X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=servers%2Fslapd%2Froot_dse.c;h=5357ed46fb5af7b9dfc852dd59796f67f930889e;hb=74671953ef9db2031d3da3ab894697e26cd35689;hp=16c10f133c0a1c67e619c226ca6a60ec35f3ada8;hpb=60802201e3a39b0a46bfa7156c608026f7d361ba;p=openldap diff --git a/servers/slapd/root_dse.c b/servers/slapd/root_dse.c index 16c10f133c..5357ed46fb 100644 --- a/servers/slapd/root_dse.c +++ b/servers/slapd/root_dse.c @@ -1,7 +1,7 @@ /* $OpenLDAP$ */ /* root_dse.c - Provides the ROOT DSA-Specific Entry * - * Copyright 1999-2000 The OpenLDAP Foundation. + * Copyright 1999-2003 The OpenLDAP Foundation. * All rights reserved. * * Redistribution and use in source and binary forms are permitted only @@ -13,115 +13,296 @@ #include "portable.h" #include + #include #include "slap.h" +#include +#include "lber_pvt.h" + +#ifdef LDAP_SLAPI +#include "slapi.h" +#endif + +static struct berval supportedFeatures[] = { + BER_BVC(LDAP_FEATURE_ALL_OPERATIONAL_ATTRS), /* all Operational Attributes ("+") */ + BER_BVC(LDAP_FEATURE_OBJECTCLASS_ATTRS), /* OCs in Attributes List */ + BER_BVC(LDAP_FEATURE_ABSOLUTE_FILTERS), /* (&) and (|) search filters */ + BER_BVC(LDAP_FEATURE_LANGUAGE_TAG_OPTIONS), /* Language Tag Options */ + BER_BVC(LDAP_FEATURE_LANGUAGE_RANGE_OPTIONS), /* Language Range Options */ + {0,NULL} +}; + +static Entry *usr_attr = NULL; int -root_dse_info( Entry **entry, const char **text ) +root_dse_info( + Connection *conn, + Entry **entry, + const char **text ) { - char buf[BUFSIZ]; Entry *e; - struct berval val; - struct berval *vals[2]; + struct berval vals[2], *bv; + struct berval nvals[2]; int i, j; + char ** supportedSASLMechanisms; + + AttributeDescription *ad_structuralObjectClass + = slap_schema.si_ad_structuralObjectClass; + AttributeDescription *ad_objectClass + = slap_schema.si_ad_objectClass; + AttributeDescription *ad_namingContexts + = slap_schema.si_ad_namingContexts; + AttributeDescription *ad_supportedExtension + = slap_schema.si_ad_supportedExtension; + AttributeDescription *ad_supportedLDAPVersion + = slap_schema.si_ad_supportedLDAPVersion; + AttributeDescription *ad_supportedSASLMechanisms + = slap_schema.si_ad_supportedSASLMechanisms; + AttributeDescription *ad_supportedFeatures + = slap_schema.si_ad_supportedFeatures; + AttributeDescription *ad_monitorContext + = slap_schema.si_ad_monitorContext; + AttributeDescription *ad_ref + = slap_schema.si_ad_ref; + + vals[1].bv_val = NULL; + nvals[1].bv_val = NULL; -#ifdef SLAPD_SCHEMA_NOT_COMPAT - AttributeDescription *ad_objectClass = slap_schema.si_ad_objectClass; - AttributeDescription *ad_namingContexts = slap_schema.si_ad_namingContexts; - AttributeDescription *ad_supportedControl = slap_schema.si_ad_supportedControl; - AttributeDescription *ad_supportedExtension = slap_schema.si_ad_supportedExtension; - AttributeDescription *ad_supportedLDAPVersion = slap_schema.si_ad_supportedLDAPVersion; - AttributeDescription *ad_supportedSASLMechanisms = slap_schema.si_ad_supportedSASLMechanisms; -# ifdef SLAPD_ACI_ENABLED - AttributeDescription *ad_supportedACIMechanisms = slap_schema.si_ad_supportedACIMechanisms; -# endif - AttributeDescription *ad_ref = slap_schema.si_ad_ref; + e = (Entry *) SLAP_CALLOC( 1, sizeof(Entry) ); + + if( e == NULL ) { +#ifdef NEW_LOGGING + LDAP_LOG( OPERATION, ERR, + "root_dse_info: SLAP_CALLOC failed", 0, 0, 0 ); #else - char *ad_objectClass = "objectClass"; - char *ad_namingContexts = "namingContexts"; - char *ad_supportedControl = "supportedControl"; - char *ad_supportedExtension = "supportedExtension"; - char *ad_supportedLDAPVersion = "supportedLDAPVersion"; - char *ad_supportedSASLMechanisms = "supportedSASLMechanisms"; -# ifdef SLAPD_ACI_ENABLED - char *ad_supportedACIMechanisms = "supportedACIMechanisms"; -# endif - char *ad_ref = "ref"; + Debug( LDAP_DEBUG_ANY, + "root_dse_info: SLAP_CALLOC failed", 0, 0, 0 ); #endif + return LDAP_OTHER; + } - vals[0] = &val; - vals[1] = NULL; + e->e_attrs = NULL; + e->e_name.bv_val = ch_strdup( LDAP_ROOT_DSE ); + e->e_name.bv_len = sizeof( LDAP_ROOT_DSE )-1; + e->e_nname.bv_val = ch_strdup( LDAP_ROOT_DSE ); + e->e_nname.bv_len = sizeof( LDAP_ROOT_DSE )-1; - e = (Entry *) ch_calloc( 1, sizeof(Entry) ); + /* the DN is an empty string so no pretty/normalization is needed */ + assert( !e->e_name.bv_len ); + assert( !e->e_nname.bv_len ); - e->e_attrs = NULL; - e->e_dn = ch_strdup( LDAP_ROOT_DSE ); - e->e_ndn = ch_strdup( LDAP_ROOT_DSE ); - (void) dn_normalize( e->e_ndn ); e->e_private = NULL; - val.bv_val = "top"; - val.bv_len = sizeof("top")-1; - attr_merge( e, ad_objectClass, vals ); + vals[0].bv_val = "top"; + vals[0].bv_len = sizeof("top")-1; + if( attr_merge( e, ad_objectClass, vals, NULL ) ) + { + return LDAP_OTHER; + } - val.bv_val = "OpenLDAProotDSE"; - val.bv_len = sizeof("OpenLDAProotDSE")-1; - attr_merge( e, ad_objectClass, vals ); + vals[0].bv_val = "OpenLDAProotDSE"; + vals[0].bv_len = sizeof("OpenLDAProotDSE")-1; + if( attr_merge( e, ad_objectClass, vals, NULL ) ) + return LDAP_OTHER; + if( attr_merge( e, ad_structuralObjectClass, vals, NULL ) ) + return LDAP_OTHER; for ( i = 0; i < nbackends; i++ ) { - for ( j = 0; backends[i].be_suffix[j] != NULL; j++ ) { - val.bv_val = backends[i].be_suffix[j]; - val.bv_len = strlen( val.bv_val ); - attr_merge( e, ad_namingContexts, vals ); + if ( backends[i].be_flags & SLAP_BFLAG_MONITOR ) { + vals[0] = backends[i].be_suffix[0]; + nvals[0] = backends[i].be_nsuffix[0]; + if( attr_merge( e, ad_monitorContext, vals, nvals ) ) + { + return LDAP_OTHER; + } + continue; + } + if ( SLAP_GLUE_SUBORDINATE( &backends[i] ) ) { + continue; + } + for ( j = 0; backends[i].be_suffix[j].bv_val != NULL; j++ ) { + vals[0] = backends[i].be_suffix[j]; + nvals[0] = backends[i].be_nsuffix[0]; + if( attr_merge( e, ad_namingContexts, vals, nvals ) ) + { + return LDAP_OTHER; + } } } /* altServer unsupported */ /* supportedControl */ - for ( i=0; supportedControls[i] != NULL; i++ ) { - val.bv_val = supportedControls[i]; - val.bv_len = strlen( val.bv_val ); - attr_merge( e, ad_supportedControl, vals ); + if ( controls_root_dse_info( e ) != 0 ) { + return LDAP_OTHER; } /* supportedExtension */ - for ( i=0; (val.bv_val = get_supported_extop(i)) != NULL; i++ ) { - val.bv_len = strlen( val.bv_val ); - attr_merge( e, ad_supportedExtension, vals ); + for ( i=0; (bv = get_supported_extop(i)) != NULL; i++ ) { + vals[0] = *bv; + if( attr_merge( e, ad_supportedExtension, vals, NULL ) ) + { + return LDAP_OTHER; + } + } + +#ifdef LDAP_SLAPI + /* netscape supportedExtension */ + for ( i = 0; (bv = ns_get_supported_extop(i)) != NULL; i++ ) { + vals[0] = *bv; + if( attr_merge( e, ad_supportedExtension, vals, NULL )) + { + return LDAP_OTHER; + } + } +#endif /* LDAP_SLAPI */ + + /* supportedFeatures */ + if( attr_merge( e, ad_supportedFeatures, + supportedFeatures, NULL ) ) + { + return LDAP_OTHER; } /* supportedLDAPVersion */ for ( i=LDAP_VERSION_MIN; i<=LDAP_VERSION_MAX; i++ ) { - sprintf(buf,"%d",i); - val.bv_val = buf; - val.bv_len = strlen( val.bv_val ); - attr_merge( e, ad_supportedLDAPVersion, vals ); + char buf[BUFSIZ]; + if (!( global_allows & SLAP_ALLOW_BIND_V2 ) && + ( i < LDAP_VERSION3 ) ) + { + /* version 2 and lower are disallowed */ + continue; + } + snprintf(buf, sizeof buf, "%d", i); + vals[0].bv_val = buf; + vals[0].bv_len = strlen( vals[0].bv_val ); + if( attr_merge( e, ad_supportedLDAPVersion, vals, NULL ) ) + { + return LDAP_OTHER; + } } /* supportedSASLMechanism */ + supportedSASLMechanisms = slap_sasl_mechs( conn ); + if( supportedSASLMechanisms != NULL ) { for ( i=0; supportedSASLMechanisms[i] != NULL; i++ ) { - val.bv_val = supportedSASLMechanisms[i]; - val.bv_len = strlen( val.bv_val ); - attr_merge( e, ad_supportedSASLMechanisms, vals ); + vals[0].bv_val = supportedSASLMechanisms[i]; + vals[0].bv_len = strlen( vals[0].bv_val ); + if( attr_merge( e, ad_supportedSASLMechanisms, vals, NULL ) ) + { + return LDAP_OTHER; + } } + ldap_charray_free( supportedSASLMechanisms ); } -#ifdef SLAPD_ACI_ENABLED - /* supportedACIMechanisms */ - for ( i=0; (val.bv_val = get_supported_acimech(i)) != NULL; i++ ) { - val.bv_len = strlen( val.bv_val ); - attr_merge( e, ad_supportedACIMechanisms, vals ); + if ( default_referral != NULL ) { + if( attr_merge( e, ad_ref, default_referral, NULL /* FIXME */ ) ) + { + return LDAP_OTHER; + } } -#endif - if ( default_referral != NULL ) { - attr_merge( e, ad_ref, default_referral ); + if( usr_attr != NULL) { + Attribute *a; + for( a = usr_attr->e_attrs; a != NULL; a = a->a_next ) { + if( attr_merge( e, a->a_desc, a->a_vals, + (a->a_nvals == a->a_vals) ? NULL : a->a_nvals ) ) + { + return LDAP_OTHER; + } + } } *entry = e; return LDAP_SUCCESS; } +/* + * Read the entries specified in fname and merge the attributes + * to the user defined rootDSE. Note thaat if we find any errors + * what so ever, we will discard the entire entries, print an + * error message and return. + */ +int read_root_dse_file( const char *fname ) +{ + FILE *fp; + int rc = 0, lineno = 0, lmax = 0; + char *buf = NULL; + + if ( (fp = fopen( fname, "r" )) == NULL ) { + Debug( LDAP_DEBUG_ANY, + "could not open rootdse attr file \"%s\" - absolute path?\n", + fname, 0, 0 ); + perror( fname ); + return EXIT_FAILURE; + } + + usr_attr = (Entry *) SLAP_CALLOC( 1, sizeof(Entry) ); + if( usr_attr == NULL ) { +#ifdef NEW_LOGGING + LDAP_LOG( OPERATION, ERR, + "read_root_dse_file: SLAP_CALLOC failed", 0, 0, 0 ); +#else + Debug( LDAP_DEBUG_ANY, + "read_root_dse_file: SLAP_CALLOC failed", 0, 0, 0 ); +#endif + fclose( fp ); + return LDAP_OTHER; + } + usr_attr->e_attrs = NULL; + + while( ldif_read_record( fp, &lineno, &buf, &lmax ) ) { + Entry *e = str2entry( buf ); + Attribute *a; + + if( e == NULL ) { + fprintf( stderr, "root_dse: could not parse entry (line=%d)\n", + lineno ); + rc = EXIT_FAILURE; + break; + } + + /* make sure the DN is the empty DN */ + if( e->e_nname.bv_len ) { + fprintf( stderr, + "root_dse: invalid rootDSE - dn=\"%s\" (line=%d)\n", + e->e_dn, lineno ); + entry_free( e ); + rc = EXIT_FAILURE; + break; + } + + /* + * we found a valid entry, so walk thru all the attributes in the + * entry, and add each attribute type and description to the + * usr_attr entry + */ + + for(a = e->e_attrs; a != NULL; a = a->a_next) { + if( attr_merge( usr_attr, a->a_desc, a->a_vals, + (a->a_nvals == a->a_vals) ? NULL : a->a_nvals ) ) + { + rc = LDAP_OTHER; + break; + } + } + + entry_free( e ); + if (rc) break; + } + + if (rc) { + entry_free( usr_attr ); + usr_attr = NULL; + } + + ch_free( buf ); + + fclose( fp ); + + Debug(LDAP_DEBUG_CONFIG, "rootDSE file %s read.\n", fname, 0, 0); + return rc; +}