allow to override (more than one \!) specs requirements on control criticality (for...

author Pierangelo Masarati <ando@openldap.org>

Sat, 1 Nov 2008 16:55:45 +0000 (16:55 +0000)

committer Pierangelo Masarati <ando@openldap.org>

Sat, 1 Nov 2008 16:55:45 +0000 (16:55 +0000)
author Pierangelo Masarati <ando@openldap.org>
Sat, 1 Nov 2008 16:55:45 +0000 (16:55 +0000)
committer Pierangelo Masarati <ando@openldap.org>
Sat, 1 Nov 2008 16:55:45 +0000 (16:55 +0000)
diff --git a/clients/tools/common.c b/clients/tools/common.c

index cda39c9f8caa3706e1630ea6f7540d87cc9afa20..406dec793fc143d953b1c87243c0498c93cd8b67 100644 (file)
--- a/clients/tools/common.c
+++ b/clients/tools/common.c
@@ -95,6 +95,7 @@ int           assertctl;
  char           *assertion = NULL;
  struct berval  assertionvalue = BER_BVNULL;
  char           *authzid = NULL;
+int            authzcrit = 1;
  /* support deprecated early version of proxyAuthz */
  #define LDAP_CONTROL_OBSOLETE_PROXY_AUTHZ      "2.16.840.1.113730.3.4.12"
  #ifdef LDAP_CONTROL_OBSOLETE_PROXY_AUTHZ
@@ -387,8 +388,8 @@ tool_args( int argc, char **argv )
  
                         crit = 0;
                         cvalue = NULL;
-                       if( optarg[0] == '!' ) {
-                               crit = 1;
+                       while ( optarg[0] == '!' ) {
+                               crit++;
                                 optarg++;
                         }
  
@@ -430,6 +431,10 @@ tool_args( int argc, char **argv )
                                 if( !crit ) {
                                         fprintf( stderr, "authzid: must be marked critical\n" );
                                         usage();
+                               } else if ( crit > 1 ) {
+                                       /* purposely flag proxied authorization
+                                        * as non-critical, to test DSA */
+                                       authzcrit = 0;
                                 }
  
                                 assert( authzid == NULL );
@@ -452,6 +457,10 @@ tool_args( int argc, char **argv )
                                 if( !crit ) {
                                         fprintf( stderr, "proxydn: must be marked critical\n" );
                                         usage();
+                               } else if ( crit > 1 ) {
+                                       /* purposely flag proxied authorization
+                                        * as non-critical, to test DSA */
+                                       authzcrit = 0;
                                 }
  
                                 assert( proxydn == NULL );
@@ -538,6 +547,11 @@ tool_args( int argc, char **argv )
  
  #ifdef LDAP_CONTROL_X_CHAINING_BEHAVIOR
                         } else if ( strcasecmp( control, "chaining" ) == 0 ) {
+                               if ( chaining ) {
+                                       fprintf( stderr, "chaining control previously specified\n");
+                                       exit( EXIT_FAILURE );
+                               }
+
                                 chaining = 1 + crit;
  
                                 if ( cvalue != NULL ) {
@@ -613,6 +627,16 @@ tool_args( int argc, char **argv )
                         } else if ( tool_is_oid( control ) ) {
                                 LDAPControl     *tmpctrls, ctrl;
  
+                               if ( unknown_ctrls != NULL ) {
+                                       int i;
+                                       for ( i = 0; unknown_ctrls[ i ].ldctl_oid != NULL; i++ ) {
+                                               if ( strcmp( control, unknown_ctrls[ i ].ldctl_oid ) == 0 ) {
+                                                       fprintf( stderr, "%s control previously specified\n", control );
+                                                       exit( EXIT_FAILURE );
+                                               }
+                                       }
+                               }
+
                                 tmpctrls = (LDAPControl *)realloc( unknown_ctrls,
                                         (unknown_ctrls_num + 1)*sizeof( LDAPControl ) );
                                 if ( tmpctrls == NULL ) {
@@ -1525,7 +1549,7 @@ tool_server_controls( LDAP *ld, LDAPControl *extra_c, int count )
                 c[i].ldctl_value.bv_val = authzid;
                 c[i].ldctl_value.bv_len = strlen( authzid );
                 c[i].ldctl_oid = LDAP_CONTROL_PROXY_AUTHZ;
-               c[i].ldctl_iscritical = 1;
+               c[i].ldctl_iscritical = authzcrit;
                 ctrls[i] = &c[i];
                 i++;
         }
@@ -1548,7 +1572,7 @@ tool_server_controls( LDAP *ld, LDAPControl *extra_c, int count )
                 }
  
                 c[i].ldctl_oid = LDAP_CONTROL_OBSOLETE_PROXY_AUTHZ;
-               c[i].ldctl_iscritical = 1;
+               c[i].ldctl_iscritical = authzcrit;
                 ctrls[i] = &c[i];
                 i++;
         }
diff --git a/clients/tools/ldapsearch.c b/clients/tools/ldapsearch.c

index 8a60f7d80402d4fecb8f66cc40c44ec6320aaf4e..23d57bc8ceb3193013fc4d240bc9b55f0e17f735 100644 (file)
--- a/clients/tools/ldapsearch.c
+++ b/clients/tools/ldapsearch.c
@@ -307,8 +307,8 @@ handle_private_option( int i )
  
                 crit = 0;
                 cvalue = NULL;
-               if( optarg[0] == '!' ) {
-                       crit = 1;
+               while ( optarg[0] == '!' ) {
+                       crit++;
                         optarg++;
                 }
  
@@ -538,6 +538,16 @@ handle_private_option( int i )
  #endif /* LDAP_CONTROL_X_DEREF */
  
                 } else if ( tool_is_oid( control ) ) {
+                       if ( c != NULL ) {
+                               int i;
+                               for ( i = 0; c[ i ].ldctl_oid != NULL; i++ ) {
+                                       if ( strcmp( control, c[ i ].ldctl_oid ) == 0 ) {
+                                               fprintf( stderr, "%s control previously specified\n", control );
+                                               exit( EXIT_FAILURE );
+                                       }
+                               }
+                       }
+
                         if ( ctrl_add() ) {
                                 exit( EXIT_FAILURE );
                         }
@@ -847,7 +857,7 @@ getNextPage:
                         c[i].ldctl_oid = LDAP_CONTROL_DONTUSECOPY;
                         c[i].ldctl_value.bv_val = NULL;
                         c[i].ldctl_value.bv_len = 0;
-                       c[i].ldctl_iscritical = dontUseCopy > 1;
+                       c[i].ldctl_iscritical = dontUseCopy == 2;
                         i++;
                 }
  #endif
author	Pierangelo Masarati <ando@openldap.org>
	Sat, 1 Nov 2008 16:55:45 +0000 (16:55 +0000)
committer	Pierangelo Masarati <ando@openldap.org>
	Sat, 1 Nov 2008 16:55:45 +0000 (16:55 +0000)
clients/tools/common.c		patch \| blob \| history
clients/tools/ldapsearch.c		patch \| blob \| history