X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=servers%2Fslapd%2Froot_dse.c;h=5357ed46fb5af7b9dfc852dd59796f67f930889e;hb=9184d038ead9aeabff5b7c0bb2ed0d1e6bc95c8c;hp=fbaa475e68b30fbae5fe1001e3ef34ccc60b732e;hpb=fbe44c195d9b5fee1e891793f4bf1cc196ba96ca;p=openldap diff --git a/servers/slapd/root_dse.c b/servers/slapd/root_dse.c index fbaa475e68..5357ed46fb 100644 --- a/servers/slapd/root_dse.c +++ b/servers/slapd/root_dse.c @@ -1,7 +1,7 @@ /* $OpenLDAP$ */ /* root_dse.c - Provides the ROOT DSA-Specific Entry * - * Copyright 1999 The OpenLDAP Foundation. + * Copyright 1999-2003 The OpenLDAP Foundation. * All rights reserved. * * Redistribution and use in source and binary forms are permitted only @@ -13,111 +13,296 @@ #include "portable.h" #include + #include #include "slap.h" +#include +#include "lber_pvt.h" + +#ifdef LDAP_SLAPI +#include "slapi.h" +#endif + +static struct berval supportedFeatures[] = { + BER_BVC(LDAP_FEATURE_ALL_OPERATIONAL_ATTRS), /* all Operational Attributes ("+") */ + BER_BVC(LDAP_FEATURE_OBJECTCLASS_ATTRS), /* OCs in Attributes List */ + BER_BVC(LDAP_FEATURE_ABSOLUTE_FILTERS), /* (&) and (|) search filters */ + BER_BVC(LDAP_FEATURE_LANGUAGE_TAG_OPTIONS), /* Language Tag Options */ + BER_BVC(LDAP_FEATURE_LANGUAGE_RANGE_OPTIONS), /* Language Range Options */ + {0,NULL} +}; -void -root_dse_info( Connection *conn, Operation *op, char **attrs, int attrsonly ) +static Entry *usr_attr = NULL; + +int +root_dse_info( + Connection *conn, + Entry **entry, + const char **text ) { - char buf[BUFSIZ]; Entry *e; - struct berval val; - struct berval *vals[2]; + struct berval vals[2], *bv; + struct berval nvals[2]; int i, j; + char ** supportedSASLMechanisms; + + AttributeDescription *ad_structuralObjectClass + = slap_schema.si_ad_structuralObjectClass; + AttributeDescription *ad_objectClass + = slap_schema.si_ad_objectClass; + AttributeDescription *ad_namingContexts + = slap_schema.si_ad_namingContexts; + AttributeDescription *ad_supportedExtension + = slap_schema.si_ad_supportedExtension; + AttributeDescription *ad_supportedLDAPVersion + = slap_schema.si_ad_supportedLDAPVersion; + AttributeDescription *ad_supportedSASLMechanisms + = slap_schema.si_ad_supportedSASLMechanisms; + AttributeDescription *ad_supportedFeatures + = slap_schema.si_ad_supportedFeatures; + AttributeDescription *ad_monitorContext + = slap_schema.si_ad_monitorContext; + AttributeDescription *ad_ref + = slap_schema.si_ad_ref; + + vals[1].bv_val = NULL; + nvals[1].bv_val = NULL; - vals[0] = &val; - vals[1] = NULL; + e = (Entry *) SLAP_CALLOC( 1, sizeof(Entry) ); - e = (Entry *) ch_calloc( 1, sizeof(Entry) ); + if( e == NULL ) { +#ifdef NEW_LOGGING + LDAP_LOG( OPERATION, ERR, + "root_dse_info: SLAP_CALLOC failed", 0, 0, 0 ); +#else + Debug( LDAP_DEBUG_ANY, + "root_dse_info: SLAP_CALLOC failed", 0, 0, 0 ); +#endif + return LDAP_OTHER; + } e->e_attrs = NULL; - e->e_dn = ch_strdup( LDAP_ROOT_DSE ); - e->e_ndn = ch_strdup( LDAP_ROOT_DSE ); - (void) dn_normalize( e->e_ndn ); + e->e_name.bv_val = ch_strdup( LDAP_ROOT_DSE ); + e->e_name.bv_len = sizeof( LDAP_ROOT_DSE )-1; + e->e_nname.bv_val = ch_strdup( LDAP_ROOT_DSE ); + e->e_nname.bv_len = sizeof( LDAP_ROOT_DSE )-1; + + /* the DN is an empty string so no pretty/normalization is needed */ + assert( !e->e_name.bv_len ); + assert( !e->e_nname.bv_len ); + e->e_private = NULL; - for ( i = 0; i < nbackends; i++ ) { - for ( j = 0; backends[i].be_suffix[j] != NULL; j++ ) { - val.bv_val = backends[i].be_suffix[j]; - val.bv_len = strlen( val.bv_val ); - attr_merge( e, "namingContexts", vals ); - } + vals[0].bv_val = "top"; + vals[0].bv_len = sizeof("top")-1; + if( attr_merge( e, ad_objectClass, vals, NULL ) ) + { + return LDAP_OTHER; } -#if defined( SLAPD_MONITOR_DN ) - val.bv_val = SLAPD_MONITOR_DN; - val.bv_len = strlen( val.bv_val ); - attr_merge( e, "namingContexts", vals ); - /* subschemasubentry is added by send_search_entry() */ -#endif - -#if defined( SLAPD_CONFIG_DN ) - val.bv_val = SLAPD_CONFIG_DN; - val.bv_len = strlen( val.bv_val ); - attr_merge( e, "namingContexts", vals ); -#endif + vals[0].bv_val = "OpenLDAProotDSE"; + vals[0].bv_len = sizeof("OpenLDAProotDSE")-1; + if( attr_merge( e, ad_objectClass, vals, NULL ) ) + return LDAP_OTHER; + if( attr_merge( e, ad_structuralObjectClass, vals, NULL ) ) + return LDAP_OTHER; -#if defined( SLAPD_SCHEMA_DN ) - val.bv_val = SLAPD_SCHEMA_DN; - val.bv_len = strlen( val.bv_val ); - attr_merge( e, "namingContexts", vals ); -#endif + for ( i = 0; i < nbackends; i++ ) { + if ( backends[i].be_flags & SLAP_BFLAG_MONITOR ) { + vals[0] = backends[i].be_suffix[0]; + nvals[0] = backends[i].be_nsuffix[0]; + if( attr_merge( e, ad_monitorContext, vals, nvals ) ) + { + return LDAP_OTHER; + } + continue; + } + if ( SLAP_GLUE_SUBORDINATE( &backends[i] ) ) { + continue; + } + for ( j = 0; backends[i].be_suffix[j].bv_val != NULL; j++ ) { + vals[0] = backends[i].be_suffix[j]; + nvals[0] = backends[i].be_nsuffix[0]; + if( attr_merge( e, ad_namingContexts, vals, nvals ) ) + { + return LDAP_OTHER; + } + } + } /* altServer unsupported */ /* supportedControl */ - for ( i=0; supportedControls[i] != NULL; i++ ) { - val.bv_val = supportedControls[i]; - val.bv_len = strlen( val.bv_val ); - attr_merge( e, "supportedControl", vals ); + if ( controls_root_dse_info( e ) != 0 ) { + return LDAP_OTHER; } /* supportedExtension */ - for ( i=0; (val.bv_val = get_supported_extension(i)) != NULL; i++ ) { - val.bv_val = supportedExtensions[i]; - val.bv_len = strlen( val.bv_val ); - attr_merge( e, "supportedExtension", vals ); + for ( i=0; (bv = get_supported_extop(i)) != NULL; i++ ) { + vals[0] = *bv; + if( attr_merge( e, ad_supportedExtension, vals, NULL ) ) + { + return LDAP_OTHER; + } + } + +#ifdef LDAP_SLAPI + /* netscape supportedExtension */ + for ( i = 0; (bv = ns_get_supported_extop(i)) != NULL; i++ ) { + vals[0] = *bv; + if( attr_merge( e, ad_supportedExtension, vals, NULL )) + { + return LDAP_OTHER; + } + } +#endif /* LDAP_SLAPI */ + + /* supportedFeatures */ + if( attr_merge( e, ad_supportedFeatures, + supportedFeatures, NULL ) ) + { + return LDAP_OTHER; } /* supportedLDAPVersion */ for ( i=LDAP_VERSION_MIN; i<=LDAP_VERSION_MAX; i++ ) { - sprintf(buf,"%d",i); - val.bv_val = buf; - val.bv_len = strlen( val.bv_val ); - attr_merge( e, "supportedLDAPVersion", vals ); + char buf[BUFSIZ]; + if (!( global_allows & SLAP_ALLOW_BIND_V2 ) && + ( i < LDAP_VERSION3 ) ) + { + /* version 2 and lower are disallowed */ + continue; + } + snprintf(buf, sizeof buf, "%d", i); + vals[0].bv_val = buf; + vals[0].bv_len = strlen( vals[0].bv_val ); + if( attr_merge( e, ad_supportedLDAPVersion, vals, NULL ) ) + { + return LDAP_OTHER; + } } /* supportedSASLMechanism */ + supportedSASLMechanisms = slap_sasl_mechs( conn ); + if( supportedSASLMechanisms != NULL ) { for ( i=0; supportedSASLMechanisms[i] != NULL; i++ ) { - val.bv_val = supportedSASLMechanisms[i]; - val.bv_len = strlen( val.bv_val ); - attr_merge( e, "supportedSASLMechanisms", vals ); + vals[0].bv_val = supportedSASLMechanisms[i]; + vals[0].bv_len = strlen( vals[0].bv_val ); + if( attr_merge( e, ad_supportedSASLMechanisms, vals, NULL ) ) + { + return LDAP_OTHER; + } } + ldap_charray_free( supportedSASLMechanisms ); } if ( default_referral != NULL ) { - attr_merge( e, "ref", default_referral ); + if( attr_merge( e, ad_ref, default_referral, NULL /* FIXME */ ) ) + { + return LDAP_OTHER; + } + } + + if( usr_attr != NULL) { + Attribute *a; + for( a = usr_attr->e_attrs; a != NULL; a = a->a_next ) { + if( attr_merge( e, a->a_desc, a->a_vals, + (a->a_nvals == a->a_vals) ? NULL : a->a_nvals ) ) + { + return LDAP_OTHER; + } + } } - val.bv_val = "top"; - val.bv_len = sizeof("top")-1; - attr_merge( e, "objectClass", vals ); + *entry = e; + return LDAP_SUCCESS; +} - val.bv_val = "LDAProotDSE"; - val.bv_len = sizeof("LDAProotDSE")-1; - attr_merge( e, "objectClass", vals ); +/* + * Read the entries specified in fname and merge the attributes + * to the user defined rootDSE. Note thaat if we find any errors + * what so ever, we will discard the entire entries, print an + * error message and return. + */ +int read_root_dse_file( const char *fname ) +{ + FILE *fp; + int rc = 0, lineno = 0, lmax = 0; + char *buf = NULL; - val.bv_val = "extensibleObject"; - val.bv_len = sizeof("extensibleObject")-1; - attr_merge( e, "objectClass", vals ); + if ( (fp = fopen( fname, "r" )) == NULL ) { + Debug( LDAP_DEBUG_ANY, + "could not open rootdse attr file \"%s\" - absolute path?\n", + fname, 0, 0 ); + perror( fname ); + return EXIT_FAILURE; + } - send_search_entry( &backends[0], conn, op, - e, attrs, attrsonly, NULL ); - send_search_result( conn, op, LDAP_SUCCESS, - NULL, NULL, NULL, NULL, 1 ); + usr_attr = (Entry *) SLAP_CALLOC( 1, sizeof(Entry) ); + if( usr_attr == NULL ) { +#ifdef NEW_LOGGING + LDAP_LOG( OPERATION, ERR, + "read_root_dse_file: SLAP_CALLOC failed", 0, 0, 0 ); +#else + Debug( LDAP_DEBUG_ANY, + "read_root_dse_file: SLAP_CALLOC failed", 0, 0, 0 ); +#endif + fclose( fp ); + return LDAP_OTHER; + } + usr_attr->e_attrs = NULL; - entry_free( e ); -} + while( ldif_read_record( fp, &lineno, &buf, &lmax ) ) { + Entry *e = str2entry( buf ); + Attribute *a; + if( e == NULL ) { + fprintf( stderr, "root_dse: could not parse entry (line=%d)\n", + lineno ); + rc = EXIT_FAILURE; + break; + } + + /* make sure the DN is the empty DN */ + if( e->e_nname.bv_len ) { + fprintf( stderr, + "root_dse: invalid rootDSE - dn=\"%s\" (line=%d)\n", + e->e_dn, lineno ); + entry_free( e ); + rc = EXIT_FAILURE; + break; + } + + /* + * we found a valid entry, so walk thru all the attributes in the + * entry, and add each attribute type and description to the + * usr_attr entry + */ + + for(a = e->e_attrs; a != NULL; a = a->a_next) { + if( attr_merge( usr_attr, a->a_desc, a->a_vals, + (a->a_nvals == a->a_vals) ? NULL : a->a_nvals ) ) + { + rc = LDAP_OTHER; + break; + } + } + + entry_free( e ); + if (rc) break; + } + + if (rc) { + entry_free( usr_attr ); + usr_attr = NULL; + } + + ch_free( buf ); + + fclose( fp ); + + Debug(LDAP_DEBUG_CONFIG, "rootDSE file %s read.\n", fname, 0, 0); + return rc; +}