s do_extended\n", + op->o_log_prefix, 0, 0 ); if( op->o_protocol < LDAP_VERSION3 ) { - Debug( LDAP_DEBUG_ANY, - "do_extended: protocol version (%d) too low\n", - op->o_protocol, 0 ,0 ); + Debug( LDAP_DEBUG_ANY, "%s do_extended: protocol version (%d) too low\n", + op->o_log_prefix, op->o_protocol, 0 ); send_ldap_discon( op, rs, LDAP_PROTOCOL_ERROR, "requires LDAPv3" ); rs->sr_err = SLAPD_DISCONNECT; goto done; } if ( ber_scanf( op->o_ber, "{m" /*}*/, &op->ore_reqoid ) == LBER_ERROR ) { - Debug( LDAP_DEBUG_ANY, "do_extended: ber_scanf failed\n", 0, 0 ,0 ); + Debug( LDAP_DEBUG_ANY, "%s do_extended: ber_scanf failed\n", + op->o_log_prefix, 0, 0 ); send_ldap_discon( op, rs, LDAP_PROTOCOL_ERROR, "decoding error" ); rs->sr_err = SLAPD_DISCONNECT; goto done; } - tag = ber_peek_tag( op->o_ber, &len ); - if( ber_peek_tag( op->o_ber, &len ) == LDAP_TAG_EXOP_REQ_VALUE ) { if( ber_scanf( op->o_ber, "m", &reqdata ) == LBER_ERROR ) { - Debug( LDAP_DEBUG_ANY, "do_extended: ber_scanf failed\n", 0, 0 ,0 ); + Debug( LDAP_DEBUG_ANY, "%s do_extended: ber_scanf failed\n", + op->o_log_prefix, 0, 0 ); send_ldap_discon( op, rs, LDAP_PROTOCOL_ERROR, "decoding error" ); rs->sr_err = SLAPD_DISCONNECT; goto done; @@ -160,10 +152,14 @@ do_extended( } if( get_ctrls( op, rs, 1 ) != LDAP_SUCCESS ) { - Debug( LDAP_DEBUG_ANY, "do_extended: get_ctrls failed\n", 0, 0 ,0 ); + Debug( LDAP_DEBUG_ANY, "%s do_extended: get_ctrls failed\n", + op->o_log_prefix, 0, 0 ); return rs->sr_err; } + Statslog( LDAP_DEBUG_STATS, "%s EXT oid=%s\n", + op->o_log_prefix, op->ore_reqoid.bv_val, 0, 0, 0 ); + /* check for controls inappropriate for all extended operations */ if( get_manageDSAit( op ) == SLAP_CONTROL_CRITICAL ) { send_ldap_error( op, rs, @@ -180,6 +176,18 @@ do_extended( op->o_bd = frontendDB; rs->sr_err = frontendDB->be_extended( op, rs ); + /* clean up in case some overlay set them? */ + if ( !BER_BVISNULL( &op->o_req_ndn ) ) { + if ( !BER_BVISNULL( &op->o_req_dn ) + && op->o_req_ndn.bv_val != op->o_req_dn.bv_val ) + { + op->o_tmpfree( op->o_req_dn.bv_val, op->o_tmpmemctx ); + } + op->o_tmpfree( op->o_req_ndn.bv_val, op->o_tmpmemctx ); + BER_BVZERO( &op->o_req_dn ); + BER_BVZERO( &op->o_req_ndn ); + } + done: return rs->sr_err; } @@ -194,10 +202,10 @@ fe_extended( Operation *op, SlapReply *rs ) reqdata = *op->ore_reqdata; } - if( !(ext = find_extop(supp_ext_list, &op->ore_reqoid ))) - { - Debug( LDAP_DEBUG_ANY, "do_extended: unsupported operation \"%s\"\n", - op->ore_reqoid.bv_val, 0 ,0 ); + ext = find_extop(supp_ext_list, &op->ore_reqoid ); + if ( ext == NULL ) { + Debug( LDAP_DEBUG_ANY, "%s do_extended: unsupported operation \"%s\"\n", + op->o_log_prefix, op->ore_reqoid.bv_val, 0 ); send_ldap_error( op, rs, LDAP_PROTOCOL_ERROR, "unsupported extended operation" ); goto done; @@ -209,6 +217,8 @@ fe_extended( Operation *op, SlapReply *rs ) op->ore_reqoid.bv_val, 0 ,0 ); { /* start of OpenLDAP extended operation */ + BackendDB *bd = op->o_bd; + rs->sr_err = (ext->ext_main)( op, rs ); if( rs->sr_err != SLAPD_ABANDON ) { @@ -223,7 +233,7 @@ fe_extended( Operation *op, SlapReply *rs ) } if ( op->o_bd == NULL ) - op->o_bd = frontendDB; + op->o_bd = bd; send_ldap_extended( op, rs ); if ( rs->sr_ref != default_referral ) { @@ -234,10 +244,12 @@ fe_extended( Operation *op, SlapReply *rs ) if ( rs->sr_rspoid != NULL ) { free( (char *)rs->sr_rspoid ); + rs->sr_rspoid = NULL; } if ( rs->sr_rspdata != NULL ) { ber_bvfree( rs->sr_rspdata ); + rs->sr_rspdata = NULL; } } /* end of OpenLDAP extended operation */ @@ -246,46 +258,133 @@ done:; } int -load_extop( - struct berval *ext_oid, +load_extop2( + const struct berval *ext_oid, slap_mask_t ext_flags, - SLAP_EXTOP_MAIN_FN *ext_main ) + SLAP_EXTOP_MAIN_FN *ext_main, + unsigned flags ) { - struct extop_list *ext; + struct berval oidm = BER_BVNULL; + struct extop_list *ext; + int insertme = 0; - if( ext_oid == NULL || ext_oid->bv_val == NULL || - ext_oid->bv_val[0] == '\0' || ext_oid->bv_len == 0 ) return -1; - if(!ext_main) return -1; + if ( !ext_main ) { + return -1; + } - ext = ch_calloc(1, sizeof(struct extop_list) + ext_oid->bv_len + 1); - if (ext == NULL) - return(-1); + if ( ext_oid == NULL || BER_BVISNULL( ext_oid ) || + BER_BVISEMPTY( ext_oid ) ) + { + return -1; + } - ext->flags = ext_flags; + if ( numericoidValidate( NULL, (struct berval *)ext_oid ) != + LDAP_SUCCESS ) + { + oidm.bv_val = oidm_find( ext_oid->bv_val ); + if ( oidm.bv_val == NULL ) { + return -1; + } + oidm.bv_len = strlen( oidm.bv_val ); + ext_oid = &oidm; + } - ext->oid.bv_val = (char *)(ext + 1); - AC_MEMCPY( ext->oid.bv_val, ext_oid->bv_val, ext_oid->bv_len ); - ext->oid.bv_len = ext_oid->bv_len; - ext->oid.bv_val[ext->oid.bv_len] = '\0'; + for ( ext = supp_ext_list; ext; ext = ext->next ) { + if ( bvmatch( ext_oid, &ext->oid ) ) { + if ( flags == 1 ) { + break; + } + return -1; + } + } + + if ( flags == 0 || ext == NULL ) { + ext = ch_calloc( 1, sizeof(struct extop_list) + ext_oid->bv_len + 1 ); + if ( ext == NULL ) { + return(-1); + } + + ext->oid.bv_val = (char *)(ext + 1); + AC_MEMCPY( ext->oid.bv_val, ext_oid->bv_val, ext_oid->bv_len ); + ext->oid.bv_len = ext_oid->bv_len; + ext->oid.bv_val[ext->oid.bv_len] = '\0'; + + insertme = 1; + } + ext->flags = ext_flags; ext->ext_main = ext_main; - ext->next = supp_ext_list; - supp_ext_list = ext; + if ( insertme ) { + ext->next = supp_ext_list; + supp_ext_list = ext; + } return(0); } +int +unload_extop( + const struct berval *ext_oid, + SLAP_EXTOP_MAIN_FN *ext_main, + unsigned flags ) +{ + struct berval oidm = BER_BVNULL; + struct extop_list *ext, **extp; + + /* oid must be given */ + if ( ext_oid == NULL || BER_BVISNULL( ext_oid ) || + BER_BVISEMPTY( ext_oid ) ) + { + return -1; + } + + /* if it's not an oid, check if it's a macto */ + if ( numericoidValidate( NULL, (struct berval *)ext_oid ) != + LDAP_SUCCESS ) + { + oidm.bv_val = oidm_find( ext_oid->bv_val ); + if ( oidm.bv_val == NULL ) { + return -1; + } + oidm.bv_len = strlen( oidm.bv_val ); + ext_oid = &oidm; + } + + /* lookup the oid */ + for ( extp = &supp_ext_list; *extp; extp = &(*extp)->next ) { + if ( bvmatch( ext_oid, &(*extp)->oid ) ) { + /* if ext_main is given, only remove if it matches */ + if ( ext_main != NULL && (*extp)->ext_main != ext_main ) { + return -1; + } + break; + } + } + + if ( *extp == NULL ) { + return -1; + } + + ext = *extp; + *extp = (*extp)->next; + + ch_free( ext ); + + return 0; +} + int extops_init (void) { int i; - for (i = 0; builtin_extops[i].oid != NULL; i++) { - load_extop((struct berval *)builtin_extops[i].oid, + for ( i = 0; builtin_extops[i].oid != NULL; i++ ) { + load_extop( (struct berval *)builtin_extops[i].oid, builtin_extops[i].flags, - builtin_extops[i].ext_main); + builtin_extops[i].ext_main ); } + return(0); } @@ -315,6 +414,8 @@ find_extop( struct extop_list *list, struct berval *oid ) } +const struct berval slap_EXOP_WHOAMI = BER_BVC(LDAP_EXOP_WHO_AM_I); + static int whoami_extop ( Operation *op, @@ -328,9 +429,13 @@ whoami_extop ( return LDAP_PROTOCOL_ERROR; } + Statslog( LDAP_DEBUG_STATS, "%s WHOAMI\n", + op->o_log_prefix, 0, 0, 0, 0 ); + op->o_bd = op->o_conn->c_authz_backend; if( backend_check_restrictions( op, rs, - (struct berval *)&slap_EXOP_WHOAMI ) != LDAP_SUCCESS ) { + (struct berval *)&slap_EXOP_WHOAMI ) != LDAP_SUCCESS ) + { return rs->sr_err; }